In this white paper, a mapping from the datapath analysis dataset created by the designer to a FMEDA is described. The functional safety engineer can map the datapath analysis dataset the designer compiled into an IP-level FMEDA after the IP is implemented in silicon. This logical boundary enables the system integrator to use each IP’s dataset in their system-level FMEDA required for standard compliance.
Block 3 | Registers | ID TAG | Fault Modes | Fault Initiators | Diagnostics | Repeat | Claimed DC Coverage | Primary Function- Percent of Design | Diagnostic - Percent of Design | Diagnostic - Percent Raw FIT |
---|---|---|---|---|---|---|---|---|---|---|
External Connections | Signal/Bus Name | |||||||||
1 | s_axi_lite | TOP_axi_lite_master | Bus Write to incorrect address | Address Write register corruption | Parity | 99.50% | 3.00% | |||
Control plane state machine corruption | Redundancy | 99.80% | 0.40% | 0.20% | ||||||
Clocking corruption | ||||||||||
Driver/receiver failure | ||||||||||
Bus write with incorrect data | Write data register corruption | Parity | 99.50% | 0.05% | 0.01% | |||||
Control plane state machine corruption | Redundancy | 99.80% | 0.40% | 0.20% | ||||||
Clocking corruption | ||||||||||
Driver/receiver failure | Loopback | 90.00% | 0.20% | 0.03% | ||||||
1 (cont'd) | Bus Read from incorrect address | Read address register corruption | Parity | 99.50% | 0.05% | 0.02% | ||||
Control plane state machine corruption | Redundancy | 99.80% | 0.40% | 0.20% | ||||||
Clocking corruption | ||||||||||
Receiver failure | ||||||||||
Bus read incorrect data | Read data register corruption | Parity | 99.50% | 0.05% | 0.01% | |||||
Control plane state machine corruption | Redundancy | 99.80% | 0.40% | 0.02% | ||||||
Clocking corruption | ||||||||||
Receiver failure | Parity | 99.50% | ||||||||
Bus hang | Control plane state machine corruption | Redundancy | 99.80% | 0.40% | 0.20% | |||||
2 | s_axi_lite_clk | TOP_axi_lite_clk | No clock | Connection logic failure | Supervision | 90.00% | 0.20% | 0.10% | 0.01% | |
Incorrect clock frequency | Divider logic failure | Supervision | 90.00% | 0.10% | 0.01% | |||||
3 | CLK | TOP_CLK | No clock | Connection logic failure | External watchdog | Y | ||||
Incorrect clock frequency | Divider logic failure | External watchdog | ||||||||
4 | axi_resetn | TOP_axi_resetn | Unintended reset assertion | Connection logic failure | Supervision | Y | ||||
Reset signal timing too short | Divider logic failure | Supervision | ||||||||
Internal Signal Block Connections | Signal/Bus Name | ID TAG | Fault Modes | Diagnostics | Repeat | Claimed DC Coverage | ||||
1 | b2_b3_signaling | b2_b3_signal | Incorrect data | Driver/receiver failure | Data parity | Y | ||||
Incorrect clocking | Connection logic failure | |||||||||
2 | b3_b4_signaling | b3_b4_signal | Incorrect data | Driver/receiver failure | Data parity | 99.50% | 0.20% | 0.10% | 0.05% | |
Incorrect clocking | Connection logic failure | |||||||||
3 | b3_b5_signaling | b3_b5_signal | Incorrect data | Driver/receiver failure | Data parity | 99.50% | 0.20% | 0.10% | 0.05% | |
Incorrect clocking | Connection logic failure | |||||||||
4 | b3_b7_Signaling | b3_b7_signal | Incorrect data | Data parity | 99.50% | 0.20% | ||||
Incorrect clocking | External watchdog | 90.00% | ||||||||
Block Function Description | ID TAG | Fault Modes | Diagnostics | Repeat | Claimed DC Coverage | |||||
Function block contains control register information which drives the operation of the DMA controller. Registers are written to via an external source into the AXI4-Lite slave interface | REG_BLOCK | Stored data corruption | Single event upsets | Data parity | 90.00% | 4.00% | 0.50% | 0.05% |