ISO26262解析(三)——硬件部分1. The necessary activities and processes for the product development at the hardware level include: (1) the hardware implementation of the technical safety concept;
(2) the analysis of potential hardware faults and their effects;
(3) the coordination with software development.
为了满⾜ISO26262,硬件⽅⾯需要做的⼯作包括:
(1) 功能安全概念的硬件实现;
(2) 潜在硬件失效及后果分析;
(3) 与软件开发协同合作。
2. 硬件功能安全相关⼯作:
硬件功能安全⽅⾯相关⼯作包括:
(1) 5.5 initiation of product development at the hardware level: 启动硬件设计 具体包括哪些⼯作包?
⽬的是决定并计划硬件设计每个阶段的功能安全活动。
输⼊:完善后的项⽬计划、完善前的安全计划、完善后的集成测试计划
输出:完善后的安全计划
(2) 5.6 specification of hardware safety requirements: 定义硬件功能安全需求 输⼊:安全计划、安全概念、系统设计说明书、硬件软件接⼝说明
输出:硬件安全需求(包括测试和验证标准)、完善的硬件软件接⼝说明、硬件安全需求验证报告
如何定义硬件功能安全需求,使⽤什么⼯具软件,模板如何?
They are derived from the technical safety concept and system design specification.
硬件功能安全需求来源于系统安全概念和系统设计⽂档。
The hardware safety requirements specification shall include each hardware requirement that relates to safety, including the following:
硬件功能安全需求⽂档包括所有和安全相关的硬件需求,包含如下⼏⽅⾯:
i. the hardware safety requirements and relevant attributes of safety mechanisms to control internal failures of the hardware of the element, this includes internal safety mechanisms to cover transient faults when shown to be relevant due, for instance, to the technology used;
EXAMPLE 1 Attributes can include the timing and detection abilities of a watchdog.
为了控制硬件元器件内部错误的安全机制需求,例如看门狗的定时和检测能⼒。
ii. the hardware safety requirements and relevant attributes of safety mechnisms to ensure the element is tolerant to failures external to the element.
EXAMPLE 2 The functional behaviour required for an ECU in the event of an external failure, such as an open-circuit on an input of the ECU.
为了保证硬件元器件对于元器件外部的失效有⼀定容忍能⼒的安全机制需求,例如当输⼊引脚开路时,整个控制器产品的功能⾏为应该符合安全需求。
iii. the hardware safety requirements and relevant attributes of safety mechanisms to comply with the safety requirements of other elements.
EXAMPLE 3 Diagnosis of sensors or actuators.
其他硬件元器件的安全需求,例如传感器或执⾏器的诊断功能。
iv. the hardware safety requirements and relevant attributes of safety mechanisms to detect and signal internal or external failures;
黄金木枣EXAMPLE 4 The specified fault reaction time for the hardware part of a safety mechanism, so as to be consistent with the fault tolerant time interval.
为了检测内部或外部失效的相关安全机制,例如为了达到失效可容忍的时间间隔⽽定义好的失效反应时间。
v. the hardware safety requirements not specifying safety mechanisms.
EXAMPLE 5
-
--requirements on the hardware elements to meet the target values for random hardware failures as described in 6.4.3 and 6.4.4
---requirements for the avoidance of a specific behaviour(for instance, "a particular sensor shall not produce an unstable output");
---requirements allocated to hardware elements implementing the intended functionality;
---requirements specifying design measures on harnesses or connectors.
和安全机制⽆关的其他硬件安全需求。例如:
--- 在FMEDA、FMEA、FTA分析过程中,为了达到安全⽬标等级的要求,⽽对硬件元器件的需求;
---为了避免指定⾏为的需求,例如,指定的传感器不能产⽣不稳定的输出;
--- 为了实现设定功能的硬件元器件需求;折叠篮
--- 指定的线束和连接器的设计⽅法。
无菌检查薄膜过滤器
(3) 5.7 hardware design: 硬件设计
The first objective of this clause is to desgin the hardware in accordance with the system design specification and the hardware safety requirements.
The second objective of this clause is to verify the hardware design against the system desgin specification and the hardware safety requirements.
硬件设计的⽬的⼀是依据系统设计⽂档和硬件功能安全需求来设计硬件,⼆是验证硬件设计是否符合系统设计⽂档和硬件功能安全需求。
Hardware design includes hardware architectural design and hardware detailed design.
