ISO 26262-1 3.142
safety mechanism
technical solution implemented by E/E functions or elements (3.41), or by other technologies (3.105),
to detect and mitigate or tolerate faults (3.54) or control or avoid failures (3.50) in order to maintain
intended functionality (3.83) or achieve or maintain a safe state (3.131)
LZJ: 翻译起来有点绕口,大致包含以下几层意思:
1, 安全机制是一种维持预期功能或达到某种安全状态的技术方案;
2,这些技术方案包含了 电子电气功能或要素或其他的技术/工艺
3,其他技术/工艺(technologies)应该包含:机械设计,技术评审,验证等各种技术手段
3,方案实施达到的效果:探测和降低或容忍故障带来的危害,或者控制或避免失效。
4,方案实施达到的最终目的:维持预期功能或达到/维持一种安全状态
ISO 26262-4: 6.4.2
6.4.2.1
1. The safety mechanisms shall be specified by technical safety requirements including:
安全机制必须被技术安全需求详细定义。
LZJ: 也就是说,安全机制是在制定技术安全需求的过程中产生的。从流程上说,SM是在FSC/FSR之后,诞生在TSC/TSR之中的。
包含以下内容:
a) the measures related to the detection, indication and control of faults in the system itself (self-monitoring of the system or elements);
与系统本身故障的检测、指示和控制有关的措施(系统或要素的自我监测);
NOTE 1 This includes the self-monitoring of the system or elements to detect random hardware faults and, if appropriate, to detect systematic failures.
自我管理包括对系统或要素的随机硬件错误的检测及对系统失效的检测。
b) the measures related to the detection, indication and control of faults in external devices interacting with the system;
EXAMPLE External devices include other electronic control units, power supply or communication devices.
例如 外部器件错误的检测、指示、控制措施,包括其他电子控制器、电源和通信器件。
c) the measures that enable the system to achieve or maintain a safe state;
NOTE 2 This includes prioritisation and arbitration logic in the case of conflicting safety mechanisms.
使系统达到并保持安全状态的措施,包括冲突发生时的优先级处理和仲裁逻辑。
d) the measures to detail and implement the warning and degradation concept;
细化并实施报警和降级概念。
e) the measures which prevent faults from being latent(6.4.10).
NOTE 3 These measures are usually related to tests of measures during power up (pre-drive checks), operation, power down (post-drive checks) and as part of maintenance.
阻止错误成为潜在错误的措施,通常包括上电检测、下电检测、工作时周期性检测等。
2. ISO 26262-4: 6.4.2.2
For each safety mechanism that enables an item to achieve or maintain a safe state the following shall be specified:
对于每一种能够使相关项达到或保持安全状态的安全机制,应详细定义以下内容:
a) the transition to the safe state, including the requirements to control the actuators;
切换到安全状态的条件,包括控制执行器的需求;
b) the fault-tolerant time interval;
错误的容忍时间;
c) the emergency operation interval if the safe state can not be reached by immediately switching off;
如果不能通过立刻关断来达到安全状态,需要指明紧急操作的时间。
d) the measures to maintain the safe state.
保持安全状态的措施。