《解剖fmeda 汽车电子咖啡厅》由会员分享,可在线阅读,更多相关《解剖fmeda 汽车电子咖啡厅(19页珍藏版)》请在金锄头文库上搜索。
1、Luo Zhengfa Functional Safety Engineer Hardware Engineer FMEDA Technical Dissection Content 1 Safety Analysis Methods Introduction 2 How to get failure rate of hardware part 3 How to deal with MCUs failure rate 4 Ten Steps for FMEDA 5 Ground Rules for FMEDA 6 Using Safety Mechanisms in ISO26262 7 Ha
2、rdware Safety Case Sharing Safety Analysis Methods Introduction Classification : Qualitative Quantitative Deductive Inductive For Functional Safety: HARA (Hazard Analysis and Risk Assessment) FTA (Fault Tree Analysis) FMEA (Failure Mode and Effects Analysis) FMEDA (Failure Modes Effects and Diagnost
3、ics Analysis) DFA (Dependent Failure Analysis) DRBFM (Design Review Based on Failure Modes) Safety Analysis Methods Introduction FMEDA is a quantitative approach, and begins from every failure mode of each hardware part (inductive analysis) Safety Analysis Methods Introduction Hardware Metrics in IS
4、O26262: SPFM LFM (Part5,Relative) PMHF (Part10,Absolute) Different ASIL level have different requirements for the metrics SPFM = LFM = PMHF = MetricsASIL BASIL CASIL D SPFM90%97%99% LFM60%80%90% PMHF100 FIT100 FIT10 FIT How to Get Failure Rate ISO26262-5 8.4.3 Defines the Source using a recognised i
5、ndustry source using statistics based on field returns or tests using expert judgement But, SN29500 and Birolini are commonly used in German auto parts industry How to Get Failure Rate SN29500 Reliability Prediction For failure rate of transistors: SN29500 provide a reference failure rate under the
6、specified conditions SN29500 also tell you what factors will affect its failure rate You should fill the actual application information into the formula to get the real failure rate for your project The formula is very complicated(see details in the standard), a efficient computing tool is expected
7、by engineers How to deal with MCU failure rate SN29500 and other standards can obviously predict the failure rate of MCUs and ASICs How to deal with MCU failure rate The problem is all standard define ICs failure mode too simple So, its preferred to ask manufacturer for its failure rate and failure
8、modes distribution How to deal with MCU failure rate A customer version FMEDA report of MCU would be provided if the manufacturer claims to meet ISO26262 Ten Steps for FMEDA 1 Preparation 2 Identify the relevant modules 3 Determine failure rate safety goals, safe state, FTTI schematic , BOM, tempera
9、ture profile, DFMEA, FTA ASICs failure rate, MCU FMEDA report, safety manual, Calcu-tool list out all modules in the electrical connection diagram (block) find the modules which are relevant to the safety goal or its safe state transformation commonly recognized industry standards failure data from
10、the suppliers expert judgment Ten Steps for FMEDA 4 Determine failure modes 5 Analysis failure effects 6 Collection and assignment of safety mechanisms commonly recognized industry standards suppliers information is very helpful for ASICs need support from the designer or confirm with the designer n
11、eed support from software engineers safety mechanism in ASW should be considered for SW-sharing 7 Sorting the failure classes single point fault/ residual fault / multiple point fault/ latent fault Ten Steps for FMEDA 8 Review the diagostic coverage of each safety mechanism 9 Calculate hardware metr
12、ics 10 output your FMEDA report and review it refer to appendix D of ISO26262-5 (Table D.1 Table D.14) add the reference ID into the description of the safety mechanism SPFM LFM PMHF, the three metrics are necessary using an efficient and proven tool is preferred check the result and redo it if nece
13、ssary dont forget the confirmation independency (I1 I2 I3) list out the assumptions and limitings Ground Rules for FMEDA Correctness Objectivity Completeness Pessimism Pertinence FMEDA can not guarantee the safety of the product, but only our mindset Using Safety Mechanism is 26262 The following saf
14、ety mechanisms are recommended in ASIL C application For ASIL D, hardware redundancy is preferred to avoid single fault, and safety mechanism should be tested to avoid latent fault ElementSafety Mechanism Processing UnitD.2.3.3 self test by software (IST,PFM) D.2.3.6 HW redundancy (lockstep) SRAM/FL
15、ASHD.2.4.1 memory monitoring (ECC / cyclic checksum) Analog/Digital IOD.2.6.5 input comparasion (redundancy) ADC ConverterD.2.6.1 test pattern (or redundancy) Communication Bus D.2.7.68 information redundancy;frame counter;timeout Power SupplyD.2.8.2 voltage or current control (monitoring) Actuators
16、 D.2.6.4 output monitoring D.2.6.1 test pattern(SOPT) Using Safety Mechanism is 26262 The first hardware architecture for ASIL C or ASIL D Using Safety Mechanism is 26262 The first hardware architecture for ASIL C or ASIL D Hardware Safety Case Sharing Use the above outputs to welcome customers safety assessment 高手过招,迸发灵感
