The LSI development to achieve functional safety compliant with ISO26262 standard has three processes from Safety Concept to Design to Verification. This article describes the overview of Safety Concept, which is a unique process to the functional safety standard.
In the Safety Concept process, shown in Fig. 1, safety analysis and architecture-level safety design are performed based on the Technical Safety Requirements, TSR (derived from the development object from the system perspective) and the LSI development requirements.
In the safety analysis step, Failure Mode and Effect Analysis (FMEA) are used to identify the failure mode of components and their effects on higher-level items in order to find imperfections and potential defects in the design. And, Fault Tree-style Analysis (FTA) is used to determine whether subordinate item or external event, or combination of these fault modes can cause the defined fault mode.
In the architecture-level safety design process, potential defects of built-in functions and subordinate items (elements) that cause fault mode are identified from the FMEA table and FTA diagram, and safety mechanisms are inserted to subordinate items that cause fault mode at the architecture level for taking measures to shift to a safe state for defects.
A Hardware Safety Requirements (HSR) is created for safety design results with input from LSI development requirements. The items described in HSR are as follows.
• Explanation of safety mechanism
- Detection and control method of internal failure
- Robustness of external failures, such as failures caused by interfaces
- Usefulness of safety mechanism for detecting faults in external elements
• Support for warning and degeneracy concepts
- Send a signal to the driver and other system elements when a fault is detected
- Detection and control of latent faults
- Hardware metric target value specifications
- Probability Metric for random Hardware Failure (PMHF)
- Single point fault metric, latent fault metric
• Intended function
- Functional specifications
• Hardware element verification criteria
- Environmental condition
- Operating environment
• Hardware component specific requirements
- Verification of evaluation of hardware elements
- Component verification / testing
Fig. 1 Safety Concept process overview
In order to achieve functional safety in LSI development, it is also necessary to build the organizational chart shown in Fig. 2 based on ISO26262 standard. Safety Concept is the most critical process where the contents described above are carried out and the first step in the LSI development. Architectural level design experience and functional safety knowledge are required to perform Safety Concept. Vtech experienced design engineers qualified for FSM and FSE support customer projects.
Fig. 2 Organizational structure required by ISO26262 standard
Next time, issues in developing LSIs that support functional safety and how to deal with them will be introduced.