SFFS309A April   2022  – May 2022 TPS3704 , TPS3704-Q1

 

  1.   Trademarks
  2. 1Introduction
  3. 2Hardware Component Failure Modes Effects and Diagnostics Analysis (FMEDA)
    1. 2.1 Random Fault Estimation
      1. 2.1.1 Fault Rate Estimation Theory for Packaging
      2. 2.1.2 Fault Estimation Theory for Silicon Permanent Faults
      3. 2.1.3 Fault Estimation Theory for Silicon Transient Faults
      4. 2.1.4 The Classification of Failure Categories and Calculation
    2. 2.2 Using the FMEDA Spreadsheet Tool
      1. 2.2.1 Mission Profile Tailoring Tab
        1. 2.2.1.1 Confidence Level
        2. 2.2.1.2 Geographical Location
        3. 2.2.1.3 Life Cycle
        4. 2.2.1.4 Use Case Thermal Management Control (Theta-Ja) and Use Case Power
        5. 2.2.1.5 Safe vs Non-Safe (Safe Fail Fraction) for Each Component Type
        6. 2.2.1.6 Analog FIT Distribution Method
        7. 2.2.1.7 Operational Profile
      2. 2.2.2 Pin Level Tailoring Tab
      3. 2.2.3 Function and Diag Tailoring Tab
      4. 2.2.4 Diagnostic Coverage Tab
      5. 2.2.5 Customer Defined Diagnostics Tab
      6. 2.2.6 Totals - ISO26262 Tab
      7. 2.2.7 Details - ISO26262 Tab
      8. 2.2.8 Totals - IEC61508 Tab
      9. 2.2.9 Details - IEC61508 Tab
    3. 2.3 Example Calculation of Metrics
      1. 2.3.1 Assumptions of Use for Calculation of Safety Metrics
      2. 2.3.2 Summary of ISO 26262 Safety Metrics at Device Level
      3. 2.3.3 Summary of IEC 61508 Safety Metrics at Device Level
  4. 3Revision History

2.1.4 The Classification of Failure Categories and Calculation

TI uses ISO 26262-10, Figure 9 as the basis for all FMEDA calculations. Each of the rows in the FMEDA is given a portion of the overall device failure rate based on its transistor count or area (package FIT is calculated separately based on the number of device pins). Then based on the selections that are made in Section 2.2.3, the FMEDA will categorize the failure rate accordingly. The user can see the details of this categorization in the 'Details - ISO26262' tab and/or the 'Details - IEC 61508' tab. The calculation for IEC 61508 categories is slightly different than in IEC 61508, especially regarding the failures of diagnostic functions in single-channel structures (HFT=0). For these calculations, TI follows the Machinery Directive Recommendation for Use (CNB/M/11.059):

  1. The diagnostic functions are considered as separate functions and shall fulfill the requirements as shown in the table below.
    Table 2-2 Machinery Directive RfU Table
    Safety FunctionDiagnostic Function
    SIL 1Basic safety principles
    SIL 2SIL 1
    SIL 3SIL 2
  2. A failure in a diagnostic function that increases the probability that the safety function does not operate correctly when required, shall be classified as dangerous failure according to IEC 61508-4:2010, clause 3.6.7. A failure in a diagnostic function that leads directly to the safe state shall be classified as safe failure according to IEC 61508-4:2010, clause 3.6.8.”