of 73
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
1/73
Introduction to functional safet
Marc Van VlimmerenFlanders DRIVE
April 24 th, 2013
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
2/73
Agenda
Introduction to Flanders DRIVE
Introduction to functional safety
Overview of functional safety standards and regulations
ISO 26262 for safety-related automotive E/E development Scope
Parts of t e standard
Safety lifecycle
2012 Flanders DRIVE all rights reserved
!ore sa ety engineering processes #-model System and environment description %a&ard analysis and ris' assessment (unctional safety concept %ardware )evelopment Software )evelopment
*uestions
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
3/73
(landers+ ),I#E
,esearc institute for t e ve icle and mo ility industry developing andpresenting tec nological solutions in t e following ,.) domains
2012 Flanders DRIVE all rights reserved
Open innovation approac driven y t e industry
%ig -tec Infrastructure for ve icle0 system and component testing
1ide international networ' of 34 partners
Page 5
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
4/73
ocated in an inspiring environment
2012 Flanders DRIVE all rights reserved Page 7
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
5/73
8road partners ip wit in t e ve icle and mo ility industry
2012 Flanders DRIVE all rights reserved Page 9
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
6/73
Safety related ,.) pro:ects
2012 Flanders DRIVE all rights reserved Page 6
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
7/73
Agenda
Introduction to (landers; ),I#E
Introduction to functional safety
Overview of functional safety standards and regulations
ISO 26262 for safety-related automotive E/E development Scope
Parts of t e standard
Safety lifecycle
2012 Flanders DRIVE all rights reserved
!ore sa ety engineering processes #-model System and environment description %a&ard analysis and ris' assessment (unctional safety concept %ardware )evelopment Software )evelopment
*uestions
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
8/73
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
9/73
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
10/73
,ecalls at ig level
2000: Accidents due to detachment of Bridgestone tyre treadWorldwide 700 injured and 203 dead
Recall more than 14 million tyres
Costs 1.3 billion USD
In addition: actions for damages
Toyota recently had to recall nine millioncars back to the garage because of problems
2012 Flanders DRIVE all rights reserved
w e acce era or an ra e. n more o en,this kind of problems have a root cause inmechatronic and software components.
Break by wire example: 30 million USD(American Auto press, June 1, 2004)
Possible damage to companies: invaluable!
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
11/73
Overview of functional safety
Systemfailure
Software error ,andom ardware
failure
E/Esystems
%arm
2012 Flanders DRIVE all rights reserved
)evelopment Production
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
12/73
)efinition of functional safety
Safety is the freedom from unreasonable risk of physical injury or of damage to the healthof people, either directly, or indirectly as a result of hazards caused by damage to propertyor to the environment.
Functional safety is part of the overall safetythat depends on electric, electronic orprogrammable electronic systems ( E/Esystems ) operating correctly in response to itsinputs.E/E/PE
!ommunications
E tent of E!E "ystem
2012 Flanders DRIVE all rights reserved
Unreasonable risk: unacceptable adverse effects on humans or to the environment taking into accountits economic, environmental, medical and social benefits and costs.
Hazard: potential source of harm. The term includes danger to persons arising within ashort time scale (eg. fire, explosion) and also those that have a long term effect(eg. release of toxic substance).
E/E systems include power supplies, sensorsand other input devices, communicationnetworks, actuators and other output devices.
deviceInput
devices"e>g> sensors$
Outputdevices
"e>g> actuators$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
13/73
)ifferent types of safety
#assive "afetyfeatures t at elp reduce t e effects of an accident
Active "afety
2012 Flanders DRIVE all rights reserved
systems t at use an understanding oft e state of t e ve icle to ot avoid
and minimise t$e effects of anaccident >
Functional "afetyEnsures correct functioning of t e E/E systems
"including active safety related systems$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
14/73
Possi le causes for incorrect functioning of E/E systems
Incorrect specifications of t e system0 ardware and/or software
Omissions in t e safety re?uirements specification
,andom ardware failure mec anisms "tin w is'er$
Systematic ardware failure mec anisms
Software errors
!ommon cause failures
Environmental influences
Failure AElement A
Fault %
2012 Flanders DRIVE all rights reserved
temperature mec anical p enomena
Supply system voltage distur ances loss of supply
reduced voltages
re-connection of supply
oot
cause Failure &Element &
Fault '
Common cause failures
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
15/73
A fault in an active suspension leading to asafety critical situation.
