Various problems occur in the LSI development compliance with functional safety standards. This blog will describe 3 typical customer issues and the tips to address them.
- Unexpected increase of LSI development period and cost from the original plan
When developing an LSI compliant with functional safety standards, the period and cost may increase unexpectedly with respect to the original plan. In particular, when introducing functional safety for the first time, the period and cost may increase up to 2 times even though the plan taking functional safety into consideration has been created. These are often due to a new phase called Safety Concept, which is a unique to functional safety. The Safety Concept determines the requirement specifications of architecture-level safety design and safety mechanism. Since the functional safety standard itself is a standard for systems, board circuits, and software, abundant experience in LSI developments compliant with functional safety standards is required to create the development plan and manage the works in the Safety Concept. This also applies to the design and verification phases. (The issues in the design and verification phases will be described in the next blog.) Especially in the Safety Concept, the factors that unexpectedly increase the period and cost are as follows:
- The safety requirement specifications based on the LSI development specifications may not be sufficiently prepared for the safety requirements from the user's system perspective.
- The requirement specifications of safety functions may not be appropriately prepared for the “abstract” safety mechanism requirements described in the standards.
- Traceability may be inconsistent between safety requirements, safety mechanism requirement specifications, and LSI development specifications that support functional safety, which causes iterations.
Based on a rich track record of functional safety specialized in LSI development, Vtech offers a short-term introduction of the Safety Concept and the requirement specification creation for safety mechanisms considering the circuit scale.
- Difficult to develop an automotive Application Specific Standard Product (ASSP) without safety requirements from end customers.
The safety requirement specifications of an automotive ASSP to be independently planned and developed should be created in-house, based on use cases of the ASSP. Safety Element Out of Context (SEooC), which is described in Part 10 of the ISO26262-2018, is used to infer the top-level safety requirements. Fig. 1 shows the assumptions for SEooC development.
Fig. 1 Relationship between assumptions and SEooC development
In some cases, the end customer owns a database of use cases, however, it may be not usable as is, , and the use cases may be reconsidered from the viewpoint of functional safety. In addition, based on the ISO26262 standard, the malfunction factors should be derived from the use cases.
Both application-level know-how and ISO26262 knowledge are required to create safety requirements for LSI development. Since its founding, Vtech has accumulated the expertise through over 1,000 LSI development projects for various types of applications. The Vtech engineers qualified as Functional Safety Engineer with rich LSI development experience support customers to create the safety requirement specifications, which are consistent with use cases of the system used.
- Not familiar with the organizational structure, organizational management, and implementation items for development.
In order to develop an LSI compliant with ISO26262 standard, it is necessary to establish the safety management team inside development projects led by a Functional Safety Manager. And, d the safety management team should be independent from development projects, as required by the ISO26262 standard. The safety management team outside of development projects are generally under the control of a company-wide common department. These teams also create standard functional safety regulations, functional safety audits, functional safety assessments and human resources management related to functional safety projects. In development projects, based on the ISO26262 standard, the functional safety teams inside and outside of development projects should cooperate with each other and clarify the sharing of responsibilities.
Vtech supports the optimal organizational structure and operation of our customers by assigning engineers qualified as Functional Safety Manager and Functional Safety Engineers with track record in functional safety operations inside and outside the projects.
Fig. 2 Organizational structure required by ISO26262, and the positioning of safety management teams
Please feel free to contact us for more details.
Next time, we will introduce challenges related to ASIL level support, safety mechanism specification and design, verification method and quantitative report creation.