ability of a functional unit to continue to perform a required function in the presence of faults or errors

**problem of only one actuator to be single point fault, though the random hardware failure can meet the given ASIL or SIL requirments, but the hardware safety concept of R_H1 not fulfilled

ability to deliver a specified functionality in the presence of one or more specified faults

**this definition is not the essence of fault tolerance.

**problem of only one actuator to be single point fault, though the random hardware failure can met the given ASIL or SIL requirements, but the hardware safety concept cannot meet the systematic failure requirements, that is the problems in ISO 26262

termination of the ability of a functional unit to provide a required function or operation of a functional unit in any way other than as required.

Only the function unit, and different layers had been defined, easily to be understood.

termination of an intended behaviour of an element or an item due to a faultmanifestation

not good enough for the vocabulary to centralized, like element, component, system, etc which had caused inevitably misuse in some scenarios

failure, occurring at a random time, which results from one or more of the possible degradation mechanisms in the hardware

**Also the random hardware failures induced both by design, BSR, environment, and production, commissioning, operation, decommissioning, deposites, etc, so the SN 29500, FIDES, and as well those including the failures in the production, etc, we prefer the IEC 61709-2017, will not use the IEC TR 62380 any more

**Preferably, the reliability focus on beta=1, but the times will cover from between B20-B80 of the life time confidence level, in 20% and 80% percent of the focus. (personal expectation)

in 0~20%, quality issue, ppm shall be lower than 100ppm by manufacturing cost, problems in design, manufacturing, product, EOL, etc

in 20%~80%, constant hardware failure, at that time, beta=1, caused in random hardware fault, PFH or PFH shall be calculated in this periods, for the target functional safety design if can meet the reliability hands-on target

in 80%~deposite, beta>1, aging, and environment factors

failure that can occur unpredictably during the lifetime of a hardware element and that follows a probability distribution

**ISO 26262 did not reveal the essence of the random hardware failures

documentation or other relevant factors

**same with ISOs

N/A, ISOs didnot have the similar way of dangerous failure, but have rather in comparison is following failures may included in dangerous way:

-single point failure

-residual failure

-multipoint failure

but the safety-related failure is not directly dangerous failure

failures that are not statistically independent, i.e. the probability of the combined occurrence of the failures is not equal to the product of the probabilities of occurrence of all considered independent failures

*ISOs will pay much attention in this aspect

discrepancy between a computed, observed or measured value or condition and the true, specified or theoretically correct value or condition

*IEC and ISO are the same definition

theoretically correct value or condition

erroneous changes to data content but no changes to the physical circuit itself

*most in the semiconductor

N/A

*describe in the ISOs-11

if symplified into constant failure distribution

mean unavailability of an E/E/PE safety-related system to perform the specified safety function when a demand occurs from the EUC or EUC control system

*for low demand system

expected time to achieve restoration

MTTR encompasses:
• the time to detect the failure (a); and,
• the time spent before starting the repair (b); and,
• the effective time to repair (c); and,
• the time before the component is put back into operation (d)

N/A