SlideShare a Scribd company logo

Design reliability 2.0: Safety is Everything

A
Amir Rahat

Foils of a presentation given at HVC 2016 in Haifa, Israel on November 14, 2016. Introduction see: https://www.linkedin.com/pulse/design-reliability-20-safety-everything-amir-rahat The video is available in https://youtu.be/2Q3YeDrW4lY

Design
1 of 45
Download to read offline
Design Reliability 2.0: Safety Is Everything Amir Rahat, VP R&D, Optima Design Automation
© Optima Design Automation ENIAC (1946) IBM 7070 (1958) DEC PDP-8 (1965) Apple I (1976) IBM PC/AT (1984) All pictures source: Wikimedia Apple PowerBook 540c (1994) The 2nd Half Of The 20th Century 2
© Optima Design Automation Apple iPhone 1 2007 Autonomous car – mid 2020’s The 21st Century DJI Mavic Pro Drone (2016) 3 All pictures source: Wikimedia
© Optima Design Automation The Future Seeing-eye robot Self-adjusting furniture Cyborg organs and limbs Danger sensing, preventing & reporting Robotic nanny Old-people companion Automatic dog-walker Physical-object computer games Automated home delivery & storage Voice-controlled real-life 4 All pictures source: Wikimedia
We Are At The Tipping Point: The Computers are fleeing their cages • Moving into the real world entails new responsibilities • “First, do no harm” • Safety moves from a negligible aspect to the most important one • New threats: liability, criminal negligence, jail, death-toll • The tectonic shift will be even bigger than the shift into low-power 5© Optima Design Automation The stakes have gone up dramatically. We need to rethink our methodologies. Picture source: Wikipedia
The Automotive Industry Is Leading The Way • Perfect example of computers in the real world • Stepping-stone development through the different levels • Level 1-3 already implemented • Safety standard published in 2011 • ISO-26262: Road vehicles - Functional safety • Second revision underway, due 2018 • First ISO-26262 uProcessor certification in 2012 • Freescale MPC5643L certified by Exida © Optima Design Automation Picture source: sae.org 6
New Validation Paradigms: Facets of Trustworthiness • Safety: The ability to operate without causing harm to anything or anyone • Reliability: The ability to operate correctly • Availability: The ability to operate whenever required • Resilience: The ability to safely withstand hazards posed by nature • Security: The ability to overcome hazards posed by malice or accident © Optima Design Automation Adapted from The Trustworthy Software Framework, http://tsfdn.org/ts-framework/ Also see dependability; RAMS (acronym for Reliability, Availability, Maintainability, and Safety) 7 Note: These may sometimes conflict. Need to reach the correct balance
Mapping Trustworthiness to Automotive Safety • ISO-26262 addresses: • Safety: The ability to operate without causing harm to anything or anyone • Availability: The ability to operate whenever required • Resilience: The ability to safely withstand hazards posed by nature • A future standard on SOTIF (Safety Of The Intended Function) addresses: • Reliability: The ability to operate correctly • A future ISO/SAE standard on Security Process addresses: • Security: The ability to overcome hazards posed by malice or accident © Optima Design Automation 8
What Does All This Mean For You? • This is new to the computing/smartphone industry • Reinventing the design methodology… again… • Remember the low power revolution? • Based on System Engineering • Safety is a mindset… • ISO 26262 standard: “Road vehicles — Functional safety” • Adaptation of IEC 61508 generic “everything” safety standard • And then there are all these other safety standards: 9© Optima Design Automation Picture source: Pixabay • • • • IEC 62304 (Medical device software) • IEC 61511 (For the process industry sector) • IEC 61513 (Nuclear power plants safety) • IEC 62061 (Safety of machinery) • ISO 13849 (Safety of machinery) • EN 5012x (Railways) • DO-178 (Aviation) • DO-254 (Aviation) • IEC 60730 (household/white goods) • IEC 61800 (power drive) • IEC 60601 (medical equipment) • MIL-STD-882E (DoD) • FMVSS (Federal Vehicle Safety) • AUTOSAR (SW) • MISRA C (SW) • • • You need to think about safety
• It all starts with system-engineering & structured methodology • So let’s get started… 10© Optima Design Automation Balancing Cost Vs. Safety Navigating the forest of standards All pictures source: Wikimedia
End of the exposition Next: what can the Automotive industry teach us? 11© Optima Design Automation
What System Safety Does US-NHTSA Require? • Ensure fail-safe • Follow industry standards (ISO-26262) and relevant & applicable standards and processes from aviation, space, military, etc. • Do hazard analysis and safety risk assessment at all levels • Provide redundancies & safety strategies for system malfunction • Enforce proper software development process, verification and validation • Monitor the evolution, implementation, and safety assessment of AI, machine learning,... • Link Design decisions to the assessed risks impacting safety-critical system functionality • Test, validate and verify everything both as individual subsystems and as part of the entire vehicle architecture • Fully document the entire process with traceability 12© Optima Design Automation https://www.transportation.gov/sites/dot.gov/files/docs/AV%20policy%20guidance%20PDF.pdf p.20
ISO-26262 Basics • ISO-26262 defines functional safety as the: “Absence of unreasonable risk due to hazards caused by malfunctioning behaviour of E/E systems” • Risks come from systematic failures and random hardware failures • Process-based approach: • Functional safety management, verification, validation, confirmation and relations with suppliers 13© Optima Design Automation ISO-26262: a process to lower risks below a preset threshold
The Process: The 26262 Safety Lifecycle 14 © Optima Design AutomationPicture source: ISO-26262
Required HW Product Development Process Steps 1510/19/2016 © Optima Design Automation Picture source: ISO-26262
The Stages Of ISO-26262 Risk Analysis 1. Identify the hazards and assess the risks of each one • Likelihood, potential damage, etc. 2. Classify the hazards into buckets based on 3 criteria: • Severity of possible injuries • Exposure to the possibility of the hazard happening • Controllability by the driver to prevent the injury (e.g., 0 for automatic cars) • Each bucket gets a budget of acceptable risk 3. Specify safety mechanisms that mitigate unacceptable risks by: • Preventing risks; or • Detecting & reacting to emerging risks 4. Analyze the design and determine its residual safety level • Is it safe enough for the task at hand? 16© Optima Design Automation This is the key to ISO-26262 functional safety Pictures source: Pixabay, fantasticpixcool, Wikimedia
1. Identify the hazards and assess the risks of each hazard 17© Optima Design Automation Malfunction and Identify and categorise hazards triggered by malfunctionsPictures source: Flickr, Pixabay, Wikimedia
A Cautionary Tale • GM had an ignition switch that turned from “run” to “accessory” when touched • What are the risks if an ignition switch suddenly turns off? • Car stalls on highway • No engine • Limited driver control • what else? • Unrelated, GM was concerned about airbags exploding while the car is parked • So they added a clever safety: airbag is inactivated when the switch is off • This combination caused 100-200 deaths in many accidents • Google “General Motors ignition switch scandal” © Optima Design Automation 18
19© Optima Design Automation Picture source: atlantamagazine.com
2. Classify the hazards into buckets based on 3 criteria • Exposure • E0: Incredible (e.g., an airplane landing on a highway) – Ignore! • E1: Very low probability • E2: Low probability (<1%) • E3: Medium probability (1-10%) • E4: High probability (>10%) • Severity (potential harm) • S0: No injuries (limited to material damage) – Ignore! • S1: Light and moderate injuries • S2: Severe and life-threatening injuries (survival probable) • S3: Life-threatening injuries (survival uncertain), fatal injuries • Controllability (ease to avoid) • C0: Controllable in general – Ignore! • C1: Simply controllable • C2: Normally controllable • C3: Difficult to control or uncontrollable 20© Optima Design Automation C1 C2 C3 S1 E1 QM QM QM E2 QM QM QM E3 QM QM A E4 QM A B S2 E1 QM QM QM E2 QM QM A E3 QM A B E4 A B C S3 E1 QM QM A E2 QM A B E3 A B C E4 B C D
Picture source: ISO-26262 3. Specify safety mechanisms that mitigate unacceptable risks
Functional Safety Requirements • Control internal failures of the hardware • Control or tolerate failures external to the element • Comply with the safety requirements of other elements • Detect and signal internal or external failures • Meet the target values for random hardware failures • Avoid specific behaviours • For example, “a particular sensor shall not produce an unstable output signal” • Implement the intended functionality (SOTIF) 22© Optima Design Automation
Sources Of Risk 24© Optima Design Automation Risk SWHW PermanentTransient Systematic failures Random HW failures Addressed by proper processes for requirements, design, engineering & management Addressed in the following foils 4. Analyze Your Design And Assess Its Safety Level
The Two Types Of Naturally-Occurring Faults Soft Error/Transient Fault Bit flip Hard Error/Permanent Fault © Optima Design Automation 25 Picture source: : shutterstock (licensed), intechopen, jes.ecsdl.org
