Iso26262 1 PDF
Iso26262 1 PDF
Iso26262 1 PDF
motive Hard
dwaree Deveelopm
ment A
According too
ISO O 262
262
Seo-Hyunn Jeon*, Jin-Hee Cho*, Y
Yangjae Jung
g*, Sachoun Park*, Tae-M
Man Han*
*Automotive
* Convergence Platform Research Team, E
ETRI, 161 Gaajeong-Dong, Yuseong-Gu, Daejeon, 305 5-700, KOREAA
[email protected], chojh
[email protected],, [email protected], [email protected]
kr, [email protected],
Abstract— This paper brieflyy explains ISO O 26262, thee new orien
nted and safetty-oriented annalyses, and 10.Guideline.
1 The
autoomotive stand dard for functional safety. The
T standard is for development process of item leevel starts fromm part 3 to 7, and
elecctrical/electron
nic systems moounted on seriees of passengerr cars. he other partss are supportiing process. The developm
all th ment
In the
t standard, Automotive Safety Integriity Level (ASIIL) is proceess generally follows V-stytyle process model
m and cann be
ur levels accorrding to the reequired safety level.
classsified into fou
Eacch of the AS SIL has its ow wn process and
a steps forr item
depiccted as Figuree 1. [1]
development. Thiis paper focu uses on the iteem developmeent at
hardware level, eespecially for ASIL C and d D. The hard dware
development proccedure includees the calculation of single point
mettric and latentt fault metric. Furthermore,, we present ooverall
calcculation steps oof controlling random
r hardw
ware failure.
I. INTRRODUCTION
There
T is an uupcoming staandard for au utomotive inddustry;
ISO
O 26262 Roaad vehicles – Functional safety, and it is
plannning to be ppublished in 2011. The au utomotive inddustry
sho
ould be well pprepared to addapt this new standard intoo their
product developm ment process since automo otive manufaccturers
willl require theiir suppliers too provide only products w whose
devvelopment proocesses complies this stand dard. It is beecause
the company’s competitiveneess will be measured m by their Figure
F 1. Overviiew of ISO 26262
2
pability of cconducting the
cap t standardiized developpment
process. The scoope of ISO 26262 includes all safety reelated Ass in Figure 1,1 functional safety concep pt of the itemm is
elecctrical/electronnic (E/E) systtems for autom
motive applicaation. deriv
ved in the co oncept phase,, and productt developmennt at
ISO
I 26262 iss derived froom IEC 6150 08, but adaptted to systeem level will be
b started. In tthe product deevelopment phhase,
autoomotive induustry. The big differen nce between two the system design is speciified and eaach developm ment
stan
ndards is thatt ISO 26262 considers co ontrollability while proceesses at harrdware and software lev vels are initiiated
IECC 61508 doees not. Conttrollability is ability to avoid indiv
vidually.
hazzardous event, the action takken by a driveer. Considerinng this, Allthough the ISSO 26262 stanndard lists alll the requirem
ments
ISO
O 26262 classiifies Automotive Safety Integrity Level ((ASIL) to be complied, it is difficullt to catch th he steps of each
e
into
o four diffeerent levels, depending on its sevverity, vities’ what to do and wherre to start. Fo
activ or this reason, this
probbability of exxposure, and controllability.
c . After determ
mining paper explains how to develoop a product to achieve the
ASIIL, the producct is developed in the proceess according to the functtional safety according
a to tthe standard, especially forr the
metthod and meaasure of the coorresponding ASIL. As a rresult, produ uct development at hardwar are level.
the main purposee of implemennting this stan ndard is keepinng all Thhis paper intro
oduces the stepps at hardwarre developmennt by
the records of saafety-related activities
a from
m the developpment deriv
ving metrics of a hardwarre element with w respect too its
process to ensuree functional saafety. failurre modes. This analysis is inevitable steep when claim ming
ISO
I 26262 is composedd of 10 parrts: 1.Vocabuulary, comp pliance of AS SIL C and D. The result of o these steps will
2.M
Management of functionnal safety, 3.Concept pphase, furth
her perform as an evidence oof compliancee.
4.Prroduct develoopment: system m level, 5.Pro
oduct developpment: Thhe scope of th his analysis iis limited to random
r hardw
ware
harddware level,, 6.Product developmentt: software level, failurre and the parts
p consideered in the analysis are the
7.Prroduction andd operation, 8.Supporting
8 processes,
p 9.A
ASIL- electtrical and electronic parts.. For electrom mechanical parts,
p
Detected Perceived
Latent MPF
5.7 7.5 Production and MPF MPF
Hardware design
operation
The first step is to fill the failure rate (F) of the second C F SR FM FD V SM FC RF/SPF
column of the table 4 and 5. This failure rate is normally R1 2 SR Open 90% X none 90% 0.18
provided with the component (C). And check in the “SR” Closed 10%
column, whether the component is safety related or not. This C1 2 SR Open 20% SM1
selection is made by the hardware developer. Closed 80% X 99% 0.016
Also, fill in the failure mode (FM) and failure rate I1 4 SR Open 70% X SM1 99% 0.028
Closed 20% X 99% 0.008
distribution (FD). Failure mode can be derived using FMEA.
Drift 5% X 99% 0.002
[6] The summation of failure rate distribution of each 0.5
component should be 100%. Drift 2 5%
2) Estimate diagnostic coverage of safety mechanism. L1 10 NSR Open 90%
Closed 10%
If the failure mode of the component has potential to violate ȝC 100 SR All 50% X SM3 90% 5
the safety goal in the absence of safety mechanism or due to All 50%
independent failure of another component, check “V” or “VI” Total 118 5.234
column.
And, describe in the “SM” or “L” column, the safety
mechanism that prevents the failure mode from violating the TABLE 5. LATENT FAULTS METRIC EXAMPLE
safety goal or being latent. Continuously, fill out the
diagnostic coverage of the safety mechanism in “FC” and C F SR FM FD VI L FCL LMPF
“FCL” column of table 4 and 5. R1 2 SR Open 90% X SM1 100% 0
Residual or single point fault failure rate (RF/SPF) can be Closed 10% X 0% 0.2
C1 2 SR Open 20% X SM1 0% 0.4
calculated by multiplying F*FD*(1-FC). Latent multiple
Closed 80% X 100% 0
point fault failure rate (LMPF) can be calculated by
I1 4 SR Open 70% X SM1 100% 0
multiplying F*FD*(1-FCL). Closed 20% X 100% 0
3) Calculate “single point faults metric” and “latent Drift 5% X 100% 0
faults metrics.” 0.5
Drift 2 5%
x Total failure rate: 118
L1 10 NSR Open 90%
- Total safety related failure rate: 108 Closed 10%
- Total not safety relate failure rate: 10 ȝC 100 SR All 50% X SM3 100% 0
x Total residual or single point fault failure rate : 5.234 All 50%
x Total latent multiple point faults failure rate: 0.6 Total 118 0.6