近年來,汽車電子產業開始發現系統失效的問題,一旦發生失效,就有可能導致乘客生命安全受到威脅,而車輛廠商也將面臨官司賠償與商譽受損之巨大風險。為防止系統失效的發生,必須有一套嚴謹且可靠的開發流程來讓系統開發工程師依循,因此車輛領域專家們開始著手發展車輛領域之功能安全標準,ISO 26262便在此環境與需求下應運而生。在ISO 26262標準中,以功能安全管理(Management of Functional Safety)、汽車產品設計開發的安全生命週期(Safety Lifecycle)及分析定義汽車安全完整性等級(Automotive Safety Integrity Level, ASIL)為主要規範。此標準以項目定義及風險分析來評估系統所需達到之ASIL安全等級目標。本文將介紹ISO 26262標準所規範的系統功能安全發展概念,並以一個微控制器分析案例來展示ISO 26262在實際設計上的應用。
Nowadays, failures due to design flaws are more and more significant for the vehicular electronic system. Effect of such failures could cause pedestrians injured or even life-threatened. Hence vehicular electronic system vendors would face the risks such as huge amount of recall and compensation. The business reputation could also be negatively affected. Therefore, a rigorously formalized system development flow becomes necessary so that developers can follow for failure avoidance and that’s why experts in automotive filed establish the functional safety standards specialized for vehicular electronics, termed ISO 26262. In ISO 26262 standard, three primary topics, Management of Functional Safety, Safety Lifecycle, and Automotive Safety Integrity Level (ASIL) are involved. The ASIL is determined by system developers according to the results of Hazard Analysis and Risk Assessment (HARA). In this article, we will try to give the sketch of ISO 26262 standard, and explain how to develop a system with functional safety consideration. Lastly, we will take a MCU as the case study to demonstrate the application of ISO 26262 standard.
關鍵詞(Key Words)
汽車電子(Vehicular Electronics; VE)
功能安全(Functional Safety; FS)
車輛安全完整性等級(Automotive Safety Integrity Level; ASIL)
獨立安全單元(Safety Element out of Context; SEooC)
ISO 26262
相關檔案: 車用電子系統的功能安全需求-ISO 26262國際安全規範簡介及其應用(PDF)