The Two Types Of Naturally-Occurring Faults Soft Error/Transient Fault Bit flip • Mechanism: cosmic radiation flips a register logic value of • Effect: The register stays flipped until a new value is set • Detection: requires redundancy • Prevention of harm: • Hardening, e.g. more capacitance • Redundancy: 2X, 3X, 9X Hard Error/Permanent Fault • Mechanism: unexpected damage e.g. due to environment (heat, vibrations, dust) • Effect: the failure is permanent • Detection: frequent self-testing • Prevention of harm: • Graceful degradation • Redundancy: 2X, 3X, 9X © Optima Design Automation 26
© Optima Design Automation 27 Picture source: CNN, EETimes
Classification of Faults in safety-related HW Can it do any harm? It is a Safe Fault (SF, λS) Is it detected ? Is there a relevant SM? Is it perceived by the driver? It is a Detected Fault(λMPF,D) It is a Single-point Fault (SPF, λSPF) Is it detected by the SM? Is it perceived by the driver? It is a Residual Fault (RF, λRF) It is a Latent Fault (MPF,L λMPF,L) It is a Perceived Fault (λMPF,P) λ = λSPF + λRF + λMPF,D + λMPF,P + λMPF,L + λS Never By itself Only with other faults No No No Yes Yes Yes No No Yes Yes (SM = Safety mechanism) Failure rate (λ) is the frequency with which an engineered system or component fails, expressed in failures per unit of time. (Wikipedia) © Optima Design Automation 28
Q: How to tell how well we cope with random hardware failures? 5-8: HW Architectural Metrics • SPFM – Single-point fault metric: 1 - (λSPF + λRF) / λ • ≥90% for ASIL B, ≥97% for ASIL C, ≥99% for ASIL D • LFM – Latent-fault metric: 1 - λMPF,L / (λ - λSPF - λRF) • ≥60% for ASIL B, ≥80% for ASIL C, ≥90% for ASIL D A: Using two metrics: Computed with Diagnostic coverage or estimated © Optima Design Automation 29
Can it do any harm? It is a Safe Fault (SF, λS) Is it detected ? Is there a relevant SM? Is it perceived by the driver? It is a Detected Fault(λMPF,D) It is a Single-point Fault (SPF, λSPF) Is it detected by the SM? Is it perceived by the driver? It is a Residual Fault (RF, λRF) It is a Latent Fault (MPF,L λMPF,L) It is a Perceived Fault (λMPF,P) Never By itself Only with other faults No No No Yes Yes Yes No No Yes Yes (SM = Safety mechanism) SPFM – Single-point fault metric: 1 - (λSPF + λRF) / λ λ = λSPF + λRF + λMPF,D + λMPF,P + λMPF,L + λS ≥90% for ASIL B, ≥97% for ASIL C, ≥99% for ASIL D Failure rate (λ) is the frequency with which an engineered system or component fails, expressed in failures per unit of time. (Wikipedia) © Optima Design Automation 30
Failure rate (λ) is the frequency with which an engineered system or component fails, expressed in failures per unit of time. (Wikipedia) Can it do any harm? It is a Safe Fault (SF, λS) Is it detected ? Is there a relevant SM? Is it perceived by the driver? It is a Detected Fault(λMPF,D) It is a Single-point Fault (SPF, λSPF) Is it detected by the SM? Is it perceived by the driver? It is a Residual Fault (RF, λRF) It is a Latent Fault (MPF,L λMPF,L) It is a Perceived Fault (λMPF,P) Never By itself Only with other faults No No No Yes Yes Yes No No Yes Yes (SM = Safety mechanism) LFM – Latent-fault metric: 1 - λMPF,L / (λ - λSPF - λRF) λ = λSPF + λRF + λMPF,D + λMPF,P + λMPF,L + λS ≥60% for ASIL B, ≥80% for ASIL C, ≥90% for ASIL D © Optima Design Automation 31
5-9: Violations Due To Random HW Failures Is it under the target? For every safety goal: Sum the probabilities of all faults that can violate it Acceptable Safety level Unacceptable safety level - must be fixed NoYes 10-8 per hour: ASIL-D 10-7 per hour: ASIL-C/B © Optima Design Automation 32
Risk Mitigation Options • Error detection and correction schemas for memories and busses • Redundancy • Hard errors: SW or HW tests • Soft errors: flop hardening Amir Rahat, Optima Design Automation Ltd © All rights reserved © Optima Design Automation 33
In Out Err In Out Error Corrected Majority Gate Dual Error In Out Error Corrected Majority Gate Dual Error TMR • 2X = DMR = lockstep • Single error detection • No correction capability • >2X the costs • 3X = TMR • Single error correction • Dual error detection (if > single bit) • >3X the costs • 9X = TMR of TMR’s • Compares 3 implementations • Protects against design errors, too • >9X the costs ProtectionByRedundancy TMR TMR © Optima Design Automation 34
ProtectionByTest(HEonly) • Run a test (SW or HW) intermittently • Compare its results to the expected results • If the test fails – enter and maintain the safe state • Probability of error detection depends on: • Time to detection (=time between intermittent test runs) • Probability of detecting a fault (=test coverage) • Measurement of test coverage is required © Optima Design Automation 35
How Does Selective Hardening Work? Provided by the simulation Decided by the designer Based on flop selection & vendor datasheet Calculated Only works with accurate, reliable sensitivity results! Now, do the tradeoff © Optima Design Automation 36
Summary - Protecting The Design From Faults Memory or Logic? Pick appropriate ECC Redundancy OK? OK to implement Pick a redundancy mechanism SE or HE? (can do both) Focus on registers Focus on all nodes Need SE selective hardening Harden all flops Pick the right DFT technique Create a functional test Need HE coverage metric Is full hardening OK? Disruptive test OK? Memory Logic Too expensiveOK SE HE Unsafe OKOK expensive OK to implement, but expensive OK to implement, but expensive OK to implement, but disruptive © Optima Design Automation 37
© Optima Design Automation 38 Picture source: Pixabay
Simulation*-Based Analysis What do you need? How accurate should it be? Guess the impact (no way to check) Guard-band the results to account for errors Identify ways to improve coverage Guard-band the results to account for errors Identify ways to improve coverage Accurately calculate the resulting risks Collect accurate coverage data How accurate should it be? Use “expert opinion” to select flops to harden Partially simulate and select flops to harden Exhaustively simulate to select flops to harden Partially simulate and get an indication Exhaustively simulate to measure coverage HE Coverage metric Very accurate Sortof Notvery Sort of Very accurate * (including Emulation) SE Selective hardening Must run 1M flops, 200 errors per flop (= 200M simulations) in machine-weeks © Optima Design Automation 39
Report results Using Fault Simulations Design (RTL or Gate Level) in a HDL (Verilog or VHDL) Test environment (test-bench, SW or input values) Comparator SE Sensitivity Monitor: Did the fault impact a safety goal? Faulty Machine Simulator Good Machine Simulator HE Coverage Monitor: Was the fault detected? SE: Which flop flips and when? HE: Which node breaks and how? Fault details Report results © Optima Design Automation 40
Report results Using Fault Simulations Design (RTL or Gate Level) in a HDL (Verilog or VHDL) Test environment (test-bench, SW or input values) Comparator SE Sensitivity Monitor: Did the fault impact a safety goal? Faulty Machine Simulator Good Machine Simulator HE Coverage Monitor: Was the fault detected? Fault details Report results Repeat for all relevant faults (assuming you know them…) © Optima Design Automation 41
CAD/EDA – Automatic Safety • Manage the specification and implementation of Safety Requirements • Ensure design protection from faults, across all levels of hierarchy & IPs • Assist in selecting and applying the right safety goals • Taking into account the different types of design components • Calculate goal risk levels and safety metrics (e.g., SPFM & LFM) • Support all fault models, soft and hard • Simulate millions of faults quickly and accurately • Classify each fault to the correct category • Provide documentation for safety audits © Optima Design Automation 42
Optima’s Soft Error Safety Tool • Optima developed an EDA solution for Soft Errors • Based on an ultra-fast Fault simulator • Supports all the automation requirements mentioned • Runs 200M simulations in machine-weeks with 100% confidence • Manages the overall design flow • Follows the optimal safety methodology • Creates an exhaustive campaign • Runs it and generates reports • Enables selective hardening with easy tradeoff what-ifs • Generates all the 26262 metrics • The only comprehensive soft-error safety tool available • Hard Error support to be released soon © Optima Design Automation 44
The Work Flow In A Nutshell • To best balance safety and costs, follow this flow: Specify the HW Safety Requirements At all design revisions & abstraction levels: Classify the Faults in the safety-related HW Compute the HW Architectural Metrics Optimize the tradeoff between FIT, area and power © Optima Design Automation 45
Summary – What Did We learn? • The Computers are fleeing their cages and going in the real world • So safety moves from a negligible aspect to the most important one • This means reinventing the design methodology… again… • Must focus on Safety, Reliability, Availability, Resilience, Security • The automotive industry is leading the way - what can it teach us? • System-engineering & a process to lower risks below the threshold: 1. Identify the hazards and assess the risks of each one 2. Classify the hazards into buckets based on Severity, Exposure & Controllability 3. Specify safety mechanisms that mitigate unacceptable risks 4. Analyze the design and assess its residual safety level => verification and testing 46© Optima Design Automation Picture sources: Wikimedia, HVC
Questions? Thank you for your attention! amir@optima-da.com 47© Optima Design Automation

