SFFSAY3 January   2026 F29H850TU , F29H859TU-Q1 , TMCS1123 , TMCS1123-Q1 , TPS650362-Q1 , TPS650365-Q1

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Background
    2. 1.2 HW/SW FuSa Analysis Process
      1. 1.2.1 Item Definition
      2. 1.2.2 Functional Safety Goal
      3. 1.2.3 Functional Safety Concept
      4. 1.2.4 Technical Safety Concept
      5. 1.2.5 HW/SW Safety Requirement
      6. 1.2.6 Dependent‑failure Analysis
    3. 1.3 TI Collaterals
      1. 1.3.1 TI Components Category
      2. 1.3.2 FuSa Collaterals for Safety MCU
  5. 2FuSa Concepts of OBC System
    1. 2.1 Item Definition
      1. 2.1.1 Item Functions
      2. 2.1.2 System Boundaries
      3. 2.1.3 External Interfaces
      4. 2.1.4 Operation Modes
    2. 2.2 Functional Safety Goal
    3. 2.3 Functional Safety Concept
    4. 2.4 Technical Safety Concept
    5. 2.5 HW/SW Safety Requirement
    6. 2.6 Dependent‑Failure Analysis
  6. 3FuSa Components of OBC System
    1. 3.1 Components Overview
    2. 3.2 Microcontroller
      1. 3.2.1 CPU
      2. 3.2.2 ADC Sample
      3. 3.2.3 PWM Generation
      4. 3.2.4 CMPSS
      5. 3.2.5 Data Transmission
      6. 3.2.6 Fault Signal Monitor and Safe State Control
    3. 3.3 Power Management IC
      1. 3.3.1 MCU Monitor
      2. 3.3.2 Shutdown Sequence
      3. 3.3.3 Power Supply
    4. 3.4 System Basis Chips
      1. 3.4.1 CAN Communication
      2. 3.4.2 Supply Voltage Rail Monitoring
      3. 3.4.3 SPI/Processor Communication
      4. 3.4.4 Device Internal EEPROM
    5. 3.5 Power Supply and Supervisor
    6. 3.6 Gate Driver
    7. 3.7 Voltage Sensor
    8. 3.8 Current Sensor
    9. 3.9 Temperature Sensor
  7. 4Summary
  8. 5References

1.1 Background

Electric vehicles have experienced rapid growth in recent years due to environmental benefits, including zero emissions and reduced dependence on fossil fuels. As electrification and autonomous driving technologies continue to advance, safety concerns for electric vehicles have become increasingly prominent.

Functional Safety (FuSa) represents a critical component of overall system safety, focusing on ensuring that systems respond predictably to both normal inputs and failure conditions. The primary objective of FuSa is to systematically reduce risks to acceptable levels through the strategic implementation of appropriate safety mechanisms and design methodologies.

ISO 26262: 2018 is the international standard for functional safety of electrical and electronic (E/E) systems in road vehicles. It adapts the generic IEC 61508: 2010 safety‑lifecycle framework to the automotive domain. It provides a structured, risk‑based approach to verify that failures do not lead to unsafe situations.

Those failures can be classified into systematic faults and random hardware faults. Systematic faults are present in both hardware design and software design, which can be managed and mitigated by a rigorous development process or independent assessment. Random hardware faults are only limited to hardware, which cannot be eliminated, while can be detected and prevented by implementing safety mechanisms. Table 1-1summarizes the difference between systematic and random hardware faults.

Table 1-1 Systematic vs. Random Hardware Faults
AspectSystematic FaultRandom Hardware Fault
DefinitionDeterministic faults inherent to design, specification, implementation, or operation that manifests consistently under specific conditionsPhysical defects or failure occurring unpredictably during hardware operation due to physical phenomena, aging, stress, or environmental factors
Root causeFor example, design errors, incorrect specifications, implementation mistakesFor example, physical deterioration, electrical stress, component aging
PredictabilityDeterministic and reproducible, which can be eliminated and permanently fixedProbabilistic and statistical occurrence, which cannot be eliminated and reproducible
GoalEliminate the defect before release.Detect and mitigate the fault when the fault occurs.
MeasuresFunctional safety management, development, test, verification, validation activities in full lifecycle.Safety mechanism design and verification.
Typical metricsNumber of uncovered safety requirements, review coverage, tool confidence level.Failure rate, Diagnostic Coverage.

Since systematic faults can be prevented and eliminated by ensuring a high-quality development process, this paper will focus on the random hardware fault analysis. Hardware metrics - Single-point fault metric (SPFM), Latent fault metric (LFM), and Probabilistic metric for random hardware failure (PMHF) - are defined to quantitatively assess random hardware failures and determine compliance with automotive safety integrity requirements.

Automotive safety integrity levels (ASIL) range from ASIL A to ASIL D, with ASIL D being the most stringent. Table 1-2 lists the acceptable values of random hardware failure metrics associated with each ASIL level according to ISO 26262.

Table 1-2 Hardware Failure Metrics According to ISO 26262
ASIL LevelSPFMLFMPMHF (in FIT; Failures in Time)
ASIL-ANot relevantNot relevantNot relevant
ASIL-B≥ 90%≥ 60%≤ 100 FIT
ASIL-C≥ 97%≥ 80%≤ 100 FIT
ASIL-D≥ 99%≥ 90%≤ 10 FIT