2012 Flanders DRIVE all rights reserved
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
16/73
8ut it+s not all a out tec nology@
(alse assumption
Safety is a ?uestion of tec nologyB
,eality
C e greater t e comple=ity of a tec nical system0 t e more stringent t ere?uirements to e met y management@
Prof> %artwi Sa et en ineerin Univ. Wu ertal
2012 Flanders DRIVE all rights reserved
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
17/73
E=amples of poor safety management
D 6 e=plosion of t e c allenger0 3 fatalities
!ause was a sealing ring of a fuel tan'
Pro lem was 'nown since D years and an engineer ad warned for t e possi ilityof suc a catastrop e
(ypical causes of accidents Organi&ational deficits 8ad communication Poor ris' management
2012 Flanders DRIVE all rights reserved
Poor management of safetyconcerns
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
18/73
Agenda
Introduction to (landers; ),I#E
Introduction to functional safety
)verview of functional safety standards and regulations
ISO 26262 for safety-related automotive E/E development Scope
Parts of t e standard
Safety lifecycle
2012 Flanders DRIVE all rights reserved
!ore sa ety engineering processes #-model System and environment description %a&ard analysis and ris' assessment (unctional safety concept
*uestions
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
19/73
Overview of functional safety standards and regulations
*eneric
IE! 6 94 )n+,ig$wayISO 26262
AgricultureISO 29 D
Functional safety standards Quality standardsISO D44 244
ISO CS 6D7D
Basis forQuality
Management
(QM)
Systems engineering
2012 Flanders DRIVE all rights reserved
Mac$ineryIE! 6246
Mac$ineryISO 5 7D
Eart$ movingmac$inesISO 9DD
Process improvement& assessment models
++SAFE v1.2
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
20/73
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
21/73
,e?uired standards to follow y manufacturer
SOCA
SSC I n c r e a s i n g d e g
State of Scienceand Cec nology
State of Practice
enerally Accepted
!onsiderednecessary
I") '-'-'
State of t e Art
2012 Flanders DRIVE all rights reserved
A,C
,egulations
aws / directives
e e o f o - l i g a t i o n
,ules of Cec nology
e>g> E!E , 5
e>g>
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
22/73
Agenda
Introduction to (landers; ),I#E
Introduction to functional safety
Overview of functional safety standards and regulations
I") '-'-' for safety+related automotive E!E development Scope
Parts of t e standard
Safety lifecycle
2012 Flanders DRIVE all rights reserved
!ore sa ety engineering processes #-model System and environment description %a&ard analysis and ris' assessment (unctional safety concept %ardware )evelopment Software )evelopment
*uestions
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
23/73
Scope of ISO 26262
This International Standard is applicable to safety-related systems that include one ormore E/E systems and that are installed in series production passenger cars with amaximum gross weight up to 3500 kg.
ISO 26262 does not address unique E/E systems in special purpose vehiclessuch as vehicles designed for drivers with disabilities;
It does not address hazards related to electric shock, fire, smoke, heat,radiation, toxicity, flammability, reactivity, corrosion, release of energy, andsimilar hazards unless directly caused by malfunctioning behaviour of E/Esafety-related systems.
2012 Flanders DRIVE all rights reserved
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
24/73
Parts of t e ISO 26262 standard
2012 Flanders DRIVE all rights reserved
Source: ISO 26262 standard
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
25/73
E=planation of t e #-model
Fser re?uirements
System re?uirements
Arc itectural design
)etailed
Fser acceptancetesting
System integration andtesting
%1/S1 integration andtesting
Fnit and integrationtestin
#alidationtracea ility
2012 Flanders DRIVE all rights reserved
)evelopment andcoding
tracea ility
The purpose of Verification is toensure that selected work products
meet their specified requirements.
The purpose of Validation is to demonstrate that aproduct or product component fulfills its intended use
when placed in its intended environment.
