Search

US-12619809-B2 - Method for fault detection in safety mechanisms

US12619809B2US 12619809 B2US12619809 B2US 12619809B2US-12619809-B2

Abstract

Safety mechanisms are embedded into a System on a Chip (SoC) and are operable to detect faults present in the logic circuitry in the SoC. Various types of faults in logic circuitry can occur, for example, a bit stuck at 0 or 1, or a transient or temporary fault due to radiation impacting the SoC. SoC devices are required to meet certain automotive safety integrity standards. The most stringent automotive safety integrity level requires that 90% of random latent faults are detected in all relevant logic, including all safety mechanism. Examples disclosed include hardware based checkers and hardware or software based pattern generation methods that achieve high online fault coverage in safety mechanism circuitry used for functional safety. A hardware based safety mechanism monitors the logic circuitry during operation. Any time the safety mechanism detects any faults in the logic circuitry, a fault notification is propagated to upstream logic.

Inventors

  • Federico VENINI
  • David Tran

Assignees

  • XILINX, INC.

Dates

Publication Date
20260505
Application Date
20221111

Claims (20)

  1. 1 . A method for detecting faults in safety mechanism logic of a system-on-chip (SoC), the method comprising: generating safety mechanism test patterns configured to verify functionality of the safety mechanism logic itself; loading the safety mechanism test patterns into a pattern buffer coupled to the safety mechanisms comprised of a plurality of functional blocks; transmitting the safety mechanism test patterns to the safety mechanisms; and comparing, in error handler circuitry, outputs of the safety mechanism logic responsive to the test patterns with expected values to detect a fault in the safety mechanism logic.
  2. 2 . The method of claim 1 , wherein: generating the safety mechanism test patterns includes using automatic test pattern generator (ATPG) software executed offline on a host computer to generate a set of safety mechanism test patterns targeted to a gate-level netlist implementation of the safety mechanism logic, the test patterns being generated prior to deployment on the SoC.
  3. 3 . The method of claim 2 , further comprising storing the safety mechanism test patterns in external memory.
  4. 4 . The method of claim 2 , wherein the safety mechanism test patterns contain n words comprising m/p number of inputs to the safety mechanisms, where n is a number of input lines to the safety mechanism, m is a width of test pattern words, and p is a partition factor.
  5. 5 . The method of claim 2 , further comprising: receiving configuration information and a compiled target netlist model in the automatic test pattern generator.
  6. 6 . The method of claim 1 , wherein: generating the safety mechanism test patterns includes generating a set of safety mechanism test patterns in a hard-wired pattern generator.
  7. 7 . The method of claim 1 , further comprising: retrieving the safety mechanism test patterns from the pattern buffer into an assembler; decoding the safety mechanism test patterns in the assembler; and configuring the safety mechanism test patterns in the assembler for an input interface of the functional blocks.
  8. 8 . The method of claim 1 , further comprising: detecting test point value errors in the error handler circuitry; and notifying upstream logic when the test point value errors are detected.
  9. 9 . The method of claim 1 , wherein the safety mechanism test patterns are generated such that a safety mechanism test pattern count is reduced.
  10. 10 . A fault detection circuit of a system-on-chip (SoC), the fault detection circuit comprising: one or more safety mechanism logic circuits; a pattern buffer coupled to the safety mechanism logic circuits and configured to store safety mechanism test patterns that are configured to verify functionality of the safety mechanism circuits themselves; and error handler circuitry configured to compare outputs of the safety mechanism circuits responsive to the safety mechanism test patterns with expected values to detect a fault in the safety mechanism circuits.
  11. 11 . The fault detection circuit of claim 10 , further comprising: an automatic test pattern generator implemented on a host computer and configured to compute the safety mechanism test patterns offline prior to deployment on the SoC.
  12. 12 . The fault detection circuit of claim 11 , further comprising external memory configured to store the safety mechanism test patterns.
  13. 13 . The fault detection circuit of claim 11 , wherein the safety mechanism test patterns contain n words comprising m/p number of inputs to the safety mechanisms, where n is a number of input lines to the safety mechanism, m is a width of test pattern words, and p is a partition factor.
  14. 14 . The fault detection circuit of claim 11 , wherein the automatic test pattern generator is configured to receive configuration information and a compiled target netlist model.
  15. 15 . The fault detection circuit of claim 10 , further comprising: a hard-wired pattern generator configured to generate the safety mechanism test patterns.
  16. 16 . The fault detection circuit of claim 10 , further comprising: an assembler configured to retrieve the safety mechanism test patterns from the pattern buffer, decode the safety mechanism test patterns, and configure the safety mechanism test patterns for an input interface of a functional block of the safety mechanisms.
  17. 17 . The fault detection circuit of claim 10 , wherein the error handler circuitry is configured to detect test point value errors.
  18. 18 . The fault detection circuit of claim 10 , wherein the safety mechanism test patterns comprise values of a binary code.
  19. 19 . A system-on-chip (SoC), comprising: one or more functional blocks; a plurality of safety mechanism circuits respectively coupled to monitor the one or more functional blocks; and a pattern buffer coupled to the safety mechanism circuits and configured to store a plurality of safety mechanism test patterns that are configured to verify functionality of the safety mechanism circuits themselves.
  20. 20 . The SoC of claim 19 , further comprising: an error handler circuit configured to compare outputs of the safety mechanism circuits responsive to the safety mechanism test patterns with expected values to detect a fault in the safety mechanism circuits.

