CS
Christian Sauer
info
Please Note
<p>This page displays the records of the person named above and is not linked to a unique person identifier. This record may need to be merged to a profile.</p>
11 records found
1
Journal article
(2022)
-
Felipe Augusto da Silva, Riccardo Cantoro, Said Hamdioui, Sandro Sartoni, Christian Sauer, Matteo Sonza Reorda
In order to match the strict reliability requirements mandated by regulations and standards adopted in the automotive sector, as well as other domains where safety is a major concern, the in-field testing of the most critical devices, including microcontrollers and systems on chip, is a crucial task. Since the controller area network (CAN) bus is widely used in the automotive domain, the corresponding controller ubiquitously appears in all these devices. This paper presents a generic and systematic methodology to develop an effective in-field test procedure for CAN controllers based on a functional approach (i.e., on the adoption of self-test libraries). The method can be customized to match the requirements coming from different scenarios, and allows the test engineer to maximize the achieved fault coverage in terms of structural faults in the different cases. The experimental results we gathered on a representative CAN controller model show that, given two typical testing scenarios, we are able to detect (Formula presented.) and (Formula presented.) of stuck-at faults, respectively, hence demonstrating the effectiveness of the proposed approach.
...
In order to match the strict reliability requirements mandated by regulations and standards adopted in the automotive sector, as well as other domains where safety is a major concern, the in-field testing of the most critical devices, including microcontrollers and systems on chip, is a crucial task. Since the controller area network (CAN) bus is widely used in the automotive domain, the corresponding controller ubiquitously appears in all these devices. This paper presents a generic and systematic methodology to develop an effective in-field test procedure for CAN controllers based on a functional approach (i.e., on the adoption of self-test libraries). The method can be customized to match the requirements coming from different scenarios, and allows the test engineer to maximize the achieved fault coverage in terms of structural faults in the different cases. The experimental results we gathered on a representative CAN controller model show that, given two typical testing scenarios, we are able to detect (Formula presented.) and (Formula presented.) of stuck-at faults, respectively, hence demonstrating the effectiveness of the proposed approach.
Journal article
(2022)
-
Josie E.Rodriguez Condia, Felipe Augusto da Silva, Ahmet Cagri Bagbaba, Juan-David Guerrero-Balaguera, Said Hamdioui, Christian Sauer, Matteo Sonza Reorda
Editor's notes: GPUs have seen an increased adoption in autonomous systems. This article assesses the fault coverage that can be attained through software self-test strategies for in-field test of GPUs. - Nicola Nicolici, McMaster University
...
Editor's notes: GPUs have seen an increased adoption in autonomous systems. This article assesses the fault coverage that can be attained through software self-test strategies for in-field test of GPUs. - Nicola Nicolici, McMaster University
Journal article
(2022)
-
Ahmet Cagri Bagbaba, F. Augusto da Silva, Matteo Sonza Reorda, S. Hamdioui, Maksim Jenihhin, Christian Sauer
ISO 26262 requires classifying random hardware faults based on their effects (safe, detected, or undetected) within integrated circuits used in automobiles. In general, this classification is addressed using expert judgment and a combination of tools. However, the growth of integrated circuit complexity creates a huge fault space; hence, this form of fault classification is error prone and time consuming. Therefore, an automated and systematic approach is needed to target hardware fault classification in automotive systems on chips (SoCs), considering the application software. This work focuses on identifying safe faults: the proposed approach utilizes coverage analysis to identify candidate safe faults considering all the constraints coming from the application. Then, the behavior of the application software is modeled so that we can resort to a formal analysis tool. The proposed technique is evaluated on the AutoSoC benchmark running a cruise control application. Resorting to our approach, we could classify 20%, 11%, and 13% of all faults in the central processing unit (CPU), universal asynchronous receiver–transmitter (UART), and controller area network (CAN) as safe faults, respectively. We also show that this classification can increase the diagnostic coverage of software test libraries targeting the CPU and CAN modules by 4% to 6%, increasing the achieved testable fault coverage.
...