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
26/73
Safety lifecycle according to ISO 26262
2012 Flanders DRIVE all rights reserved
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
27/73
1ays of ac ieving ris' reduction
E/E facilities
Ot er tec nologies "eg> safety valves$
According to ISO 26262
2012 Flanders DRIVE all rights reserved
E=ternal measures "eg> p ysical containment$
Out of scope ISO 26262
Out of scope ISO 26262
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
28/73
#-model from ve icle to component perspective
2012 Flanders DRIVE all rights reserved
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
29/73
,esponsi ilities of t e OE
AgPL a
2012 Flanders DRIVE all rights reserved
SIL 1SIL 2SIL 3SIL 3
ASIL AASIL BASIL CASIL D
PL aPL bPL cPL d
AgPL bAgPL cAgPL dAgPL e
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
32/73
Safety integrity level "2/7$
2012 Flanders DRIVE all rights reserved
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
33/73
Safety integrity level "5/7$
C e ASI level defines t e re?uirements0 met ods0 tec ni?ues and measures tomanage systematic failures "system0 %1 and S1$ and random failures "%1$
2012 Flanders DRIVE all rights reserved
Source for tables: ISO 26262 standardparts 4 and 5
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
34/73
(irst steps in t e process
Organi&ational processes
Closer look
2012 Flanders DRIVE all rights reserved
!ore systems and safetyengineering processes
Supporting processes
Safety-oriented analysesSource: Flanders DRIVE FLAME methodology
F l i i
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
35/73
Fse-case electric powertrain
2012 Flanders DRIVE all rights reserved
! t t d i t d i ti "Jit d fi iti $
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
36/73
!reate system and environment description "Jitem definition$
Fnderstanding of t e system0 its environment and actors to facilitatet e a&ard analysis and ris' assessment
The boundaries of the system
2012 Flanders DRIVE all rights reserved
The elements of the system
The systems interfaces Requirements received from other
systems and the environment
Requirements on other systemsand the environment
The allocation and distribution offunctions among the systems
E t & d l i d i ' t " /2$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
37/73
E=ecute a&ard analysis and ris' assessment " /2$
!onte=t for t e a&ard analysis and ris' assessment
Definition of safetygoals to prevent
$azardous eventsleading to $arm2
2012 Flanders DRIVE all rights reserved
E=ecute a&ard analysis and ris' assessment "2/2$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
38/73
E=ecute a&ard analysis and ris assessment "2/2$
System and environment description Functional behaviour of the system at vehicle level
Operating modes, operational situations, vehicle states Already known hazards
Systematic determination of system hazardsBrainstorming, checklists, quality history, FMEA,
2012 Flanders DRIVE all rights reserved
)perating modes %ill descent control mode
Agility control mode Craction !ontrol mode
H
)perational situations !ity driving
Snow and ice
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
39/73
!lassification of Severity S$
The risk assessment of
hazardous eventsfocuses on the harm to
each endangered person including the
driver or the
2012 Flanders DRIVE all rights reserved
passengers of the
vehicle causing thehazardous event, andother endangeredpersons such as
cyclists ,pedestrians or
occupants of othervehicles .
Source: ISO 26262 standard
!lasses of pro a ility of e=posure "E$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
40/73
!lasses of pro a ility of e=posure E$
2012 Flanders DRIVE all rights reserved
Source: ISO 26262 standard
)efining t e controlla ility "!$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
41/73
)efining t e controlla ility !$
Vehicle no longer controllable 10
System reaction dangerous
9
8
7
System reaction disturbing
6
5
S stem reaction noticeable
!
"
Neukum andKrger method
2012 Flanders DRIVE all rights reserved
Analysis of dynamic driving data.Determination of error limits: via statistical analysis of subjective
scores of malfunctions
Analysis of dynamic driving data.Determination of error limits: via statistical analysis of subjective
scores of malfunctions
Safety CriteriaSafety Criteria
Creation of error functions withdifferent error amplitudes and
error durations in different drivingmanoeuvres
Creation of error functions withdifferent error amplitudes and
error durations in different drivingmanoeuvres
1
#othing noticed 0
)etermine safety goals and ASI levels
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
42/73
)etermine safety goals and ASI levels
Risk graph from ISO 26262
A safety goal is a top-level safety requirementfor the system. Failure of the safety goal will
2012 Flanders DRIVE all rights reserved
Severity (S)Exposure (E)
Controllability (C)
resu n an mme a e ncrease o e r s .
ASIL D = highest safety requirementsASIL A = lowest safety requirementsQM = Quality Management (no safety requirements)
Source: ISO 26262 standard
et+s Practice
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
43/73
et s Practice
2012 Flanders DRIVE all rights reserved
8uild t e %A,A for an electric ve iclewit one electric motor providingtor?ue to t e front w eel via an
automatic transmission o=>
Page 75
E=ample functional safety goals
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
44/73
a p e u ct o a sa ety goa s
The magnitude and sign of the torque delivered to each front wheel shallnot destabilize the vehicle in all driving situations. The sign shall be correct.
