汽车电子功能安全标准ISO26262解析(三)——硬件部分
2017-12-29 13:09
453 查看
1. The necessary activities and processes for the product development at the hardware level include:
(1) the hardware implementation of the technical safety concept;
(2) the analysis of potential hardware faults and their effects;
(3) the coordination with software development.
为了满足ISO26262,硬件方面需要做的工作包括:
(1) 功能安全概念的硬件实现;
(2) 潜在硬件失效及后果分析;
(3) 与软件开发协同合作。
2. 硬件功能安全相关工作:
硬件功能安全方面相关工作包括:
(1) 5.5 initiation of product development at the hardware level:
启动硬件设计
???具体包括哪些工作包?
目的是决定并计划硬件设计每个阶段的功能安全活动。
输入:完善后的项目计划、完善前的安全计划、完善后的集成测试计划
输出:完善后的安全计划
(2) 5.6 specification of hardware safety requirements:
定义硬件功能安全需求
输入:安全计划、安全概念、系统设计说明书、硬件软件接口说明
输出:硬件安全需求(包括测试和验证标准)、完善的硬件软件接口说明、硬件安全需求验证报告
???如何定义硬件功能安全需求,使用什么工具软件,模板如何?
They are derived from the technical safety concept and system design specification.
硬件功能安全需求来源于系统安全概念和系统设计文档。
The hardware safety requirements specification shall include each hardware requirement that relates to safety, including the following:
硬件功能安全需求文档包括所有和安全相关的硬件需求,包含如下几方面:
i. the hardware safety requirements and relevant attributes of safety mechanisms to control internal failures of the hardware of the element, this includes internal safety mechanisms to cover transient faults when shown to be relevant due, for instance,
to the technology used;
EXAMPLE 1 Attributes can include the timing and detection abilities of a watchdog.
为了控制硬件元器件内部错误的安全机制需求,例如看门狗的定时和检测能力。
ii. the hardware safety requirements and relevant attributes of safety mechnisms to ensure the element is tolerant to failures external to the element.
EXAMPLE 2 The functional behaviour required for an ECU in the event of an external failure, such as an open-circuit on an input of the ECU.
为了保证硬件元器件对于元器件外部的失效有一定容忍能力的安全机制需求,例如当输入引脚开路时,整个控制器产品的功能行为应该符合安全需求。
iii. the hardware safety requirements and relevant attributes of safety mechanisms to comply with the safety requirements of other elements.
EXAMPLE 3 Diagnosis of sensors or actuators.
其他硬件元器件的安全需求,例如传感器或执行器的诊断功能。
iv. the hardware safety requirements and relevant attributes of safety mechanisms to detect and signal internal or external failures;
EXAMPLE 4 The specified fault reaction time for the hardware part of a safety mechanism, so as to be consistent with the fault tolerant time interval.
为了检测内部或外部失效的相关安全机制,例如为了达到失效可容忍的时间间隔而定义好的失效反应时间。
v. the hardware safety requirements not specifying safety mechanisms.
EXAMPLE 5
---requirements on the hardware elements to meet the target values for random hardware failures as described in 6.4.3 and 6.4.4
---requirements for the avoidance of a specific behaviour(for instance, "a particular sensor shall not produce an unstable output");
---requirements allocated to hardware elements implementing the intended functionality;
---requirements specifying design measures on harnesses or connectors.
和安全机制无关的其他硬件安全需求。例如:
--- 在FMEDA、FMEA、FTA分析过程中,为了达到安全目标等级的要求,而对硬件元器件的需求;
---为了避免指定行为的需求,例如,指定的传感器不能产生不稳定的输出;
--- 为了实现设定功能的硬件元器件需求;
--- 指定的线束和连接器的设计方法。
(3) 5.7 hardware design: 硬件设计
The first objective of this clause is to desgin the hardware in accordance with the system design specification and the hardware safety requirements.
The second objective of this clause is to verify the hardware design against the system desgin specification and the hardware safety requirements.
硬件设计的目的一是依据系统设计文档和硬件功能安全需求来设计硬件,二是验证硬件设计是否符合系统设计文档和硬件功能安全需求。
Hardware design includes hardware architectural design and hardware detailed design.
硬件设计包括硬件架构设计和硬件具体设计。
i. Hardware architectural design
i. 硬件架构设计:
Each hardware component shall inherit the highest ASIL from the hardware safety requirements it implements. If ASIL decomposition is applied to the hardware safety requirements during hardware architectural design, it shall be applied in accordance with
ISO 26262-9:2011, Clause 5.
