SOTIF FMEDA
[Author]
Renhong WENG, Safety, and Security, and RAMS investigator.
Zero: FMEDA in ISO 26262-2018
FMEDA in ISO 26262, there are two kinds of functions
1.to calculate random hardware architecture metric, SPFM, LFM
2.to calculate PMHF
in FMEDA there are following factors are very important:
1.failure cause, failure mode, failure effect
2.original failure rate, safety related failure rate
3.directly violate safety goal or not, if yes, then single point failure rate, or residual failure rate if saety mechanism existing
4.not directly violate safety goal, then at time, it is multipoint failure rate, then to see if have safety mechanism to protect, if yes, then safety mechanism directly to detect, which called the multi point failure being detected or perceived, the left is the multipoint latent fault, here the latent fault has primary and secondary two parts. primary source coming from single point failure had been detected part which had beem combined with safety mechanism, second is the multipoint failures not covered by multipoint detected or perceived then it is the violation.
5.example of FMEDA in ISO 26262-2018, refer into following:
First: SOTIF Situation or scenario factors
Use cases will includes following:
1.actions and events
2.goals and values
3.dynamic elements
4.scenery
5.self-representation
6.functional range
7.desired behavior
8.functional system boundaries
Then we can assembly them into following categories:
| Category | Context | |
| Safe in use | user expects more than the specified function (foreseeable/not foreseeable (mis)use) | actions and events goals and values desired behavior |
| Functional Safety | system integrator is not aware of a limit EE system (unknown limitations) systematic functional safety failure | scenery |
| Functional Performance | system integrator is aware of system limit (accepted risk, specified limitation) | self-representation functional range functional system boundaries |
Second: Scenario factors
Third: SOTIF FMEDA
As REF3,Dr Wilhard, For RISK level evaluation, we see it as FMEDA or quantified SOTIF
Field data = F1*F2*F3*F4
| F1 | Probability of undesired behaviour: target to be defined | based on human driving skills |
| F2 | Exposure ratio: can be considered consistently with HARA | E value |
| F3 | Controllability ratio: can be considered consistently with HARA | C value |
| F4 | Severity ratio: can be considered consistently with HARA | S value |
SOTIF FMEDA results
| calculates |
| the probability of an incident for each severity over vehicle life time |
| SAE level 4 or more system shall injure significant less people than the natural human mortality rate being approximately 10E-6 |
SOTIF FMEDA Target value follows following
Rapid Alert System for dangerous non-food
products
| https://www.rivm.nl/bibliotheek/rapporten/090013001.pdf |
Following is the detail example from the reference 3
current example analyses 959.040 combinations of parameters (operating scenarios)
the physical parameters and physical parameter distribution
Forth: conclusion
SOTIF FMEDA only reference result, not serious calculation here
| Totol exposure |
| 100% |
| Dangerous undetected exposure |
| 9.43E-02 |
| Number of combinations (scenarios) |
| 959.04 |
[REF]
1.ISO 26262-2018
2.ISO 21448 CD
3.Quantitative SOTIF Analysis for highly automated driving systems
- 用户评论