The magnitude shall be within +/-5% of the required value.
No torque shall be delivered by the system when the vehicle is connectedto a charging spot.
Functional Safety Goal = toplevel functional safety requirement
2012 Flanders DRIVE all rights reserved
The time and phase lag of the torque transfer shall not destabilize thevehicle in all driving situations. Time lag shall be less than 100 ms. Phaselag shall be less than 20 ms.
)erive functional safety re?uirements
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
45/73
) y
Derive the functional safety requirements (FSR),
from the safety goals, and allocate them topreliminary architectural elements of the system inorder to ensure the required functional safety.,esults of a&ardanalysis and ris'
assessment
Safety goal AASI !
(unctional safety (unctional safety
Safety goal 8ASI )
(unctional safety
Safety goal K
Criteria for FSRs:
Techniques to define FSRs:FMEA, FTA,
brainstorming, HAZOP,
2012 Flanders DRIVE all rights reserved
re?uirement
ASI !
re?uirement
ASI !
re?uirement
ASI )
At least onefunctional safetyrequirement shallbe specified for
each safety goal.
- Unique label.- Unambiguous
- Comprehensible- Atomic
- Consistent
- Feasible- Verifiable
System arc itecture for Electric Powertrain
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
46/73
y
2012 Flanders DRIVE all rights reserved
E=ample functional safety re?uirements
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
47/73
y
2012 Flanders DRIVE all rights reserved
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
48/73
(CA "(ault Cree Analysis$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
49/73
Deductive a roach
2012 Flanders DRIVE all rights reserved
Main Question: what is the reason?Can also be called TOP-DOWN
What led to the top event?
Sherlock Holmesian approach
Deductive system analysis:Fault Tree Analysis (FTA)
(urt er system design0 integration . testing and validation
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
50/73
The technical safety conceptis a statement of how the safety
functions are implemented inhardware or software. This isstated in the technical safety
requirements.
Hardware and software safetyrequirements state the specificsafety requirements that will be
2012 Flanders DRIVE all rights reserved
mp emen e as par o e
software and hardware design
Agenda
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
51/73
Introduction to (landers; ),I#E Introduction to functional safety
Overview of functional safety standards and regulations
ISO 26262 for safety-related automotive E/E development Scope
Parts of t e standard
Safety lifecycle
2012 Flanders DRIVE all rights reserved
!ore sa ety engineering processes #-model
System and environment description %a&ard analysis and ris' assessment (unctional safety concept ,ardware Development Software )evelopment
*uestions
%ardware development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
52/73
%ardware implementation of t e tec nical safety concept
Analysis of potential ardware faults and t eir effects
!oordination wit Software development
Re3uired activities and processes
2012 Flanders DRIVE all rights reserved Page 92
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
53/73
%ardware development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
54/73
)etected (ault fault w ose presence is detected wit in a prescri ed time y a safety mec anism
t at prevents t e fault from eing latent>
Perceived (ault (ault w ose presence is deduced y t e driver wit in a prescri ed time interval>
atent (ault
,ardware faults 4continued5
2012 Flanders DRIVE all rights reserved
mu t p e-po nt au t w ose presence s not etecte y a sa ety mec an sm nor
perceived y t e driver wit in t e multiple-point fault detection interval>
Page 97
%ardware development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
55/73
C e single point faults metric reflects t e ro ustness of t e item to singlepoint faults>
C e latent faults metric reflects t e ro ustness of t e item to latent faults>
#ro6a6ilistic Metric for random ,ardware Failures "P
,ardware metrics
2012 Flanders DRIVE all rights reserved Page 99
%ardware development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
56/73
"ingle point faults metric
2012 Flanders DRIVE all rights reserved Page 96
%ardware development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
57/73
7atent faults metric
2012 Flanders DRIVE all rights reserved Page 93
%ardware development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
58/73
E ample
2012 Flanders DRIVE all rights reserved Page 9
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
59/73
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
60/73
%ardware development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
61/73
E ample 4continued58 demo (9V :or;6enc$
2012 Flanders DRIVE all rights reserved Page 6
Agenda
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
62/73
Introduction to (landers; ),I#E Introduction to functional safety
Overview of functional safety standards and regulations