Recommended

Designing safe cars - meeting ISO-26262 functionas safety requirements
Designing safe cars - meeting ISO-26262 functionas safety requirementsDesigning safe cars - meeting ISO-26262 functionas safety requirements
Designing safe cars - meeting ISO-26262 functionas safety requirementsAmir Rahat
 
Why YOU should participate in the Israeli delegation to ISO-26262
Why YOU should participate in the Israeli delegation to ISO-26262Why YOU should participate in the Israeli delegation to ISO-26262
Why YOU should participate in the Israeli delegation to ISO-26262Amir Rahat
 
IEC 62061 introduction
IEC 62061 introductionIEC 62061 introduction
IEC 62061 introductionKoenLeekens
 
Functional safety case study for lithium-ion batteries - presentation by Dari...
Functional safety case study for lithium-ion batteries - presentation by Dari...Functional safety case study for lithium-ion batteries - presentation by Dari...
Functional safety case study for lithium-ion batteries - presentation by Dari...Torben Haagh
 
Functional integrity certification exida
Functional integrity certification exidaFunctional integrity certification exida
Functional integrity certification exidaKoenLeekens
 
IEC 61511 introduction
IEC 61511 introduction IEC 61511 introduction
IEC 61511 introduction KoenLeekens
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastrucCISEC
 
Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Embitel Technologies (I) PVT LTD
 

Recommended

Designing safe cars - meeting ISO-26262 functionas safety requirements
Designing safe cars - meeting ISO-26262 functionas safety requirementsDesigning safe cars - meeting ISO-26262 functionas safety requirements
Designing safe cars - meeting ISO-26262 functionas safety requirementsAmir Rahat
 
Why YOU should participate in the Israeli delegation to ISO-26262
Why YOU should participate in the Israeli delegation to ISO-26262Why YOU should participate in the Israeli delegation to ISO-26262
Why YOU should participate in the Israeli delegation to ISO-26262Amir Rahat
 
IEC 62061 introduction
IEC 62061 introductionIEC 62061 introduction
IEC 62061 introductionKoenLeekens
 
Functional safety case study for lithium-ion batteries - presentation by Dari...
Functional safety case study for lithium-ion batteries - presentation by Dari...Functional safety case study for lithium-ion batteries - presentation by Dari...
Functional safety case study for lithium-ion batteries - presentation by Dari...Torben Haagh
 
Functional integrity certification exida
Functional integrity certification exidaFunctional integrity certification exida
Functional integrity certification exidaKoenLeekens
 
IEC 61511 introduction
IEC 61511 introduction IEC 61511 introduction
IEC 61511 introduction KoenLeekens
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastrucCISEC
 
Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Embitel Technologies (I) PVT LTD
 
ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
 
Cost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety CaseCost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety CaseIQPC
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - Automotive IQ
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Tonex
 
S.steele functional safety ppt
S.steele functional safety pptS.steele functional safety ppt
S.steele functional safety pptSimon Steele
 
Functional safety standards_for_machinery
Functional safety standards_for_machineryFunctional safety standards_for_machinery
Functional safety standards_for_machineryie-net ingenieursvereniging vzw
 
HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?Embitel Technologies (I) PVT LTD
 
ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive Embitel Technologies (I) PVT LTD
 
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...John Kingsley
 
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeAn approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeBernhard Kaiser
 
TÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTorben Haagh
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation Living Online
 
Autonomous Industry Feedback
Autonomous Industry Feedback Autonomous Industry Feedback
Autonomous Industry Feedback amitgangwar2010
 
W09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-silsW09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-silsVo Quoc Hieu
 
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyAn integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyBernhard Kaiser
 
