Safety Results; Random Hardware Failure Safety Results; Safety Analysis Result Customization; Table 152. Overall Achievable Safety Integrity Levels - ST STM32L4 Series User Manual

4

Safety results

This section reports the results of the safety analysis of the STM32L4 and STM32L4+ Series devices, according
to IEC 61508 and to ST methodology flow, related to the hardware random and dependent failures.
4.1

Random hardware failure safety results

The analysis for random hardware failures of STM32L4 and STM32L4+ Series devices reported in this safety
manual is executed according to STMicroelectronics methodology flow for safety analysis of semiconductor
devices in compliance with IEC61508. The accuracy of results obtained are guaranteed by three factors:
• STMicroelectronics methodology flow strict adherence to IEC61508 requirements and prescriptions
• the use, during the analysis, of detailed and reliable information on microcontroller design
• the use of state-of-the-art fault injection methods and tools for safety metrics verification
The Device safety analysis explored the overall and exhaustive list of Device failure modes, to individuate for
each of them an adequate mitigation measure (safety mechanism). The overall list of Device failure modes is
maintained in the related FMEA document [1], provided on demand by local STMicroelectronics sales office.
In summary, with the adoption of the safety mechanisms and conditions of use reported in
Section 3.7 Conditions of
Number of
Devices used
1
2
1. Note that the potential performance impact related to some above-reported target achievements is mainly related to the
need of execution of periodical software-based diagnostics (refer to safety mechanism description for details). The impact
is therefore strictly related to how much "aggressive" the system level PST is (see
assumptions).
The resulting relative safety metrics
safety metrics
reported in this section but in the
• a large number of different STM32L4 and STM32L4+ Series parts,
• a possibility to declare non-safety-relevant unused peripherals, and
• a possibility to enable or not the different available safety mechanisms.
The FMEDA snapshot
microcontroller level and for microcontroller basic functions) for a given combination of safety mechanisms and
for a given part number. If FMEDA computation sheet is needed, early contact the local STMicroelectronics sales
representative, in order to receive information on expected delivery dates for specific Device target part number.
Note: Safety metrics computations are restricted to STM32L4 and STM32L4+ Series boundary, hence they do not
include the WDTe, PEv, and VMONe processes described in
4.1.1

Safety analysis result customization

The safety analysis executed for STM32L4 and STM32L4+ Series devices documented in this safety manual
considers all microcontroller modules to be safety-related, thus able to interfere with the safety function, with no
exclusion. This is in line with the conservative approach to be followed during the analysis of a general-purpose
microcontroller, in order to be agnostic versus the final application. This means that no microcontroller module
has been declared safe as per IEC61508-4, 3.6.8. Therefore, all microcontroller modules are included in SFF
computations.
UM2305 - Rev 10
use, it is possible to achieve the integrity levels summarized in the following table.
Table 152. Overall achievable safety integrity levels
Safety
Target
architecture
SIL2 LD
1oo1/1oo1D
SIL2 HD/CM
SIL3 LD
1oo2
SIL3 HD/CM
(diagnostic coverage (DC)
(probability of failure per hour
failure mode effect diagnostic analysis (FMEDA)
[2] is a static document reporting the safety metrics computed at different detail levels (at
Safety analysis result
Achievable
Achievable with potential performance impact
Achievable
Achievable with potential performance impact
and safe failure fraction
(PFH), probability of dangerous failure on demand
Section 3.3.1 Safety requirement
UM2305
Safety results
(1)
Section 3.3.1 Safety requirement
(SFF)) and absolute
(PFD)) are not
snapshot [2], due to:
assumptions).
page 91/110