FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

S32K344 used as the Controller of the Quadcopter Unmanned Aerial Vehicle

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

S32K344 used as the Controller of the Quadcopter Unmanned Aerial Vehicle

‎09-04-2024 11:48 PM
378 Views
WeoWang
NXP Employee
NXP Employee

Hi Dear Colleagues,

My customer wants to use S32K344 as the controller of the quadcopter unmanned aerial vehicle.

With “Continuous and uninterrupted output of the correct PWM signal (a single interruption of the PWM signal can cause the drone to blow up)” as the top functional safety goal, the customer needs to evaluate the failure rate of a minimum system consisting of a single S32K344.
As per “S32K344_172Pins_2023_R1.003” (FMEDA's EXCEL sheet) and “S32K344 Safety Analysis Report.pdf” and refer to ISO 26262-2018 related documents. For the S32K344 chip (whose top-level safety objective is “Provide calculations to support the intended safety function”), since the requirement is to correctly output the PWM signals continuously and uninterruptedly, is it possible to calculate the hardware failure rate of the S32K344 by the 28.8019fit (single-point-of-failure rate + detected or sensed multiple-point-of-failure rate)? Multiple Point Failure) for calculation?

The customer asked this question because he has very high requirements for the drone, even if it is unmanned, so he can accept using more than 1 S32K344.

Best Regards

WW

0 Kudos
Reply
2 Replies

‎09-06-2024 01:04 PM
349 Views
antoinedubois
NXP Employee
NXP Employee

HI WeoWang,

For Safety Related Availability, you are correct the metrics classification needs to be different.

Here is the method I recommends:

- First you should remove all the unnecessary HW (not used by the safety function) this are all the fault possible.

- then the main failure that are recoverable that do not violate the safety goal are ECC (correctable) all the other failure would violate the safety goal. YOu can remove them from the first

You could go one level down and remove other low-level (TVF, Safety Mechanisms stuck at No Fault...) details but usually that does not change the result enough to matter at system level.

Customer would most likely have to implement some function redundantly to have an acceptable residual for a Fault tolerant system.

Best regards,

Antoine

0 Kudos
Reply

‎09-04-2024 11:59 PM
371 Views
WeoWang
NXP Employee
NXP Employee

fusa1.pngfusa2.png

0 Kudos
Reply