ISO/PAS 19451-1:2016

PUBLICLY ISO/PAS
AVAILABLE 19451-1
SPECIFICATION
First edition
2016-07-15
Corrected version
2017-05
Application of ISO 26262:2011-2012
to semiconductors —
Part 1:
Application of concepts
Application de l’ISO 26262:2011-2012 aux semi-conducteurs —
Partie 1: Application des concepts
Reference number
©
ISO 2016
© ISO 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2016 – All rights reserved

Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 2
5 Analogue/mixed signal components and ISO 26262 . 4
5.1 About analogue and mixed signal components . 4
5.2 Analogue and mixed signal components and failure modes . 5
5.2.1 About failure modes . 5
5.2.2 About safe faults .13
5.2.3 About transient faults .14
5.3 Notes about safety analysis .14
5.3.1 General.14
5.3.2 Level of granularity of analysis .14
5.3.3 Examples of usage of failure mode distributions.15
5.3.4 Example of failure rates estimation for an analogue part .16
5.3.5 Example of safety metrics computation .17
5.3.6 Dependent failures analysis .31
5.3.7 Verification of architectural metrics computation .31
5.4 Examples of safety mechanisms .32
5.4.1 Resistive pull up/down .33
5.4.2 Over and under voltage monitoring .33
5.4.3 Voltage clamp (limiter) . .34
5.4.4 Over-current monitoring .34
5.4.5 Current limiter .34
5.4.6 Power on reset .34
5.4.7 Analogue watchdog .34
5.4.8 Filter .35
5.4.9 Thermal monitor.35
5.4.10 Analogue Built-in Self-Test (Analogue BIST) .35
5.4.11 ADC monitoring .35
5.4.12 ADC attenuation detection .35
5.4.13 Stuck on ADC channel detection.35
5.5 About avoidance of systematic faults during the development phase .36
5.6 About safety documentation .39
6 Intellectual property and ISO 26262 .39
6.1 About intellectual property .39
6.1.1 Understanding intellectual property .39
6.1.2 Types of intellectual property .40
6.2 Safety requirements for intellectual property .41
6.3 Intellectual property lifecycle .43
6.3.1 ISO 26262 and the intellectual property lifecycle .43
6.3.2 Intellectual property as safety element out of context (SEooC) .44
6.3.3 Intellectual property designed in context .45
6.3.4 Intellectual property use through hardware component qualification .45
6.3.5 Intellectual property use through proven in use argument .45
6.4 Work products for intellectual property.45
6.4.1 ISO 26262 and work products for intellectual property .45
6.4.2 Safety plan .45
6.4.3 Safety requirements and verification review of the IP design .46
6.4.4 Safety analysis report .46
6.4.5 Analysis of dependent failures .46
6.4.6 Confirmation measure reports .46
6.4.7 Development interface agreement .47
6.4.8 Integration documentation set .47
6.5 Integration of black-box intellectual property .48
7 Multi-core components and ISO 26262 .49
7.1 Types of MC components .49
7.2 Implications of ISO 26262 on MC components .49
7.2.1 Introduction .49
7.2.2 ASIL decomposition in MC components .50
7.2.3 Coexistence of elements with different ASILs in MC components .52
7.2.4 Freedom from interference (FFI) in MC components .53
7.2.5 Software partitioning in MC components .53
7.2.6 Dependent failures in MC component .54
7.2.7 Timing requirements in MC component .54
8 Programmable logic devices and ISO 26262 .55
8.1 About programmable logic devices .55
8.1.1 General.55
8.1.2 About PLD types .56
8.1.3 ISO 26262 Lifecycle mapping to PLD .57
8.2 Fault models and failure modes of PLD .60
8.3 Notes about safety analyses for PLDs .61
8.3.1 Quantitative analysis for a PLD .61
8.3.2 Dependent failure analysis for a PLD .65
8.4 Examples of safety mechanisms for PLD .67
8.5 Avoidance of systematic faults for PLD .68
8.5.1 Avoiding systematic faults in the implementation of PLD .68
8.5.2 About PLD supporting tools .68
8.5.3 Avoiding systematic faults for PLD users .68
8.6 Safety documentation for a PLD .70
8.7 Example of safety analysis for PLD .71
8.7.1 Architecture of the example .71
8.7.2 PLD external measures .72
8.7.3 PLD internal measures .73
9 Base failure rate estimation and ISO 26262 (all parts) .77
9.1 About base failure rate estimation .77
9.1.1 Impact of failure mechanisms on base failure rate estimation .77
9.1.2 Considerations in base failure rate estimation for functional safety .77
9.1.3 Techniques for base failure rate estimation .78
9.1.4 Documentation on the assumptions for base failure rate calculation .78
