Solving the Physical Challenges for the Next Generation of Safety Critical & High Reliability Systems Brian Li

PV Group Director – DSG, Cadence Design System Inc.

- Market & drivers
- Challenges
- Forces of opportunity
- Electronic safety intent
- Examples
- Opportunities







### Automotive Market and Key Trends

### Strong Revenue Growth Forecast

- CAGR of 12.3% through 2025 (Source: Omdia, 02/2022)
- Drive towards leading edge technology nodes
- Challenges of Agility and Supply
  - Software Defined Vehicle
  - ADAS and Autonomous Driving
  - Electrification (HEV/EV)
  - Shortage in semiconductor market, particularly automotive
- Industry Responding to Challenges
  - Automotive Makers, OEM and Tier-1s initiating SoC designs
  - Traditional semiconductor companies entering automotive market
  - Startup companies developing autonomous driving platforms and sensors







### Discrete vs Integrated AD Platform

P

Ρ

fc

P

С

n

Audi zFAS

|                |          | 0_080 | 0 |
|----------------|----------|-------|---|
|                | •••••••  |       |   |
|                |          |       |   |
| On an a        |          |       | 0 |
| × ≈ ×<br>≈=≈ × | 0.14 BIT |       | Y |

| NVIDIA | Tegra K1 |
|--------|----------|
| S      | oC       |
| 1000 M | 1        |
|        | nun      |



#### Intel Altera Cyclone

Intel MobilEye Infineon EyeQ3 Aurix



### Performance <1 TOPS BOM cost: USD 275\$

Source: SYSTEM Plus Consulting

|                       | Audi zFAS                                                 | Tesla HW 3.0        |
|-----------------------|-----------------------------------------------------------|---------------------|
| Processors            | 1x Nvidia, 2x Intel, 1x<br>Infineon                       | 2x Tesla SoC        |
| Processor<br>potprint | 2985mm <sup>2</sup>                                       | 2812mm <sup>2</sup> |
| Processor<br>lie area | 393mm <sup>2</sup>                                        | 611mm <sup>2</sup>  |
| echnology<br>ode      | 28nm Tegra K1<br>28nm Cyclone<br>40nm EyeQ3<br>65nm Aurix | 14nm Tesla          |
|                       |                                                           |                     |

150x Performance Improvement!



#### Tesla SoC

Tesla SoC

cādence



Performance: 144 TOPS BOM cost: USD 400\$

# High-Performance AI Compute SoC Architecture



**Design IP** 

Services IP

Tensilica® IP

### **Physical Design Challenges**



### **Technology Forces**



### Artificial Intelligence

Machine learning data and computation LLM Enabled by much greater computation power

### **Digital Twins**

Virtual copy of physical objects Early/Virtual prototyping Agile development reducing ECOs

### **3DIC & Chiplet**

Increased data bandwidth System Design Flexibility System Driven PPA



# Automotive SoC Design Enablement with 3 Forces AI, Digital Twins, 3DIC



# Digital Twins - Helium Virtual and Hybrid Studio

#### **Platform Assembly**



CPU GPU Mem Virtual model RTL Periph IP Vertual Mem Periph P

**Hybrid Systems** 

- · GUI-based platform assembly
- Correct by construction
- Virtual model generator
- Helium<sup>™</sup> virtual runtime engine
- Native integration with Palladium<sup>®</sup>, Protium<sup>™</sup>, and Xcelium<sup>™</sup> technologies
- Gearshift from virtual CPU
   to RTL CPU dynamically
- Smart memory technology
- Virtual to RTL adaptors



- Integration of full Arm Fast Models IP portfolio incl. V9
- SystemC<sup>™</sup> TLM 2 Model Library TLM routers, I2C, UART, Ethernet, PCIe<sup>®</sup>, USB,...
- Engagement-ready virtual
   and hybrid reference designs



- Software debug experience identical from virtual to RTL
- · Uniform support in all engines
- Mix software-level and signallevel debug commands in one TCL script

cādence

• Live RTL IP register view

# Tesla: GenAI and the Future of Semiconductor and System Design

# DOJO AI Supercomputer

362 TFLOPS 7nm D1 AI Chip designed with Cadence Digital Full flow

600K pins 3D-IC package designed with Cadence Integrity™

9 TB/S I/O signal and power integrity analysis with Cadence Sigrity™



"We are very excited to extend our partnership to Tesla's next generation DOJO and FSD platforms."