Shb900 rm001 -en-p
Shb900 rm001 -en-pShb900 rm001 -en-p
Shb900 rm001 -en-pVo Quoc Hieu
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systemsMowaten Masry
 
Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety StandardsDesign World
 
Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Oscar Slotosch
 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certificationPRQA
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"Alexander Much
 

More Related Content

What's hot

ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introductionKoenLeekens
 
Cost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety CaseCost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety CaseIQPC
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - Automotive IQ
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Tonex
 
S.steele functional safety ppt
S.steele functional safety pptS.steele functional safety ppt
S.steele functional safety pptSimon Steele
 
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...John Kingsley
 
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeAn approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeBernhard Kaiser
 
TÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTorben Haagh
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation Living Online
 
Autonomous Industry Feedback
Autonomous Industry Feedback Autonomous Industry Feedback
Autonomous Industry Feedback amitgangwar2010
 
W09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-silsW09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-silsVo Quoc Hieu
 
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyAn integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyBernhard Kaiser
 
Shb900 rm001 -en-p
Shb900 rm001 -en-pShb900 rm001 -en-p
Shb900 rm001 -en-pVo Quoc Hieu
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systemsMowaten Masry
 
Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety StandardsDesign World
 
Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Oscar Slotosch
 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certificationPRQA
 

What's hot (20)

ISO 26262 introduction
ISO 26262 introductionISO 26262 introduction
ISO 26262 introduction
 
Cost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety CaseCost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety Case
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019
 
S.steele functional safety ppt
S.steele functional safety pptS.steele functional safety ppt
S.steele functional safety ppt
 
Functional safety standards_for_machinery
Functional safety standards_for_machineryFunctional safety standards_for_machinery
Functional safety standards_for_machinery
 
HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?HARA ISO 26262: What is HARA and Why is it Required?
HARA ISO 26262: What is HARA and Why is it Required?
 
ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive ISO 26262 Unit Testing | Functional Safety in Automotive
ISO 26262 Unit Testing | Functional Safety in Automotive
 
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
 
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeAn approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyze
 
TÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architecturesTÜV SÜD on functional safety for multi-core architectures
TÜV SÜD on functional safety for multi-core architectures
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation
 
Autonomous Industry Feedback
Autonomous Industry Feedback Autonomous Industry Feedback
Autonomous Industry Feedback
 
W09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-silsW09 safety risk-assessments-pls-and-sils
W09 safety risk-assessments-pls-and-sils
 
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyAn integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safety
 
Shb900 rm001 -en-p
Shb900 rm001 -en-pShb900 rm001 -en-p
Shb900 rm001 -en-p
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
 
Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety Standards
 
Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262Qualification of Eclipse-based Tools according to ISO 26262
Qualification of Eclipse-based Tools according to ISO 26262
 
Achieve iso 26262 certification
Achieve iso 26262 certificationAchieve iso 26262 certification
Achieve iso 26262 certification
 

Similar to Design reliability 2.0: Safety is Everything

Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"Alexander Much
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldBrad Nicholas
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?Alan Tatourian
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart ManufacturingCSA Group
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systemsevatjohnson
 
How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsHow to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsIntland Software GmbH
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsAlan Tatourian
 
"Can We Have Both Safety and Performance in AI for Autonomous Vehicles?," a P...
"Can We Have Both Safety and Performance in AI for Autonomous Vehicles?," a P..."Can We Have Both Safety and Performance in AI for Autonomous Vehicles?," a P...
"Can We Have Both Safety and Performance in AI for Autonomous Vehicles?," a P...Edge AI and Vision Alliance
 
Managing securityforautomotivesoc
Managing securityforautomotivesocManaging securityforautomotivesoc
Managing securityforautomotivesocPankaj Singh
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Leveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge DevicesLeveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge DevicesICS
 
System-level Threats: Dangerous Assumptions in modern Product Security
System-level Threats: Dangerous Assumptions in modern Product SecuritySystem-level Threats: Dangerous Assumptions in modern Product Security
System-level Threats: Dangerous Assumptions in modern Product SecurityCristofaro Mune
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckSecurity Innovation
 
Developing functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroudDeveloping functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroudArm
 

Similar to Design reliability 2.0: Safety is Everything (20)

Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive software
 
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"
20160914 EuroSPI: "Automotive Security: Challenges, Standards and Solutions"
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT World
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart Manufacturing
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
 
How to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded SystemsHow to Achieve Functional Safety in Safety-Critical Embedded Systems
How to Achieve Functional Safety in Safety-Critical Embedded Systems
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical Systems
 
"Can We Have Both Safety and Performance in AI for Autonomous Vehicles?," a P...
"Can We Have Both Safety and Performance in AI for Autonomous Vehicles?," a P..."Can We Have Both Safety and Performance in AI for Autonomous Vehicles?," a P...
"Can We Have Both Safety and Performance in AI for Autonomous Vehicles?," a P...
 
Managing securityforautomotivesoc
Managing securityforautomotivesocManaging securityforautomotivesoc
Managing securityforautomotivesoc
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCL
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
Leveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge DevicesLeveraging Artificial Intelligence Processing on Edge Devices
Leveraging Artificial Intelligence Processing on Edge Devices
 
System-level Threats: Dangerous Assumptions in modern Product Security
System-level Threats: Dangerous Assumptions in modern Product SecuritySystem-level Threats: Dangerous Assumptions in modern Product Security
System-level Threats: Dangerous Assumptions in modern Product Security
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
 
Developing functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroudDeveloping functional safety systems with arm architecture solutions stroud
Developing functional safety systems with arm architecture solutions stroud
 

Recently uploaded

Minimalist Orange Portfolio by Slidesgo.pptx
Minimalist Orange Portfolio by Slidesgo.pptxMinimalist Orange Portfolio by Slidesgo.pptx
Minimalist Orange Portfolio by Slidesgo.pptxbalqisyamutia
 
Dahisar Comfortable Call Girls ,09167354423,Mira Road Model Call Girls
Dahisar Comfortable Call Girls ,09167354423,Mira Road Model Call GirlsDahisar Comfortable Call Girls ,09167354423,Mira Road Model Call Girls
Dahisar Comfortable Call Girls ,09167354423,Mira Road Model Call GirlsPriya Reddy
 
Aminabad * High Profile Escorts Service in Lucknow Phone No 9548273370 Elite ...
Aminabad * High Profile Escorts Service in Lucknow Phone No 9548273370 Elite ...Aminabad * High Profile Escorts Service in Lucknow Phone No 9548273370 Elite ...
Aminabad * High Profile Escorts Service in Lucknow Phone No 9548273370 Elite ...HyderabadDolls
 
Just Call Vip call girls Kasganj Escorts ☎️8617370543 Two shot with one girl ...
Just Call Vip call girls Kasganj Escorts ☎️8617370543 Two shot with one girl ...Just Call Vip call girls Kasganj Escorts ☎️8617370543 Two shot with one girl ...
Just Call Vip call girls Kasganj Escorts ☎️8617370543 Two shot with one girl ...Nitya salvi
 
Top profile Call Girls In eluru [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In eluru [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In eluru [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In eluru [ 7014168258 ] Call Me For Genuine Models We ...gajnagarg
 
