ContiMech
Robotics & Automation Engineering
← Back to the blog

Hardware vs. Software Reliability in MCU-Based Control Systems

2026-03-06 • Kyiv
Reliability MCU Functional Safety Hardware Software FIT MTTF Dependability
Cover image for Hardware vs. Software Reliability in MCU-Based Control Systems

Dear colleagues, when asking the seemingly simple question “What is more reliable — a hardware solution or a software one, when it comes to MCU-based control systems?” — it is nearly impossible to find a straightforward answer. The reason is that the nature of failures in software and hardware systems is fundamentally different.

1. Nature of Failures: Time and Degradation vs. Logic and Environment

For hardware components, the key reliability metric is MTTF (Mean Time To Failure) — the average time until a non-repairable element fails. IBM defines MTTF as the average operating time of a system or component before it ceases to meet specification [1]. A high MTTF indicates stability; a low one signals fragility.

The failure behavior of hardware is described by the classic “bathtub curve”: an early phase with elevated failure rates → a stable useful-life period with a constant failure intensity λ → a wear-out phase with increasing failure intensity. For MCU-based systems this means: a hardware failure is a matter of time and degradation. Every electronic component (capacitor, resistor, relay, semiconductor) has a finite service life, and its failure is a stochastic process with a corresponding probability distribution.

Software is a different story. Software does not physically degrade. Its failures are caused by logic violations, incorrect handling of boundary conditions, or unexpected runtime environment effects. At the same time, a software product can be tested to cover the relevant coverage metrics (statement, branch, MC/DC). Hardware failure, on the other hand, is always a matter of probability.

Principle: it is logical to solve problems where they originate. If a failure originates at the hardware level, it should not be “propagated” to the software level. This is a fundamental tenet of software reliability engineering [2].

However, this principle does not give the full picture. For example, if signal filtering is implemented with a capacitor, it — like any other electronic component — is subject to degradation. These properties are systematized in Annex C of ISO 13849-1 [3].

2. What the Numbers Say: ISO 13849-1, Annex C

Annex C of EN ISO 13849-1:2015 provides methods for determining MTTFD (Mean Time to Dangerous Failure) for individual components. Table C.1 contains typical B10D and MTTFD values for the main component categories:

Table C.1 — EN ISO 13849-1:2015 (excerpt)
Component Metric Typical Value
Mechanical components MTTFD 150 years
Hydraulic (nop ≥ 1,000,000 cyc/yr) MTTFD 150 years
Pneumatic components B10D 20,000,000 cycles
Relays / contactor relays (light load) B10D 20,000,000 cycles
Relays / contactor relays (rated load) B10D 400,000 cycles
Contactors (rated load) B10D 1,300,000 cycles
Position switches B10D 20,000,000 cycles
Emergency stop devices B10D 100,000 cycles

Note: these are individual components. In a real system, they must be interconnected — by solder joints, PCB traces, and connectors. Each connection adds its own failure factor. The MTTFD of a subsystem is computed through the series connection of the component chain, where overall reliability is determined by the weakest link.

For relays under rated load: B10D = 400,000 cycles. At nop = 365,000 cycles/year (1,000 actuations/day):

MTTFD = B10D / (0.1 × nop) = 400,000 / (0.1 × 365,000) ≈ 10.96 years // relay under rated load

3. Reliability of Passive Components: Resistors, Capacitors

Now let us turn to the components typically used to implement “hardware” solutions: filters, voltage dividers, RC circuits. The SN 29500 standard (Siemens) is the primary source of reference FIT values for passive components and is widely used for reliability analysis per ISO 13849 and ISO 26262 [5].

Typical reference FIT values per SN 29500 for passive components (under reference conditions — 40°C, rated load):

FIT of passive components (SN 29500, reference conditions)
Component λref (FIT) MTTF = 109/FIT Source
Metal film resistor 0.2 ~570,000 years SN 29500-4, Table 2 [6]
Ceramic capacitor (MLCC) 0.5–2 ~57,000–228,000 years SN 29500-7 / MIL-HDBK-217F [7]
Electrolytic capacitor (Al, polymer) 5–25 ~4,500–23,000 years SN 29500-7 / IEC TR 62380 [7]
Power MOSFET 200 ~570 years SN 29500-3, Table 1 [8]

At first glance, a metal film resistor with 0.2 FIT looks more reliable than a microcontroller with ~2 FIT. But that is a single component. A hardware solution for signal filtering, stabilization, or comparison requires a chain of components: several resistors, capacitors, an op-amp or comparator, possibly a relay or transistor. The total FIT of the chain is the sum of all individual component FITs.