ISO 26262 requires classifying random hardware faults based on their effects (safe, detected, or undetected) within integrated circuits used in automobiles. In general, this classification is addressed using expert judgment and a combination of tools. However, the growth of integrated circuit complexity creates a huge fault space; hence, this form of fault classification is error prone and time consuming. Therefore, an automated and systematic approach is needed to target hardware fault classification in automotive systems on chips (SoCs), considering the application software. This work focuses on identifying safe faults: the proposed approach utilizes coverage analysis to identify candidate safe faults considering all the constraints coming from the application. Then, the behavior of the application software is modeled so that we can resort to a formal analysis tool. The proposed technique is evaluated on the AutoSoC benchmark running a cruise control application. Resorting to our approach, we could classify 20%, 11%, and 13% of all faults in the central processing unit (CPU), universal asynchronous receiver–transmitter (UART), and controller area network (CAN) as safe faults, respectively. We also show that this classification can increase the diagnostic coverage of software test libraries targeting the CPU and CAN modules by 4% to 6%, increasing the achieved testable fault coverage.
Conference paper
(2021)
-
Felipe Augusto da Silva, Ahmet Cagri Bagbaba, Said Hamdioui, Christian Sauer
The current demands for developing safe automotive applications require extensive analysis and evaluation of potential random hardware faults. In general, part of this analysis is manually performed by experts, resulting in an expensive, time-consuming, and error-prone process. This paper proposes an automated approach to classify faults overlooked by traditional methods. Our methodology deploys code coverage and formal to identify nodes that do not disrupt safety-critical functionalities, enabling the classification of additional faults. The approach is validated based on an Automotive CPU, according to ISO 26262 guidelines. The results show an improvement in Diagnostic Coverage of 1.15%, increasing the Single Point Fault Metric (SPFM) to 97.3%, enabling ASIL C compliance without any hardware redundancy.
...
The current demands for developing safe automotive applications require extensive analysis and evaluation of potential random hardware faults. In general, part of this analysis is manually performed by experts, resulting in an expensive, time-consuming, and error-prone process. This paper proposes an automated approach to classify faults overlooked by traditional methods. Our methodology deploys code coverage and formal to identify nodes that do not disrupt safety-critical functionalities, enabling the classification of additional faults. The approach is validated based on an Automotive CPU, according to ISO 26262 guidelines. The results show an improvement in Diagnostic Coverage of 1.15%, increasing the Single Point Fault Metric (SPFM) to 97.3%, enabling ASIL C compliance without any hardware redundancy.
Flip Flop Weighting
A technique for estimation of safety metrics in Automotive Designs
Conference paper
(2021)
-
Felipe Augusto da Silva, Ahmet Cagri Bagbaba, Said Hamdioui, Christian Sauer
The requirements of ISO26262 for the development of safety-critical Integrated Circuits (IC) demand substantial efforts on fault analysis for safety metrics evaluation. Failing to achieve the required conditions entails modifications to the circuit, additional iterations through critical design phases, and consequently extra costs and delays. For that reason, providing accurate methods to estimate safety metrics is of great importance. This paper proposes a methodology that can efficiently and precisely estimate the safety metrics of Automotive designs. The technique is based on the characterization of a netlist to determine how hardware components contribute to fault propagation. Also, by examining the test stimuli applied during simulation, we can rank Workloads/Testbenches according to their fault detection coverage. The approach was verified running fault injection campaigns on distinct gate-level hardware designs, including an Automotive CPU. Our results show that the fault detection coverage can be estimated with an average error rate of 3% at up to 20X faster execution times when compared to the traditional campaigns. Hence the methodology provides an efficient and cost-effective mechanism to support engineers in a confident design space exploration.
...
The requirements of ISO26262 for the development of safety-critical Integrated Circuits (IC) demand substantial efforts on fault analysis for safety metrics evaluation. Failing to achieve the required conditions entails modifications to the circuit, additional iterations through critical design phases, and consequently extra costs and delays. For that reason, providing accurate methods to estimate safety metrics is of great importance. This paper proposes a methodology that can efficiently and precisely estimate the safety metrics of Automotive designs. The technique is based on the characterization of a netlist to determine how hardware components contribute to fault propagation. Also, by examining the test stimuli applied during simulation, we can rank Workloads/Testbenches according to their fault detection coverage. The approach was verified running fault injection campaigns on distinct gate-level hardware designs, including an Automotive CPU. Our results show that the fault detection coverage can be estimated with an average error rate of 3% at up to 20X faster execution times when compared to the traditional campaigns. Hence the methodology provides an efficient and cost-effective mechanism to support engineers in a confident design space exploration.