一比一原版(WLU毕业证)罗瑞尔大学毕业证成绩单留信学历认证原版一模一样
一比一原版(WLU毕业证)罗瑞尔大学毕业证成绩单留信学历认证原版一模一样一比一原版(WLU毕业证)罗瑞尔大学毕业证成绩单留信学历认证原版一模一样
一比一原版(WLU毕业证)罗瑞尔大学毕业证成绩单留信学历认证原版一模一样awasv46j
 
Top profile Call Girls In Meerut [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Meerut [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Meerut [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Meerut [ 7014168258 ] Call Me For Genuine Models We...gajnagarg
 
怎样办理莫纳什大学毕业证(Monash毕业证书)成绩单留信认证
怎样办理莫纳什大学毕业证(Monash毕业证书)成绩单留信认证怎样办理莫纳什大学毕业证(Monash毕业证书)成绩单留信认证
怎样办理莫纳什大学毕业证(Monash毕业证书)成绩单留信认证ehyxf
 
Kondapur ] High Profile Call Girls in Hyderabad (Adult Only) 9352988975 Escor...
Kondapur ] High Profile Call Girls in Hyderabad (Adult Only) 9352988975 Escor...Kondapur ] High Profile Call Girls in Hyderabad (Adult Only) 9352988975 Escor...
Kondapur ] High Profile Call Girls in Hyderabad (Adult Only) 9352988975 Escor...manjugarg389
 
Pondicherry Escorts Service Girl ^ 9332606886, WhatsApp Anytime Pondicherry
Pondicherry Escorts Service Girl ^ 9332606886, WhatsApp Anytime PondicherryPondicherry Escorts Service Girl ^ 9332606886, WhatsApp Anytime Pondicherry
Pondicherry Escorts Service Girl ^ 9332606886, WhatsApp Anytime Pondicherrymeghakumariji156
 
Top profile Call Girls In Mysore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Mysore [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Mysore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Mysore [ 7014168258 ] Call Me For Genuine Models We...gajnagarg
 
❤️ Call Girls Service Amritsar Call Girls (Adult Only) 💯Call Us 🔝 6378878445 ...
❤️ Call Girls Service Amritsar Call Girls (Adult Only) 💯Call Us 🔝 6378878445 ...❤️ Call Girls Service Amritsar Call Girls (Adult Only) 💯Call Us 🔝 6378878445 ...
❤️ Call Girls Service Amritsar Call Girls (Adult Only) 💯Call Us 🔝 6378878445 ...vershagrag
 
Abortion pill for sale in Muscat (+918761049707)) Get Cytotec Cash on deliver...
Abortion pill for sale in Muscat (+918761049707)) Get Cytotec Cash on deliver...Abortion pill for sale in Muscat (+918761049707)) Get Cytotec Cash on deliver...
Abortion pill for sale in Muscat (+918761049707)) Get Cytotec Cash on deliver...instagramfab782445
 
Call Girls Jalaun Just Call 8617370543 Top Class Call Girl Service Available
Call Girls Jalaun Just Call 8617370543 Top Class Call Girl Service AvailableCall Girls Jalaun Just Call 8617370543 Top Class Call Girl Service Available
Call Girls Jalaun Just Call 8617370543 Top Class Call Girl Service AvailableNitya salvi
 
How to Create a Productive Workspace Trends and Tips.pdf
How to Create a Productive Workspace Trends and Tips.pdfHow to Create a Productive Workspace Trends and Tips.pdf
How to Create a Productive Workspace Trends and Tips.pdfOffice Furniture Plus - Irving
 
Q4-W4-SCIENCE-5 power point presentation
Q4-W4-SCIENCE-5 power point presentationQ4-W4-SCIENCE-5 power point presentation
Q4-W4-SCIENCE-5 power point presentationZenSeloveres
 
Simple Conference Style Presentation by Slidesgo.pptx
Simple Conference Style Presentation by Slidesgo.pptxSimple Conference Style Presentation by Slidesgo.pptx
Simple Conference Style Presentation by Slidesgo.pptxbalqisyamutia
 
Gamestore case study UI UX by Amgad Ibrahim
Gamestore case study UI UX by Amgad IbrahimGamestore case study UI UX by Amgad Ibrahim
Gamestore case study UI UX by Amgad Ibrahimamgadibrahim92
 
Independent Escorts Goregaon WhatsApp +91-9930687706, Best Service
Independent Escorts Goregaon WhatsApp +91-9930687706, Best ServiceIndependent Escorts Goregaon WhatsApp +91-9930687706, Best Service
Independent Escorts Goregaon WhatsApp +91-9930687706, Best Servicemeghakumariji156
 
cholilithiasis, cholecystitis,gall bladdder .pdf
cholilithiasis, cholecystitis,gall bladdder .pdfcholilithiasis, cholecystitis,gall bladdder .pdf
cholilithiasis, cholecystitis,gall bladdder .pdfRawalRafiqLeghari
 

Recently uploaded (20)

Minimalist Orange Portfolio by Slidesgo.pptx
Minimalist Orange Portfolio by Slidesgo.pptxMinimalist Orange Portfolio by Slidesgo.pptx
Minimalist Orange Portfolio by Slidesgo.pptx
 
Dahisar Comfortable Call Girls ,09167354423,Mira Road Model Call Girls
Dahisar Comfortable Call Girls ,09167354423,Mira Road Model Call GirlsDahisar Comfortable Call Girls ,09167354423,Mira Road Model Call Girls
Dahisar Comfortable Call Girls ,09167354423,Mira Road Model Call Girls
 
Aminabad * High Profile Escorts Service in Lucknow Phone No 9548273370 Elite ...
Aminabad * High Profile Escorts Service in Lucknow Phone No 9548273370 Elite ...Aminabad * High Profile Escorts Service in Lucknow Phone No 9548273370 Elite ...
Aminabad * High Profile Escorts Service in Lucknow Phone No 9548273370 Elite ...
 
Just Call Vip call girls Kasganj Escorts ☎️8617370543 Two shot with one girl ...
Just Call Vip call girls Kasganj Escorts ☎️8617370543 Two shot with one girl ...Just Call Vip call girls Kasganj Escorts ☎️8617370543 Two shot with one girl ...
Just Call Vip call girls Kasganj Escorts ☎️8617370543 Two shot with one girl ...
 
Top profile Call Girls In eluru [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In eluru [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In eluru [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In eluru [ 7014168258 ] Call Me For Genuine Models We ...
 
一比一原版(WLU毕业证)罗瑞尔大学毕业证成绩单留信学历认证原版一模一样
一比一原版(WLU毕业证)罗瑞尔大学毕业证成绩单留信学历认证原版一模一样一比一原版(WLU毕业证)罗瑞尔大学毕业证成绩单留信学历认证原版一模一样
一比一原版(WLU毕业证)罗瑞尔大学毕业证成绩单留信学历认证原版一模一样
 
Top profile Call Girls In Meerut [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Meerut [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Meerut [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Meerut [ 7014168258 ] Call Me For Genuine Models We...
 
怎样办理莫纳什大学毕业证(Monash毕业证书)成绩单留信认证
怎样办理莫纳什大学毕业证(Monash毕业证书)成绩单留信认证怎样办理莫纳什大学毕业证(Monash毕业证书)成绩单留信认证
怎样办理莫纳什大学毕业证(Monash毕业证书)成绩单留信认证
 
Kondapur ] High Profile Call Girls in Hyderabad (Adult Only) 9352988975 Escor...
Kondapur ] High Profile Call Girls in Hyderabad (Adult Only) 9352988975 Escor...Kondapur ] High Profile Call Girls in Hyderabad (Adult Only) 9352988975 Escor...
Kondapur ] High Profile Call Girls in Hyderabad (Adult Only) 9352988975 Escor...
 