每一个硬件元器件应该从硬件安全需求继承最高的ASIL等级。如果需要ASIL等级分解,详细分解方法参考ISO 26262-9:2011中第五章。
Non-functional causes for failure of a safety-related hardware component shall be considered during hardware architectural design , including the following influences, if applicable: temperature, vibrations, water, dust, EMI,
cross-talk originating either from other hardware components of the hardware architecture or from its environment.
硬件元器件的非功能失效原因需要在硬件结构设计时考虑,包括:温度、振动、防水、防尘、EMI、串扰等。
ii. Hardware detailed design
ii. 硬件详细设计:
In order to avoid common design faults, relevant lessons learned shall be applied in accordance with ISO 26262-2:2011, 5.4.2.7.
为了避免通常的设计错误,相关的经验教训应确保被实施。有关经验教训的说明与规定见ISO 26262-2:2011,5.4.2.7.
Non-functional causes for failure of a safety-related hardware part shall be considered during hardware detailed design, including the following influences, if applicable: temperature, vibrations, water, dust, EMI, noise factor,
cross-talk originating either from other hardware parts of the hardware component or from its environment.
硬件元器件的非功能失效原因需要在硬件具体设计时考虑,包括:温度、振动、防水、防尘、EMI、串扰等。
The operating conditions of the hardware parts used in the hardware detailed design shall comply with the specification of their environmental and operational limits.
硬件元器件的工作条件在硬件具体设计时要满足环境使用规范和工作限值。
Robust design principles should be considered. Robust design principles can be shown by use of checklists based on QM methods.
可靠性设计原则应该被考虑。可靠性设计原则可以通过基于QM方法的检查表来体现。
EXAMPLE Conservative specification of components.
例如,保守的元器件说明书,即:设计时充分考虑元器件的裕量。
iii. safety analyses
iii. 安全分析
safety analyses on hardware design to identify the causes of failures and the effects of faults shall be applied in accordance with Table 2 and ISO 26262-9:2011, Clause 8.
安全分析的目的是确定失效的原因及后果。
The initial purpose of the safety analyses is to support the specfication of the hardware design. Subsequently, the safety analyses can be used for verification of the hardware design. In its aims
of supporting the specification of the hardware design, qualitative analysis can be appropriate and sufficient.
安全分析的最原始目的是用来支持硬件设计文档。后来,安全分析也能用来做硬件设计的验证。当安全分析作为支持硬件设计的手段时,定量的分析是合适的,并且是足够的。
在硬件设计阶段,安全分析的手段主要有FTA和FMEA。
iv. Verification of hardware design
iv. 硬件设计验证
If it is discoverd, during hardware design, that the implementation of any hardware safety requirement is not feasible, a request for change shall be issued in accordance with the change management
process in ISO 26262-8.
如果在硬件设计验证的过程中,发现任何硬件安全需求没有满足,那么需要提出变更申请。变更申请的管理流程参见ISO 26262-8。
硬件设计验证的手段中提到的安全分析指的是FMEDA。
=> 安全分析的手段有三种:FTA, FMEA, FMEDA。其中FTA和FMEA用来支持硬件设计,FMEDA用来进行硬件设计的验证。
(4) 5.8 evaluation of the hardware architectural metrics: FMEDA
定义了两个度量单位(SPF和LMSF)来衡量为了处理硬件随机失效而采取的硬件架构和功能安全机制的有效性。
(5) 5.9 evaluation of safety goal violations due to random hardware failures: FTA
作为FMEDA的补充,定义了两种替代方案来衡量违反安全目标的残余风险的概率是否足够低。两种方案分别是全局概率分布和使用割集分析的方法,目的是研究硬件元器件关于违反安全目标的每一个失效的影响。
(6) 5.10 hardware integration and testing: 硬件集成测试
(1) the hardware implementation of the technical safety concept;
(2) the analysis of potential hardware faults and their effects;
(3) the coordination with software development.
为了满足ISO26262,硬件方面需要做的工作包括:
(1) 功能安全概念的硬件实现;
(2) 潜在硬件失效及后果分析;
(3) 与软件开发协同合作。
2. 硬件功能安全相关工作:
硬件功能安全方面相关工作包括:
(1) 5.5 initiation of product development at the hardware level:
启动硬件设计
???具体包括哪些工作包?
