1、TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kin
2、etis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.Aug 2
3、011TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis,
4、Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.2W
5、eibo? Please use hashtag#FTF2011#Freescale on KaixinTag yourself in photos and upload your own! ISO26262 BasicsISO26262 at ECU / uC LevelISO26262 Advanced TopicsOutlook and SummaryTMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions l
6、ogo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa
7、and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.3TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo,
8、 mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and
9、Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.4Mobility for EveryoneSafety for EveryoneCleaner world for EveryoneEveryone Connected安全是汽安全是汽车技术发车技术发展的重要推展的重要推动力动力TMFreescale, t
10、he Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Pla
11、tform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.5Why care? 为何关心功能安全
12、?In U.S., 在美国:Over 29,000 people killed in front end collisions each year.Over 2M people injured each year; Over $200 Billion in damages each year.In China, 在中国: (Jan-Jun, 2010)159000 injured, 37000 people killed.World Wide, 全球: 1.25M killed each year, 3000 people killed every day, Over $500 Billion
13、.TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Ki
14、netis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.6186
15、CRGB: 208, 12, 51Use state of the artDevelopment for safety related electronics在与安全相在与安全相关的汽车系统中使关的汽车系统中使用成熟可靠的安全用成熟可靠的安全电子技术电子技术Introducing these Systemswill transfer risks from the driver to the technical system将将风险从驾驶员转移到与技术风险从驾驶员转移到与技术有有关的系统关的系统谁应该对安全负责?谁应该对安全负责?OEM,Tier1,or Driver?客观因素主观因素TMFre
16、escale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis,
17、 MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.7Safety is
18、 freedom from unacceptable risk- of physical injury- the health of damage to of people- to the environment安全:避免不可接受的风险 物理损坏; 人员的健康 对环境的损坏Functional Safety: State in which a vehicle function does not cause any intolerable endangering states, which are resulting from:- specification, implementation or
19、 realization errors,- failure during operation period,- reasonably foreseeable operational errors,- reasonably foreseeable misuse.功能安全:确保不会由以下的原因导致汽车的功能进入不可容忍的危险状态 规格,应用及实现上的错误; 运行期间的失效; 可能预见到的的运行错误; 可能预见到的的使用错误。TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware,
20、the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engin
21、e, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.8IEC 61508: General IndustryFunctional safety of electrical/electronic/programmable electroni
22、c safety-related systemsBasic functional safety standard applicable to all kind of industrySIL level (1 2 3 4)ISO26262: Road vehicles -Functional safetyAdaptation of the Functional Safety standard IEC 61508 for Automotive Electric/Electronic SystemsASIL Level (A B C D)Q4 2011DatesBeforeApril 2011Apr
23、il 2011End 2011During 2012ReleasesDIS part 1-10FDIS part 1-9IS part 1-9IS part 1 - 10-DIS part 10FDIS part 10-ISO26262 releases schedulesF: Final D: Draft IS: Internal StandardSafety OrganizationDevelopment ProcessSafety ArchitectureTMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrio
24、r, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge,
25、 Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.9Functional Safety Standards impose a structured way for the industry to
26、 proceed. Scope of ISO26262:“ISO 26262 is intended to be applied to safety-related systems that include one or more E/E systems and that are installed in seriesproduction passenger cars with a max gross weight up to 3,5 t. ”ISO26262 标准化了一套结构化的方法: 应用于重量小于3.5吨的乘用车上,与安全相关的电子电气系统中。The standards addressa
27、rchitectural & functional aspects 架构和功能方面procedural aspects (incl. safety lifecycle) 程序方面to avoid faults and to control faults 避免及控制故障considering systematic faults and random HW faults 系系统及随机统及随机的硬件故障的硬件故障Rigorous documentation serves as evidence for complying to the safety standards需要一套严格的文档系统来作为遵循
28、标准的证据TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis
29、, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.
30、1010 parts: 9 parts mandatory, part 10 informativeSpecifies requirements, which must be fulfilled (with evidence) to complyCentered around a safety lifecycle utilizing V-modelsPart 1 VocabularyPart 2 Management of functional safetyPart 3 Concept phasePart 4 Product development: system levelPart 5 Pr
31、oduct development: hardware levelPart 6 Product development: software levelPart 7 Production and operationPart 8 Supporting processesPart 9 ASIL-oriented and safety-oriented analysesPart 10 Guideline on ISO 26262 (informative)TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, Cold
32、Fire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivv
33、a, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.11TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFir
34、e, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva,
35、QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.12严重性严重性SeverityEstimate of the extent of harm to one or more individuals that can
36、 occur in a potentially hazardous situation受影响受影响ExposureState of being in an operational situation that can be hazardous if coincident with the failure mode under analysis可控性:通可控性:通过人及时过人及时的的反反应控制而避应控制而避免特定的危害的能力免特定的危害的能力Controllability:Ability to avoid a specified harm or damage through the timely
37、 reactions of the persons involved- 转向锁转向锁- 气囊引爆气囊引爆-Steering lock- Air Bag Firing- 起停系起停系统统-Stop & Start- 电池管理电池管理-Battery Management- 前灯前灯- 雨刮雨刮- Front Lightning- WipersASIL Definition (Automotive Safety Integrity Levels)TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFir
38、e, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva,
39、QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.13ASIL BASIL CASIL DPVSG 1/h10-7recom.10-710-8Probability of violation of safety g
40、oalsValues are total budget for whole system!uC typically receives 1% of total budget, i.e. 90%97%99%Single Point Fault MetricRobustness of the item to single-point (and residual) faults by coverage from safety mechanisms, or by designLFM60%80%90%Latent Fault Metric Robustness of the item to latent
41、faults by coverage from safety mechanisms, by the driver recognizing fault before violation of safety goal, or by designTMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are
42、trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
43、 All other product or service names are the property of their respective owners. 2011 Freescale Semiconductor, Inc.14Example: Airbag SystemKey steps according to ISO26262 Possible hazard: Inadvertent deployment. Associated safety goal:prevent inadvertent deployment Typical rating for inadvertent dep
44、loyment: ASIL D Possible functional safety concept:specify a redundant function to detect whether the vehicle is in a collision. Technical safety concept: specify the implementation of two independent accelerometers with different axial orientations and two independent firing circuits. The squib dep
45、loys if both are closed. A hazard analysis and risk assessment identifies hazards that need risk reduction; A safety goal is formulated for each hazardous event; An Automotive Safety Integrity Level (ASIL) is associated with each safety goal; The functional safety concept is a statement of the funct
46、ionality to achieve the safety goal(s); The technical safety concept is a statement of how this functionality is implemented in hardware and software; and Software safety requirements and hardware safety requirements state the specific safety requirements which will be implemented as part of the sof
47、tware and hardware design.TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdF
48、ire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. 2011 Freescal
49、e Semiconductor, Inc.15Example: Airbag SystemKey steps according to ISO26262 Possible hazard: Inadvertent deployment. Associated safety goal:prevent inadvertent deployment Typical rating for inadvertent deployment: ASIL D Possible functional safety concept:specify a redundant function to detect whet
50、her the vehicle is in a collision. Technical safety concept: specify the implementation of two independent accelerometers with different axial orientations and two independent firing circuits. The squib deploys if both are closed. A hazard analysis and risk assessment identifies hazards that need ri
