帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Safety moudle without safety mechanism

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Safety moudle without safety mechanism

‎11-30-2020 06:27 PM
277 次查看
sfjia
Contributor II

Hello,  

1. In S32K144 FMEDA Core part, there are modules like: Miscellaneous Control Module (MCM), System Mode Controller (SMC), Reset Control Module(RCM), and Test Logic. What’s the function of these modules. MCM, SCM, and RCM are single point failures, but without safety mechanisms. What are the corresponding failure modes and how to handle/consider them?

2. In S32K144 FMEDA Clock part, there is module SCG, what’s the difference with XOSC and PLL? What’s the function of PCC, SIM and CCM modules? And these modules are single point failures, but without safety mechanisms. What are the corresponding failure modes and how to handle/consider them?

Why these moudles are signle point failure? such as RCM, this is only registers for reset sources indicaiton and reset parameters e.g. delay time settings.  

0 项奖励
回复
1 回复

‎12-14-2020 08:16 AM
246 次查看
aarul
NXP Employee
NXP Employee

Hi

Please find replies below for your queries.

  1. The MCM, SMC and RCM are global MCU control and configuration modules. These modules are not direct part of the assumed safety function, but maybe can impact the safety function, to be on the safe side, we added the failure rate of this modules to the dangerous failure rate. Some of these failures will be detected by other Safety Mechanism, but we have no confirmed coverage, therefore we add 0% to be on the safe side. But all modules are part of the FMEDA calculation, this calculation confirms that the Core module reach the required Safety Architecture matric target for ASIL-B.
  2. The SCG, PCC, SIM and CCM are global clock configuration and distribution modules, in these modules the configuration registers for the PLL an XOSC are present. A low percentage of the failure rate will be able to impact the Safety Function, to be on the safe side we added all failure to the FMEDA,  Some of these failures will be detected by other Safety Mechanism, but we have no confirmed coverage, therefore we add 0% to be on the safe side. But all modules are part of the FMEDA calculation, this calculation confirms that the Clock module reach the required Safety Architecture matric target for ASIL-B.

Regards

-Aarul

0 项奖励
回复