( ESNUG 572 Item 4 ) -------------------------------------------- [05/30/17]

Subject: Jim Hogan rates all the EDA vendors on Safety Critical IC design

    - Hogan on using Formal along with random fault verification

From: [ Jim Hogan of Vista Ventures LLC ]

Hi, John,

Today there is no one EDA company that has all the tools necessary to do
safety critical chip verification (SCV), though virtually all are rushing
to expand in this space.  Rarely does a week go by where we don't see yet
another announcement around safety critical verification.

        ----    ----    ----    ----    ----    ----    ----

EDA VENDORS

First here's my matrix of the present day SCV tool players.  Then I will
discuss the players individually.
  






Cadence


Mentor


OneSpin


Synopsys


Aldec







Systematic Verification







RTL Simulation


Incisive

NC-Sim


Questa

Sim


-


VCS


Riviera-PRO







RTL Planning
Tool


vManager


Questa

VM


-


Verdi VP,

Certitude


Spec-Tracker







RTL Formal


JasperGold


Questa

Formal


DV-Verify

DV-Quantify

DV-Gap Free


-


-







Random Fault Verification







Fault Simulation

(RTL & gate)


Incisive FSS

(was Verifault)


Tessant

(DFT only)


-


Z01X FSA


-







Formal Fault

Analysis

(RTL & gate)


-


-


DV-Verify

FPA & FIA


-


-







ISO 26262 Certification







Safety

Qualification

Kits


Yes, for some tools


Yes, for some tools


Yes


Yes, only design tools


Yes





Cadence

Cadence has been talking about safety critical in a general fashion since
2014, including presenting on it at different conferences.

They support systematic verification with both the RTL simulation (Incisive)
and formal (Jasper) verification tools.  Cadence still also has its fault
simulator for random verification -- but no formal offering for random.
In Oct 2014 they announced the Incisive Functional Safety Simulator (FSS)
to replace their original Verifault-XL simulator.

In addition, Cadence has a mechanism, known as vManager, used to create and
manage a verification plan from requirements.  It tracks your verification
progress against that plan.

Cadence has multiple ISO 26262 certified flows.  

Synopsys

Synopsys started mentioning safety critical in March 2016 when they acquired
WinterLogic -- which has a fault simulator widely used by a good number of
automotive safety critical customers.  The current SNPS product name is
"Z01X Functional Safety Assurance (FSA)".

The Synopsys Certitude coverage tool is used for coverage in general, and 
has also been used in safety critical flows.

The have a well-structured systematic verification flow, including the Verdi
Verification Planner.

The Synopsys Z01X fault simulator has been used in multiple certified flows.

Mentor-Siemens

Mentor has also been talking about ISO 26262 safety critical and they work
with several automotive companies.  Siemens acquired Mentor in March 2017
in part for their capabilities for automotive design, so we can expect this
MENT safety critical focus to increase.  They have a good general overall
verification flow with verification planning for systematic verification.  

Mentor does have a fault simulator (Tessent), although this appears to be 
used for DFT only, and not ISO 26262.

Mentor also has multiple certified flows.  

OneSpin

OneSpin is a formal verification company which spun out of Infineon and has
long history in automotive.  Infineon and Bosch have published conference 
papers in 2015 and 2016 on the use of OneSpin's DV-Verify formal tool, 
together with their specialized "Gap Free" methodology for systematic 
verification.  

OneSpin is currently the only company to have specific formal apps to handle
random fault verification.

    - OneSpin Fault Injection Analysis (FIA) formal app lets you inject 
      a fault into your Verilog/VHDL design code and observe the fault's
      effect on your safety handling circuitry.  

    - OneSpin Fault Propagation Analysis (FPA) formal app is used with a 
      fault simulator to accelerate the random fault verification process 
      and to ensure complete coverage.  

OneSpin is finalizing its ISO 26262 certification kits, and its tools have
already been used in multiple certified flows.  