Special Session: AutoSoC
A Suite of Open-Source Automotive SoC Benchmarks
Conference paper
(2020)
-
Felipe Augusto da Silva, Ahmet Cagri Bagbaba, Annachiara Ruospo, Riccardo Mariani, Ghani Kanawati, Matteo Sonza Reorda, Maksim Jenihhin, Said Hamdioui, Christian Sauer
The current demands for autonomous driving generated momentum for an increase in research in the different technologies required for these applications. Nonetheless, the limited access to representative designs and industrial methodologies poses a challenge to the research community. Considering this scenario, there is a high demand for an open-source solution that could support development of research targeting automotive applications. This paper presents the current status of AutoSoC, an automotive SoC benchmark suite that includes hardware and software elements and is entirely open-source. The objective is to provide researchers with an industrial-grade automotive SoC that includes all essential components, is fully customizable, and enables analysis of functional safety solutions and automotive SoC configurations. This paper describes the available configurations of the benchmark including an initial assessment for ASIL B to D configurations.
...
The current demands for autonomous driving generated momentum for an increase in research in the different technologies required for these applications. Nonetheless, the limited access to representative designs and industrial methodologies poses a challenge to the research community. Considering this scenario, there is a high demand for an open-source solution that could support development of research targeting automotive applications. This paper presents the current status of AutoSoC, an automotive SoC benchmark suite that includes hardware and software elements and is entirely open-source. The objective is to provide researchers with an industrial-grade automotive SoC that includes all essential components, is fully customizable, and enables analysis of functional safety solutions and automotive SoC configurations. This paper describes the available configurations of the benchmark including an initial assessment for ASIL B to D configurations.
Conference paper
(2020)
-
Felipe Augusto da Silva, Ahmet Cagri Bagbaba, Said Hamdioui, Christian Sauer
The development of Integrated Circuits for the Automotive sector imposes on complex challenges. ISO26262 Functional Safety requirements entail extensive Fault Injection campaigns and complex analysis for the evaluation of deployed Software Tools. This paper proposes a methodology to improve Fault Analysis Tools Confidence Level (TCL) by detecting errors in the classification of faults. By combining the strengths of Automatic Test Pattern Generators (ATPG), Formal Methods and Fault Injection Simulators we are able to automatically generate a Test Environment that enables the validation of the tools and provides supplementary information about the design behavior. Our results showed fault detection rates above 99% including information to improve ISO26262 metrics calculation
...
The development of Integrated Circuits for the Automotive sector imposes on complex challenges. ISO26262 Functional Safety requirements entail extensive Fault Injection campaigns and complex analysis for the evaluation of deployed Software Tools. This paper proposes a methodology to improve Fault Analysis Tools Confidence Level (TCL) by detecting errors in the classification of faults. By combining the strengths of Automatic Test Pattern Generators (ATPG), Formal Methods and Fault Injection Simulators we are able to automatically generate a Test Environment that enables the validation of the tools and provides supplementary information about the design behavior. Our results showed fault detection rates above 99% including information to improve ISO26262 metrics calculation
Determined-Safe Faults Identification
A step towards ISO26262 hardware compliant designs
Conference paper
(2020)
-
Felipe Augusto da Silva, Ahmet Cagri Bagbaba, Sandro Sartoni, Riccardo Cantoro, Matteo Sonza Reorda, Said Hamdioui, Christian Sauer
The development of Integrated Circuits for the Automotive sector imposes on major challenges. ISO26262 compliance, as part of this process, entails complex analysis for the evaluation of potential random hardware faults. This paper proposes a systematic approach to identify faults that do not disrupt safety-critical functionalities and consequently can be considered Safe. By deploying code coverage and Formal verification techniques, our methodology enables the classification of faults that are unclassified by other technologies, improving ISO26262 compliance. Our results, in combination with Fault Simulation, achieved a Diagnostic Coverage of 93% in a CAN Controller. These figures allow an initial assessment for an ASIL B configuration of the IP.
...
The development of Integrated Circuits for the Automotive sector imposes on major challenges. ISO26262 compliance, as part of this process, entails complex analysis for the evaluation of potential random hardware faults. This paper proposes a systematic approach to identify faults that do not disrupt safety-critical functionalities and consequently can be considered Safe. By deploying code coverage and Formal verification techniques, our methodology enables the classification of faults that are unclassified by other technologies, improving ISO26262 compliance. Our results, in combination with Fault Simulation, achieved a Diagnostic Coverage of 93% in a CAN Controller. These figures allow an initial assessment for an ASIL B configuration of the IP.
