Skip to main content Skip to first level navigation

RICOH imagine. change.

RICOH ELECTRONIC DEVICES CO., LTD.

Skip to main content First level navigation Menu
ricoh.com
Main content

Electrification of automobile by RICOH power management IC

"Failures" in Functional Safety

"Failures" in Functional Safety

Functional Safety is based on the idea of preparing for the risk as failure occurs. If there are no failures in electronic parts and/or systems in the first place, it would have no trouble and would secure a safe condition in driving.

It is very difficult to make no electronic part failures and/or system failures. Therefore, parts makers are required to lower the failure rate.

In the system, the failure rate is reduced by measures such as defect monitoring and/or redundant circuits.
It is important to reduce the residual failure rate by raising the fault coverage rate for electronic components.

What can you imagine about failures of electronic components? We will explain "failure" in functional safety and electronic component failure rate.

Failure Classification

There are some kinds of failures, including a fatal failure that is described in "Functional Safety" section, and the others which are not fatal. The single-point failure of voltage detector which is added as a functional safety mechanism is not a fatal failure, for instance.

Failure Classification caused by various factors is defined in ISO26262. The four main classifications are shown below:

Failure Classification : ISO26262

Failure Classification Chart

Failure Classification Chart

By increasing the fault coverage as much as possible, it needs to build safety mechanism that will not result in fatal failure by a single-fault.

Concept of Failure Rate

For automotive applications, there are four safety requirement levels (ASIL: Automotive Safety Integrity Level) from A to D for electronic parts. A is low, D is the highest request level.

  ASIL-A ASIL-B ASIL-C ASIL-D
SPF coverage - ≥ 90% ≥ 97% ≥ 99%
LF coverage - ≥ 60% ≥ 80% ≥ 90%
A fault that cannot be detected < 1000 FIT < 100 FIT < 100 FIT < 10 FIT

The failure rate 10 FIT (Failure In Time) is the probability that 10 failures will occur per 109 hours (1 billion hours ≈ 110,000 years).
Assuming that about 110,000 cars are driving throughout the year for 24 hours, it is the probability that 10 units will fail per year.

Semiconductor failure rate λ

The FIT is calculated from IEC TR 62380 standard model and defined from the following formula.
λ = λ die + λ package + λ eos

Below chart shows the FIT example of three products A, B, and C.

Product Name Function λdie λpkg λeos λ
A Voltage Detector (Reset IC) 2 FIT 3 FIT 0 FIT 5 FIT
B LDO Regulator 15 FIT 13 FIT 40 FIT 68 FIT
C LDO Regulator with Voltage Detector (Reset IC) 15 FIT 13 FIT 40 FIT 68 FIT

λdie; By improving the internal circuit and increasing the coverage, the failure rate can be lowered.
λpkg; Countermeasures against open faults are important points to lower the failure rate, since open fault is calculated at 90% and short fault is calculated at 10%.
λeos; It is a constant value for LDO and DCDC for interface. For non interface, it is zero.

In order to lower the failure rate λ as a product, it is necessary to reduce all the failure rates.

Ricoh's Approach to Functional Safety

We can contribute to functional safety of in-vehicle equipment by reducing the failure rate of power management ICs.
Here is an example of measures to reduce package failure rate.

Examples of countermeasures to reduce package failure rate

Below are the measures to prevent wire open in the package;
- Connect two wires from one terminal
- Increase the number of terminals to 2 terminals

No Action

1 PAD, 1 terminal and 1 wire

1 PAD, 1 terminal and 1 wire

If the open detection is 0%, the failure rate is added as it is.

Measures 1

2 PAD, 1 terminal and 2 wires

2 PAD, 1 terminal and 2 wires

If one wire breaks due to a redundant failure, function retention is possible, but that failure can not be detected.

Measures 2

2 PAD, 2 terminal and 1 wire each

2 PAD, 2 terminal and 1 wire each

It is possible to hold functions when wires are redundant and only one fault has occurred, and fault detection is also possible by final test.

In measures 1 & 2, when the loss of function is two wires open failures, the idea of double failure is applied to the calculation of failure rate.

Contact

*

Technical Support

Inquiries (SSL Form)

*

Purchase, Request for Samples and Documents

Distributors

Power Management ICs for Automotive

Ricoh offers a wide range of innovative technologies for automotive applications from on-vehicle electrical equipment to in-vehicle accessory.
A severe quality control, which varies from the consumer products, is performed for automotive products including a reliability test of AEC-Q100 qualification and a traceability system.