### Next Gen System

Full self-driving platform AI Inference chip and solution Next gen DOJO chip and solution





# AI - LLM Copilot





- JedAI Platform uses LLM as a Copilot to automatically generate design collateral
  - Reduces the manual engineering effort
  - Creates higher quality design and verification



# AI - Critical Compute Element: Smallest Routable



#### Size & routability of critical compute element matters

Al-driven early exploration and full-flow optimization for smallest, routable blocks Up-to 10% smaller math engines



This slide contains forward-looking statements regarding Cadence's business or products. Actual results may differ materially from the information presented here

# AI - Joint Enterprise Data and AI (JedAI) Platform





- Enterprise scale AI and LLM driven data platform
- Connectors to many Cadence tools for complete chip design analysis
- Open API enabling Cadence and Customer Apps
- Integrated LLM for secure Copilot Apps



### Electronic Safety Intent USF (Unified Safety Format) Driven Design & Implementation

### Cadence Functional Safety Solution



### Safety Features Implementation (in a nutshell)



#### DCLS: Dual Core Lock Step for modular redundancy



Placement. Physical separation.





Clock isolation.





cādence

Routing. Routing isolation.

cādence

# Example - USF-Phys File

| create_failure_mode FM_tmr -insts {FF1 FF2}<br>create_safety_mechanism SM_tmr -type <b>tmr</b> -class hw<br>apply_safety_mechanism SM_tmr -to FM_tmr                                                                                                                                   | <ul> <li>Define a list of safety-critical flops</li> <li>Apply tmr safety-mechanism to those flops</li> <li>"-generated" option is not used as Genus<sup>™</sup> will create the safety-mechanism, ie. clone the flops and add voting logic</li> </ul> |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| create_failure_mode FM_mission -group {Master}<br>create_failure_mode FM_passive -group {Slave}<br>create_safety_mechanism SM_dcls -type <b>dcls</b> -class hw<br>apply_safety_mechanism SM_dcls -to FM_mission -generated<br>apply_safety_mechanism SM_dcls -to FM_passive -generated | <ul> <li>Define safety-critical groups</li> <li>Apply dcls safety-mechanism to those groups</li> <li>"-generated" option is used as the groups should already be defined in the RTL and floorplan</li> </ul>                                           |
| <pre>set_safety_mechanism_rules -tmr_spacing &lt;&gt; -tmr_isolate_clock set_safety_mechanism_rules -dcls_spacing &lt;&gt; -dcls_isolate_clock &lt;&gt;</pre>                                                                                                                          | Define implementation rules for safety mechanisms                                                                                                                                                                                                      |
| read_usf <file><br/>write_usf <file><br/>reset_usf<br/>read_safety_tmr &lt;&gt; : import tmr from third-party tool or rtl.</file></file>                                                                                                                                               |                                                                                                                                                                                                                                                        |

# Cadence Automotive Safety / USF-Driven Flow



- USF from Midas augmented with physical information (spacing rules, ...)
- USF-driven safety mechanism flow:
  - SM Insertion in Genus during synthesis
  - Physical implementation & verification (TMR/DCLS spacing, isolation etc.) in Innovus
  - Logical verification in Conformal



### Conformal USF Verification for TMR

• Step 1: Pre-TMR Netlist versus Post-TMR netlist Verification



#### GENUS/safety\_compare\_pre\_vs\_post\_tmr\_netlist.do

tclmode set\_dofile\_abort off set\_naming\_rule -field\_delimiter "." ""

