SLLA541 December   2020 TCAN1144-Q1 , TCAN1146-Q1

 

  1.   Trademarks
  2. 1Introduction
  3. 2Hardware Component Failure Modes Effects and Diagnostics Analysis (FMEDA)
    1. 2.1 Random Fault Estimation
      1. 2.1.1 Fault Rate Estimation Theory for Packaging
      2. 2.1.2 Fault Estimation Theory for Silicon Permanent Faults
      3. 2.1.3 Fault Estimation Theory for Silicon Transient Faults
      4. 2.1.4 The Classification of Failure Categories and Calculation
    2. 2.2 Using the FMEDA Spreadsheet Tool
      1. 2.2.1 Mission Profile Tailoring Tab
        1. 2.2.1.1 Confidence Level
        2. 2.2.1.2 Geographical Location
        3. 2.2.1.3 Life Cycle
        4. 2.2.1.4 Use Case Thermal Management Control (Theta-Ja) and Use Case Power
        5. 2.2.1.5 Safe vs Non-Safe (Safe Fail Fraction) for Each Component Type
        6. 2.2.1.6 Analog FIT Distribution Method
        7. 2.2.1.7 Operational Profile
      2. 2.2.2 Pin Level Tailoring Tab
      3. 2.2.3 Function and Diag Tailoring Tab
      4. 2.2.4 Diagnostic Coverage Tab
      5. 2.2.5 Customer Defined Diagnostics Tab
      6. 2.2.6 Totals - ISO26262 Tab
      7. 2.2.7 Details - ISO26262 Tab
    3. 2.3 Example Calculation of Metrics
      1. 2.3.1 Assumptions of Use for Calculation of Safety Metrics
      2. 2.3.2 Summary of ISO 26262 Safety Metrics at Device Level

Safe vs Non-Safe (Safe Fail Fraction) for Each Component Type

For each failure mode of a fundamental design element, a determination should be made as to whether the failure is safe or dangerous. Safe failures do not result in a loss of the safety function or violation of a safety goal (this can include failure to perform the safety function so long as the design fails into the pre-defined safe state). Dangerous failures result in a loss of safety function or violation of a safety goal.

The usage the ratio safe versus dangerous failures varies based on the system's utilization of the hardware. In many systems, it is not feasible for the system integrator to prove the safe versus dangerous ratio due to technical complexity, design visibility and the time necessary for exhaustive testing. To manage this concern, a probabilistic approach can be taken, in which a ratio of safe versus dangerous failures is estimated. Many standards suggest that this ratio can be set to 50% safe and 50% dangerous if no detailed data is available. TI has conservatively used a 50% safe failure estimate for transient faults of the SRAM, digital logic, and Flash memory. All other faults are considered to be 0% safe. The user may alter these assumptions to meet their specific use case. These selections will impact the "Safety related FIT" for permanent, transient, and package.