What to expect from your

chip or IP provider
GUIDANCE OF ISO 26262 TO SEMICONDUCTORS
A N N A R B O R , M I U S A 11 - 1 4 J U N E 2 0 1 8

KURT SHULER ALEXIS BOUTILLIER

Vice President, Marketing Functional Safety Manager and
Arteris IP Applications Manager
kurt.shuler@arteris.com Arteris IP
alexis.boutillier@arteris.com
Abstract
This sessions provides “lessons learned” regarding the ISO 26262 deliverables that Tier-1s and
semiconductor vendors should expect from their suppliers.
Practical advice is given regarding DIA and Safety Manual contents, as well as FMEDA
expectations for configurable IP.

11 June 2018 Copyright © 2018 Arteris IP 2

The world from our perspective: Configurable IP
CPU Subsystem Design-Specific Subsystems
Application IP Subsystem
DSP Subsystem (A/V) AES
A57 A57 A53 A53
IP IP IP IP IP IP 2D GR.
GPU Subsystem
A57 A57 A53 A53 MPEG
3D Graphics Subsystem Interconnect Subsystem Interconnect

L2 cache L2 cache IP IP IP IP IP IP H.265

Ncore™ Cache Proxy $

CMC Coherent Interconnect FlexNoC® Non-coherent Interconnect InterChip Links

CodaCache™
WiFi HDMI
LLC
CRI
GSM Crypto MIPI
Firewall (PCF+)

Memory Scheduler Subsystem Interconnect LTE Display

LTE Adv. RSA-PSS

Memory Controller PMU
USB 3 Cert.
PCIe Ethernet
USB 2 Engine
LP DDR Wireless Subsystem JTAG
Wide IO
DDR4
PHY Security Subsystem I/O Peripherals
PHY PHY
3.0, 2.0
PHY PHY
High Speed Wired Peripherals Arteris IP FlexNoC non-coherent interconnect IP
Memory Subsystem Arteris IP Ncore cache coherent interconnect IP
Arteris IP CodaCache last level cache IP

11 June 2018 Copyright © 2018 Arteris IP 3

Semi-autonomous vehicles with Arteris IP inside

2018 Mercedes S-Class 2018 Audi A7

Dashboard console, Renesas ADAS, Mobileye & Intel / Altera

Intel / Altera Mobileye

Cyclone V FPGA EyeQ3 SoC

2017 Scania Buses & Trucks 2018 DJI Mavic Air

ADAS, Mobileye Semi-Autonomous Control

11 June 2018 Copyright © 2018 Arteris IP 4

The 3 key deliverables

Development Failure Mode

Interface Safety Manual Effects & Diagnostic
Agreement (DIA) Analysis (FMEDA)

11 June 2018 Copyright © 2018 Arteris IP 5

Purpose of DIA
• “Agreement between customer and supplier in which the responsibilities for activities, evidence
or work products to be exchanged by each party are specified“
• Reference document for all other documents delivered to or expected by the customer

11 June 2018 Copyright © 2018 Arteris IP 6

DIA “gotchas”
• ISO 26262 tailoring
– SEooC definition, context, Assumptions of Use
(AoU) and claims
– Don't wait until later to educate!
• Set expectations and responsibilities
– Ensure understanding of who is doing what and
when
– Which parts of ISO 26262 are out of scope
– Any third parties involved (contractors and
assessors) - NDAs
11 June 2018
• Expectations for third-party components
or parts of design external to the IP
– Embedded RAM libraries, etc.
• Listing of ALL other documents to be
delivered
– Not just FuSa-specific documents!
– Schedule for new features, verification results,
architecture docs
– i.e., more than you probably intended to
share (So plan for it and agree upfront!)
Copyright © 2018 Arteris IP 7
Define scope in the DIA
SEOOC SOFT IP ASIL TAILORING 2.4 – 2.6 Management of Functional Safety

