Functional Safety Analysis

Functional Safety Analysis

Functional safety analysis is used to evaluate the safety level achieved by the product (e.g., an IP, an SoC). It comprises quantitative evaluations (such as failure mode effect and diagnostic analysis (FMEDA), timing analysis,and qualitative assessments (such as dependent failure analysis (DFA).

FMEDA

FMEDA is a structured approach to define failure modes, failure rate, and diagnostic capabilities of a hardware component.

Based on the component functionality, the FMEDA hierarchy is structured in parts/subparts/elementary subparts (depending on the detail level)/failure modes (ISO 26262: Road vehicles — Functional safety). Each failure mode is categorized as to whether it affects the safety goal or not.

For each failure mode defined and affecting safety goals, basic needed inputs include:

– Failure rate (FR): that is, the rate at which the component experiences faults, i.e., the reliability

– Safety mechanism (SM): that is, whether there is a safety mechanism to detect the failure mode

– Diagnostic coverage (DC): that is, the effectiveness of the safety mechanism at detecting faults

The outputs to assess the level of functional safety readiness are the hardware architectural metrics SPFM, LFM, and PHFM.

Intuitively, these metrics capture how reliable the component is (in other words, how likely it is to fail), and how reliable the safety mechanism is at detecting that failure and bringing the system to a safe state.

The failure rate is the measure of the reliability of a component, which is expressed in FIT. The FIT rate of a component is the number of failures expected in one billion hours of operation. In other words, if a device has a FIT rate equal to 1, the device has a mean time to failure (MTTF) of 1 billion hours (ISO 26262: Road vehicles — Functional safety).

Per ISO 26262, the estimated failure rates for hardware parts shall be determined in one of three ways:

– Estimated by application of industry reliability data books (e.g., IEC 61709, IEC TR 62380)

– Derived from observation of field incidents, such as analysis of material returned as field failures

– Derived from experimental testing

Table 2 shows a simplified FMEDA table. As shown in the table, for each failure mode, the FR, SM, and DC are combined to calculate the SPFM, the LFM, and the FIT rate. The total metrics are obtained by summation of all the rows. By analyzing the overall metrics and the row-by-row contribution, the FMEDA directs the designer to which parts of the design need to be enhanced for safety readiness.

In the specific example of Table 2, the FMEDA has been performed for permanent faults. In a similar way, it is possible to build the analysis for transient faults.