#### read\_library -liberty \

[list ./DB/libs/fast\_vdd1v2\_basicCells.lib\ ./DB/libs/fast\_vdd1v2\_basicCells\_hvt.lib\ ./DB/libs//fast\_vdd1v2\_basicCells\_lvt.lib\ ./DB/libs/CDK\_S64x10.lib]\ -both;

read\_design ./pre\_tmr\_clone.v -root cpu\_10bit -rootonly golden ;
rood\_design /post\_tmr\_clone.v\_root onu\_10bit\_rootonly.

read\_design ./post\_tmr\_clone.v -root cpu\_10bit -rootonly revised ;

# perform sequential merge on tvf flops set\_flatten\_model -all\_seq\_merge set\_x\_conversion E -both set\_system\_mode lec add\_compared\_points -all compare SAFETY

### Conformal USF Verification for TMR

• Step 2: Post-TMR Netlist Verification



#### GENUS/safety\_tmr\_validate\_vote\_function.do (manual)

| tclmode         |                              |                                                    |                        |                  |
|-----------------|------------------------------|----------------------------------------------------|------------------------|------------------|
| set_dofile_abo  | ort off                      |                                                    |                        |                  |
| set_naming_r    | ule -field_delimiter "." ""  |                                                    |                        |                  |
| # ant wat ant   | on biomomonyofiy rootmo      | dula .                                             | # nothing mag in use   | file start with  |
| root module     | on -hiernameprefix rootmo    | aule;                                              | # patinames in usi     | me start with    |
|                 | # unco                       | omment as                                          | needed                 |                  |
| set ust option  |                              |                                                    | e flow is for TMR vali | dation           |
| sei_usi_optio   | -now the valuation,          | # 11                                               |                        | uation           |
| read_library -l | iberty \                     |                                                    |                        |                  |
| •               | s/fast_vdd1v2_basicCells.l   | ih)                                                |                        |                  |
| -               |                              |                                                    |                        |                  |
|                 | st_vdd1v2_basicCells_hvt.l   |                                                    |                        |                  |
|                 | st_vdd1v2_basicCells_lvt.li  | b\                                                 |                        |                  |
| ./DB/libs/CD    | 0K_S64x10.lib]               |                                                    |                        |                  |
|                 |                              |                                                    |                        |                  |
|                 | post_tmr_clone.v -root cpu   |                                                    |                        | nsertion netlist |
| read_usf post   | _tmr_clone.usf_no_dcls;      | <mark>#                                    </mark> | ost TMR usf file       |                  |
| set_analyze_o   | ption -noseq_merge ;         | # do no                                            | t perform sequential   | merge T          |
| set_x_convers   | sion E -both ;               |                                                    |                        |                  |
| set_system_m    | -                            |                                                    |                        | <i>(</i>         |
| ·               | - ,                          |                                                    |                        |                  |
| check usf       | # perform usf TMR front-     | end check                                          | c generate TMR info    | file '           |
|                 | _function -file lec_tmr.spec |                                                    |                        |                  |
|                 | re_data -class noneq ;       | , # vali                                           |                        | Ly               |
|                 |                              |                                                    |                        |                  |

### **Example - TMR implementation**

safety\_tmr\_spacing\_y: 6.0

|             | ingx1x: ingx3x ingx3x; ingx1x; iii ii iii iii iii iii iii iiii iii                                            |
|-------------|---------------------------------------------------------------------------------------------------------------|
|             |                                                                                                               |
| t./gx       |                                                                                                               |
|             | ·····································                                                                         |
|             |                                                                                                               |
|             |                                                                                                               |
|             | vregx3x vregx2x vregx7x iNST                                                                                  |
| ut_regx2x / | total=6.84                                                                                                    |
| regx3x      | t_regx4xregx7xregx6xregx6xregx9xregx8x                                                                        |
|             | T                                                                                                             |
|             |                                                                                                               |
|             |                                                                                                               |
|             | 2018 N4547 State 1 St |