目的是决定并计划硬件设计每个阶段的功能安全活动。
输入:完善后的项目计划、完善前的安全计划、完善后的集成测试计划
输出:完善后的安全计划
(2) 5.6 specification of hardware safety requirements:
定义硬件功能安全需求
输入:安全计划、安全概念、系统设计说明书、硬件软件接口说明
输出:硬件安全需求(包括测试和验证标准)、完善的硬件软件接口说明、硬件安全需求验证报告
???如何定义硬件功能安全需求,使用什么工具软件,模板如何?
They are derived from the technical safety concept and system design specification.
硬件功能安全需求来源于系统安全概念和系统设计文档。
The hardware safety requirements specification shall include each hardware requirement that relates to safety, including the following:
硬件功能安全需求文档包括所有和安全相关的硬件需求,包含如下几方面:
i. the hardware safety requirements and relevant attributes of safety mechanisms to control internal failures of the hardware of the element, this includes internal safety mechanisms to cover transient faults when shown to be relevant due, for instance,
to the technology used;
EXAMPLE 1 Attributes can include the timing and detection abilities of a watchdog.
为了控制硬件元器件内部错误的安全机制需求,例如看门狗的定时和检测能力。
ii. the hardware safety requirements and relevant attributes of safety mechnisms to ensure the element is tolerant to failures external to the element.
EXAMPLE 2 The functional behaviour required for an ECU in the event of an external failure, such as an open-circuit on an input of the ECU.
为了保证硬件元器件对于元器件外部的失效有一定容忍能力的安全机制需求,例如当输入引脚开路时,整个控制器产品的功能行为应该符合安全需求。
iii. the hardware safety requirements and relevant attributes of safety mechanisms to comply with the safety requirements of other elements.
EXAMPLE 3 Diagnosis of sensors or actuators.
其他硬件元器件的安全需求,例如传感器或执行器的诊断功能。
iv. the hardware safety requirements and relevant attributes of safety mechanisms to detect and signal internal or external failures;
EXAMPLE 4 The specified fault reaction time for the hardware part of a safety mechanism, so as to be consistent with the fault tolerant time interval.
为了检测内部或外部失效的相关安全机制,例如为了达到失效可容忍的时间间隔而定义好的失效反应时间。
v. the hardware safety requirements not specifying safety mechanisms.
EXAMPLE 5
---requirements on the hardware elements to meet the target values for random hardware failures as described in 6.4.3 and 6.4.4
---requirements for the avoidance of a specific behaviour(for instance, "a particular sensor shall not produce an unstable output");
---requirements allocated to hardware elements implementing the intended functionality;
---requirements specifying design measures on harnesses or connectors.
和安全机制无关的其他硬件安全需求。例如:
--- 在FMEDA、FMEA、FTA分析过程中,为了达到安全目标等级的要求,而对硬件元器件的需求;
---为了避免指定行为的需求,例如,指定的传感器不能产生不稳定的输出;
--- 为了实现设定功能的硬件元器件需求;
--- 指定的线束和连接器的设计方法。
(3) 5.7 hardware design: 硬件设计
The first objective of this clause is to desgin the hardware in accordance with the system design specification and the hardware safety requirements.
The second objective of this clause is to verify the hardware design against the system desgin specification and the hardware safety requirements.
硬件设计的目的一是依据系统设计文档和硬件功能安全需求来设计硬件,二是验证硬件设计是否符合系统设计文档和硬件功能安全需求。
Hardware design includes hardware architectural design and hardware detailed design.
硬件设计包括硬件架构设计和硬件具体设计。
i. Hardware architectural design
i. 硬件架构设计:
Each hardware component shall inherit the highest ASIL from the hardware safety requirements it implements. If ASIL decomposition is applied to the hardware safety requirements during hardware architectural design, it shall be applied in accordance with
ISO 26262-9:2011, Clause 5.
每一个硬件元器件应该从硬件安全需求继承最高的ASIL等级。如果需要ASIL等级分解,详细分解方法参考ISO 26262-9:2011中第五章。
Non-functional causes for failure of a safety-related hardware component shall be considered during hardware architectural design , including the following influences, if applicable: temperature, vibrations, water, dust, EMI,
cross-talk originating either from other hardware components of the hardware architecture or from its environment.
硬件元器件的非功能失效原因需要在硬件结构设计时考虑,包括:温度、振动、防水、防尘、EMI、串扰等。
ii. Hardware detailed design
ii. 硬件详细设计:
In order to avoid common design faults, relevant lessons learned shall be applied in accordance with ISO 26262-2:2011, 5.4.2.7.
