1 Abbreviations and Definitions
This section contains the abbreviations and definitions of terminology used in this document.
| Acronym | Expansion |
|---|---|
| AoU | Assumptions of Use |
| ASIL | Automotive Safety Integrity Level |
| CPU | Central Processing Unit |
| CRC | Cyclic Redundancy Check |
| DFA | Dependent Failure Analysis |
| EOR | End of Requirement |
| FMEA | Failure Mode Effects Analysis |
| FMEDA | Failure Modes, Effects, and Diagnostic Analysis |
| FIT | Failure In Time |
| FTTI | Fault-Tolerant Time Interval |
| GPI | General Purpose Input |
| GPIO | General Purpose Input-Output |
| GPO | General Purpose Output |
| MCU | Microcontroller Unit |
| PPAP | Production Part Approval Process |
| SEooC | Safety Element out of Context |
| Term | Definition |
|---|---|
| SEooC | This is a safety-related element that is not developed in the context of a specific item. |
| AoU | These are assumptions on the conditions of semiconductor component usage. All AoU shall be verified and fulfilled by the System Integrator of the semiconductor component. |
| system | A set of components that relates (at least) a sensor, a controller, and an actuator with one another. |
| System Integrator | This is the person responsible for integrating the SEooC into the system. |
| FIT rate | This is the frequency with which something fails and is expressed in failures per unit of time. FIT units are expressed as failures per one billion (109) hours of device operation. |
| residual FIT rate | This is the FIT rate that has been adjusted based on actual circuitry usage and failure diagnostics coverage. |
| risk | This is a combination of the probability of occurrence of harm and the severity of that harm. It is a measure of the likelihood and severity of an event resulting in loss or injury. |
| safe state | The safe state of an item is an operating mode without an unreasonable level of risk. Upon detection of a failure, the safe state is the state that a device enters to minimize any harm related to the failure. |
| safety goal | This is a top-level safety requirement resulting from hazard analysis and risk assessment. |
| safety mechanism | This is the technical solution implemented by Electrical and/or Electronic (E/E) functions or elements targeted to detect faults or control failures to achieve and/or maintain a safe operational state. |
| V-model | This is a project methodology that follows a hierarchical design approach. It starts with high-level design and followed by detailed design and testing of the detailed design and succeeded by testing of the higher-level design. |
| Fault/Failure | Definition |
|---|---|
| common cause failure | This is a failure of two or more elements of an item resulting from a single specific event or root cause. This is a random failure mode in which two or more components fail due to the same reason. Unlike systematic failure, the prediction of common-cause failure can only be done through statistical means. |
| dependent failure | This is a failure with some degree of correlation with another failure that the probability of simultaneous (i.e., two faults occurring in two elements, having the same root cause) or successive occurrences (i.e., the failure of an element occurred as a consequence of the fault/failure in another element) cannot be expressed as the product of the unconditional probabilities of each of them. |
| diagnostic coverage | This is the proportion of the failure rate (of a hardware element) that is detected or controlled by the safety mechanisms implemented for that element. It represents the ability of a system to detect failures. |
| failure | This occurs when an element of a system stops performing the action or function for which it was designed. |
| failure mode | This is the manner in which a device (element or item) fails. Failure modes can be broadly categorized as Safe Detected (SD), Dangerous Detected (DD), Safe Undetected (SU), and Dangerous Undetected (DU). |
| random hardware failure |
This is a failure that may occur unpredictably during the lifetime of a hardware element. This failure follows a probability distribution. Such failures occur at random, resulting from one or more degradation mechanisms. Random hardware failures can be statistically predicted and are used to establish the probability of a failure. Random failures can result in permanent/hard or recoverable/soft errors. Hard failures cause permanent damage to the component, where the system is unable to continue normal operation. Without compensation for the damage, the system must be placed into a safe state, and repair is required to reinstate proper operation. Soft failures should be reversible through a recovery process. Soft failures can manifest as transients or steady-state conditions, which can be reset or reinitialized. |
| single-point failure | This is a fault in an element that is not covered by a safety mechanism. It leads directly to the violation of a safety goal. A single-point failure is a failure that can occur as an outcome of a single-point fault and may result in unsafe/dangerous operation of the system. Therefore, system diagnostics are needed to detect such a fault and ensure that the system enters a safe operating state. |
| systematic failure |
This is a failure related in a deterministic way to a cause that can only be eliminated by a change in the design or manufacturing process, operational procedures, documentation, or other relevant factors. Such failures are due to deterministic, non-random and predictable causes, and they are not mathematically predictable. Note that basic redundancy cannot prevent systematic failures as both redundant elements would have the same faulty behavior. Systematic failures can only be eliminated by a design, process, or functional change. Systematic failures can be predicted with rigorous engineering analysis and design methods. |
| Fault | Definition |
|---|---|
| fault | This is an abnormal operating condition that causes an element of a system to fail. |
| detected fault | This is a fault presence that is detected within a prescribed time by a safety mechanism, so that the fault is not latent. |
| latent fault | This is a multiple-point fault whose presence is neither detected by a safety mechanism nor perceived by the driver within the multiple-point fault detection interval. It is essentially a multiple-point fault that is present in the system but hidden from detection. A latent fault does not, by itself, result in unsafe operation. However, a latent fault can result in a failure to detect an unsafe condition. This can occur, for example, when the detection circuitry itself fails or is faulty. |
| multiple-point fault/failure |
This is the combination of an individual fault with other independent faults that lead to a multi-point failure and the violation of a safety goal. Dual-point failures are a special case of multiple-point failures. They include the case of one fault affecting a safety-related element and the second fault affecting the corresponding safety mechanism put in place to address the first fault. |
| residual fault | This is part of a fault (capable of violating a safety goal) that is not completely covered by the fault safety mechanism put in place. |
| safe fault | This is a fault whose occurrence will not significantly increase the probability of violation of a safety goal. A safe fault can only lead to a safe failure (i.e., a system failure that does not result in a dangerous situation). |
| Measure | Definition |
|---|---|
| compensation method | Compensation method allows the system to continue normal operation once a failure has been detected |
| diversity | Diversity is the implementation of different solutions satisfying the same requirement with the aim of independence. It involves employing different methods to achieve the required function within the system, such as using both analog and digital signals to transmit information or utilizing two unique calculations to arrive at the same answer. |
| parity bits | Supplemental data indicating even or odd number of ‘1’s in a binary data stream. It is used to verify basic data integrity for data storage or transmission. |
| redundancy | Redundancy is the existence of means in addition to the means that would be sufficient for an element to perform a required function or to represent information. Practically, it means having multiple elements or systems used to achieve the same function. |
| Type | Definition |
|---|---|
| functional | Parallel and diverse hardware structures or software methods which are applied to a single task. |
| informational | Extra information is included with the key data and checked for coherency, such as Parity Bit, ECC, CRC check pattern, etc. |
| structural | Parallel and identical structures performing the same task. At system level, this would include dual registers, memories, CPUs, controllers, etc. At application level, this would include redundant inputs or outputs (digital or analog), redundant sensors, redundant controllers, etc. |
| temporal | Same method is applied multiple times by the same hardware or software at different timer periods (I.e., software repeats the same calculation or task at different times and compares the results). |
| Keyword | Degree of Obligation |
|---|---|
| shall | binding |
| should | recommendation |