9.2 (General) clarifications on terms .79
9.2.1 Clarification of transient fault quantification.79
9.2.2 Clarification on component package failure rate .80
9.2.3 Clarification on power-up and power-down times .80
9.3 Permanent base failure rate calculation methods .80
9.3.1 Permanent base failure rate calculation using industry sources .80
9.3.2 Permanent base failure rate calculation using field data statistics .88
9.3.3 Calculation example of hardware component failure rate .91
9.3.4 Base failure rate calculation using accelerated life tests .94
9.3.5 Failure rate distribution methods .95
10 Semiconductor dependent failure analysis and ISO 26262 .96
10.1 Introduction to DFA for semiconductors .96
10.2 Relationship between DFA and safety analysis .97
10.3 Dependent failure scenarios .98
10.4 Distinction between cascading failures and common cause failures .100
10.5 Dependent failure initiators .100
iv © ISO 2016 – All rights reserved

10.5.1 Dependent failure initiator list .100
10.5.2 Verification of mitigation measures .106
10.6 DFA workflow .107
10.6.1 DFA decision and identification of HW and SW elements (B1) .109
10.6.2 Identification of DFI (B2) .109
10.6.3 Sufficiency of insight provided by the available information on the effect
of identified DFI (B3 and B4) .109
10.6.4 Consolidation of list of relevant DFI (B5) .110
10.6.5 Identification of necessary safety measures to control or mitigate DFI (B6) .110
10.6.6 Sufficiency of insight provided by the available information on the defined
mitigation measures (B7 and B8) .110
10.6.7 Consolidate list of safety measures (B9) .110
10.6.8 Evaluation of the effectiveness to control or to avoid the dependent
failure (B10) . .110
10.6.9 Assessment of risk reduction sufficiency and if required improve defined
measures (B11 and B12) .111
10.7 Examples of dependent failure analysis .111
10.7.1 Microcontroller example .111
10.7.2 Analog example .117
Bibliography .127
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www .iso .org/ directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received. www .iso .org/ patents
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT), see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/TC 22, Road vehicles, Subcommittee SC 32, Electrical
and electronic components and general system aspects.
ISO/PAS 19451 consists of the following parts, under the general title Application of ISO 26262:2011-
2012 to semiconductors:
— Part 1: Application of concepts
— Part 2: Application of hardware qualification
This corrected version of ISO/PAS 19451-1:2016 incorporates the following corrections plus other
minor editorial modifications:
— Blurry figures have been replaced with clear ones.
vi © ISO 2016 – All rights reserved

Introduction
This document is an informative guideline which provides users of the ISO 26262 series of standards
recommendations and best practices which can be utilized when applying ISO 26262 to semiconductor
components and parts. This document was created by a group of industry experts including
semiconductor developers, system developers, and vehicle manufacturers in order to clarify concerns
seen after the initial release of the ISO 26262 series of standards and when possible to align on common
interpretations of the standard.
This document serves to augment the existing normative and informative guidance in the ISO 26262
series of standards. The approach is similar to that taken in writing ISO 26262-10:2012, Annex A,
“ISO 26262 and microcontrollers,” with extension to additional types of semiconductor technologies
and relevant topics.
PUBLICLY AVAILABLE SPECIFICATION ISO/PAS 19451-1:2016(E)
Application of ISO 26262:2011-2012 to semiconductors —
Part 1:
Application of concepts
1 Scope
This document is applicable to developers who are evaluating the use of semiconductor components or
parts in hardware components, systems, or items developed according to ISO 26262.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO 26262-1, Road vehicles — Functional safety — Part 1: Vocabulary
ISO 26262-2:2011, Road vehicles — Functional safety — Part 2: Management of functional safety
ISO 26262-9:2011, Road vehicles — Functional safety — Part 9: Automotive Safety Integrity Level (ASIL)-
oriented and safety-oriented analyses
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 26262-1 and the following apply.
