汽车电子功能安全标准ISO26262解析(五)——FTA

时间:2024-05-22 18:26:02

Evaluation of safety goal violations due to random hardware failures.

FTA是用来验证随机硬件失效导致的违背安全目标。

The objective of the requirements in this clause is to make available criteria that can be used in a rationale that the residual risk of a safety goal violation, due to random hardware failures of the item, is sufficiently low.

FTA的目的是验证由于硬件随机失效导致的违背安全目标的残余风险足够低。

除了FTA以外,还有一种方法可以完成和FTA类似的工作,叫做cut-set analysis,割集分析。

FTA分析结果的判定标准如表6所示。

汽车电子功能安全标准ISO26262解析(五)——FTA汽车电子功能安全标准ISO26262解析(五)——FTA

Quantitative target values of requirement in table 6 shall be expressed in terms of average probability per hour over the operational lifetime of the item.

表6中的定量分析目标值通过整个生命周期内的每个小时平均失效率来表达。

A quantitative analysis of the hardware architecture with respect to the single-point, residual and dual-point faults shall provide evidence that target values of requirement table 6 have been achieved. 

硬件架构的定量分析包括对于单点错误、残余错误和双点错误,不包括多点错误。

The quantitative analysis shall consider: 

FTA分析需要考虑以下几点:

a) the architecture of the item;

  设计架构。

b) the estimated failure rate for the failure modes of each hardware part that would cause a single-point fault or a residual fault;

对于导致单点错误或残余错误的每个硬件元器件的每个失效模式的失效率评估。

c) the estimated failure rate for the failure modes of each hardware part that would cause a dual-point fault;

对于导致双点错误的每个硬件元器件的每个失效模式的失效率评估。

d) the diagnostic coverage of safety-related hardware elements by safety mechanisms;

安全机制对于安全相关硬件元器件的诊断覆盖率。

e) the exposure duration in the case of dual-point faults.

双点错误的暴露持续时间。

Situation when the item is in power-down mode are not included in the calculation of the average probability per hour, thereby preventing the artificial reduction of the average probability per hour.

PHMF计算中未包含下电工作模式,因此,在计算时要手动去除下电模式的工作时间(=生命周期-整个生命周期内的工作时间)。