Hi NXP,
I'm developing the FMEDA of a system that integrates the MPC5744P - Panther uP.
I'm using the metrics provided by the FMEDA Summary (I filled the Excel customer and the FAE provided me the FMEDA summary)
I remember that the metrics of Failure FMEDA Summary = permanents Failure + Transient Failure
In my FMEDA I should consider both? Permanent and transient?
The doubt arises because the SRAM is described by "2700 FIT (summary) = 1 FIT (permanent) + 2699 FIT (transient)" but I use all SM available to mitigate the failure (ECC, MBIST, LBIST,...).
Futhemore the SRAM customer file has a sheet called "Module FMEDA" that describes Soft Errors
In this sheet the SM called ECC, can control Soft errors with 100% coverage (controlled DC=100%, detected DC=0%)
controlled = corrected but not detected
transient failure = temporary event
In FMEDA should I consider both permanents Failure and transient Failure?
What is the correct methodology for treating transient Failure in functional safety?
Thanks
Solved! Go to Solution.
Hi Davide
In my view, both transient and permanent should be considered for analysis which is also recommended by ISO26262-2018: Part 5. Here is the snippet from ISO that can help you understand how to deal with transient failures at system/item level:
NOTE 2 In the case of a transient fault, for which a safety mechanism restores the item to a fault free state, such a fault can be considered as a detected multiple-point fault even if the driver is never informed of its existence.
EXAMPLE 2 In the case of an error correction code used to protect a memory against transient faults, the item is restored to a fault free state if the safety mechanism—in addition to delivering a correct value to the CPU—repairs the content of the flipped bit inside the memory array (e.g. by writing back the corrected value).
Hope this helps,
Regards
-Aarul Jain
Hi Davide
In my view, both transient and permanent should be considered for analysis which is also recommended by ISO26262-2018: Part 5. Here is the snippet from ISO that can help you understand how to deal with transient failures at system/item level:
NOTE 2 In the case of a transient fault, for which a safety mechanism restores the item to a fault free state, such a fault can be considered as a detected multiple-point fault even if the driver is never informed of its existence.
EXAMPLE 2 In the case of an error correction code used to protect a memory against transient faults, the item is restored to a fault free state if the safety mechanism—in addition to delivering a correct value to the CPU—repairs the content of the flipped bit inside the memory array (e.g. by writing back the corrected value).
Hope this helps,
Regards
-Aarul Jain