Seminar How to design integrated circuits (ICs) for safety-related applications

Seminar
How to design integrated circuits (ICs)
for safety-related applications
DAY 1: fundamentals of functional safety
•
•
•
•
•
Introduction
o Reliability vs Safety vs Availability vs Security;
o Why functional safety in ICs is important
o Overview of functional safety standards with main differences
o Fault, Error, Failure; random vs systematic failures; combination of failures (multiple,
cascading etc); safe - dangerous failures; safe state; fail safe vs fail operational systems
o “Black box” vs “White box” approach
IEC61508 overview
o IEC61508 Safety Life Cycle; the EUC and EUC control system; the safety function; the risk
graph; the SIL determination (with examples); the safety requirements
o IEC61508 at system level, at HW level, at SW level: requirements, types of analysis,
verification, validation and testing
o Introduction on IEC61508 metrics: Type A vs Type B systems, low/high demand mode,
diagnostic coverage, safe failure fraction, Beta and BetaIC factor, average frequency of
failures per hour (PFH and PFD)
o Hardware fault tolerance; architectures 1oo1, 1oo2, 1oo2D, 2oo2 etc; SIL decomposition;
interference freeness
ISO26262 overview
o ISO26262 Safety Life Cycle; the item; the safety goal; the hazard and risk analysis; ASIL
determination (with examples); the functional safety concept and related requirements
o ISO26262 at system level, at HW level, at SW level: requirements, types of analysis,
verification, validation and testing
o Introduction on ISO26262 metrics: HW architectural and absolute metrics (PMHF, cut-set)
o Coexistence of elements; dependent failures analyses; ASIL decomposition
o Distributed development; Developer Interface Agreement (DIA); Safety Elements out of
Context (SEooC)
o How to apply ISO26262: the ISO26262 part 10 and related guidelines
Functional Safety Management
o the safety plan; criteria for independence; confirmation measures;
o the Verification&Validation (V&V) model
o configuration and change management; verification
About certification
o Certification in IEC61508 and ISO26262
o Certification authorities and certification flows
DAY 2: how to design ICs for safety-related applications
•
•
•
Focus on HW random failures
o Permanent, transient, intermittent faults
o Technology trends; possible sources for failure rates (handbooks etc)
o Dependent failures and Common-Cause Failures (CCF): Methods for qualitative and
quantitative analysis of dependent failures and CCF; Diversity
o EMC requirements
Computing IEC61508 and ISO26262 metrics for ICs
o Process Safety Time, Fault tolerant time interval, multiple point fault detection interval etc…
o SIL and ASIL decomposition theory applied to integrated circuits, with examples
o Computing IEC61508 metrics (SFF, DC, PFH) for ICs
o Computing ISO26262 metrics (DC, SPFM, LFM and probability of violation) for ICs
HW design recommendations
o Review of IEC61508 and ISO26262 recommendations for HW
o How to consider analogue circuits
This document is confidential and proprietary to YOGITECH SPA. Do not disclose its content, copy, reproduce or
distribute without permission.
•
•
•
Focus on HW systematic failures
o Development process of ICs according IEC61508 and ISO26262
o Example of a checklist for the design process of a safety-related IC;
Focus on SW and relationship with HW
o Handling HW & SW interface
o SW design, implementation, testing and integration
o Qualification of SW tools
Safety documentation for integrated circuits
o Key safety documents according IEC61508 and ISO26262; the Safety Manual
DAY 3: Examples
•
•
•
Overview of tools and methods to analyze safety-related ICs
o Survey of commercial tools for FTA/FMEA/FMEDA/FMECA
o YOGITECH’s fRMethodology overview
Phase A1: concept analysis (HL-FMEA, preliminary fRFMEA)
Phase A2: design analysis (fRFMEA and fRFI)
Phase A3: final implementation analysis (special faults injection)
Overview of HW/SW architectures for safety-related ICs
o SW-based approaches, Asymmetric redundancoies ( “Question & Answer” architecture,
fRIPs); Homogenous redundancies (Dual Core Lock Step, Triple Modular); Comparison
o Examples about bus, memory, peripherals, infrastructure (clock/reset/power),
communication protocols
o Examples of Common-Cause Failures detection/avoidance measures
Working on a customer example
o Example of analysis (using fRMethodology) of a customer circuit according IEC61508
o Open discussion
CV of the teacher:
Riccardo Mariani, CTO of YOGITECH SPA.
Riccardo Mariani was born on 1968 at Cascina (Pisa, Italy). It holds a “cum laude” degree in Electronic Engineering from Pisa University
(Italy) as also a Ph.D. in Microelectronics from the same University. Riccardo won SGS-Thomson Award for best microelectronic degree
and Enrico Denoth Best Engineering Award for best research in microelectronic at Pisa University. Before founding YOGITECH, he
was: VLSI designer and CAD laboratory responsible of Centro TEAM (a VLSI design centre spin-off of Pisa University); consultant of
Italtel-Siemens (office of Parma, Italy) for VLSI designs; VLSI designer, coordinator of digital circuit projects and eventually technical
director of Aurelia Microelettronica, a company designing electronics for nuclear physics experiments and satellites. In that period, he
was often at CERN (Geneva, CH) working on microelectronics projects, being responsible of the design of fault-tolerant microelectronic
circuits in the framework of FERMI project. On august 2000, he was co-founder of YOGITECH, acting at first as responsible of R&D and
then as Chief Technical Officer. He is the inventor of YOGITECH's faultRobust, a technology for addressing and achieving fault
robustness in Integrated Circuits on which he holds several patents. In the framework of faultRobust service and product line, he is
currently working with many silicon vendors, Tier1 and OEM in the automotive, industrial, railway and medical sector, both in Europe,
US and Japan. His activity is focusing on the specification and design of integrated circuits and IPs for safety critical systems, in
accordance with IEC61508, ISO26262 and EN50128/9 international norms. He is member of the ISO/TC22/SC3/WG16 (ISO26262)
Italian and international committee with special focus on the part 5 working group (definition of HW normative) and part 10 (about “how
to apply” ISO26262). In the ISO26262 international working group, he is responsible of writing a guideline for microcontrollers and
integrated circuits. His activity includes as well the interaction with certification bodies as also holding classes and trainings for
customers about functional safety applied to Integrated Circuits. He has authored many papers related to High-Reliability Circuits,
Design for Testability, Advanced Design Techniques and Asynchronous Circuits.
This document is confidential and proprietary to YOGITECH SPA. Do not disclose its content, copy, reproduce or
distribute without permission.