In FMEDA should I consider both permanents Failure and transient Failure?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

In FMEDA should I consider both permanents Failure and transient Failure?

Jump to solution
705 Views
davidemasi
Contributor I

Hi NXP,

I'm developing the FMEDA of a system that integrates the MPC5744P - Panther uP.
I'm using the metrics provided by the FMEDA Summary (I filled the Excel customer and the FAE provided me the FMEDA summary)

I remember that the metrics of Failure FMEDA Summary = permanents Failure + Transient Failure 

In my FMEDA I should consider both? Permanent and transient?

The doubt arises because the SRAM is described by "2700 FIT (summary) = 1 FIT (permanent) + 2699 FIT (transient)" but I use all SM available to mitigate the failure (ECC, MBIST, LBIST,...).

Futhemore the SRAM customer file has a sheet called "Module FMEDA" that describes Soft Errors

In this sheet the SM called ECC, can control Soft errors with 100% coverage (controlled DC=100%, detected DC=0%)

controlled = corrected but not detected
transient failure  = temporary event

In FMEDA should I consider both permanents Failure and transient Failure?

What is the correct methodology for treating transient Failure in functional safety?

Thanks

0 Kudos
1 Solution
609 Views
aarul
NXP Employee
NXP Employee

Hi Davide

In my view, both transient and permanent should be considered for analysis which is also recommended by ISO26262-2018: Part 5. Here is the snippet from ISO that can help you understand how to deal with transient failures at system/item level:

NOTE 2 In the case of a transient fault, for which a safety mechanism restores the item to a fault free state, such a fault can be considered as a detected multiple-point fault even if the driver is never informed of its existence.
EXAMPLE 2 In the case of an error correction code used to protect a memory against transient faults, the item is restored to a fault free state if the safety mechanism—in addition to delivering a correct value to the CPU—repairs the content of the flipped bit inside the memory array (e.g. by writing back the corrected value).

Hope this helps,

Regards

-Aarul Jain

View solution in original post

0 Kudos
1 Reply
610 Views
aarul
NXP Employee
NXP Employee

Hi Davide

In my view, both transient and permanent should be considered for analysis which is also recommended by ISO26262-2018: Part 5. Here is the snippet from ISO that can help you understand how to deal with transient failures at system/item level:

NOTE 2 In the case of a transient fault, for which a safety mechanism restores the item to a fault free state, such a fault can be considered as a detected multiple-point fault even if the driver is never informed of its existence.
EXAMPLE 2 In the case of an error correction code used to protect a memory against transient faults, the item is restored to a fault free state if the safety mechanism—in addition to delivering a correct value to the CPU—repairs the content of the flipped bit inside the memory array (e.g. by writing back the corrected value).

Hope this helps,

Regards

-Aarul Jain

0 Kudos