All trademarks are the property of their respective owners.
This document contains information for the DRV8910-Q1 (HTSSOP package) to aid in a functional safety system design. Information provided are:
Figure 1-1 shows the device functional block diagram for reference.
The DRV8910-Q1 was developed using a quality-managed development process, but was not developed in accordance with the IEC 61508 or ISO 26262 standards.
This section provides functional safety failure in time (FIT) rates for the DRV8910-Q1 based on two different industry-wide used reliability standards:
| FIT IEC TR 62380 / ISO 26262 | FIT (Failures Per 109 Hours) |
|---|---|
| Total component FIT rate | 23 |
| Die FIT rate | 7 |
| Package FIT rate | 16 |
The failure rate and mission profile information in Table 2-1 comes from the reliability data handbook IEC TR 62380 / ISO 26262 part 11:
| Table | Category | Reference FIT Rate | Reference Virtual TJ |
|---|---|---|---|
| 5 | CMOS,
BICMOS Digital, analog, or mixed | 25 FIT | 55°C |
The reference FIT rate and reference virtual TJ (junction temperature) in Table 2-2 come from the Siemens Norm SN 29500-2 tables 1 through 5. Failure rates under operating conditions are calculated from the reference failure rate and virtual junction temperature using conversion information in SN 29500-2 section 4.
The failure mode distribution estimation for the DRV8910-Q1 in Table 3-1 comes from the combination of common failure modes listed in standards such as IEC 61508 and ISO 26262, the ratio of sub-circuit function size and complexity, and from best engineering judgment.
The failure modes listed in this section reflect random failure events and do not include failures resulting from misuse or overstress.
| Die Failure Modes | Failure Mode Distribution (%) |
|---|---|
| Output is stuck LOW when commanded OFF (GND short) | 11%(1) |
| Output is stuck HIGH when commanded OFF (VM short) | 11%(1) |
| Output is stuck OFF when commanded LOW (Open) | 14%(1) |
| Output is stuck OFF when commanded HIGH (Open) | 14%(1) |
| Output ON resistance too high when commanded LOW | 11%(1) |
| Output ON resistance too high when commanded HIGH | 11%(1) |
| Low side slew rate too fast or too slow (high-side recirculation) | 5%(1) |
| High side slew rate too fast or too slow (low-side recirculation) | 5%(1) |
| Dead-time is too short | 4%(1) |
| Incorrect SPI communication | 12% |
| Incorrect input interpretation (nSLEEP) | 1% |
| Incorrect nFAULT assertion | 1% |
DRV8910-Q1 was developed using a quality-managed development process, but was not developed in accordance with the IEC 61508 or ISO 26262 standards.
This section provides a failure mode analysis (FMA) for the pins of the DRV8910-Q1. The failure modes covered in this document include the typical pin-by-pin failure scenarios:
Table 4-2 through Table 4-5 also indicate how these pin conditions can affect the device as per the failure effects classification in Table 4-1.
| Class | Failure Effects |
|---|---|
| A | Potential device damage that affects functionality. |
| B | No device damage, but loss of functionality. |
| C | No device damage, but performance degradation. |
| D | No device damage, no impact to functionality or performance. |
Figure 4-1 shows the DRV8910-Q1 pin diagram. For a detailed description of the device pins, see the Pin Configuration and Functions section in the DRV8910-Q1 data sheet.
Following are the assumptions of use and the device configuration assumed for the pin FMA in this section:
| Pin Name | Pin No. | Description of Potential Failure Effect(s) | Failure Effect Class |
|---|---|---|---|
| GND | 1, 13, 24 | Normal function. | D |
| OUT1 | 2 | If OUT1 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| OUT5 | 3 | If OUT5 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| OUT7 | 4 | If OUT7 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| SDI | 5 | SPI communication is lost. | B |
| VDD | 6 | Device will be in SLEEP state and outputs are Hi-Z. | B |
| SDO | 7 | SPI communication is lost. | B |
| nSLEEP | 8 | Device will be in SLEEP state and outputs are Hi-Z. | B |
| OUT9 | 9 | If OUT9 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| OUT6 | 10 | If OUT6 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| OUT4 | 11 | If OUT4 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| nFAULT | 12 | False fault signalling possible. Device will continue to operate as commanded. | B |
| OUT3 | 14 | If OUT3 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| OUT10 | 15 | If OUT10 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| VM | 16, 21 | Device is powered off with driver Hi-Z. | B |
| NC | 17, 18 | Unused pin | D |
| nSCS | 19 | SPI communication is lost. | B |
| SCLK | 20 | SPI communication is lost. | B |
