The LSI development to achieve functional safety compliant with ISO26262 standard has three processes; which are Safety Concept, Design, and Verification. This article describes the overview of Safety Concept, which is a unique process to the functional safety standard.
In the Safety Concept process, as shown in Fig. 1, safety analysis and architecture-level design are performed based on the Technical Safety Requirements, TSR (derived from the development object from the system perspective) and the LSI development requirements.
In the safety analysis step, Failure Mode and Effect Analysis (FMEA) are used to identify the components and their effects on higher-level items to find imperfections and potential defects in the design. And Fault Tree-style Analysis (FTA) is used to determine whether subordinate item or external event, or combination of these fault modes can cause the defined fault mode.
In the architecture-level safety design process, potential defects of built-in functions and subordinate items (elements) that cause fault mode are identified from the FMEA table and FTA diagram, and safety mechanisms are inserted to subordinate items that cause fault mode at the architecture level for taking measures to shift to a safe state for defects.
Hardware Safety Requirements (HSR) are created for safety design results with input from LSI development requirements. The items described in HSR are as follows.
- Explanation of safety mechanisms
– Detection and control method of internal failure
– Robustness of external failures, such as failures caused by interfaces
– Usefulness of safety mechanism for detecting faults in external elements
- Support for warning and degeneracy concepts
– Send a signal to the driver and other system elements when a fault is detected
– Detection and control of latent faults
– Hardware metric target value specifications
– Probability Metric for random Hardware Failure (PMHF)
– Single point fault metric, latent fault metric
– Functional specifications
- Hardware element verification criteria
– Environmental conditions
– Operating environment
- Hardware component specific requirements
– Verification of evaluation of hardware elements
– Component verification / testing
Fig. 1 Safety Concept process overview