#### safety\_tmr\_isolate\_clock: unique\_driver



### Flexible DCLS (Dual-Core-Lock-Step) Floorplan/Placement **Innovus Implementation System**



New DCLS Flexible Region Based Solution

### Avoid DCLS FuSa Interface Net Violation From Pre-Route add\_dcls\_iso

• FuSa routing restrictions



• All interface net FuSa violation will be avoided



# Avoid Over Pessimism in FuSa Routing

check\_net2net\_spacing / fix\_net2net\_spacing

FuSa routing restrictions (over-pessimistic region boundary based checks)



Identify the \*real\* FuSa violations without relying on region boundary



### **Unified Safety Reporting**

- Single command to check all safety mechanisms
  - o check\_safety\_mechanism
- Single report for all safety mechanisms
  - DCLS: placement, routing, clock isolation
  - TMR: placement, clock isolation

Generated by: Cadence Innovus 22.10-d343 1 05: Linux x86 64 (Host ID sjfhw951) # Wed Mar 2 07:45:31 2022 Generated on: # Design: dtmf\_chip check safety mechanism -out\_file tmp.rpt Command # Safety Mechanism SM1 # Safety Mechanism type: dcls # Failure Modes: FM mission FM passive dcls group overlap violations: 2 <group1> -> <group1a> <group2> -> <group2a> dcls group spacing violations: 2 <proup1> -> <group1a>. Required spacing: 15um. Actual spacing: 10um. <proup2> -> <proup2a>. Required spacing: 15um. Actual spacing: 10um. dcls inst placement violations: 2 Inst (inst1) of group (group1) is placed outside the group boundary. Inst <inst2> of group <group2> is placed outside the group boundary dcls internal net routing violations: 1 Net <net1> of group <group1> is routed outside the group boundary. dcls interface net routing violations: 1 Net <net2> of group <group2> is routed inside the boundary of exclusive group <group2a>. dcls clock isolation violations: 2 The clock net from inst (inst) driving dcls group (group) is also driving loads outside of that group. The clock net from inst (inst) inside dcls group (group) is driving loads outside of that group. \*\*\*\*\*\*\* # Safety Mechanism SM2 # Safety Mechanism type: tmr # Failure Modes: FM2 FM2 voters FM2 clones \*\*\*\*\* tmr spacing violations: 2 Inst <instl> is placed too close to other insts from the same tmr safety-mech Inst (inst2) is placed too close to other insts from the same tmr safety-me/ tmr clock isolation violations: 2 The clock net driving pin <CK> of tmr inst <inst1> is also driving other The clock net driving pin <CK> of tmr inst <inst1> is also driving other # Summary. Total violations for dcls safety mechanism SM1: X Total violations for tmr safety mechanism SM2: X Total violations for all safety mechanisms: X

SAFETY

### Automotive Electronics Implementation Summary

SAFETY



# Reliability - Voltus InsightAl

InsightAI within Innovus Digital Implementation Flow





### **8-10X improvement in IR-Closure cycle**

# Reliability - Tempus Aging-Aware Robustness Solution



- Existing aging solutions are expensive and inaccurate
  - Derate-based flow: too inaccurate, overly pessimistic
  - Fixed-age libs: not accurate enough, costly to characterize



- Cadence aging solution addresses both cor
  - Single stress-independent library characte
  - Switching activity-driven non-uniform agir

#### Accurate Analysis $\rightarrow$ Avoid Over-Design $\rightarrow$ Improve PPA

## Summary

 Automotive Electronics Physical Design is demanding and challenging

• Various new technologies have emerged

 Blessed with powerful EDA products, we can achieve automotive electronics design of excellence!



### Opportunities?



# cādence

© 2022 Cadence Design Systems, Inc. All rights reserved worldwide. Cadence, the Cadence logo, and the other Cadence marks found at <u>www.cadence.com/go/trademarks</u> are trademarks or registered trademarks of Systems, Inc. Accellera and System Care trademarks of Accellera Systems Initiative Inc. All Arm products are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All MIPI specifications are registered trademarks or trademarks or service marks owned by MIPI Alliance. All PCI-SIG specifications are registered trademarks or trademarks or trademarks are the property of their respective owners.