SG- Safety Goal
uese Severity , Exposure , Controllability to get the ASIL level
SM - Safety Mechanism
Components Redundency
Can be Detected in circuit
Can be Perceived by driver
As noted in §5, it is required to implement safety measures to prevent the violation of all safety goals rated ASIL A or higher. However, no detection or mitigation measure can prevent 100% of the safety goal violations. The gap in diagnostic coverage and failures in the detection and mitigation measures still lead to the safety goal violation.
After applying detection and mitigation to a single point fault, the remaining failure rate leading to safety goal violation is called the residual fault. Since it has the same effect (but less often) than the signal point fault, the rates are added together when calculating the Single Point Fault Metric (SPFM).
Independent multiple point faults do not immediately lead to safety goal violations. However, without detection, these faults could persist indefinitely, and thus their failure rates are assigned 100% to the latent fault metric. After applying detection and mitigation to a multiple point fault, only the remaining (undetected or unmitigated) failure rate is assigned to the latent fault metric.
Single Point Fault Metric
|
|
ASIL B |
ASIL C |
ASIL D |
| Single point faults metric |
> 90 % |
> 97 % |
> 99 % |
Latent (Multiple Point) Fault Metric
最低0.47元/天 解锁文章
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