3.1
base failure rate
BFR
failure rate of a hardware element in a given application use case used as an input to functional safety
analysis according to ISO 26262-5:2011, 8.4.3
3.2
guest machine
virtual instance of a processing element (3.7)
3.3
host machine
processing element (3.7) which implements a hypervisor (3.4) and one or more guest machines (3.2)
3.4
hypervisor
software or hardware that instantiates and manages one or more virtual design elements
Note 1 to entry: A hypervisor is sometimes referred to as a virtual machine monitor.
3.5
microkernel
μ-kernel
software which provides the minimal mechanisms needed to implement an operating system
3.6
multi-core
MC
hardware element which includes two or more hardware processing elements
3.7
processing element
PE
element providing a set of functions for data processing, normally consisting of a register set, an
execution unit, and a control unit
EXAMPLE A hardware component consisting of four cores can be described as having four processing
elements.
3.8
programmable logic device
PLD
device which provides user programmable logic and signal routing functions which generate application
specific logic functions
3.9
virtualization
creation of a virtual (rather than physical) version of an element, including but not limited to a computer
hardware platform, operating system (OS), storage device, or computer network resource
4 Symbols and abbreviated terms
ADC Analogue to Digital Converter
ASET Analogue Single Event Transient
BIST Built-In Self-Test
CPU Central Processing Unit
DAC Digital to Analogue Converter
DFA Dependent Failure Analysis
DFI Dependent Failure Initiator
DMA Direct Memory Access
DMOS Double Diffused Metal Oxide Semiconductor (HV MOS)
DSP Digital Signal Processor
EMC Electromagnetic Compatibility
EMI Electromagnetic Interference
ESD Electrostatic Discharge
EVR Embedded Voltage Regulator
FET Field Effect Transistor
FFI Freedom from Interference
FIT Failures in Time
2 © ISO 2016 – All rights reserved

FMEA Failure Modes and Effects Analysis
FPGA Field Programmable Gate Array
FTA Fault Tree Analysis
GPU Graphics Processing Unit
HV High Voltage
HW Hardware
HS High Side
ISA Instruction Set Architecture
LDO Low Drop Output Regulator
LS Low Side
LSB Least Significant Bit
MMU Memory Management Unit
MPU Memory Protection Unit
OP AMP Operational Amplifier
OS Operating System
OV Over Voltage
PAL Programmable Array Logic
PLD Programmable Logic Device
PLL Phase Locked Loop
RF Radio Frequency
SEB Single Event Burnout
SEE Single Event Effect
SEGR Single Event Gate Rupture
SEL Single Event Latch-up
SET Single Event Transient
SEU Single Event Upset
SMPS Switched Mode Power Supply
SoC System on Chip
SW Software
UV Under Voltage
VMM Virtual Machine Monitor
5 Analogue/mixed signal components and ISO 26262
5.1 About analogue and mixed signal components
As described in ISO 26262-10:2012, Annex A, an integrated component is structured in parts and sub-
parts. If the signals that are handled in an element (component, part or sub-part) are not limited to
digital states this element is seen as analogue element. This is the case for all measurement interfaces
to the physical world, including sensors, actuator outputs, and power supplies.
For analogue components, all elements are analogue and no digital element is included. Mixed signal
components consist of at least one analogue element and one digital element. Since analogue and digital
elements require different methodologies and tooling for design, layout, verification and testing, it
is recommended to clearly partition the analogue and digital blocks. The partitioning can result in a
variety of configurations ranging from analogue dominated components with digital support blocks
(e.g. digitally configurable voltage regulators or auto zeroing amplifiers) to microcontrollers with a few
mixed signal peripherals (e.g. analogue to digital converters and phase locked loops).
A hierarchy of a typical mixed signal component including exemplary parts and sub-parts is shown in
Figure 1.
