Because IP is validated, which is a
standard's requirement, the best practice is to implement the IP in an FPGA suitable for
the black box testing to meet validation requirements. At this point, the FIT can be
extracted from the implementation and used to estimate the metrics needed to evaluate
the system level FIT and diagnostic coverage required for most safety certifications. A
percentage of FIT based on the FIT for the IP can also be used. In this case, the IP
supplier uses the raw FIT from a validated implementation to estimate a percentage of
FIT (see the table in Completing the Analysis) that the system integrator can
use for their failure mode effects and diagnostic analysis (FMEDA).
| Block 3 | Registers | ID TAG | Fault Modes | Fault Initiators | Diagnostics | Repeat | Claimed DC Coverage | Primary Function- Percent of Design |
|---|---|---|---|---|---|---|---|---|
| External Connections | Signal/Bus Name | |||||||
| 1 | s_axi_lite | TOP_axi_lite_master | Bus Write to incorrect address | Address Write register corruption | Parity | 99.50% | 3.00% | |
| Control plane state machine corruption | Redundancy | 99.80% | ||||||
| Clocking corruption | ||||||||
| Driver/receiver failure | ||||||||
| Bus write with incorrect data | Write data register corruption | Parity | 99.50% | |||||
| Control plane state machine corruption | Redundancy | 99.80% | ||||||
| Clocking corruption | ||||||||
| Driver/receiver failure | Loopback | 90.00% | ||||||
| Bus Read from incorrect address | Read address register corruption | Parity | 99.50% | |||||
| Control plane state machine corruption | Redundancy | 99.80% | ||||||
| Clocking corruption | ||||||||
| Receiver failure | ||||||||
| Bus read incorrect data | Read data register corruption | Parity | 99.50% | |||||
| Control plane state machine corruption | Redundancy | 99.80% | ||||||
| Clocking corruption | ||||||||
| Receiver failure | Parity | 99.50% | ||||||
| Bus hang | Control plane state machine corruption | Redundancy | 99.80% | |||||
| 2 | s_axi_lite_clk | TOP_axi_lite_clk | No clock | Connection logic failure | Supervision | 90.00% | 0.20% | |
| Incorrect clock frequency | Divider logic failure | Supervision | 90.00% | |||||
| 3 | CLK | TOP_CLK | No clock | Connection logic failure | External watchdog | Y | ||
| Incorrect clock frequency | Divider logic failure | External watchdog | ||||||
| 4 | axi_resetn | TOP_axi_resetn | Unintended reset assertion | Connection logic failure | Supervision | Y | ||
| Reset signal timing too short | Divider logic failure | Supervision | ||||||
| Internal Signal Block Connections | Signal/Bus Name | ID TAG | Fault Modes | Diagnostics | Repeat | Claimed DC Coverage | ||
| 1 | b2_b3_signaling | b2_b3_signal | Incorrect data | Driver/receiver failure | Data parity | Y | ||
| Incorrect clocking | Connection logic failure | |||||||
| 2 | b3_b4_signaling | b3_b4_signal | Incorrect data | Driver/receiver failure | Data parity | 99.50% | 0.20% | |
| Incorrect clocking | Connection logic failure | |||||||
| 3 | b3_b5_signaling | b3_b5_signal | Incorrect data | Driver/receiver failure | Data parity | 99.50% | 0.20% | |
| Incorrect clocking | Connection logic failure | |||||||
| 4 | b3_b7_Signaling | b3_b7_signal | Incorrect data | Data parity | 99.50% | 0.20% | ||
| Incorrect clocking | External watchdog | 90.00% | ||||||
| Block Function Description | ID TAG | Fault Modes | Diagnostics | Repeat | Claimed DC Coverage | |||
| Function block contains control register information which drives the operation of the DMA controller. Registers are written to via an external source into the AXI4-Lite slave interface | REG_BLOCK | Stored data corruption | Single event upsets | Data parity | 90.00% | 4.00% | ||