VR5510A0 Safety mechanism questions

jpanos · ‎07-07-2025

Hello,

I have questions regarding some of the safety mechanisms that require NXP's clarification.

1. The Safety Manual Rev 2. SM17 (table 11) states both "Medium" and "60% diagnostic coverage, which cannot both be true. Based on the fact that LFM requires ASIL B (with a DC of 60% or greater), it is assumed this is a typographical error. Please confirm the diagnostic coverage for SM17.

2. While DC of 60% is acceptable per ISO 26262, Part4-6.4.2.5, is there a reason that both ABIST and LBIST cannot meet 90%? Please advise.

3. VDDIOMON, VCOREMON, VMONx, and HVLDO monitors all have safety mechanisms for OV, UV, and OV&UV detection. Where the latter is SMxC. For example, I don't understand why there is a separate mechanism for VMON1 OV (SM3A) and UV (SM3B), and a different mechanism for the combination (SM3C). Further, there is a further set of mechanism to encompass all monitors OV, UV, and OV&UV (SM18, SM19, SM20). I've reviewed the FMEDA and it still isn't clear to me what the difference truly is and how to use each. Please advise as they all reference the same respective safety manual sections.

I look forward to reviewing your feedback.

Thanks,

Jeff

r40959

Hello,

for 1)

you re right it is a typo, 90% is to be considered for SM17 Medium diagnostic coverage for LBIST.

for 2)

for ABIST a conservative value has been used with 60%, however, in terms of fault coverage you can consider ABIST cand detect faults such as (stuck at, short, open, malfunction, a certain inaccuracy) in the analog circuitries of safety mechanism. Indeed for the inacurracy, during the ABIST sequence, the expected outputs of the several monitors and readback are checked for correct value, then in sequence the reference is modified to +/-20% in order to trigger the comparator or monitor and check of the new output is as expected.

Therefore, the ABIST detects more than open and short to ground, it detects in addition parametric deviation, offset, time response error, shorted lines in the safety mechanism circuitries.

We could have considered a DC 90%, but at that time when releasing the VR5510 we were using a conservative approach.

3)by doing the FMEDA with Excel, we have used this approach to nominate the safety mechanism single, or associated to another with a different tag. It was to simplify fill-in of SM in FMEDA. You will see in the FMEDA, when we are sure the effect will be an undervoltage, then the SM _UV is called. When we have an effect of oscillation, it is to be read that we expect either the SM _UV or SM _OV that will trigger.

The combination of SM are then to consider on of the two or the three will detect

I hope the answers will help you in reading the FMEDA

best regards

Valerie Bernon