Pondicherry Escorts Service Girl ^ 9332606886, WhatsApp Anytime Pondicherry
Pondicherry Escorts Service Girl ^ 9332606886, WhatsApp Anytime PondicherryPondicherry Escorts Service Girl ^ 9332606886, WhatsApp Anytime Pondicherry
Pondicherry Escorts Service Girl ^ 9332606886, WhatsApp Anytime Pondicherry
 
Top profile Call Girls In Mysore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Mysore [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Mysore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Mysore [ 7014168258 ] Call Me For Genuine Models We...
 
❤️ Call Girls Service Amritsar Call Girls (Adult Only) 💯Call Us 🔝 6378878445 ...
❤️ Call Girls Service Amritsar Call Girls (Adult Only) 💯Call Us 🔝 6378878445 ...❤️ Call Girls Service Amritsar Call Girls (Adult Only) 💯Call Us 🔝 6378878445 ...
❤️ Call Girls Service Amritsar Call Girls (Adult Only) 💯Call Us 🔝 6378878445 ...
 
Abortion pill for sale in Muscat (+918761049707)) Get Cytotec Cash on deliver...
Abortion pill for sale in Muscat (+918761049707)) Get Cytotec Cash on deliver...Abortion pill for sale in Muscat (+918761049707)) Get Cytotec Cash on deliver...
Abortion pill for sale in Muscat (+918761049707)) Get Cytotec Cash on deliver...
 
Call Girls Jalaun Just Call 8617370543 Top Class Call Girl Service Available
Call Girls Jalaun Just Call 8617370543 Top Class Call Girl Service AvailableCall Girls Jalaun Just Call 8617370543 Top Class Call Girl Service Available
Call Girls Jalaun Just Call 8617370543 Top Class Call Girl Service Available
 
How to Create a Productive Workspace Trends and Tips.pdf
How to Create a Productive Workspace Trends and Tips.pdfHow to Create a Productive Workspace Trends and Tips.pdf
How to Create a Productive Workspace Trends and Tips.pdf
 
Q4-W4-SCIENCE-5 power point presentation
Q4-W4-SCIENCE-5 power point presentationQ4-W4-SCIENCE-5 power point presentation
Q4-W4-SCIENCE-5 power point presentation
 
Simple Conference Style Presentation by Slidesgo.pptx
Simple Conference Style Presentation by Slidesgo.pptxSimple Conference Style Presentation by Slidesgo.pptx
Simple Conference Style Presentation by Slidesgo.pptx
 
Gamestore case study UI UX by Amgad Ibrahim
Gamestore case study UI UX by Amgad IbrahimGamestore case study UI UX by Amgad Ibrahim
Gamestore case study UI UX by Amgad Ibrahim
 
Independent Escorts Goregaon WhatsApp +91-9930687706, Best Service
Independent Escorts Goregaon WhatsApp +91-9930687706, Best ServiceIndependent Escorts Goregaon WhatsApp +91-9930687706, Best Service
Independent Escorts Goregaon WhatsApp +91-9930687706, Best Service
 
cholilithiasis, cholecystitis,gall bladdder .pdf
cholilithiasis, cholecystitis,gall bladdder .pdfcholilithiasis, cholecystitis,gall bladdder .pdf
cholilithiasis, cholecystitis,gall bladdder .pdf
 

