[Author]

Renhong WENG, Safety, and Security, and RAMS investigator.

First: Safety failure fraction

Unlike quotients in ISO 26262, IEC 61508 didnot have the latent fault something, but have one critical index called safety failure fraction, defined as following:

(a) sure about the failure mode and effect anlaysis to determine the effect of each failure mode of each component or group of components in the element on the behaviour of the E/E/PE safety-related systems in the absence of diagnostic tests

(b) Failure Property identification whether it is safe failure or dangerous failure or not

(c) identify safe failure rate lamda(s), dangerous failure rate lamda(d). If the failure rate is not constant, its average over the period shall be estimated and used in DC and SFF calculations

(e) dangerous failure rate that is detected by the diagnostic tests lamda(Dd)

(f)total dangerous failure rate Zigma_lamda(D), total dangerous failure rate that is detected by the diagnostic tests Zigma_lamda(Dd), and the total safe failure rate Zigma_lamda(S)

(g) diagnostic coverage of element as Zigma_lamda(Dd)/Zigma_lamda(D)

(h) safety failure fraction as:

when the failure rate is not constant, then the safety failure fraction as:

The analysis used to determine the diagnostic coverage and safe failure fraction shall include all of the components, including electrical, electronic, electromechanical, mechanical etc, thatare necessary to allow the element to process the safety function(s) as required by the   E/E/PE safety-related system.

Second: ISO 26262 SPFM LFM

in ISOs, we will use THE SPFM and LFM to describe the random hardware failure rate in architecture level, that is:

4 types of fault type:

- single point fault

- residual fault

- multipoint fault

- safe fault

For SPFM:

Latent fault metric:

NOTE:

1.safe fault can be the multipoint fault, but also some kind of fail safe failure rate, or fault tolerant failure rate, fault silent failure rate. if we add up everything into safe fault as multipoint fault in detected,perceived (as they didnot have contribution to violation to safety goal even in multipoint rate), then at that time SPFM keeps unchanged,    LFM will be higher, compared to those safe fault not regarded as multipoint fault in detected, perceived.

2. Diagnostic evaluation in ISOs, using following formular

Thanks for your reading.