Figure 1 — Generic hierarchy of analogue and mixed signal components
It can be helpful to choose the partitioning of a mixed signal component in a way that simplifies the
safety analysis. For an easy definition of fault models and failure modes, the analogue part boundaries
can be defined by their function. Additionally, all elements that have freedom of interference or
independence requirements (e.g. redundant paths or functions and corresponding diagnostic functions)
are separated by part or sub-part boundaries. There are several additional criteria to further divide a
mixed signal element (component or part) into sub elements (part or sub-part):
— Signal flow;
EXAMPLE 1 Mixed signal control loops can consist of feedback ADC, digital regulator and output driver.
— Connectivity;
4 © ISO 2016 – All rights reserved

EXAMPLE 2 Reference and bias circuits can serve multiple analogue blocks and oscillators can serve multiple
digital or mixed signal blocks.
— Different technologies;
EXAMPLE 3 HV switch is a DMOS transistor while the gate driver can use conventional MOS devices.
NOTE One benefit for a separation of these parts is that they can have failure rates with different orders of
magnitude or different fault models.
— Different supply domains;
EXAMPLE 4 Feedback DAC can be supplied with different supplies than the other mixed signal block
output driver.
— Other criteria for partitioning.
EXAMPLE 5 High versus low frequency sub-parts.
The level of detail of the analysis and partitioning is determined by the relevant safety requirements,
safety mechanisms and the need to show independence of safety mechanisms. A higher granularity
does not necessarily result in a significant benefit for the safety analysis.
5.2 Analogue and mixed signal components and failure modes
5.2.1 About failure modes
The failure modes affecting a HW element depend on its function. The failure mode distribution
depends on the HW element implementation.
NOTE The implementation includes both the actual circuit and the technology process used.
The classification of a failure mode depends on the functional and safety requirements of the system
integrating the element. Based on the integration, a specific failure mode can or cannot lead to a
violation of a safety requirement. Table 1 identifies possible failure modes that can be of concern for an
analogue and mixed signal part or sub-part. The table can be used to extend the list of failure modes
reported in ISO 26262-5:2011, Annex D.
The failure modes identified in Table 1, as well as the mentioned parts and sub-parts, are a general
reference and can be adjusted on a case by case basis. The actual failure mode list used in a specific
project can be adjusted (adding or removing failure modes) based on the specific implementation
details or on the level of granularity deemed necessary for the analysis.
It is noted that the relevance of the failure modes, including but not limited to the ones listed in Table 1
are dependent on the context of the function to be analysed.
EXAMPLE 1 The obvious failure modes of a voltage regulator are over-voltage and under-voltage. These
failure modes can be detected by an over voltage and under voltage (OV/UV) monitor as described in 5.4.2.
Besides the obvious failure modes reported in the above example, it is important to identify all relevant
failure modes in order to perform a complete and thorough analysis.
EXAMPLE 2 If a voltage regulator used as a sensor supply or as an ADC reference supply, then the failure
modes affecting the stability and the accuracy of the output voltage, even within the OV/UV thresholds, can be
critical. Output voltage with insufficient accuracy and output voltage oscillation within the OV/UV thresholds
can be mitigated by using appropriate measures. An independent ADC (internal or external) can be used to
periodically measure the regulator output voltage with the required accuracy to detect those failure modes.
EXAMPLE 3 If a voltage regulator is used as a supply for a radio frequency (RF) module which has tight supply
voltage ripple requirements, the prevention of fluctuation on the regulated output voltage caused by input
voltage variations (i.e. the PSRR, power supply rejection ratio) is an important feature. Failure modes like output
voltage oscillation within the OV/UV (i.e. ripple) limits and spikes affecting the regulated voltage can be relevant.
A low pass filter as described in 5.4.8 can be used to mitigate these failures.
EXAMPLE 4 If a voltage regulator is used as an MCU core supply is sensitive to output voltage drops during
start-up (power-up) due to in-rush current exceeding regulator load current and/or current limit, a too fast start-
up time can be critical. A proper regulator soft-start function can be used to mitigate such failure.
If failure modes are classified as not safety related, an argument is provided in the safety analysis to
support the classification.