Example: Analog RC Filter + Comparator vs. MCU

Consider a typical analog signal comparison circuit: 4 resistors (divider + feedback) + 2 capacitors (MLCC, filter) + 1 electrolytic capacitor (supply decoupling) + 1 operational amplifier:

λtotal = 4 × 0.2 + 2 × 1.0 + 1 × 10 + 1 × 12 = 0.8 + 2.0 + 10.0 + 12.0 = 24.8 FIT // analog circuit, die only // + solder joints (SN 29500: ~0.5 FIT per joint × ~20 joints) λtotal+solder ≈ 24.8 + 10.0 = ~35 FIT MTTF = 109 / 35 ≈ 2.86 × 107 hrs ≈ 3,260 years

Now let us compare this with an MCU.

4. MCU Reliability: Texas Instruments Data

Texas Instruments describes the FIT calculation methodology for semiconductors accounting for mission profiles in application report SPRABY3 [9]. Key data for the TMS320F28335 MCU:

FIT for MCU TMS320F28335 (TI, SPRABY3)
Parameter Value
FIT @ 55°C (CL 60%, Ea = 0.7 eV) 2.26 FIT
FIT @ 0°C (derated) 0.015 FIT
FIT @ 85°C (worst case) 19.88 FIT
FIT for typical mission profile ~1.9 FIT
MTTF = 109 / FIT ~5.26 × 108 hrs ≈ 60,000 years
Note: FIT is a statistical upper confidence bound. Even with zero failures during HTOL testing, the χ2 formula introduces uncertainty. This means actual reliability may be even higher than the computed value [9]. With increasing HTOL sample sizes, the FIT decreases (Table 2 in SPRABY3): at 5,000 samples — 2.4 FIT; at 7,500 — 1.6 FIT.

Typical FIT for modern digital ICs ranges from 1 to 10 FIT @ 55°C, corresponding to an MTTF of 108 to 109 hours — i.e., from ~11,400 to ~114,000 years [10].

5. Summary Comparison: Discrete Components vs. MCU

Now let us consolidate all the data into a single table. This is the key comparison of the article:

FIT and MTTF comparison: Discrete components vs. MCU
Element FIT (typ.) MTTF Source
Metal film resistor (1 pc.) 0.2 ~570,000 yrs SN 29500-4
Ceramic capacitor MLCC (1 pc.) 0.5–2 57,000–228,000 yrs SN 29500-7
Electrolytic capacitor (1 pc.) 5–25 4,500–23,000 yrs SN 29500-7
Operational amplifier (1 pc.) 10–15 7,600–11,400 yrs SN 29500-2
Power MOSFET (1 pc.) 200 ~570 yrs SN 29500-3
Relay, rated load (1,000 cyc/day) ~11 yrs (MTTFD) ISO 13849-1, C.1
Analog circuit (8 components + solder) ~35 ~3,260 yrs Calculated
MCU (typical mission profile) ~1.9 ~60,000 yrs TI SPRABY3
MCU (worst case, 85°C continuous) ~19.9 ~5,700 yrs TI SPRABY3

The result is clear. An MCU at a typical mission profile (FIT ≈ 1.9) is approximately 18× more reliable than a simple analog circuit of 8 components (FIT ≈ 35). Even at worst-case 85°C, the MCU remains on par with — or even better than — the discrete component chain.

The software running inside the MCU “inherits” the chip’s reliability as its execution environment. But its own failures are not stochastic — they are deterministic: if the code is tested (statement, branch, MC/DC coverage) and contains no logic errors, it does not degrade over time. Unlike a capacitor, resistor, or relay.

One might assume that an MCU — being more complex than an individual capacitor — should be less reliable. But manufacturer documentation and standards show the opposite: the MTTF of a semiconductor is orders of magnitude higher than the typical values for discrete components. And in a real circuit with dozens of discrete components, the MCU’s advantage becomes even more dramatic.

6. Theoretical Foundation: The Laprie—Avizienis Taxonomy

The theoretical foundation changes everything. The theory of dependability and fault tolerance enables a systematic, architectural approach to this problem.

