BS PD ISO PAS 19451-1-2016 Application of ISO 26262 2011-2012 to semiconductors Application of concepts《ISO 26262-2011-2012半导体应用 概念应用》.pdf

《BS PD ISO PAS 19451-1-2016 Application of ISO 26262 2011-2012 to semiconductors Application of concepts《ISO 26262-2011-2012半导体应用 概念应用》.pdf》由会员分享，可在线阅读，更多相关《BS PD ISO PAS 19451-1-2016 Application of ISO 26262 2011-2012 to semiconductors Application of concepts《ISO 26262-2011-2012半导体应用 概念应用》.pdf（136页珍藏版）》请在麦多课文档分享上搜索。

1、PD ISO/PAS 19451-1:2016 Application of ISO 26262:2011-2012 to semiconductors Part 1: Application of concepts BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06PD ISO/PAS 19451-1:2016 PUBLISHED DOCUMENT National foreword This Published Document is the UK implementation

2、 of ISO/PAS 19451-1:2016. The UK participation in its preparation was entrusted to Technical Committee AUE/16, Data Communication (Road Vehicles). A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the n

3、ecessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 85460 6 ICS 43.040.10 Compliance with a British Standard cannot confer immunity from legal obligations. This Published

4、Document was published under the authority of the Standards Policy and Strategy Committee on 31 July 2016. Amendments issued since publication Date Text affectedPD ISO/PAS 19451-1:2016 ISO 2016 Application of ISO 26262:2011-2012 to semiconductors Part 1: Application of concepts Application de lISO 2

5、6262:2011-2012 aux semi-conducteurs Partie 1: Application des concepts PUBLICLY AVAILABLE SPECIFICATION ISO/PAS 19451-1 First edition 2016-07-15 Reference number ISO/PAS 19451-1:2016(E)PD ISO/PAS 19451-1:2016ISO/PAS 19451-1:2016(E)ii ISO 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO 2016

6、, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission.

7、Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.orgPD ISO/PAS 19451-1:2016ISO

8、/PAS 19451-1:2016(E)Foreword vi Introduction vii 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 1 4 Symbols and abbreviated terms . 2 5 Analogue/mixed signal components and ISO 26262 4 5.1 About analogue and mixed signal components 4 5.2 Analogue and mixed signal components and fail

9、ure modes . 5 5.2.1 About failure modes 5 5.2.2 About safe faults 13 5.2.3 About transient faults .14 5.3 Notes about safety analysis .14 5.3.1 General.14 5.3.2 Level of granularity of analysis .14 5.3.3 Examples of usage of failure mode distributions15 5.3.4 Example of failure rates estimation for

10、an analogue part .16 5.3.5 Example of safety metrics computation .17 5.3.6 Dependent failures analysis 31 5.3.7 Verification of architectural metrics computation 31 5.4 Examples of safety mechanisms .32 5.4.1 Resistive pull up/down .33 5.4.2 Over and under voltage monitoring .33 5.4.3 Voltage clamp

11、(limiter) . .34 5.4.4 Over-current monitoring .34 5.4.5 Current limiter 34 5.4.6 Power on reset 34 5.4.7 Analogue watchdog 34 5.4.8 Filter 35 5.4.9 Thermal monitor.35 5.4.10 Analogue Built-in Self-Test (Analogue BIST) 35 5.4.11 ADC monitoring .35 5.4.12 ADC attenuation detection .35 5.4.13 Stuck on

12、ADC channel detection35 5.5 About avoidance of systematic faults during the development phase .36 5.6 About safety documentation 39 6 Intellectual property and ISO 26262 39 6.1 About intellectual property .39 6.1.1 Understanding intellectual property .39 6.1.2 Types of intellectual property .40 6.2

13、Safety requirements for intellectual property 41 6.3 Intellectual property lifecycle .43 6.3.1 ISO 26262 and the intellectual property lifecycle 43 6.3.2 Intellectual property as safety element out of context (SEooC) 44 6.3.3 Intellectual property designed in context .45 6.3.4 Intellectual property

14、use through hardware component qualification .45 6.3.5 Intellectual property use through proven in use argument 45 6.4 Work products for intellectual property45 6.4.1 ISO 26262 and work products for intellectual property 45 6.4.2 Safety plan 45 6.4.3 Safety requirements and verification review of th

15、e IP design 46 6.4.4 Safety analysis report .46 ISO 2016 All rights reserved iii Contents PagePD ISO/PAS 19451-1:2016ISO/PAS 19451-1:2016(E)6.4.5 Analysis of dependent failures 46 6.4.6 Confirmation measure reports .46 6.4.7 Development interface agreement 47 6.4.8 Integration documentation set .47