Aldec

Aldec is better known in the Aeronautical DO-254 space working with safety 
in FPGA designs -- although they are now applying their technology and 
considerable experience to ISO 26262.  Aldec's requirements tracing 
methodology and simulation tools provide a strong systematic development 
flow that may be applied to automotive designs.  

Austemper Design Systems

Austemper just recently emerged 6 days ago on May 23, 2017 with claims of
an end-to-end functional safety solution.

        ----    ----    ----    ----    ----    ----    ----

CONSULTANTS

Yogitech.  Yogitech had safety critical tools; additionally, it provided a 
complete safety methodology service package, along with some tools.

They did well and Intel acquired them in April 2016.  Now Intel has a full 
safety critical methodology and tool provider in-house.  It appears Yogitech
has withdrawn from servicing the general market, creating opportunities for
other companies to expand here.

Test Verification Solutions (TVS).  Mike Bartley has grown his consulting 
practice to help companies with their safety-critical methodologies.  It is
mostly focused in the systematic area over random, but he does both.  

TVS has both a methodology service as well as a tool for verification
planning called asureSIGN.  asureSign lets you merge information from
multiple sources; for example, you can merge your simulation data with
OneSpin's formal verification results using asureSign.

Oski Technology.  Vigyan Singhal's Oski Technology has serviced the formal 
market for many years now.  Oski is now expanding its offering into safety 
critical methodology.  

        ----    ----    ----    ----    ----    ----    ----

IP COMPANIES

IP vendors targeting the automotive space are just now going through the
ISO 26262 certification process.  For example, the NOC IP companies like:
Sonics, Netspeed, and ArterisIP, all seek ASIL D compliance this year. 

        ----    ----    ----    ----    ----    ----    ----

THE MAIN ISO 26262 CUSTOMER LANDSCAPE

Automotive is a very hot market.  The car companies have realized that they
can differentiate their cars with a lot of clever electronics.  Let's look
at the landscape.

The large companies doing semiconductors in this space are: Infineon, Bosch,
Renesas, and Freescale -- which was acquired by NXP, and which is now being
acquired by Qualcomm.  A number of smaller companies also exist making
specialized semiconductors.

Let's look at Intel.  Intel is extremely serious about automotive designs.
In addition to acquiring Yogitech in 2016, in March 2017, Intel bought out
Mobileye, an Advanced Driver Assist Systems (ADAS) provider in Israel for
an 88X premium.  Intel spent $15.3 billion for its $173.3 million net income.  

Every week there seems to be a new specialty automotive electronics company
announcement.  Some of the areas getting a lot of direction:

    - Blind Spot Object Detection (BSD) Systems

    - Lane Departure Warning (LDW) Systems

    - Tire Pressure Monitoring Systems (TPMS)

    - Park Assist Systems

    - Drowsiness Monitor Systems

On top of these players, you have companies that are entering the automotive
space from some very different industries.  

    - Google and Uber who have their self-driving car projects

    - Apple makes iPhones and iPads and it's obvious that they
      might want to put some of that functionality into a car.
      It will be more entertainment and communication type
      functionality.  However, remember that anything that goes
      in a car, regardless of what it is, must meet the ISO 26262
      standard.

Companies like Apple and Google and Uber -- who haven't played in this space
are finding they now must also meet this standard.

And these all require safety critical design.

    - Jim Hogan
      Vista Ventures LLC, OneSpin BoD            Los Gatos, CA

       ----    ----    ----    ----    ----    ----    ----

Related Articles

    Jim Hogan on how Safety Critical Verification is Next Big Thing
    Jim Hogan on ISO 26262 certification and systematic verification
    Jim Hogan on using Formal along with random fault verification
    Jim Hogan rates all the EDA vendors on Safety Critical IC design

   !!!     "It's not a BUG,
  /o o\  /  it's a FEATURE!"
 (  >  )
  \ - / 
  _] [_     (jcooley 1991)