Design reliability 2.0: Safety is Everything

  • 1. Design Reliability 2.0: Safety Is Everything Amir Rahat, VP R&D, Optima Design Automation
  • 2. © Optima Design Automation ENIAC (1946) IBM 7070 (1958) DEC PDP-8 (1965) Apple I (1976) IBM PC/AT (1984) All pictures source: Wikimedia Apple PowerBook 540c (1994) The 2nd Half Of The 20th Century 2
  • 3. © Optima Design Automation Apple iPhone 1 2007 Autonomous car – mid 2020’s The 21st Century DJI Mavic Pro Drone (2016) 3 All pictures source: Wikimedia
  • 4. © Optima Design Automation The Future Seeing-eye robot Self-adjusting furniture Cyborg organs and limbs Danger sensing, preventing & reporting Robotic nanny Old-people companion Automatic dog-walker Physical-object computer games Automated home delivery & storage Voice-controlled real-life 4 All pictures source: Wikimedia
  • 5. We Are At The Tipping Point: The Computers are fleeing their cages • Moving into the real world entails new responsibilities • “First, do no harm” • Safety moves from a negligible aspect to the most important one • New threats: liability, criminal negligence, jail, death-toll • The tectonic shift will be even bigger than the shift into low-power 5© Optima Design Automation The stakes have gone up dramatically. We need to rethink our methodologies. Picture source: Wikipedia
  • 6. The Automotive Industry Is Leading The Way • Perfect example of computers in the real world • Stepping-stone development through the different levels • Level 1-3 already implemented • Safety standard published in 2011 • ISO-26262: Road vehicles - Functional safety • Second revision underway, due 2018 • First ISO-26262 uProcessor certification in 2012 • Freescale MPC5643L certified by Exida © Optima Design Automation Picture source: sae.org 6
  • 7. New Validation Paradigms: Facets of Trustworthiness • Safety: The ability to operate without causing harm to anything or anyone • Reliability: The ability to operate correctly • Availability: The ability to operate whenever required • Resilience: The ability to safely withstand hazards posed by nature • Security: The ability to overcome hazards posed by malice or accident © Optima Design Automation Adapted from The Trustworthy Software Framework, http://tsfdn.org/ts-framework/ Also see dependability; RAMS (acronym for Reliability, Availability, Maintainability, and Safety) 7 Note: These may sometimes conflict. Need to reach the correct balance
  • 8. Mapping Trustworthiness to Automotive Safety • ISO-26262 addresses: • Safety: The ability to operate without causing harm to anything or anyone • Availability: The ability to operate whenever required • Resilience: The ability to safely withstand hazards posed by nature • A future standard on SOTIF (Safety Of The Intended Function) addresses: • Reliability: The ability to operate correctly • A future ISO/SAE standard on Security Process addresses: • Security: The ability to overcome hazards posed by malice or accident © Optima Design Automation 8
  • 9. What Does All This Mean For You? • This is new to the computing/smartphone industry • Reinventing the design methodology… again… • Remember the low power revolution? • Based on System Engineering • Safety is a mindset… • ISO 26262 standard: “Road vehicles — Functional safety” • Adaptation of IEC 61508 generic “everything” safety standard • And then there are all these other safety standards: 9© Optima Design Automation Picture source: Pixabay • • • • IEC 62304 (Medical device software) • IEC 61511 (For the process industry sector) • IEC 61513 (Nuclear power plants safety) • IEC 62061 (Safety of machinery) • ISO 13849 (Safety of machinery) • EN 5012x (Railways) • DO-178 (Aviation) • DO-254 (Aviation) • IEC 60730 (household/white goods) • IEC 61800 (power drive) • IEC 60601 (medical equipment) • MIL-STD-882E (DoD) • FMVSS (Federal Vehicle Safety) • AUTOSAR (SW) • MISRA C (SW) • • • You need to think about safety
  • 10. • It all starts with system-engineering & structured methodology • So let’s get started… 10© Optima Design Automation Balancing Cost Vs. Safety Navigating the forest of standards All pictures source: Wikimedia
  • 11. End of the exposition Next: what can the Automotive industry teach us? 11© Optima Design Automation
  • 12. What System Safety Does US-NHTSA Require? • Ensure fail-safe • Follow industry standards (ISO-26262) and relevant & applicable standards and processes from aviation, space, military, etc. • Do hazard analysis and safety risk assessment at all levels • Provide redundancies & safety strategies for system malfunction • Enforce proper software development process, verification and validation • Monitor the evolution, implementation, and safety assessment of AI, machine learning,... • Link Design decisions to the assessed risks impacting safety-critical system functionality • Test, validate and verify everything both as individual subsystems and as part of the entire vehicle architecture • Fully document the entire process with traceability 12© Optima Design Automation https://www.transportation.gov/sites/dot.gov/files/docs/AV%20policy%20guidance%20PDF.pdf p.20
  • 13. ISO-26262 Basics • ISO-26262 defines functional safety as the: “Absence of unreasonable risk due to hazards caused by malfunctioning behaviour of E/E systems” • Risks come from systematic failures and random hardware failures • Process-based approach: • Functional safety management, verification, validation, confirmation and relations with suppliers 13© Optima Design Automation ISO-26262: a process to lower risks below a preset threshold
  • 14. The Process: The 26262 Safety Lifecycle 14 © Optima Design AutomationPicture source: ISO-26262
  • 15. Required HW Product Development Process Steps 1510/19/2016 © Optima Design Automation Picture source: ISO-26262
  • 16. The Stages Of ISO-26262 Risk Analysis 1. Identify the hazards and assess the risks of each one • Likelihood, potential damage, etc. 2. Classify the hazards into buckets based on 3 criteria: • Severity of possible injuries • Exposure to the possibility of the hazard happening • Controllability by the driver to prevent the injury (e.g., 0 for automatic cars) • Each bucket gets a budget of acceptable risk 3. Specify safety mechanisms that mitigate unacceptable risks by: • Preventing risks; or • Detecting & reacting to emerging risks 4. Analyze the design and determine its residual safety level • Is it safe enough for the task at hand? 16© Optima Design Automation This is the key to ISO-26262 functional safety Pictures source: Pixabay, fantasticpixcool, Wikimedia
  • 17. 1. Identify the hazards and assess the risks of each hazard 17© Optima Design Automation Malfunction and Identify and categorise hazards triggered by malfunctionsPictures source: Flickr, Pixabay, Wikimedia
  • 18. A Cautionary Tale • GM had an ignition switch that turned from “run” to “accessory” when touched • What are the risks if an ignition switch suddenly turns off? • Car stalls on highway • No engine • Limited driver control • what else? • Unrelated, GM was concerned about airbags exploding while the car is parked • So they added a clever safety: airbag is inactivated when the switch is off • This combination caused 100-200 deaths in many accidents • Google “General Motors ignition switch scandal” © Optima Design Automation 18
  • 19. 19© Optima Design Automation Picture source: atlantamagazine.com
  • 20. 2. Classify the hazards into buckets based on 3 criteria • Exposure • E0: Incredible (e.g., an airplane landing on a highway) – Ignore! • E1: Very low probability • E2: Low probability (<1%) • E3: Medium probability (1-10%) • E4: High probability (>10%) • Severity (potential harm) • S0: No injuries (limited to material damage) – Ignore! • S1: Light and moderate injuries • S2: Severe and life-threatening injuries (survival probable) • S3: Life-threatening injuries (survival uncertain), fatal injuries • Controllability (ease to avoid) • C0: Controllable in general – Ignore! • C1: Simply controllable • C2: Normally controllable • C3: Difficult to control or uncontrollable 20© Optima Design Automation C1 C2 C3 S1 E1 QM QM QM E2 QM QM QM E3 QM QM A E4 QM A B S2 E1 QM QM QM E2 QM QM A E3 QM A B E4 A B C S3 E1 QM QM A E2 QM A B E3 A B C E4 B C D
  • 21. Picture source: ISO-26262 3. Specify safety mechanisms that mitigate unacceptable risks
  • 22. Functional Safety Requirements • Control internal failures of the hardware • Control or tolerate failures external to the element • Comply with the safety requirements of other elements • Detect and signal internal or external failures • Meet the target values for random hardware failures • Avoid specific behaviours • For example, “a particular sensor shall not produce an unstable output signal” • Implement the intended functionality (SOTIF) 22© Optima Design Automation
  • 23. Sources Of Risk 24© Optima Design Automation Risk SWHW PermanentTransient Systematic failures Random HW failures Addressed by proper processes for requirements, design, engineering & management Addressed in the following foils 4. Analyze Your Design And Assess Its Safety Level
  • 24. The Two Types Of Naturally-Occurring Faults Soft Error/Transient Fault Bit flip Hard Error/Permanent Fault © Optima Design Automation 25 Picture source: : shutterstock (licensed), intechopen, jes.ecsdl.org
