

## Static Structural Analysis and Formal Verification of SoC with Software Safety Mechanisms for Functional Safety

Hyunsun Ahn

**Euisang Yoon** 

DESIGN AND VERIE CONFERENCE AND EXHIBITION UNITED STATES SAN JOSE, CA, USA FEBRUARY 24-27, 2025

Samsung Electronics Co., Ltd., Korea

Siemens EDA, Korea

## **INTRODUCTION**

### BackGround

Conducting safety verification for software safety mechanisms in large SoCs requires fault campaigns, which are essential but tedious and complex tasks.

### Requirement

There is a need for a new approach to effectively and quickly perform safety verification in the early stages of the design process.

#### Approach

An integrated approach using static analysis and formal verification techniques can be proposed.

### STRUCTURAL STATIC ANALYSIS

- Static structural analysis focuses on identifying design ٠ patterns and protocols that can reduce the scope of proof.
- SafetyScope<sup>™</sup> provides RiverFlowMode analysis, which supports data path analysis for protocol connectivity and data packet flow.



## RESULTS

In the Samsung automotive case study, an additional 4.41% ٠ coverage was proposed by software safety mechanisms, through static analysis and formal verification techniques.

|  | BUS<br>Logic               | Result 1(from [4]):<br>Fault simulation with<br>partially configured<br>hardware 5Ms<br>Detected (%) |        | Result 2:<br>Fault simulation with fully<br>configured hardware SMs<br>Detected (%) |        | Result 3:<br>Fault simulation + Judgement<br>results<br>Detected (%) |        | Result 4:<br>Fault simulation + Judgement result +<br>static and formal analysis for software<br>SMs<br>Detected (%) |        |
|--|----------------------------|------------------------------------------------------------------------------------------------------|--------|-------------------------------------------------------------------------------------|--------|----------------------------------------------------------------------|--------|----------------------------------------------------------------------------------------------------------------------|--------|
|  | NOC in<br>Safety<br>Island | Total 65.87%                                                                                         |        | Total 66.50%                                                                        |        | Total 89.21%                                                         |        | Total 93.62%                                                                                                         |        |
|  |                            | Fault<br>Simulation                                                                                  | 65.87% | Fault<br>Simulation                                                                 | 66.50% | Fault<br>Simulation                                                  | 66.50% | Fault<br>Simulation                                                                                                  | 66.50% |
|  |                            |                                                                                                      |        |                                                                                     |        | Judgment                                                             | 22.71% | Judgement                                                                                                            | 22.71% |
|  |                            |                                                                                                      |        |                                                                                     |        |                                                                      |        | Software SM                                                                                                          | 4.41%  |

## **GAP ANALYSIS**

Target Area is Defined for Diagnostic Coverage Improvement with Software Safety Mechanisms.



## FORMAL VERIFICATION

- Questa® Equivalent RTL is used as a formal verification ٠ solution.
- Normal RTL and faulty RTL are compared through a formal equivalence check.



INPUTS DUT0 = Original RTL DUT1 = DUT0 with fault asserted

DESIRED OUTPUT Does the detection point of the fault case misma the detection point of the original case, indicating that the safety mechanism can detect the fault?

When the detection point indicates that the fault Is not detected, the detection points are equivalent.

# CONCLUSION

- Structural analysis and formal verification allow for ٠ enhancing fault detection resolution without the need for a traditional fault simulation process, and a case study on a Samsung automotive design highlighted the effectiveness of this approach.
- Future work for further extension includes limiting design size in creating design cones for formal attention, seamless communication between tools, and exploring the possibility of dynamic formal analysis.

n.ahn@samsung.com, bumju.kim@samsung.com Jh23.park@samsung.com\_ys31.kim@samsung.com seonilb.choi@samsung.com

Contact information

SAMSUNG

SIEMENS

euisang.yoon@siemens.com, namyul.cho@siemens.com arun.gogineni@siemens.com, ann.keffer@siemens.com sungjinpark@siemens.com, sungyun.yoo@siemens.com