Description

TECHNICAL FIELD Examples of the present disclosure generally relate to fault detector mechanisms, and in particular, to a method for detecting faults in a safety mechanism circuit. BACKGROUND Certain silicon system on chip (SoC) devices are required to meet ISO-26262 Automotive Safety Integrity Level D (ASIL-D) standards. The ASIL-D requires the Latent Fault Metric (LFM) being greater than or equal to 90%. This means that at least 90% of random, multi-point faults are detected in all relevant logic, including all hardware SM logic. This goal can be achieved by several methods such as: Method 1) adding Logic Built-In Self-Test (LBIST) circuitryMethod 2) adding dedicated error injection registers around the Safety Mechanisms and running test software (aka STL or Software Test Library) to drive these registers. Any method can be activated periodically, or upon reset or key-on.Method 3) running key-on STLs that specifically target the SM logic without any support of dedicated error injection registers. Method 1 is costly in area, design, and validation efforts in order to integrate the method into functional logic. Because of this burden, LBIST is usually done at a coarse level of granularity, therefore compounding the area cost. It also often yields insufficient fault coverage. Methods 2 and 3 could possibly take up considerable CPU resources. In many cases it also requires adding dedicated test registers driving all major inputs to the Safety Mechanisms that software uses to inject test patterns to detect faults. SUMMARY Disclosed is a method for testing Safety Mechanisms (SMs) in a system on chip (SoC). SMs are utilized to detect faults in a SoC. The method includes generating safety mechanism test patterns offline through a test pattern generator or else generating the test patterns in a hard-wired pattern generator. The method includes loading the SM test patterns into a pattern buffer coupled to a SM, and transmitting the test patterns to the SM. The method is intended to verify the functionality of the SM itself. The method is not verifying the functionality of the circuitry being verified by the SM. These and other examples may be understood with reference to the following detailed description. BRIEF DESCRIPTION OF THE DRAWINGS So that the manner in which the above recited features can be understood in detail, a more particular description, briefly summarized above, may be had by reference to example implementations, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only typical example implementations and are therefore not to be considered limiting of its scope. FIG. 1 illustrates an example, according to one example, of an automatic test pattern generator (ATPG) Test Pattern Generation Method and Deployment System. FIG. 2 illustrates an example, according to one example, of an ATPG Test Pattern Loading System. FIG. 3A illustrates an example, according to one example, of a System on a Chip (SoC). FIG. 3B illustrates an example, according to one example, of a System on a Chip with Functional Safety using existing approaches. FIG. 3C illustrates an example, according to one example, of a System on a Chip with Functional Safety with a proposed approach. FIG. 3D illustrates an example, according to one example, of a System on a Chip with Functional Safety using a variation. FIG. 4A illustrates an example, according to one example, of a Lockstep Checker Safety Mechanism. FIG. 4B illustrates an example, according to one example, of a Lockstep Checker Safety Mechanism with a Hardwired Pattern Generator/Checker. FIG. 5A illustrates an example, according to one example, of usage of a set of fixed Test Patterns, generated by a Hardwired Pattern Generator, for testing a Lockstep Checker Safety Mechanism built specifically with XOR gates. FIG. 5B illustrates an example, according to one example of a Pattern Generator/Checker Coupled to Multiple Safety Mechanisms. To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures. It is contemplated that elements of one example may be beneficially incorporated in other examples. DETAILED DESCRIPTION This disclosure proposes novel mechanisms to achieve high online fault coverage in Safety Mechanism (SM) logic utilized for functional safety. These mechanisms use a combination of hardware and software to reduce silicon cost to meet safety standard requirements. This disclosure proposes efficient mechanisms to realize the benefits while reducing the costs, i.e., computational resources and silicon area of the SoC. A Safety Mechanism is circuitry embedded into a System on a Chip (SoC). A SM is designed to detect faults present in the logic circuitry in the SoC. This disclosure relates to hardware based safety mechanisms. A hardware based SM monitors SoC logic circuitry during operation. Any time a SM detects any fa