16、6.5 Integration of black-box intellectual property .48 7 Multi-core components and ISO 26262 .49 7.1 Types of MC components 49 7.2 Implications of ISO 26262 on MC components 49 7.2.1 Introduction 49 7.2.2 ASIL decomposition in MC components .50 7.2.3 Coexistence of elements with different ASILs in M

17、C components .52 7.2.4 Freedom from interference (FFI) in MC components .53 7.2.5 Software partitioning in MC components .54 7.2.6 Dependent failures in MC component 54 7.2.7 Timing requirements in MC component 54 8 Programmable logic devices and ISO 26262 55 8.1 About programmable logic devices 55

18、8.1.1 General.55 8.1.2 About PLD types 56 8.1.3 ISO 26262 Lifecycle mapping to PLD 56 8.2 Fault models and failure modes of PLD 59 8.3 Notes about safety analyses for PLDs .61 8.3.1 Quantitative analysis for a PLD 61 8.3.2 Dependent failure analysis for a PLD 65 8.4 Examples of safety mechanisms for

19、 PLD .67 8.5 Avoidance of systematic faults for PLD .68 8.5.1 Avoiding systematic faults in the implementation of PLD 68 8.5.2 About PLD supporting tools 68 8.5.3 Avoiding systematic faults for PLD users 68 8.6 Safety documentation for a PLD .70 8.7 Example of safety analysis for PLD .71 8.7.1 Archi

20、tecture of the example 71 8.7.2 PLD external measures 72 8.7.3 PLD internal measures 73 9 Base failure rate estimation and ISO 26262 (all parts) 76 9.1 About base failure rate estimation 76 9.1.1 Impact of failure mechanisms on base failure rate estimation .76 9.1.2 Considerations in base failure ra

21、te estimation for functional safety .77 9.1.3 Techniques for base failure rate estimation 78 9.1.4 Documentation on the assumptions for base failure rate calculation 78 9.2 (General) clarifications on terms .78 9.2.1 Clarification of transient fault quantification.78 9.2.2 Clarification on component

22、 package failure rate 79 9.2.3 Clarification on power-up and power-down times .80 9.3 Permanent base failure rate calculation methods .80 9.3.1 Permanent base failure rate calculation using industry sources 80 9.3.2 Permanent base failure rate calculation using field data statistics .87 9.3.3 Calcul

23、ation example of hardware component failure rate 89 9.3.4 Base failure rate calculation using accelerated life tests 92 9.3.5 Failure rate distribution methods 93 10 Semiconductor dependent failure analysis and ISO 26262 94 10.1 Introduction to DFA for semiconductors .94 10.2 Relationship between DF

24、A and safety analysis 95 10.3 Dependent failure scenarios 95 10.4 Distinction between cascading failures and common cause failures 98 10.5 Dependent failure initiators .98 iv ISO 2016 All rights reservedPD ISO/PAS 19451-1:2016ISO/PAS 19451-1:2016(E)10.5.1 Dependent failure initiator list .98 10.5.2

25、Verification of mitigation measures 103 10.6 DFA workflow 104 10.6.1 DFA decision and identification of HW and SW elements (B1) .104 10.6.2 Identification of DFI (B2) .105 10.6.3 Sufficiency of insight provided by the available information on the effect of identified DFI (B3 and B4) 105 10.6.4 Conso

26、lidation of list of relevant DFI (B5) .105 10.6.5 Identification of necessary safety measures to control or mitigate DFI (B6) .106 10.6.6 Sufficiency of insight provided by the available information on the defined mitigation measures (B7 and B8) .106 10.6.7 Consolidate list of safety measures (B9) .

27、106 10.6.8 Evaluation of the effectiveness to control or to avoid the dependent failure (B10) . 106 10.6.9 Assessment of risk reduction sufficiency and if required improve defined measures (B11 and B12) 107 10.7 Examples of dependent failure analysis 107 10.7.1 Microcontroller example .107 10.7.2 An

28、alog example .113 Bibliography .122 ISO 2016 All rights reserved vPD ISO/PAS 19451-1:2016ISO/PAS 19451-1:2016(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards

29、 is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take p

30、art in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In parti

31、cular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives Attention is drawn to the possibility that some of the elements of this do

32、cument may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received. www.iso.org/

