Functional Safety necessitates the integration of redundancy in the logic design to mitigate the effects of random hardware failures. The most resilient design is TMR (Triple-Module Redundancy), which can correct a single point fault.
In the TMR ECO on Flop process, after the RTL has been synthesized into a netlist, all flops lack redundancy at this stage. The design is then subjected to FMEDA (Failure Mode Effects and Diagnostic Analysis) to identify single point faults, typically found in critical flops. Netlist ECO may be required to convert some of these flops to the TMR format.
Figure 1: Replace one flop by three flops and voting logic
The GOF script ECO feature can easily convert a flop to TMR mode.
The detail script for insert redundancy for a flop:
new_gate("", "DFFHQX2", "reg0_1", ".D(reg0/D),.CK(reg0/CK)"); new_gate("", "DFFHQX2", "reg0_2", ".D(reg0/D),.CK(reg0/CK)"); change_pin("reg0/Q", "OR3X1", "vor3", ""); change_pin("vor3/A", "AND2X1", "van20", ""); change_pin("vor3/B", "AND2X1", "van21", ""); change_pin("vor3/C", "AND2X1", "van22", ""); change_pin("van20/A", "reg0/Q"); change_pin("van20/B", "reg0_1/Q"); change_pin("van21/A", "reg0/Q"); change_pin("van21/B", "reg0_2/Q"); change_pin("van22/A", "reg0_1/Q"); change_pin("van22/B", "reg0_2/Q");