3.5 Item definition

• Part 6 (SW) is out of scope
Fully applicable

concept phase
Initiation of Safety Life
3.6
• Part 4 (Product Development System) Partially applicable
Cycle

partially out of scope Hazard Analysis and

Not applicable 3.7
Risk Assessment

• Part 5 (HW) partially out of scope Concept

Functional
of Functional
Safety
3.7
3.8 Concept
Safety
– For soft IP (RTL) out of system
context, the severity of a fault is

product development
4 Product Development
Other Driver External
unknown System
Technologies Controllability Measures
(and Usability)
– Reporting strategy can include 7.4 Planning of Production
5
Hard-
ware
6
Soft-
ware
capability to report more detail on Planning of Operation,
7.5
which sub-part(s) detect the fault. Service and Decom.
4.11 Release for SOP

• This is increasingly important

to enable fail operational at after SOP
7.4 Production
SoC and then system level. Back to appropriate
lifecycle phase
• System can then take a better 7.5
Operation, Service and
Decommissioning
decision based on its usage of
the IP 8.4 – 8.15 Supporting Processes 9.4 – 9.8 ASIL and safety-oriented Analyses

Source: Exida

11 June 2018 Copyright © 2018 Arteris IP 8

Safety Manual
• Safety Manual is key to explain system expectation
– Customer FSM and system architect will read the safety manual to understand the requirements to use
vendor IP in a safe way
– For configurable IP, need to detail the configurability options and effects, and relate to system safety
requirements. Contents that cause discussions
– Safety architecture & System architecture
• Be prepared to show detailed source documents (IP issues)
– Safety analysis – Including FMEA and DFA
• Be able to explain HOW you arrive at your conclusions
• See yesterday’s presentation for more info!
– AoU
• What IP is safety-related and has safety requirements?
• Integrators relate IP safety requirements & mechanisms to their higher-level safety concept & goals

11 June 2018 Copyright © 2018 Arteris IP 9

Example safety manual contents

11 June 2018 Copyright © 2018 Arteris IP 10

Safety manual “gotchas”

Intellectual Split into general concepts/info and detailed ones

property (IP) Refer to separate, more detailed docs
issues • Can be reviewed by customer in a clean room to ensure no IP leakage issues

Educate & Explain – your IP or chip is different than others and may be new to your customer
Architecture • Methodology & Decomposition
& Analysis • Failure modes and FMD
Build trust in your approach of analysis

Assumptions No surprises if agreed at DIA stage

of Use (AoU) Changes require negotiation (consequences, who does what)

11 June 2018 Copyright © 2018 Arteris IP 11

FMEDA for configurable, soft IP (RTL)
• For configurable IP, must provide means for customer to perform own analysis of own custom
implementation
– “Pay this FuSa consultancy to do the work…” is not acceptable!

• FMEDA is as good as your analysis and its

applicability to the integrator's design
See yesterday’s
– IP modularity and hierarchy are necessary to help
structure and automate analysis presentation for more info!

– Also helps FuSa validation through fault injection

campaigns

• SPFM, LFM and FMD can be calculated for soft IP

– FIT rate is based on customer’s semiconductor technology process
11 June 2018 Copyright © 2018 Arteris IP 12
 FMEDA validation through automated fault injection
Configurable
Interconnect IP
FMEDA template Project Definition
File
Failure modes

List of RTL elements

=? cc =? cc
associated with each
failure mode

Safety Controller
Internal Internal Fault Latent fault Mission fault
Failure reporting injection injection
observation observation points points
points points

=? cc =? cc =? cc
Fault Simulator

11 June 2018 Copyright © 2018 Arteris IP 13

Conclusion

Be prepared to answer this question!

“How are you going to help me

get my system accepted by
my customer?”

11 June 2018 Copyright © 2018 Arteris IP 14

Thank you!
KURT.SHULER@ARTERIS.COM
ALEXIS.BOUTILLIER@ARTERIS.COM