33、patents Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO prin

34、ciples in the Technical Barriers to Trade (TBT), see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/TC 22, Road vehicles, Subcommittee SC 32, Electrical and electronic components and general system aspects. ISO/PAS 19451 consists of the fol

35、lowing parts, under the general title Application of ISO 26262:2011- 2012 to semiconductors: Part 1: Application of concepts Part 2: Application of hardware qualificationvi ISO 2016 All rights reservedPD ISO/PAS 19451-1:2016ISO/PAS 19451-1:2016(E) Introduction This document is an informative guideli

36、ne which provides users of the ISO 26262 series of standards recommendations and best practices which can be utilized when applying ISO 26262 to semiconductor components and parts. This document was created by a group of industry experts including semiconductor developers, system developers, and veh

37、icle manufacturers in order to clarify concerns seen after the initial release of the ISO 26262 series of standards and when possible to align on common interpretations of the standard. This document serves to augment the existing normative and informative guidance in the ISO 26262 series of standar

38、ds. The approach is similar to that taken in writing ISO 26262-10:2012, Annex A, “ISO 26262 and microcontrollers,” with extension to additional types of semiconductor technologies and relevant topics. ISO 2016 All rights reserved viiPD ISO/PAS 19451-1:2016PD ISO/PAS 19451-1:2016Application of ISO 26

39、262:2011-2012 to semiconductors Part 1: Application of concepts 1 Scope This document is applicable to developers who are evaluating the use of semiconductor components or parts in hardware components, systems, or items developed according to ISO 26262. 2 Normative references The following documents

40、, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 26262-1, Road vehicles Fun

41、ctional safety Part 1: Vocabulary ISO 26262-2:2011, Road vehicles Functional safety Part 2: Management of functional safety ISO 26262-9:2011, Road vehicles Functional safety Part 9: Automotive Safety Integrity Level (ASIL)- oriented and safety-oriented analyses 3 T erms a nd definiti ons For the pur

42、poses of this document, the terms and definitions given in ISO 26262-1 and the following apply. 3.1 base failure rate BFR failure rate of a hardware element in a given application use case used as an input to functional safety analysis according to ISO 26262-5:2011, 8.4.3 3.2 guest machine virtual i

43、nstance of a processing element (3.7) 3.3 host machine processing element (3.7) which implements a hypervisor (3.4) and one or more guest machines (3.2) 3.4 hypervisor software or hardware that instantiates and manages one or more virtual design elements Note 1 to entry: A hypervisor is sometimes re

44、ferred to as a virtual machine monitor. 3.5 microkernel -kernel software which provides the minimal mechanisms needed to implement an operating system PUBLICLY AVAILABLE SPECIFICATION ISO/PAS 19451-1:2016(E) ISO 2016 All rights reserved 1PD ISO/PAS 19451-1:2016ISO/PAS 19451-1:2016(E) 3.6 multi-core

45、MC hardware element which includes two or more hardware processing elements 3.7 processing element PE element providing a set of functions for data processing, normally consisting of a register set, an execution unit, and a control unit EXAMPLE A hardware component consisting of four cores can be de

46、scribed as having four processing elements. 3.8 programmable logic device PLD device which provides user programmable logic and signal routing functions which generate application specific logic functions 3.9 virtualization creation of a virtual (rather than physical) version of an element, includin

47、g but not limited to a computer hardware platform, operating system (OS), storage device, or computer network resource 4 Symbols and abbreviated terms ADC Analogue to Digital Converter ASET Analogue Single Event Transient BIST Built-In Self-Test CPU Central Processing Unit DAC Digital to Analogue Co

48、nverter DFA Dependent Failure Analysis DFI Dependent Failure Initiator DMA Direct Memory Access DMOS Double Diffused Metal Oxide Semiconductor (HV MOS) DSP Digital Signal Processor EMC Electromagnetic Compatibility EMI Electromagnetic Interference ESD Electrostatic Discharge EVR Embedded Voltage Reg

49、ulator FET Field Effect Transistor FFI Freedom from Interference FIT Failures in Time2 ISO 2016 All rights reservedPD ISO/PAS 19451-1:2016ISO/PAS 19451-1:2016(E) FMEA Failure Modes and Effects Analysis FPGA Field Programmable Gate Array FTA Fault Tree Analysis GPU Graphics Processing Unit HV High Voltage HW Hardware HS High Side ISA Instruction Set Architecture LDO Low Drop Output Regulator LS Low Side LSB Least Significant Bit MMU Memory Management Unit MPU Memory Protection Unit OP AMP Operational Amplifier OS Operating System