Functional safety for semiconductor IP
Lauri Ora
NMI ISO 26262 Practitioner’s Workshop
Functional Safety Manager, CPU Group
January 20th, 2016, Nuneaton
© ARM 2016 2
Intellectual property supplier’s point of view
What is Intellectual Property (IP)?
Reusable design
IP supplier not necessarily the same organization as the
IP integrator
Different types of IP
Soft IP
Hard IP
…something in between
© ARM 2016 3
The Chip is the System
ARM technology from silicon to
software
Physical IP
Interconnect System IP
CPUs and GPUs
Software and tools
© ARM 2016 4
Developing general-purpose IP for safety applications
Developing IP
In-context
As safety element out of context (SEooC)
What’s important in all cases?
Safety requirements
Supporting documentation for IP integrators
Completed safety case for the IP
© ARM 2016 5
Communicating safety considerations for SEooC IP designs
SEooC implications
No knowledge of hazards
No knowledge of safety goals
No knowledge of system architecture
For development purposes need
Assumptions of use based on
Safety requirements
Expected integration environment
Highest expected ASIL
Systematic fault avoidance and control
Confirmation measure independence
© ARM 2016 6
Developing semiconductor intellectual property
Quality focus for soft IP
Large variability in design complexity
Peripherals, e.g. I/O, DMA, bridges, …
Processing elements, e.g. CPUs, GPUs
Systematic fault considerations very important
Design processes
Verification processes
© ARM 2016 7
From IP designs to systems
© ARM 2016 8
ISO 26262-10 Annex A – ISO 26262 and microcontrollers
ISO 26262-10 (informative)
Contains guidance on how to treat
microcontrollers in the context of
functional safety
Informative part with references to
normative ISO 26262 requirements
Other related standards and guidelines
IEC 61508-2:2010, Annex F
DO-254
ISO 26262-10 Annex A contents
How to apply ISO 26262 definitions to
semiconductor devices
Component, part, sub-part
MCU development example
Qualitative and quantitative safety analyses for
microcontrollers
Failure rates for microcontrollers
Example quantitative analysis
FMEA based
Example dependent failure analysis
Examples of methods for systematic fault
detection and avoidance measures
Hardware design verification
Supporting documentation
© ARM 2016 9
ISO/PAS 19451:1 – Application of ISO 26262:2011-2012 to
semiconductors – Part 1: Application of concepts
Clarification of ISO 26262 application to
semiconductor devices
Includes a section on intellectual
property designs
General considerations for IP designs
Safety requirements for IP designs
IP lifecycle
Supporting work products for IP
designs
Integration of black-box IP designs ISO/PAS 19451-1 and ISO/PAS 19451-2 have
now been approved for publication
© ARM 2016 10
ISO/PAS 19451-1 contents
Possibilities for IP consideration
SEooC
In-context
Use through hardware qualification
Use through proven in use argument
IP with and without safety
mechanisms
Possibility to use external mechanisms
for fault detection and control
IP work products described
Safety plan
Safety requirements and verification
review
Safety analysis report
Analysis of dependent failures
Confirmation measure reports
Development interface agreement
Integration documentation set
No specific documentation set
prescribed
© ARM 2016 11
ISO/PAS 19451-1 contents
Possibilities for IP consideration
SEooC
In-context
Use through hardware qualification
Use through proven in use argument
IP with and without safety
mechanisms
Possibility to use external mechanisms
for fault detection and control
IP work products described
Safety plan
Safety requirements and verification
review
Safety analysis report
Analysis of dependent failures
Confirmation measure reports
Development interface agreement
Integration documentation set
No specific documentation set
prescribed
© ARM 2016 12
ISO 26262-11 – Semiconductors
New part introduced as part of
2nd edition work, currently in CD stage
Informative
Developed from
ISO/PAS 19451-1
ISO 26262-10 semiconductor topics
New content
Fault injection
Sensors and transducers
Production and operation
Confirmation measures and audits
Goal is to provide guidance on
semiconductors within ISO 26262
A large new part with ~160 pages
Contains a little bit something for almost
everyone!
© ARM 2016 13
ISO 26262-11 – Current contents
Introductory section on semiconductors
Clarification on component, part, sub-part
Fault, error, failure in semiconductors
Semiconductor safety analysis
Common topics
Intellectual property
Dependent failure analysis
Fault injection for semiconductors
Interfaces within distributed developments
Confirmation measures
HW integration and testing
Base failure rate estimation
Production and operation
Specific semiconductor use cases
Multi-core components
Digital components, memories
Analogue and mixed signal devices
Programmable logic devices
Sensors, transducers
Plus six annexes of examples
© ARM 2016 14
ISO 26262-11 – Current contents
Introductory section on semiconductors
Clarification on component, part, sub-part
Fault, error, failure in semiconductors
Semiconductor safety analysis
Common topics
Intellectual property
Dependent failure analysis
Fault injection for semiconductors
Interfaces within distributed developments
Confirmation measures
HW integration and testing
Base failure rate estimation
Production and operation
Specific semiconductor use cases
Multi-core components
Digital components, memories
Analogue and mixed signal devices
Programmable logic devices
Sensors, transducers
Plus six annexes of examples
Contents will change between now and
publication of 2nd edition
© ARM 2016 15
Summary
Intellectual property based designs increasingly common
Functional safety support increasingly important
On-going standardization work on semiconductor devices and
functional safety
ISO/PAS 19451
ISO 26262-11 for second edition
These provide a great common path for the future
THANK YOU! For further information, contact Lauri Ora +44 7741 272100 [email protected]