In the seminal work by Avizienis, Laprie, Randell, and Landwehr [11], as well as in the paper “Basic Concepts and Taxonomy of Dependable and Secure Computing” (IEEE TDSC, 2004) [12], the following is established:

Dependability is an integrative concept that unifies the attributes of reliability, availability, safety, integrity, and maintainability. The means for achieving dependability are classified as four orthogonal strategies:

Means for achieving dependability (Avizienis, Laprie et al.)
Means Objective
Fault Prevention Preventing the introduction of faults (quality design, V&V)
Fault Tolerance Correct operation despite the presence of active faults (redundancy, diagnostics)
Fault Removal Eliminating faults (testing, verification, audit)
Fault Forecasting Predicting system behavior (FMEA, PRA, reliability modeling)

The key conclusion from this taxonomy: neither the hardware nor the software approach alone is a silver bullet. A combination of solutions resolves everything. A reliable software-based control system implemented in an MCU can be made even more reliable by applying:

— hardware redundancy (dual-channel architecture, Category 3/4 per ISO 13849-1);
— a monitoring subsystem (watchdog timer, voltage supervisor);
— diagnostic coverage (DCavg);
— measures against common cause failures (CCF per Annex F of the standard).

7. Conclusion

The numbers from ISO 13849-1, SN 29500, and semiconductor manufacturer data all point in the same direction: a software solution implemented in an MCU, when properly tested, is more reliable than an equivalent purely hardware solution based on discrete components.

The reasons:

— The MTTF of a microcontroller (~60,000 years at a typical mission profile) exceeds by orders of magnitude the MTTF of even the most reliable individual passive components. And a chain of a dozen components is weaker still.
— Discrete components must be interconnected — every solder joint, PCB trace, and connector adds to the total FIT.
— Software does not degrade. When properly tested, it operates correctly throughout the entire service life of the MCU.
— A software solution in an MCU can be reinforced with architectural measures (redundancy, monitoring), as formalized in functional safety standards.

Practical takeaway: instead of implementing a control function at the discrete electronics level (RC filters, comparators, relays), consider an MCU-based solution. With a proper approach to software development and testing, it will be more reliable. And if you add architectural redundancy — significantly more reliable.

References

  1. IBM, “What is mean time to failure (MTTF)?”ibm.com/think/topics/mttf
  2. ASQC/Wiley, “A Guidebook for Software Reliability Assessment”scispace.com
  3. EN ISO 13849-1:2015, Annex C — Calculating or evaluating MTTFD values for single componentsconverter.com.tw
  4. EN ISO 13849-1:2015, Table 4 — MTTFD level definitions (Low / Medium / High)
  5. Analog Devices, “Know Your Safety Application Notes — Part 1: Failure Rates”analog.com
  6. FAULHABER, “Determining reliability and failure rate in electronic components” (referencing SN 29500-4) — faulhaber.com
  7. D. Butnicu, “PoL Converter’s MTBF Calculation Using MIL-HDBK-217F vs. SN 29500”, IEEE SIITME, 2021 — preprints.org
  8. D. Butnicu, “MTBF-PoL Reliability Evaluation… MIL-HDBK-217F vs. SN 29500”, Electronics, 2025 — mdpi.com
  9. Texas Instruments, “Calculating FIT for a Mission Profile”, SPRABY3, March 2015 — ti.com/lit/spraby3
  10. Texas Instruments, “Reliability Terminology”ti.com/reliability-terminology
  11. J.-C. Laprie et al., LAAS-CNRS — homepages.laas.fr
  12. A. Avizienis, J.-C. Laprie, B. Randell, C. Landwehr, “Basic Concepts and Taxonomy of Dependable and Secure Computing”, IEEE TDSC, Vol. 1, No. 1, 2004 — landwehr.org
  13. J.-C. Laprie (ed.), “Dependability: Basic Concepts and Terminology”, Springer-Verlag, 1992
  14. TI, “Understanding Functional Safety FIT Base Failure Rate”, SLOA294A — ti.com/lit/SLOA294A
  15. IEC 61508, “Functional safety of E/E/PE safety-related systems”
  16. ISO 26262, “Road vehicles — Functional safety”
  17. SN 29500-1..12, Siemens AG, “Expected values for failure rates of components”