硬件设计包括硬件架构设计和硬件具体设计。
齿诺洗牙笔
i. Hardware architectural design
i. 硬件架构设计:
Each hardware component shall inherit the highest ASIL from the hardware safety requirements it implements. If ASIL decomposition is applied to the hardware safety requirements during hardware architectural design, it shall be applied in accordance with ISO 26262-9:2011, Clause 5.
环视制作者
每⼀个硬件元器件应该从硬件安全需求继承最⾼的ASIL等级。如果需要ASIL等级分解,详细分解⽅法参考ISO 26262-9:2011中第五章。
Non-functional causes for failure of a safety-related hardware component shall be considered during hardware architectural design , including the following influences, if applicable: temperature, vibrations, water, dust, EMI, cross-talk originating either from other hardware components of the hardware architecture or from its environment.
硬件元器件的⾮功能失效原因需要在硬件结构设计时考虑,包括:温度、振动、防⽔、防尘、EMI、串扰等。
ii. Hardware detailed design
ii. 硬件详细设计:
In order to avoid common design faults, relevant lessons learned shall be applied in accordance with ISO 26262-2:2011,
5.4.2.7.
为了避免通常的设计错误,相关的经验教训应确保被实施。有关经验教训的说明与规定见ISO 26262-2:2011,5.4.2.7.
Non-functional causes for failure of a safety-related hardware part shall be considered during hardware detailed design, including the following influences, if applicable: temperature, vibrations, water, dust, EMI, noise factor, cross-talk originating either from other hardware parts of the hardware component or from its environment.
硬件元器件的⾮功能失效原因需要在硬件具体设计时考虑,包括:温度、振动、防⽔、防尘、EMI、串扰等。
The operating conditions of the hardware parts used in the hardware detailed design shall comply with the specification of their environmental and operational limits.
硬件元器件的⼯作条件在硬件具体设计时要满⾜环境使⽤规范和⼯作限值。
Robust design principles should be considered. Robust design principles can be shown by use of checklists based on QM methods.
可靠性设计原则应该被考虑。可靠性设计原则可以通过基于QM⽅法的检查表来体现。
EXAMPLE Conservative specification of components.
例如,保守的元器件说明书,即:设计时充分考虑元器件的裕量。
iii. safety analyses
iii. 安全分析
safety analyses on hardware design to identify the causes of failures and the effects of faults shall be applied in accordance with Table 2 and ISO 26262-9:2011, Clause 8.
安全分析的⽬的是确定失效的原因及后果。
The initial purpose of the safety analyses is to support the specfication of the hardware design. Subsequently, the safety analyses can be used for verification of the hardware design. In its aims of supporting the specification of the hardware design, qualitative analysis can be appropriate and sufficient.
安全分析的最原始⽬的是⽤来⽀持硬件设计⽂档。后来,安全分析也能⽤来做硬件设计的验证。当安全分析作为⽀持硬件设计的⼿段时,定量的分析是合适的,并且是⾜够的。
在硬件设计阶段,安全分析的⼿段主要有FTA和FMEA。
iv. Verification of hardware design
maopiv. 硬件设计验证
If it is discoverd, during hardware design, that the implementation of any hardware safety requirement is not feasible, a request for change shall be issued in accordance with the change management process in ISO 26262-8.
如果在硬件设计验证的过程中,发现任何硬件安全需求没有满⾜,那么需要提出变更申请。变更申请的管理流程参见ISO 26262-8。
硬件设计验证的⼿段中提到的安全分析指的是FMEDA。
=> 安全分析的⼿段有三种:FTA, FMEA, FMEDA。其中FTA和FMEA⽤来⽀持硬件设计,FMEDA⽤来进⾏硬件设计的验证。
(4) 5.8 evaluation of the hardware architectural metrics: FMEDA
定义了两个度量单位(SPF和LMSF)来衡量为了处理硬件随机失效⽽采取的硬件架构和功能安全机制的有效性。
(5) 5.9 evaluation of safety goal violations due to random hardware failures: FTA
作为FMEDA的补充,定义了两种替代⽅案来衡量违反安全⽬标的残余风险的概率是否⾜够低。两种⽅
案分别是全局概率分布和使⽤割集分析的⽅法,⽬的是研究硬件元器件关于违反安全⽬标的每⼀个失效的影响。
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议