功能安全标准-ISO26262-8---安全分析手段FTA,FMEA,FMEDA_车载_应用_资讯

硬件设计验证的手段中提到的安全分析指的是FMEDA。

=> 安全分析的手段有三种：FTA, FMEA, FMEDA。其中FTA和FMEA用来支持硬件设计，FMEDA用来进行硬件设计的验证。

(4) 5.8 evaluation of the hardware architectural metrics: FMEDA

定义了两个度量单位(SPF和LMSF)来衡量为了处理硬件随机失效而采取的硬件架构和功能安全机制的有效性。

(5) 5.9 evaluation of safety goal violations due to random hardware failures: FTA

作为FMEDA的补充，定义了两种替代方案来衡量违反安全目标的残余风险的概率是否足够低。两种方案分别是全局概率分布和使用割集分析的方法，目的是研究硬件元器件关于违反安全目标的每一个失效的影响。

(6) 5.10 hardware integration and testing: 硬件集成测试

安全分析手段FTA

Evaluation of safety goal violations due to random hardware failures.

FTA是用来验证随机硬件失效导致的违背安全目标。

The objective of the requirements in this clause is to make available criteria that can be used in a rationale that the residual risk of a safety goal violation, due to random hardware failures of the item, is sufficiently low.

FTA的目的是验证由于硬件随机失效导致的违背安全目标的残余风险足够低。

除了FTA以外，还有一种方法可以完成和FTA类似的工作，叫做cut-set analysis，割集分析。

FTA分析结果的判定标准如表6所示。

Quantitative target values of requirement in table 6 shall be expressed in terms of average probability per hour over the operational lifetime of the item.

表6中的定量分析目标值通过整个生命周期内的每个小时平均失效率来表达。

A quantitative analysis of the hardware architecture with respect to the single-point, residual and dual-point faults shall provide evidence that target values of requirement table 6 have been achieved.

硬件架构的定量分析包括对于单点错误、残余错误和双点错误，不包括多点错误。

The quantitative analysis shall consider:

FTA分析需要考虑以下几点：

a) the architecture of the item;

设计架构。

b) the estimated failure rate for the failure modes of each hardware part that would cause a single-point fault or a residual fault;

对于导致单点错误或残余错误的每个硬件元器件的每个失效模式的失效率评估。

c) the estimated failure rate for the failure modes of each hardware part that would cause a dual-point fault;

对于导致双点错误的每个硬件元器件的每个失效模式的失效率评估。

d) the diagnostic coverage of safety-related hardware elements by safety mechanisms;

安全机制对于安全相关硬件元器件的诊断覆盖率。

e) the exposure duration in the case of dual-point faults.

双点错误的暴露持续时间。

Situation when the item is in power-down mode are not included in the calculation of the average probability per hour, thereby preventing the artificial reduction of the average probability per hour.

PHMF计算中未包含下电工作模式，因此，在计算时要手动去除下电模式的工作时间(=生命周期-整个生命周期内的工作时间)。

安全分析手段：FMEDA

Evaluation of the hardware architectural metrics.

FMEDA是硬件架构度量的一种验证方法。

The objective of this clause is to evaluate the hardware architecture of the item against the requirements for fault handling as represented by the hardware architectural metrics.

FMEDA的目的是通过硬件架构度量参数来验证硬件架构中为了满足需求而采用的错误处理机制。

This clause describes two hardware architectural metrics for the evaluation of the effectiveness of the architecture of the item to cope with random hardware failures.

为了处理硬件随机失效，采用两种硬件架构度量参数来验证架构的有效性。

=> FMEDA是针对硬件随机失效的分析方法。

For electromechanical hardware parts, only the electrical failure modes and the failure rates are considered.

对于电子-机械硬件元器件，只考虑电子方面的失效模式和失效率。

The estimated failure rates for hardware parts used in the analyses shall be determined:

硬件元器件的失效率可以通过以下几种方法决定：

(1) using hardware part failure rates data from a recognised industry source.

使用公认的工业数据库中的硬件元器件失效率，例如 SN29500。

(2) using statistic hased on field returns or tests. In this case, the estimated failure rate should have an adequate confidence level.

使用静态的市场返回品失效率或测试失效率。这种情况下，要求估计的失效率要有足够的置信度。

(3) using expert judgement founded on an engineering approach based on quantitative and qualitative arguments. Expert judgement shall be exercised in accordance with structured criteria as a basis for this judgement. These criteria shall be set before the estimation of failure rates is made.

通过专家判断，专家判断是基于定性和定量讨论的一种工程方法。专家判断在实施的过程中应该以结构性的标准作为基础。这些结构性的标准应该在失效率评估之前建立完成。

The criteria for expert judgement can include field experience, testing, reliability analysis and novelty of design.

专家判断的标准包括市场经验、测试、可靠性分析和设计的新颖性。

为了达到ASIL等级的需求，每个安全目标分析结果应满足表4和表5的要求。