ISO26262解析（九）——系统部分

1. Initiation of product development at the system level 产品开发系统级别启动

The ojective of the initiation of the product development at the system level is determine and plan the functional safety activities during the individual subphases of system development. 

系统启动的目的是决定并计划系统开发过程中每个子阶段的功能安全活动。

 

输入：functional safety concept 功能安全概念  ISO 26262-3：8.5.1

          project plan 项目计划  ISO 26262-2: 6.5.2

          safety plan 安全计划  ISO 26262-2: 6.5.1

          functional safety assessment plan 功能安全评估计划  ISO 26262-2: 6.5.6

输出： validation plan 验证计划

          item integration and testing plan 集成和测试计划

2. technical safety requirements 技术安全需求阶段

The technical safety requirements specification refines the functional safety concept considering the functional concept and the preliminary architectural design.

技术安全需求在考虑功能概念和最初版架构设计的前提下，完善功能安全概念。

The technical safety requirements describe how to implement the functional safety concept. It is intended to detail the item-level functional safety requirements into system-level technical safety requirements, down to the allocation to hardware and software elements.

技术安全需求描述如何实施功能安全概念。目标是细化条目级功能安全需求到系统级别技术安全需求，并将技术安全需求分配到硬件和软件模块。

输入：functional safety concept 功能安全概念

         validation plan 验证计划

         safety goals 安全目标 ISO 26262-3： 7.5.2

输出：techinical safety requirements specification 技术安全需求文档

         system-level verification report系统级别验证报告

3. system design 系统设计阶段

1) technical safety concept 系统技术层面的功能安全概念 

2) system design specification系统设计文档

3) allocation of technical safety requirements to hardware and software and other technologies

分配系统安全需求到硬件功能安全需求、软件功能安全需求和其他方面技术的功能安全需求

 a. If requirements with different ASILs are allocated to the same architectural element, this element shall be developed in compliance with the highest ASIL.

当多个ASIL等级分配到同一个架构模块时，该模块应该按照最高级别的ASIL等级进行开发。

b. internal and external interfaces of safety-related elements shall be defined precisely, in order to avoid other elements having adverse safety-related effects on the safety-related elements.

与安全相关模块的内部和外部接口必须精确定义，以避免其他模块对安全相关模块产生不利于安全的影响。

c. measures for the avoidance of systematic failures

避免系统失效的方法

    (i): deductive and inductive analysis to identify causes and effects of systematic failures shall be applied.

     演绎法和归纳法用来识别系统失效的原因和结果。

NOTE 1 The purpose of these analyses is to assist in specifying the design. At this stage, qualitative analyses are likely to be appropriate and sufficient. Quantitative analyses can be performed if appropriate.

 FTA和FMEA的目的是支持确切设计。在这个阶段，定性的分析看上去比较合适和充分。如果合适的话，也可以进行定量的分析。

NOTE 2 The analysis is conducted at an appropriate level of detail。

分析的详细程度需要合适。

     (ii) well-trust 最大程度可以信任

 To reduce the likelihood of failures associated with new designs, well-trusted design principles for automotive systems should be applied. These including the following: 

  为了降低新设计的失效可能性，最大程度可以信任的原则被使用在汽车系统中。包括：

         （a） Re-use of well-trusted safety architecture;

         （b）Re-use of well-trusted design principles or designs for elements, hardware and software components;;

         （c） Re-use of well-trusted mechanisims for the detection and control of failures;

         （d） Re-use of well-trusted or standardised interfaces. 

   (iii) Sources of systematic failures within the item iteself that could contribute to the violation of a safety goal should be identified and avoided. 

可能造成违背安全目标的系统失效原因应指明，并避免。

  (iv) Sources of adverse safety effects on the item from other systems outside the item shall be identified and avoided or else their consequences shall be mitigated.

可能对安全有影响的其他系统模块原因应指明并避免。

d. measures for control of random hardware failures during operation

控制硬件随机失效的方法

    (i). Measures for detection and control, or control, of random hardware failures shall be specified with respect to the system design.

为了检测或控制硬件随机失效的方法应指明。

EXAMPLE 1 Specification of diagnostics features of the hardware and their usage by the software to detect random hardware failures.

例如，硬件的诊断特性和软件对该诊断特性的使用情况应说明。

    (ii) The target vaules for both metrics of FMEDA shall be specified for final evaluation at the item level.

      FMEDA的两种度量SPF, LMF目标值应指明。

   (iii) The target value for final validation at item level shall be specified.

      FTA的PMHF目标值应指明。

   (iiii) Appropriate targets for failure rates and diagnostic coverage should be specified at element level in order to comply with the target values of the SPF, LMF, PMHF.

     为了满足SPF、LMF、PMHF的目标值，失效率和诊断覆盖率的目标值应指明。

e. allocation to hardware and software 

    分配需求到硬件和软件

   Every technical safety requirement shall be allocated to hardware, software or both, either directly or by further refinement.

每一条技术安全需求都应该被分配到硬件或/和软件，可以直接分配，或者进一步完善后分配。

f. Hardware software interface specification (HSI)

The HSI shall be specified during system design and shall be detailed during hardware development and software development.

HSI应在系统设计阶段说明，并在硬件和软件阶段进行细化。

HSI shall include hardware devices of the component that are controlled by software and hardware resources that support execution of software.

HSI应包括被软件控制的硬件元器件和支持软件运行的硬件源。
--------------------- 
作者：pianpian_zct 
来源：CSDN 
原文：https://blog.csdn.net/pianpian_zct/article/details/79094038 
版权声明：本文为博主原创文章，转载请附上博文链接！