ISO 26262 for safety-related automotive E/E development Scope Parts of t e standard
Safety lifecycle
2012 Flanders DRIVE all rights reserved
!ore sa ety engineering processes #-model
System and environment description %a&ard analysis and ris' assessment (unctional safety concept %ardware )evelopment "oftware Development
*uestions
Software development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
63/73
Reference #$ase Model
2012 Flanders DRIVE all rights reserved Page 65
Software development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
64/73
S1 as neit er potential to wear out nor produce random failures> S1?uality is determined y its development process> C e more rigorous andsystematic t e development process0 t e ig er t e ASI rating can e
ac ieved> Programming language selection
rd
Is a6out
2012 Flanders DRIVE all rights reserved
> >
Cool selection and ?ualification S1 !onfiguration
Integration in ardware
And muc more H>
Page 67
Software development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
65/73
C e safety state s all e activated y a switc off of driver 5>
C e ogic Solver "!PF$ s all run self tests of t e internal registers>
C e input cloc' s all e tested to detect faults> )uring t en operating p ase0 plausi ility c ec's of specific varia les
according to t e appropriate range s all e performed>
"oftware "afety Re3uirements< some e amples
2012 Flanders DRIVE all rights reserved
C e ma=imum start-up tome is 2 seconds>
C e reaction time to a normal input c ange is ma=imum millisecond>
HH
Page 69
Software development
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
66/73
E=ample CI+s %erculesC< A,>
"demo$
Page 66
C an's for your attendance@
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
67/73
2012 Flanders DRIVE all rights reserved
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
68/73
For more information, please contact
Marc Van VlimmerenFunctional safety engineer
tel. +32 11 790 [email protected]
2012 Flanders DRIVE all rights reserved
Bert DextersProject leader Automotive Safety Integrity Leveltel. +32 11 790 545
www.flandersdrive.be
lossary " /5$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
69/73
Active safetySystems assisting in the prevention of a crash
Error(1) Mistake in engineering, requirement specification, or design.(2) Mistake in design, implementation or operation which could cause a failure.
FailureThe inability of a system or component to perform its required functions within specifiedperformance requirements.
FaultAny change in state of an item that is considered to be anomalous and may warrant some type of
2012 Flanders DRIVE all rights reserved
corrective action. Examples of faults included device errors reported by Built-In Test (BIT)/Built-In
Test Equipment (BITE), out-of-limits conditions on sensor values, loss of communication withdevices, loss of power to a device, communication error on bus transaction, software exceptions(e.g., divide by zero, file not found), rejected commands, measured performance values outside ofcommanded or expected values, an incorrect step, process, or data definition in a computerprogram, etc. Faults are preliminary indications that a failure may have occurred.
Fault Injection Process
The process of deliberately inserting faults into a system (by manual or automatic methods) to testthe ability of the system to safely handle the fault or to fail to a safe state. Usually, fault injectioncriteria is defined by system safety and is implemented by the software test engineeringgroup to measure the systems ability to mitigate potential mishaps to anacceptable level of risk.
Page 6D
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
70/73
lossary "5/5$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
71/73
Safety Freedom from those conditions that can cause death, injury, occupational illness, damage to orloss of equipment or property, or damage to the environment.
Safety AnalysisA systematic examination to determine system functionality, to identify potential hazards, andanalyze the adequacy of measures taken to eliminate, control, or mitigate identified hazards; and
analyze and evaluate potential accidents and their associated risksSafety Critical Function
A function whose failure to operate, or incorrect operation, will directly result in a high risk mishap(i.e., death, serious injury, system loss, environmental damage).
2012 Flanders DRIVE all rights reserved
Safety IntegrityThe ability of a control system to work safely (this includes shutting down safely if a fault occurs),which depends on the entire system, not just the computer
Automotive Safety Integrity Level (ASIL)
One of four levels to specify the item's or element's necessary requirements of ISO 26262 andsafety measures to apply for avoiding an unreasonable residual risk , with D representing the most
stringent and A the least stringent level .
Page 3
A reviations " /2$
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
72/73
ASI Automotive Safety Integrity evel
8
8/12/2019 Introduction to Functional Safety KdG Seminar 20130424 Handout
73/73
OE< Original E?uipment