汽车电子功能安全标准ISO26262解析（五）——FTA

Evaluation of safety goal violations due to random hardware failures.

FTA是用来验证随机硬件失效导致的违背安全目标。

The requirements' objectives aim to provide criteria that are usable within rationale, ensuring that the residual risk of potential safety goal violations stemming from random hardware failures within the item is kept at an acceptably low level.

FTA的主要目标是评估由于硬件随机失效所引致的安全目标违背的风险是否低于预期水平

此外，在FTA之外存在另一种方法能够实现与FTA相仿的任务，并将其称为cut-set analysis

FTA分析结果的判定标准如表6所示。

The quantitative target values for each requirement in Table 6 should be calculated as an average probability per hour throughout the item's operational lifespan.

表6中的定量分析目标值基于整个生命周期内每个小时的平均失效率来衡量

A numerical evaluation of the hardware architecture concerning single-point, residual, and dual-point faults should yield evidence that the target values in requirement table 6 have been met.

硬件架构的定量评估涵盖单点、残余和双点错误而不包含多点误差

The quantitative analysis shall consider:

FTA分析需要考虑以下几点：

a) the architecture of the item;

设计架构。

The estimated value for the failure frequency of each component in the hardware system that could result in either a single point of failure or residual defects.

为了针对引发单一故障点错误或残留故障的所有硬件组件中的每一个故障模式进行故障率评估。

c) The predicted failure rate for the failure mechanisms of individual hardware components that are prone to dual-point faults;

对于导致双点错误的每个硬件元器件的每个失效模式的失效率评估。

the diagnostic capability of safety-related hardware components through the use of safety mechanisms;

安全机制对于安全相关硬件元器件的诊断覆盖率。

e) the exposure duration in the case of dual-point faults.

双点错误的暴露持续时间。

When an item is in a power-down state, its situation is excluded from computing the average probability per hour, thus avoiding an artificial reduction of that average probability.

在PHMF计算中不包含下电工作模式，在进行计算时需要从计算过程中扣除下电模式的工作时间（等于周期减去整个周期内所有工作时间之和）。

如若感兴趣，则可通过扫描下方二维码关注功能安全公众号；此外也能够加入相关群组参与交流讨论，在线管理员会定期分享关于功能安全的经验及对相关标准的理解等信息。