Cassidian MBDA-systems Menta Thales Safran Selex ES Dolphin integration STMicroelectronics S.E.D. Kongsberg gruppen

Intestazione

Safety Computing Platform

In the WP2, a general architectural concept for certifiable military SoC based on collected system requirements for a military SoC has been elaborated. Concepts for the mitigation/improvement of the proposed SoC architecture have also been defined. Therefore, the safety analysis methods "Failure Mode and Effect Analysis" (FMEA) and "Fault Tree Analysis" (FTA) were described and a FMEA was done for all SoC modules. Furthermore an example of an FTA was performed. The outcome of the FMEA and the FTA were some improvement and mitigation measures. The general safety standard IEC 61508 was analyzed and compared with DO-254 and the relevant aspects concerning SoC were extracted and an IEC 61508 certification strategy for SoC devices was established.

Moreover a technology evaluation analyzed different FPGA technologies (Flash, SRAM FPGAs) for certification in military systems involved in safety, and the following features were evaluated:

  • Long-time data retention for Flash-based FPGAs;
  • Power-interruption for SRAM-based FPGAs;
  • Radiation robustness.

 In parallel, a classification of the Hard Macros for different complexity ranges was done:

  • Simple Hard Macro;
  • Complex Hard Macro;
  • Embedded Microsystem.

The available Hard-IPs were analyzed regarding the requirements from certification documents and a certification proposals for the Hard IP were given. An Embedded Microsystem was identified as a potential candidate for safety critical applications, only the processor performance without FPU is a major limitation. For the SRAM Based SoC FPGAs major risks were identified, and this risks have to be mitigated before this SoC are planned for a safety critical application.

Another sub-work package made a tools evaluation to analyze Certification documents regarding Tools & Methodologies. Certification document were analyzed regarding the usage of tools and methodologies and requirements were extracted. The market was analyzed and promising candidates were selected, compared with Design Assurance Level (identified with a capital letter as in DO-254), and shown in the following table (due to commercial reason, only a number is reported to identify the tool, for more information please contact the Project Leader):

Tools \ DAL

A

B

C

D

E

1

Risks

Risks

Risks

Possible

Possible

2

Risks

Risks

Risks

Possible

Possible

3

Possible with manual review

Possible with manual review

Possible

Possible

Possible

4

Risks

Risks

Risks

Possible

Possible

5

Risks

Risks

Possible

Possible

Possible

6

Possible

Possible

Possible

Possible

Possible

Possible means that the tools could be used.
Risks mean the tools could be used but the certification is not ensured. There are risks to achieved using such tools.

Another objective of the WP2 was to manage use of IP-Building-Blocks into the certification processes and two kinds of IP were considered:

  • Reuse IPs;
  • COTS IPs.

As a conclusion, COTS IP compliant to SoC requirements are available but deeper analysis is required due to data available often linked to NDA between industrial partners and IP providers.

Finally three demonstrators were implemented to cover a maximum of design and verification tools and methodologies analyzed in whole WP:

  • The first demonstrator consists of two parts. The first part is an AXI4 isolator, a design IP that contains functionality generated by the Tool #6. The second part is an AXI4 BFM, a verification IP used for the verification of the AXI4 isolator.
  • The second demonstrator is a design IP and consists of an I2C COTS IP and thus covers the COTS IP aspects.
  • The third demonstrator is a verification IP for a MIL-STD-1553 design IP core. It is implemented in UVM and makes use of the advanced verification methodologies Constrained Random Simulation, Coverage Driven Verification and Assertion-Based Verification.

 

 

For more information about this Work Package please contact the Project Leader.