Conference paper
(2019)
-
Felipe Augusto Da Silva, Ahmet Cagri Bagbaba, Said Hamdioui, Christian Sauer
Tolerance to random hardware failures, required by ISO26262, entails accurate design behavior analysis, complex Verification Environments and expensive Fault Injection campaigns. This paper proposes a methodology combining the strengths of Automatic Test Pattern Generators (ATPG), Formal Methods and Fault Injection Simulation to decrease the efforts of Functional Safety Verification. Our methodology results in a fast-deployed Fault Injection environment achieving Fault detection rates higher than 99% on the tested designs. In addition, ISO26262 Tool Confidence level is improved by a fault analysis report that allows verification of malfunctions in the outputs of the tools.
...
Tolerance to random hardware failures, required by ISO26262, entails accurate design behavior analysis, complex Verification Environments and expensive Fault Injection campaigns. This paper proposes a methodology combining the strengths of Automatic Test Pattern Generators (ATPG), Formal Methods and Fault Injection Simulation to decrease the efforts of Functional Safety Verification. Our methodology results in a fast-deployed Fault Injection environment achieving Fault detection rates higher than 99% on the tested designs. In addition, ISO26262 Tool Confidence level is improved by a fault analysis report that allows verification of malfunctions in the outputs of the tools.
Conference paper
(2019)
-
Josie E.Rodriguez Condia, Felipe A. Da Silva, S. Hamdioui, C. Sauer, M. Sonza Reorda
Nowadays, General Purpose Graphics Processing Units (GPGPUs) devices are considered as promising solutions for high-performance safety-critical applications, such as those in the automotive field. However, their adoption requires solutions to effectively detect faults arising in the device during the operative life. Hence, effective in-field test solutions are required to guarantee high-reliability levels. In this paper, we leverage the results of Software-Based Self-Test (SBST) based approaches for GPGPUs by deploying new techniques for automating the identification of untestable faults (UF). Our methodology has achieved fault coverage of 82.8% when applied to an open-source implementation of the NVIDIA G80 GPU architecture. The proposed approach combining SBSTs and UFs identification appears as an effective solution for the reliability analysis of GPGPUs.
...
Nowadays, General Purpose Graphics Processing Units (GPGPUs) devices are considered as promising solutions for high-performance safety-critical applications, such as those in the automotive field. However, their adoption requires solutions to effectively detect faults arising in the device during the operative life. Hence, effective in-field test solutions are required to guarantee high-reliability levels. In this paper, we leverage the results of Software-Based Self-Test (SBST) based approaches for GPGPUs by deploying new techniques for automating the identification of untestable faults (UF). Our methodology has achieved fault coverage of 82.8% when applied to an open-source implementation of the NVIDIA G80 GPU architecture. The proposed approach combining SBSTs and UFs identification appears as an effective solution for the reliability analysis of GPGPUs.
Conference paper
(2018)
-
Felipe Augusto da Silva, Ahmet Cagri Bagbaba, Said Hamdioui, Christian Sauer
This work aims at an alternative method to verify the correctness of Fault Lists generated by fault simulators tools in context of safety verification. The lists generated by simulation tools are verified against lists from formal tools. The consistency evaluation between the lists supports the Tool Confidence Level (TCL) assessment, defined in the ISO26262. In addition, formal tools have the potential of performing optimization in Fault Lists by annotation of the expected behavior of the design under fault. Our work demonstrates the feasibility of using Formal Methods to verify and optimize the fault list from simulators. Results indicate an average reduction of 29.5% on the number of faults to be simulated and demonstrate that it is possible to achieve TCL by verification of the fault lists.
...
This work aims at an alternative method to verify the correctness of Fault Lists generated by fault simulators tools in context of safety verification. The lists generated by simulation tools are verified against lists from formal tools. The consistency evaluation between the lists supports the Tool Confidence Level (TCL) assessment, defined in the ISO26262. In addition, formal tools have the potential of performing optimization in Fault Lists by annotation of the expected behavior of the design under fault. Our work demonstrates the feasibility of using Formal Methods to verify and optimize the fault list from simulators. Results indicate an average reduction of 29.5% on the number of faults to be simulated and demonstrate that it is possible to achieve TCL by verification of the fault lists.