Safety-specific analysis as additional design assurance for microprocessors

In this paper we discuss the use of safety- specific analysis (SSA) as additional design assurance of modern microprocessors. SSA is a method to derive and validate safety-specific requirements about internal operations of a component. We suggest and discuss a mixed component assurance approach based on on-chip service history, on-chip architectural mitigation techniques (including turning off some parts) and safety- specific analysis on different parts of the microprocessor. With this approach we believe that it might be possible to gain certification credit for the complete microprocessor even if some on-chip parts are partially or even completely new. We also show why it will be very hard to perform safety-specific analysis on a complete modern microprocessor. A modern microprocessor is simply too complex and manipulates data in a too complex manner to be able to analyze for safety- specific aspects.