| OUT8 | 22 | If OUT8 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| OUT2 | 23 | If OUT2 is commanded to be pulled high, short is detected and outputs are Hi-Z. | B |
| Pin Name | Pin No. | Description of Potential Failure Effect(s) | Failure Effect Class |
|---|---|---|---|
| GND | 1, 13, 24 | Device is powered off with driver Hi-Z. | B |
| OUT1 | 2 | Load drive capability is lost. | B |
| OUT5 | 3 | Load drive capability is lost. | B |
| OUT7 | 4 | Load drive capability is lost. | B |
| SDI | 5 | SPI communication is lost. | B |
| VDD | 6 | Device will be in SLEEP state and outputs are Hi-Z. | B |
| SDO | 7 | SPI communication is lost. | B |
| nSLEEP | 8 | Device will be in SLEEP state and outputs are Hi-Z. | B |
| OUT9 | 9 | Load drive capability is lost. | B |
| OUT6 | 10 | Load drive capability is lost. | B |
| OUT4 | 11 | Load drive capability is lost. | B |
| nFAULT | 12 | False fault signaling possible. Device will continue to operate as commanded. | B |
| OUT3 | 14 | Load drive capability is lost. | B |
| OUT10 | 15 | Load drive capability is lost. | B |
| VM | 16, 21 | Device is powered off with driver Hi-Z. | B |
| NC | 17, 18 | Unused pin | D |
| nSCS | 19 | SPI communication is lost. | B |
| SCLK | 20 | SPI communication is lost. | B |
| OUT8 | 22 | Load drive capability is lost. | B |
| OUT2 | 23 | Load drive capability is lost. | B |
| Pin Name | Pin No. | Shorted to | Description of Potential Failure Effect(s) | Failure Effect Class |
|---|---|---|---|---|
| GND | 1 | GND | Normal function. | D |
| OUT1 | 2 | GND | If OUT1 is commanded to be pulled high, short is detected and OUT1 is Hi-Z. | B |
| OUT5 | 3 | OUT1 | Load drive capability is lost. | B |
| OUT7 | 4 | OUT5 | Load drive capability is lost. | B |
| SDI | 5 | OUT7 | SPI communication is lost. Low voltage pin max voltage may be violated. | A |
| VDD | 6 | SDI | SPI communication is lost. | B |
| SDO | 7 | VDD | SPI communication is lost. | B |
| nSLEEP | 8 | SDO | SPI communication is lost. | B |
| OUT9 | 9 | nSLEEP | Low voltage pin max voltage may be violated. | A |
| OUT6 | 10 | OUT9 | Load drive capability is lost. | B |
| OUT4 | 11 | OUT6 | Load drive capability is lost. | B |
| nFAULT | 12 | OUT4 | False fault signalling possible. Low voltage pin max voltage may be violated. | A |
| GND | 13 | nFAULT | False fault signalling possible. Device will continue to operate as commanded. | B |
| OUT3 | 14 | GND | If OUT3 is commanded to be pulled high, short is detected and OUT3 is Hi-Z. | B |
| OUT10 | 15 | OUT3 | Load drive capability is lost. | B |
| VM | 16 | OUT10 | If OUT10 is commanded to be pulled low, short is detected and OUT10 is Hi-Z. | B |
| NC | 17 | VM | Short to unused pin. | D |
| NC | 18 | NC | Short to unused pin. | D |
| nSCS | 19 | NC | Short to unused pin. | D |
| SCLK | 20 | nSCS | SPI communication is lost. | B |
| VM | 21 | SCLK | SPI communication is lost. Low voltage pin max voltage may be violated. | A |
| OUT8 | 22 | VM | If OUT8 is commanded to be pulled low, short is detected and OUT8 is Hi-Z. | B |
| OUT2 | 23 | OUT8 | Load drive capability is lost. | B |
| GND | 24 | OUT2 | If OUT2 is commanded to be pulled high, short is detected and OUT2 is Hi-Z. | B |
| Pin Name | Pin No. | Description of Potential Failure Effect(s) | Failure Effect Class |
|---|---|---|---|
| GND | 1, 13, 24 | Device is powered off with driver Hi-Z. | B |
| OUT1 | 2 | If OUT1 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |
| OUT5 | 3 | If OUT5 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |
| OUT7 | 4 | If OUT7 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |
| SDI | 5 | SPI communication is lost. Low voltage pin max voltage may be violated. | A |
| VDD | 6 | Low voltage pin max voltage may be violated. | A |
| SDO | 7 | SPI communication is lost. Low voltage pin max voltage may be violated. | A |
| nSLEEP | 8 | Low voltage pin max voltage may be violated. | A |
| OUT9 | 9 | If OUT9 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |
| OUT6 | 10 | If OUT6 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |
| OUT4 | 11 | If OUT4 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |
| nFAULT | 12 | Low voltage pin max voltage may be violated. | A |
| OUT3 | 14 | If OUT3 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |
| OUT10 | 15 | If OUT10 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |
| VM | 16, 21 | Normal function. | D |
| NC | 17, 18 | Short to unused pin. | D |
| nSCS | 19 | SPI communication is lost. Low voltage pin max voltage may be violated. | A |
| SCLK | 20 | SPI communication is lost. Low voltage pin max voltage may be violated. | A |
| OUT8 | 22 | If OUT8 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |
| OUT2 | 23 | If OUT2 is commanded to be pulled low, short is detected and outputs are Hi-Z. | B |