Safety Results; Random Hardware Failure Safety Results; Safety Analysis Results Customization; Table 117. Overall Achievable Safety Integrity Levels - ST STM32F2 Series User Manual

4

Safety results

This section reports the results of the safety analysis of the STM32F2 Series MCUs, according to IEC 61508 and
to ST methodology flow, related to the hardware random and dependent failures.
4.1

Random hardware failure safety results

The analysis for random hardware failures of STM32F2 Series devices reported in this Safety Manual is executed
according to ST methodology flow for safety analysis of semiconductor devices according IEC61508. The
accuracy of results obtained are guaranteed by three factors:
• ST methodology flow strict adherence to IEC61508 requirements and prescriptions
• The use during the analysis of detailed and reliable information on microcontroller design
• The use of state-of-the-art fault injections methods and tools for safety metrics verification
The STM32F2 Series safety analysis has been therefore able to explore the overall and exhaustive list of MCU
failure modes, and to individuate for each of them an adequate mitigation measure (safety mechanism). The
overall list of STM32F2 Series failure modes is maintained in related FMEA document. STM32F2 Series FMEA
document can be provided on demand, refer to your local ST sales contact.
In summary, with the adoptions of the safety mechanisms and conditions of use reported in Conditions of use, it is
possible to achieve the integrity levels summarized in the following table.
MCUs used
1
2
1. Note that the potential performance impact related to some above-reported target achievements is mainly related to the
need of execution of periodical software-based diagnostics (refer to safety mechanism description for details). The impact is
therefore strictly related to how much "aggressive" the system level PST is (see
requirements).
The resulting relative safety metrics (DC and SFF) and absolute safety metrics (PFH, PFD) are not reported in
this section but in the FMEDA snapshot, due to:
• The large number of STM32F2 Series part numbers,
• The possibility to declare non-safety-relevant unused peripherals, and
• The possibility to enable or not the different available safety mechanisms.
The FMEDA snapshot is a static document reporting the safety metrics computed at different detail levels (at
microcontroller level and for microcontroller basic functions) for a given combination of safety mechanisms and for
a given part number. If FMEDA computation sheet is needed, early contact the local STMicroelectronics sales
representative, in order to receive information on expected delivery dates for specific MCU target part number.
Note: Safety metrics computations are restricted to STM32F2 Series boundary, therefore not including the WDTe, PEv
and VMONe (they are described in
4.1.1

Safety analysis results customization

The safety analysis executed for STM32F2 Series devices and contained in this Safety Manual considers all
microcontroller modules to be safety related, and so able to interfere with the safety function, with no exclusion.
This is in line with the conservative approach to be followed during the analysis of a general-purpose
microcontroller, in order to be agnostic versus the final application. This means that no microcontroller module has
been declared as "safe" as per IEC61508-4, 3.6.8, and therefore all microcontroller modules are included in SFF
computations.
UM1845 - Rev 4
Table 117. Overall achievable safety integrity levels
Safety architecture Target
SIL2 LD
1oo1/1oo1D
SIL2 HD/CM
SIL3 LD
1oo2
SIL3 HD/CM
Section 3.2 )
Safety analysis result
Achievable
Achievable with potential performance impact
Achievable
Achievable with potential performance impact
Section 3.3.1 Assumed safety
UM1845
Safety results
(1)
page 82/108