The dramatic growth in processors used in Advanced Driver Assisted Systems (ADAS) semiconductors can be seen in Figure 4. The need for more intelligence and programmable control means there is now an even bigger demand for using a programmable processor in place of either discrete logic or pre-programmed state machines.
To enable semiconductor vendors to build processor-based chips targeted at ISO 26262 safety-critical applications, a new approach is needed in the development of processor IP for that market. Not only does the technology in the product have to change, but the development process and safety culture within the company has to align with the goals of the ISO 26262 standard.
Synopsys has a quality management system that helps deliver the highest quality IP to our customers. To adhere to the specific requirements of building processor IP for ISO 26262-based systems, Synopsys consulted with third-party automotive safety certification experts such as SGS-TÜV Saar to help ensure that our existing development processes and product lifecycle management were aligned with ISO 26262 compliance.
To address the needs of ISO 26262 applications, Synopsys also added hardware safety features into the processor core itself. These features provide the hooks to facilitate the design of a safety-oriented chip architecture at the IP level. This safety-oriented chip architecture becomes an ISO 26262-friendly baseline to run the safety-critical software. All of these integrated features ease the chip design process and ultimately shorten the development time and cost of safety systems.
Here is a list of the hardware features that enable the DesignWare® ARC® EM Safety Enhancement Package (SEP) processor to achieve ASIL D readiness:
- Error detection and correction logic
- ECC: Detects single-bit and double-bit data and address errors with the option to correct
- Parity: Detects single-bit errors
- Hardware stack protection: Checks overflow and underflow of reserved stack space
- Code protection: Hardware means to block read and write to code space
- Programmable watchdog timer: Safety-related version of timer 0/1 used to detect and recover from a deadlock situation
- Lock-step interface: Can be used to implement a dual-core lock-step architecture
- Memory protection unit: Defines variable regions and assigns access attributes. The different protection schemes may be combined to achieve several levels of protection against malicious or misbehaving code in critical applications
Synopsys also provides the DesignWare ARC MetaWare Development Toolkit for software development. The ARC MetaWare Compiler, a part of the toolkit, includes a Software Safety Manual and Software Safety Guide that are certified ASIL D-ready by SGS-TÜV Saar for ISO 26262-compliant software development. This eases the development and certification process for silicon vendors and/or the OEM. Software developers complying with Synopsys’ safety documentation during product development do not need to further qualify the compiler themselves, saving them effort and cost.
Synopsys provides other products to ease the development of an ISO 26262-compliant design, including tools to help with simulation, requirements tracking and automated documentation creation. For example, Synopsys’ Saber is used for simulating automotive electrical system and subsystem applications and helps automotive companies achieve compliance with the ISO 26262 standard through automated fault analysis as well as a robust design verification flow.
Synopsys’ VCS® functional verification solutions includes Verification Planner, which offers continuous requirements tracking throughout the design and verification process to help provide comprehensive documentation for projects requiring certification support. Verification Planner supports safety certification by:
- Allowing low-level data from a design verification environment (such as whether tests pass or fail, functional and code coverage, assertion results and other metrics) to be associated with user-defined features;
- Enabling user-defined features to be linked with sections of documents maintained within a requirements management process; and
- Using verification overlays to enable the encapsulation of higher level certification requirements such as ISO 26262. When a specification identifies a rule such as ‘all tests must pass’, that goal can be applied to Verification Planner features. The results of those goal evaluations can then supply the information needed to determine which requirements are adequately verified.
By leveraging Verification Planner’s metric analysis and tracing process, designs have the audit information required to achieve ISO 26262 compliance.