为了避免通常的设计错误,相关的经验教训应确保被实施。有关经验教训的说明与规定见ISO 26262-2:2011,5.4.2.7.
Non-functional causes for failure of a safety-related hardware part shall be considered during hardware detailed design, including the following influences, if applicable: temperature, vibrations, water, dust, EMI, noise factor,
cross-talk originating either from other hardware parts of the hardware component or from its environment.
硬件元器件的非功能失效原因需要在硬件具体设计时考虑,包括:温度、振动、防水、防尘、EMI、串扰等。
The operating conditions of the hardware parts used in the hardware detailed design shall comply with the specification of their environmental and operational limits.
硬件元器件的工作条件在硬件具体设计时要满足环境使用规范和工作限值。
Robust design principles should be considered. Robust design principles can be shown by use of checklists based on QM methods.
可靠性设计原则应该被考虑。可靠性设计原则可以通过基于QM方法的检查表来体现。
EXAMPLE Conservative specification of components.
例如,保守的元器件说明书,即:设计时充分考虑元器件的裕量。
iii. safety analyses
iii. 安全分析
safety analyses on hardware design to identify the causes of failures and the effects of faults shall be applied in accordance with Table 2 and ISO 26262-9:2011, Clause 8.
安全分析的目的是确定失效的原因及后果。
The initial purpose of the safety analyses is to support the specfication of the hardware design. Subsequently, the safety analyses can be used for verification of the hardware design. In its aims
of supporting the specification of the hardware design, qualitative analysis can be appropriate and sufficient.
安全分析的最原始目的是用来支持硬件设计文档。后来,安全分析也能用来做硬件设计的验证。当安全分析作为支持硬件设计的手段时,定量的分析是合适的,并且是足够的。
在硬件设计阶段,安全分析的手段主要有FTA和FMEA。
iv. Verification of hardware design
iv. 硬件设计验证
If it is discoverd, during hardware design, that the implementation of any hardware safety requirement is not feasible, a request for change shall be issued in accordance with the change management
process in ISO 26262-8.
如果在硬件设计验证的过程中,发现任何硬件安全需求没有满足,那么需要提出变更申请。变更申请的管理流程参见ISO 26262-8。
硬件设计验证的手段中提到的安全分析指的是FMEDA。
=> 安全分析的手段有三种:FTA, FMEA, FMEDA。其中FTA和FMEA用来支持硬件设计,FMEDA用来进行硬件设计的验证。
(4) 5.8 evaluation of the hardware architectural metrics: FMEDA
定义了两个度量单位(SPF和LMSF)来衡量为了处理硬件随机失效而采取的硬件架构和功能安全机制的有效性。
(5) 5.9 evaluation of safety goal violations due to random hardware failures: FTA
作为FMEDA的补充,定义了两种替代方案来衡量违反安全目标的残余风险的概率是否足够低。两种方案分别是全局概率分布和使用割集分析的方法,目的是研究硬件元器件关于违反安全目标的每一个失效的影响。
(6) 5.10 hardware integration and testing: 硬件集成测试
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 汽车电子功能安全标准ISO26262解析(三)——硬件部分
- 汽车电子功能安全标准ISO26262解析(九)——系统部分
- 汽车电子功能安全标准ISO26262解析(九)——系统部分
- 汽车电子功能安全标准ISO26262解析(一)——总述部分
- 汽车电子功能安全标准ISO26262解析(一)——总述部分
- 汽车电子功能安全标准ISO26262解析(二)——需求部分
- 汽车电子功能安全标准ISO26262解析(二)——需求部分
- 汽车电子功能安全标准ISO26262解析(六)——硬件集成测试
- 汽车电子功能安全标准ISO26262解析(四)——FMEDA
- 汽车电子功能安全标准ISO26262解析(八)——ASIL等级分解
- 汽车电子功能安全标准ISO26262解析(四)——FMEDA
- 汽车电子功能安全标准ISO26262解析(八)——ASIL等级分解
- 汽车电子功能安全标准ISO26262解析(十二)——HARA分析
- 汽车电子功能安全标准ISO26262解析(十二)——HARA分析
- 汽车电子功能安全标准ISO26262解析(十一)——安全机制
- 汽车电子功能安全标准ISO26262解析(十一)——安全机制
- 汽车电子功能安全标准ISO26262解析(五)——FTA
- 汽车电子功能安全标准ISO26262解析(五)——FTA
- 汽车电子功能安全标准ISO26262解析(十)——HSI
- 汽车电子功能安全标准ISO26262解析(十)——HSI