  • 25. The Two Types Of Naturally-Occurring Faults Soft Error/Transient Fault Bit flip • Mechanism: cosmic radiation flips a register logic value of • Effect: The register stays flipped until a new value is set • Detection: requires redundancy • Prevention of harm: • Hardening, e.g. more capacitance • Redundancy: 2X, 3X, 9X Hard Error/Permanent Fault • Mechanism: unexpected damage e.g. due to environment (heat, vibrations, dust) • Effect: the failure is permanent • Detection: frequent self-testing • Prevention of harm: • Graceful degradation • Redundancy: 2X, 3X, 9X © Optima Design Automation 26
  • 26. © Optima Design Automation 27 Picture source: CNN, EETimes
  • 27. Classification of Faults in safety-related HW Can it do any harm? It is a Safe Fault (SF, λS) Is it detected ? Is there a relevant SM? Is it perceived by the driver? It is a Detected Fault(λMPF,D) It is a Single-point Fault (SPF, λSPF) Is it detected by the SM? Is it perceived by the driver? It is a Residual Fault (RF, λRF) It is a Latent Fault (MPF,L λMPF,L) It is a Perceived Fault (λMPF,P) λ = λSPF + λRF + λMPF,D + λMPF,P + λMPF,L + λS Never By itself Only with other faults No No No Yes Yes Yes No No Yes Yes (SM = Safety mechanism) Failure rate (λ) is the frequency with which an engineered system or component fails, expressed in failures per unit of time. (Wikipedia) © Optima Design Automation 28
  • 28. Q: How to tell how well we cope with random hardware failures? 5-8: HW Architectural Metrics • SPFM – Single-point fault metric: 1 - (λSPF + λRF) / λ • ≥90% for ASIL B, ≥97% for ASIL C, ≥99% for ASIL D • LFM – Latent-fault metric: 1 - λMPF,L / (λ - λSPF - λRF) • ≥60% for ASIL B, ≥80% for ASIL C, ≥90% for ASIL D A: Using two metrics: Computed with Diagnostic coverage or estimated © Optima Design Automation 29
  • 29. Can it do any harm? It is a Safe Fault (SF, λS) Is it detected ? Is there a relevant SM? Is it perceived by the driver? It is a Detected Fault(λMPF,D) It is a Single-point Fault (SPF, λSPF) Is it detected by the SM? Is it perceived by the driver? It is a Residual Fault (RF, λRF) It is a Latent Fault (MPF,L λMPF,L) It is a Perceived Fault (λMPF,P) Never By itself Only with other faults No No No Yes Yes Yes No No Yes Yes (SM = Safety mechanism) SPFM – Single-point fault metric: 1 - (λSPF + λRF) / λ λ = λSPF + λRF + λMPF,D + λMPF,P + λMPF,L + λS ≥90% for ASIL B, ≥97% for ASIL C, ≥99% for ASIL D Failure rate (λ) is the frequency with which an engineered system or component fails, expressed in failures per unit of time. (Wikipedia) © Optima Design Automation 30
  • 30. Failure rate (λ) is the frequency with which an engineered system or component fails, expressed in failures per unit of time. (Wikipedia) Can it do any harm? It is a Safe Fault (SF, λS) Is it detected ? Is there a relevant SM? Is it perceived by the driver? It is a Detected Fault(λMPF,D) It is a Single-point Fault (SPF, λSPF) Is it detected by the SM? Is it perceived by the driver? It is a Residual Fault (RF, λRF) It is a Latent Fault (MPF,L λMPF,L) It is a Perceived Fault (λMPF,P) Never By itself Only with other faults No No No Yes Yes Yes No No Yes Yes (SM = Safety mechanism) LFM – Latent-fault metric: 1 - λMPF,L / (λ - λSPF - λRF) λ = λSPF + λRF + λMPF,D + λMPF,P + λMPF,L + λS ≥60% for ASIL B, ≥80% for ASIL C, ≥90% for ASIL D © Optima Design Automation 31
  • 31. 5-9: Violations Due To Random HW Failures Is it under the target? For every safety goal: Sum the probabilities of all faults that can violate it Acceptable Safety level Unacceptable safety level - must be fixed NoYes 10-8 per hour: ASIL-D 10-7 per hour: ASIL-C/B © Optima Design Automation 32
  • 32. Risk Mitigation Options • Error detection and correction schemas for memories and busses • Redundancy • Hard errors: SW or HW tests • Soft errors: flop hardening Amir Rahat, Optima Design Automation Ltd © All rights reserved © Optima Design Automation 33
  • 33. In Out Err In Out Error Corrected Majority Gate Dual Error In Out Error Corrected Majority Gate Dual Error TMR • 2X = DMR = lockstep • Single error detection • No correction capability • >2X the costs • 3X = TMR • Single error correction • Dual error detection (if > single bit) • >3X the costs • 9X = TMR of TMR’s • Compares 3 implementations • Protects against design errors, too • >9X the costs ProtectionByRedundancy TMR TMR © Optima Design Automation 34
  • 34. ProtectionByTest(HEonly) • Run a test (SW or HW) intermittently • Compare its results to the expected results • If the test fails – enter and maintain the safe state • Probability of error detection depends on: • Time to detection (=time between intermittent test runs) • Probability of detecting a fault (=test coverage) • Measurement of test coverage is required © Optima Design Automation 35
  • 35. How Does Selective Hardening Work? Provided by the simulation Decided by the designer Based on flop selection & vendor datasheet Calculated Only works with accurate, reliable sensitivity results! Now, do the tradeoff © Optima Design Automation 36
  • 36. Summary - Protecting The Design From Faults Memory or Logic? Pick appropriate ECC Redundancy OK? OK to implement Pick a redundancy mechanism SE or HE? (can do both) Focus on registers Focus on all nodes Need SE selective hardening Harden all flops Pick the right DFT technique Create a functional test Need HE coverage metric Is full hardening OK? Disruptive test OK? Memory Logic Too expensiveOK SE HE Unsafe OKOK expensive OK to implement, but expensive OK to implement, but expensive OK to implement, but disruptive © Optima Design Automation 37
  • 37. © Optima Design Automation 38 Picture source: Pixabay
  • 38. Simulation*-Based Analysis What do you need? How accurate should it be? Guess the impact (no way to check) Guard-band the results to account for errors Identify ways to improve coverage Guard-band the results to account for errors Identify ways to improve coverage Accurately calculate the resulting risks Collect accurate coverage data How accurate should it be? Use “expert opinion” to select flops to harden Partially simulate and select flops to harden Exhaustively simulate to select flops to harden Partially simulate and get an indication Exhaustively simulate to measure coverage HE Coverage metric Very accurate Sortof Notvery Sort of Very accurate * (including Emulation) SE Selective hardening Must run 1M flops, 200 errors per flop (= 200M simulations) in machine-weeks © Optima Design Automation 39
  • 39. Report results Using Fault Simulations Design (RTL or Gate Level) in a HDL (Verilog or VHDL) Test environment (test-bench, SW or input values) Comparator SE Sensitivity Monitor: Did the fault impact a safety goal? Faulty Machine Simulator Good Machine Simulator HE Coverage Monitor: Was the fault detected? SE: Which flop flips and when? HE: Which node breaks and how? Fault details Report results © Optima Design Automation 40
  • 40. Report results Using Fault Simulations Design (RTL or Gate Level) in a HDL (Verilog or VHDL) Test environment (test-bench, SW or input values) Comparator SE Sensitivity Monitor: Did the fault impact a safety goal? Faulty Machine Simulator Good Machine Simulator HE Coverage Monitor: Was the fault detected? Fault details Report results Repeat for all relevant faults (assuming you know them…) © Optima Design Automation 41
  • 41. CAD/EDA – Automatic Safety • Manage the specification and implementation of Safety Requirements • Ensure design protection from faults, across all levels of hierarchy & IPs • Assist in selecting and applying the right safety goals • Taking into account the different types of design components • Calculate goal risk levels and safety metrics (e.g., SPFM & LFM) • Support all fault models, soft and hard • Simulate millions of faults quickly and accurately • Classify each fault to the correct category • Provide documentation for safety audits © Optima Design Automation 42
  • 42. Optima’s Soft Error Safety Tool • Optima developed an EDA solution for Soft Errors • Based on an ultra-fast Fault simulator • Supports all the automation requirements mentioned • Runs 200M simulations in machine-weeks with 100% confidence • Manages the overall design flow • Follows the optimal safety methodology • Creates an exhaustive campaign • Runs it and generates reports • Enables selective hardening with easy tradeoff what-ifs • Generates all the 26262 metrics • The only comprehensive soft-error safety tool available • Hard Error support to be released soon © Optima Design Automation 44
  • 43. The Work Flow In A Nutshell • To best balance safety and costs, follow this flow: Specify the HW Safety Requirements At all design revisions & abstraction levels: Classify the Faults in the safety-related HW Compute the HW Architectural Metrics Optimize the tradeoff between FIT, area and power © Optima Design Automation 45
  • 44. Summary – What Did We learn? • The Computers are fleeing their cages and going in the real world • So safety moves from a negligible aspect to the most important one • This means reinventing the design methodology… again… • Must focus on Safety, Reliability, Availability, Resilience, Security • The automotive industry is leading the way - what can it teach us? • System-engineering & a process to lower risks below the threshold: 1. Identify the hazards and assess the risks of each one 2. Classify the hazards into buckets based on Severity, Exposure & Controllability 3. Specify safety mechanisms that mitigate unacceptable risks 4. Analyze the design and assess its residual safety level => verification and testing 46© Optima Design Automation Picture sources: Wikimedia, HVC
  • 45. Questions? Thank you for your attention! amir@optima-da.com 47© Optima Design Automation