6 © ISO 2016 – All rights reserved

Table 1 — Possible failure modes of analogue and mixed signal parts and sub-parts
Part/sub-part Short description Failure modes
Regulators and Power stages
Voltage regulators (linear, HW part/sub-part that main- Output voltage higher than a high thresh-
SMPS, etc.) tains the voltage of a power old of the prescribed range (i.e. over volt-
source within a prescribed age – OV)
range that can be tolerated by
Output voltage lower than a low thresh-
elements using that voltage.
old of the prescribed range (i.e. under
voltage – UV)
b
Output voltage affected by spikes
Incorrect start-up time (i.e. outside the
expected range)
Output voltage accuracy too low, includ-
c
ing drift
a
Output voltage oscillation within the pre-
scribed range
Output voltage affected by a fast oscillatio-
a
n outside the prescribed range but with
average value within the prescribed range
Quiescent current (i.e. current drawn
by the regulator in order to control its
internal circuitry for proper operation)
exceeding the maximum value
Charge pump, regulator boost HW part/sub-part that con- Output voltage higher than a high thresh-
verts, and optionally regulates, old of the prescribed range (i.e. over volt-
voltages using switching tech- age – OV)
nology and capacitive-energy
Output voltage lower than a low thresh-
storage elements, and maintains
old of the prescribed range (i.e. under
a constant output voltage with a
voltage – UV)
varying voltage input.
b
Output voltage affected by spikes
Incorrect start-up time (i.e. outside the
expected range)
Quiescent current (i.e. current drawn
by the regulator in order to control its
internal circuitry for proper operation)
exceeding the maximum value
High-side/Low-side (HS/LS) HW part/sub-part that applies HS/LS driver is stuck in ON or OFF state
driver voltage to a load in a single
HS/LS driver is floating (i.e. open circuit,
direction: high side driver to
tri-stated)
connect the load to high rail,
low side driver to connect the
HS/LS driver resistance too high when
load to low rail.
turned on
HS/LS driver resistance too low when
turned off
HS/LS driver turn-on time too fast or too
slow
HS/LS driver turn-off time too fast or too
slow
Table 1 (continued)
Part/sub-part Short description Failure modes
Half-bridge driver or HW part/sub-part that can HS/LS driver is stuck in ON or OFF state
apply voltage across a load in
full-bridge (H-bridge) driver HS/LS driver is floating (i.e. open circuit,
either direction.
tri-stated)
A half-bridge driver is built with
HS/LS driver ON resistance too high when
two drivers (one HS and one LS
turned on
driver).
HS/LS driver OFF resistance too low when
An H-bridge (or full-bridge)
turned off HS/LS driver turn-on time too
driver is built with four drivers
fast or too slow
(two HS and two LS drivers)
HS/LS driver turn-off time too fast or too
slow
‘Dead time’ is too short (i.e. when turning
off high-side driver and turning on low-
side driver, or when turning off low-side
driver and turning on high-side driver)
‘Dead time’ is too long
High-side/Low-side pre-driver HW part/sub-part driving a HS/LS pre-driver is stuck in ON or OFF
gate of an external FET that is states
used as a HS or LS driver.
HS/LS pre-driver output voltage/current
too high or too low
HS/LS pre-driver is floating (i.e. open cir-
cuit, tri-stated)
HS/LS pre-driver slew rate too slow or
too fast
d
Analogue to digital and digital to analogue converters
N bits analogue to digital con- HW part/sub-part converting One or more outputs are stuck (i.e. high or
d
verters (N-bit ADC) a continuous-time and con- low)
tinuous-amplitude analogue
One or more outputs are floating (i.e. open
signal (i.e. a voltage value) to a
circuit)
discrete-time and discrete-am-
plitude digital signal coded on Accuracy error (i.e. Error exceeds the LSBs)
“N bits.”
