登陆
注册
IEC 61508ED2: series 02
来源:公众号“汽车安全前瞻研究”
2020-06-02
1779
[Author]
Renhong WENG, Safety, and Security, and RAMS investigator.
ZERO: relationship
First: IEC 61508ED2-4
continue from the definition and vocabulary.
| Vocabulary | IECs explanation | ISOs explanation | Comparison |
| harm | physical injury or damage to health of people or damage to property or the environment | phsical injury or damage to health of people | ISOs focus on people |
| Safety | freedom from unacceptable risk | absence of unreasonable risk | unacceptable focus on morality unreasonable focus on technical insufficient |
| functional safety | part of the overall safety relating to the EUC and the EUC control system that depends on the correct functioning of the E/E/PE safety-related systems and other risk reduction measures | absence of unreasonable risk due to hazardscaused by malfunctioning behaviour of E/E systems | IECs focus on the functional safety essence, ISOs focus on malfunctionality, IECs more basic, not only the malfunction, but also insufficient functionality, as well incorrect functioning |
| reasonably foreseeable misuse | use of a product, process or service in a way not intended by the supplier, but which may result from readily predictable human behaviour | not defined | Reasonably foreseeable misuse clearly defined in SOTIF, but not in ISO26262, IEC 61508 also focus on it. |
| functional unit | entity of hardware or software, or both, capable of accomplishing a specified purpose | N/A | in ISOs: item=functional unit |
| software | intellectual creation comprising the programs, procedures, data, rules and any associated documentation pertaining to the operation of a data processing system | N/A | |
| system software | system software part of the software of a PE system that relates to the functioning of, and services provided by, the programmable device itself | N/A | similar the basic software in ISOs |
| pre-existing software | software element which already exists and is not developed specifically for the current project or safety-related system. | N/A | LINUX, open source softwares etc are pre-existing software. AutoSAR and safety related COTs are not Pre-existing software |
| software on-line support tool | software tool that can directly influence the safety-related system during its run time | N/A | good classification, ISOs not very good in this |
| software off-line support tool | supports a phase of the software development lifecycle and that cannot directly influence the safety-related system during its run time. | N/A | good classification, ISOs not very good in this |
| architecture | specific configuration of hardware and software elements in a system | N/A | |
| low complexity E/E/PE safety-related system | -failure modes of each individual component are well defined -behaviour of system can be completely determined | N/A | |
| safety function | function to be implemented by an E/E/PE safety-related system or other risk reduction measures | N/A | safety function are in IEC 61508 |
| safety mechanism | technical solution implemented by E/E functions or elements, or by other technologies , to detect and mitigate or tolerate faults or control or avoid failures in order to maintain intended functionality or achieve or maintain a safe state | Safety mechanism is not safety functoin, or only part of safety function | |
| overall safety function | means of achieving or maintaining a safe state for the EUC, in respect of a specific hazardous event | N/A | functional safety are only part of overall safety |
| safety integrity level | discrete level (one out of a possible four), corresponding to a range of safety integrity values, where safety integrity level 4 has the highest level of safety integrity and safety integrity level 1 has the lowest | ||
| automotive safety integrity level | one of four levels to specify the item's or element's necessary ISO 26262 requirements and safety measures to apply for avoiding an unreasonable risk, with D representing the most stringent and A the least stringent level | ISOs definition not good enough to descirbe the essence | |
| systematic capability | measure of the confidence that the systematic safety integrity of an element meets the requirements of the specified SIL | N/A | ISOs did not have such indicator for ASIL level accomplishment |
| fault | abnormal condition that may cause a reduction in, or loss of, the capability of a functional unit to perform a required function | abnormal condition that can cause an element or an item to fail | |
| fault tolerance | ability of a functional unit to continue to perform a required function in the presence of faults or errors | ability to deliver a specified functionality in the presence of one or more specified faults | |
| failure | termination of the ability of a functional unit to provide a required function or operation of a functional unit in any way other than as required | termination of an intended behaviour of an element or an item due to a fault manifestation | |
| soft-error | erroneous changes to data content but no changes to the physical circuit itself | N/A | |
| failure rate | reliability parameter (λ(t)) of an entity (single components or systems) such that λ(t).dt is the probability of failure of this entity within [t, t+dt] provided that it has not failed during [0, t] | probability density of failure divided by probability of survival for a hardware element | IECs better |
| DC | fraction of dangerous failures detected by automatic on-line diagnostic tests. The fraction of dangerous failures is computed by using the dangerous failure rates associated with the detected dangerous failures divided by the total rate of dangerous failures | percentage of the failure rate of a hardware element, or percentage of the failure rateof a failure mode of a hardware element that is detected or controlled by the implemented safety mechanism | IECs wll be better at this points. ISOs DC only in hardware field. |
[REFERENCE]
ISOs
IECs
收藏
点赞
- 用户评论
2000
评论
