本文探讨了故障、错误和失效在系统工程中的定义和相互关系。故障是可能导致元素或组件失效的异常状态,分为永久、间歇和瞬时。错误是计算、观察或测量值与正确值之间的偏差,可能由系统内部的故障引起。失效是由于故障导致的元件或项目的预期行为终止。这些概念在系统安全性评估和故障模式分析中至关重要。
一,故障(fault),错误(error),失效(failure) 之间的关系
相互间的关系用图片显示起来印象会更深刻些
二,定义与解读
Part1 3.54 Fault 故障
abnormal condition that can cause an element (3.41) or an item (3.84) to fail
Note 1 to entry: Permanent, intermittent, and transient faults (3.173) (especially soft errors) are considered.
Note 2 to entry: When a subsystem is in an error (3.46) state it could result in a fault for the system (3.163).
Note 3 to entry: An intermittent fault occurs from time to time and then disappears again. This type of fault can occur when a component (3.21) is on the verge of breaking down or, for example, due to an internal malfunction in a switch. Some systematic faults (3.165) (e.g. timing irregularities) could lead to intermittent faults.
总结为:可能导致要素(3.41)或相关项(3.84)失效的异常状态。
故障分类
单点故障:某硬件要素发生故障可直接导致违背安全目标,并且没有任何安全机制来预防其某些故障违背安全目标
残余故障:某硬件要素发生故障可直接导致违背安全目标,至少有一个安全机制预防其某些故障违背安全目标
双点故障:促使安全目标的违背;仅与另一个独立硬件故障联合才能导致安全目标的违背
潜伏故障:直接导致或促使违背安全目标,但不被安全机制探测也不被驾驶员感知
安全故障:全部n点故障(n>2)或与安全目标违背无关的故障
Part1 3.46
error 错误
discrepancy between a computed, observed or measured value or condition, and the true, specified or theoretically correct value or condition
Note 1 to entry: An error can arise as a result of a fault (3.54) within the system (3.163) or component (3.21) being considered.
总结为:得到的与设计的不符。
ISO26262-Part1 2018版在 Error 的Note 上做了删改,如下是2011版的描述
2018版删除了unforeseen operating conditions,应该是直接把它归为Fault了。同时也删除了Note 2,不知何意。
Part1 3.50
failure 失效
termination of an intended behaviour of an element (3.41) or an item (3.84) due to a fault (3.54)
manifestation
Note 1 to entry: Termination can be permanent or transient.
总结为:故障导致要素或相关项的预期行为被(瞬时或永久)终止
扫一扫
1359
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
