Professional Documents
Culture Documents
02 Slides 02 Ward MIRA Limited
02 Slides 02 Ward MIRA Limited
Dr David Ward
General Manager
Functional Safety
November 2012
! MIRA conducted the “concept phase” (ISO 26262 Part 3) in order to develop a
functional safety concept for vehicle supervisory control (VSC) on a novel
range-extended electric vehicle (REEV) architecture
! Activities included
- Item definition
- Initiation of safety lifecycle
- Hazard analysis and risk assessment (H&R)
- Definition of the functional safety concept (FSC) including warning and
degradation concept
Initiation of
3.6
safety lifecycle
Functional safety
3.8
concept
4 Product development
System level Allocation
Product development
External
HW SW to other Controllability
7.5 Production planning 5 6 measures
level level technologies
Fuel
Fuel tank
E-‐Drive
system
VDC HEVAC
APU VSC
HMI Ba7ery
DC-DC conv
User
information
User input
! Objectives
- Define and describe the VSC, including its interactions and dependencies
with the environment and other items
- Ensure an adequate understanding of the VSC is gained, so that
subsequent activities in the safety lifecycle can be performed
! The specifics of the VSC item definition for this project
- A functional architecture was defined for the VSC
- Primary VSC functions were defined
- External interfaces to other systems were defined (including interfaces
with brake/accelerator pedals, PRND, ACC, DSC, TCM, BMS, etc.)
- Preliminary internal functionality and dependencies defined
! In order to analyse how an item can lead to hazardous behaviour, it is first
necessary to understand how it works
Specification of technical
4-6
safety requirements
• No function
Identify • Partial/over/
vehicle From the features Functional degraded Hazard defined at
and functions list failures Hazards the vehicle level
• Intermittent
functions
• Unintended
! Candidates for harm could also be other road users e.g. pedestrians or
cyclists
Smarter Thinking. November 2012 We Deliver Smarter Thinking. 16
© MIRA Ltd 2012
ASIL determination
C1 C2 C3
E1 QM QM QM
E2 QM QM QM
S1
E3 QM QM ASIL A
E4 QM ASIL A ASIL B
E1 QM QM QM
E2 QM QM ASIL A
S2
E3 QM ASIL A ASIL B
E4 ASIL A ASIL B ASIL C
E1 QM QM ASIL A
E2 QM ASIL A ASIL B
S3
E3 ASIL A ASIL B ASIL C
E4 ASIL B ASIL C ASIL D
Specification of technical
4-6
safety requirements
! The item definition is a key activity to ensuring correct and complete execution
of the concept phase activities – it is not just identifying the system under
study
! A systematic and rigorous approach to hazard identification is needed
- In this example we have used functional failure analysis; other methods
can be used
- Note: ISO 26262 does not specify a particular hazard identification method
! The fault tolerant time interval is important in specifying the functional safety
concept
- In this example some simple calculations were used for initial
specification; these would need to be confirmed as development
progresses
Dr David Ward
MA (Cantab), PhD, CEng, CPhys, MInstP, MIEEE
MIRA Ltd
General Manager
Functional Safety Watling Street,
Nuneaton, Warwickshire,
CV10 0TU, UK
www.mira.co.uk