Design Redundancy for Functional Safety

Functional Safety requires redundancy built in the logic design to mitigate random hardware failure. The most robust design is TMR, Triple-Module Redundancy, which can fix one single point fault.

TMR ECO on Flop

After RTL is synthesized to netlist, all flops don't have redundancy in this stage. FMEDA is run on the design to find single point faults. The typical single point faults are the critical flops. Some of these flops may need netlist ECO to convert to TMR format.

Figure 1: Replace one flop by three flops and voting logic

ECO script

The GOF script ECO feature can easily convert a flop to TMR mode.

The detail script for insert redundancy for a flop:

new_gate("", "DFFHQX2", "reg0_1", ".D(reg0/D),.CK(reg0/CK)");
new_gate("", "DFFHQX2", "reg0_2", ".D(reg0/D),.CK(reg0/CK)");
change_pin("reg0/Q", "OR3X1", "vor3", "");
change_pin("vor3/A", "AND2X1", "van20", "");
change_pin("vor3/B", "AND2X1", "van21", "");
change_pin("vor3/C", "AND2X1", "van22", "");
change_pin("van20/A", "reg0/Q");
change_pin("van20/B", "reg0_1/Q");
change_pin("van21/A", "reg0/Q");
change_pin("van21/B", "reg0_2/Q");
change_pin("van22/A", "reg0_1/Q");
change_pin("van22/B", "reg0_2/Q");

Follow us: US | China
© 2023 NanDigits Design Automation. All rights reserved.