Offset error not including stuck or floating
conditions on the outputs, low resolution
No monotonic conversion characteristic
(i.e. given two input analogue voltage
V1 > V2, the correspondent digital values
are D1 < D2)
Full-scale error not including stuck or
floating conditions on the outputs, low
resolution
Linearity error with monotonic conversion
curve not including stuck or floating condi-
tions on the outputs, low resolution
Incorrect settling time (i.e. outside the
expected range)
8 © ISO 2016 – All rights reserved

Table 1 (continued)
Part/sub-part Short description Failure modes
N bits digital to analogue con- HW part/sub-part converting Output is stuck (i.e. high or low)
d
verters (DAC) digital data coded on “N bits”
Output is floating (i.e. open circuit)
into an analogue signal (voltage
or current).
Offset error (not including stuck or floating
conditions on the outputs, low resolution)
Linearity error with monotonic conversion
curve not including stuck or floating condi-
tions on the outputs, low resolution
Full-scale gain-error not including stuck
or floating conditions on the outputs, low
resolution
No monotonic conversion curve
Incorrect settling time (i.e. outside the ex-
pected range)
a c
Oscillation of the output signal including drift
Oscillators and clock generators
Oscillator HW part/sub-part generating Output is stuck (i.e. high or low)
a periodic, oscillating signal. It
Output is floating (i.e. open circuit)
can be used as clock in a digital
circuit.
Incorrect output signal swing (i.e. outside
the expected range)
Incorrect frequency of the output signal
(i.e. outside the expected range, including
harmonics when applicable, for instance
EMC emissions)
Incorrect duty cycle of the output signal
(i.e. outside the expected range)
c
Drift of the output frequency
Jitter too high in the output signal
Phase locked loop (PLL) HW part/sub-part controlling Output is stuck (i.e. high or low)
an oscillator in order to gener-
Output is floating (i.e. open circuit)
ate a square wave signal that
maintains a constant phase Incorrect frequency of the output signal
angle (i.e. lock) on the frequen- (i.e. outside the expected range, includ-
cy of an input, or reference ing harmonics when applicable, e.g. EMC
signal. It can be used as clock in emissions)
a digital circuit.
Incorrect duty cycle of the output signal
(i.e. outside the expected range)
c
Drift of the output frequency
Jitter too high in the output signal
Loss of lock condition (i.e. phase error,
output clock not in sync with input clock
not leading to incorrect frequency and
incorrect duty cycle
Missing pulse in the output signal
Extra pulse in the output signal
Generic
Table 1 (continued)
Part/sub-part Short description Failure modes
Voltage/Current comparator HW part/sub-part comparing Voltage/Current comparator not triggering
an input analogue signal with a when expected
predefined threshold (i.e. volt-
Voltage/Current comparator falsely trig-
age or current constant value)
gering
and producing a binary signal at
the output; the output depends
Output is stuck (i.e. high or low)
on which is higher between the
Output is floating (i.e. open)
input signal and the threshold
a
and it remains constant as the
Oscillation of the output
difference between them stays
with the same polarity.
Operational amplifier and buffer HW part/sub-part integrating Output is stuck (i.e. high or low)
a DC-coupled high-gain voltage
Output is floating (i.e. open circuit)
amplifier with a differential
input and, usually, a single-end- Incorrect gain on the output voltage (i.e.
ed output. outside the expected range)
Incorrect offset on the output voltage (i.e.
outside the expected range)
Incorrect output dynamic range (i.e. outside
the expected range)
Incorrect input dynamic range (i.e. outside
the expected range)
c
Output voltage accuracy too low, including drift
b
Output voltage affected by spikes
a
Output voltage oscillation
Settling time of the output voltage too low
Sample and hold HW part/sub-part sampling the Output is stuck (i.e. high or low)
voltage of a continuously var-
Output is floating (i.e. open circuit)
ying analogue input signal and
holding its value at a constant Incorrect sampling leading to gain/offset error
level for a specified minimum on output voltage dependent on input signal
period of time.
Incorrect gain on the output voltage (i.e.
outside the expected range)
Incorrect offset on the output voltage (i.e.
outside the expected range)
Incorrect output dynamic range (i.e. outside
the expected range)
Incorrect input dynamic range (i.e. outside
the expected range)
Output voltage accuracy too low during hold
c
phase, including drift
Output voltage during hold phase affected
b
by spikes
a
Output voltage oscillation during hold phase
Output does not settle sufficiently accurate
during hold time
10 © ISO 2016 – All
...