On October 26, 2021, a paper by Atsushi Sakurai, CEO of FS Micro Corporation (Nagoya, Japan), a leading provider of ISO 26262 functional safety (Note 1) consulting services, was accepted at the 68th RAMS (RAMS 2022: Note 2). RAMS 2022 will be held in Tucson, Arizona, U.S.A., from January 24 to 27, 2022, and is sponsored by the Reliability Society of IEEE (Note 3).
Atsushi Sakurai received the Best Paper Award at the 14th ISPCE (ISPCE 2017: Note 4), an international conference on Product Safety of IEEE in 2017. In addition, his papers have been accepted to RAMS for three consecutive years since 2020. The title of the paper for RAMS 2022 is "Formulas of the Probabilistic Metric for Random Hardware Failures (PMHF: Note 5) to Resolve a Dilemma in ISO 26262."
Although the PMHF formula was revised in the second edition of ISO 26262, which took effect in 2018, its mathematical definition was not fully described. Atsushi Sakurai clarified the ambiguity in the second edition and derived a new PMHF equation in his paper in 2020. However, this equation is based on the assumption that detected multipoint faults (MPFs: Note 6) are considered as latent faults (LFs: Note 7), which is also present in the second edition of the standard. However, this assumption contradicts the latent fault metric (LFM: Note 8) specified in the standard itself.
This paper aims to solve the dilemma of this standard and strengthen the previous paper by deriving a new PMHF formula based on the assumption that the detected MPF is not a LF. This formula is expected to evaluate the PMHF value correctly, to reduce the design constraint on the Emergency Operating Time Tolerance Interval (EOTTI: Note 9) by 40 times, and to minimize the design effort in fault-tolerant systems (Note 10).
Company name: FS Micro Corporation
Representative: Atsushi Sakurai
Date of establishment August 21, 2013
Capital: 32 million yen
Business description Consulting and seminars on functional safety of ISO 26262 automotive electronic devices
Address of Head Office 460-0011 4-1-57 Osu, Naka-ku, Nagoya, Aichi, Japan
Phone: +81-52-263-3099
E-mail address info@fs-micro.com
URL http://fs-micro.com/
Notes
Note 1: Functional safety is the concept of enhancing safety at the system level by taking various safety measures. ISO 26262 is an international standard for functional safety for automotive electrical and electronic equipment.
Note 2: RAMS stands for The Annual Reliability & Maintainability Symposium, an international conference on reliability engineering organized annually by the IEEE Reliability Society. http://rams.org/
Note 3: IEEE stands for the Institute of Electrical and Electronics Engineers. It is the world's largest conference on electrical and electronic engineering technology in terms of number of participants and participating countries. http://ieee.org/
Note 4: ISPCE stands for IEEE Symposium on Product Compliance Engineering, an international conference on product safety organized annually by the IEEE Product Safety Society. http://2017.psessymposium.org/
Note 5: PMHF stands for Probabilistic Metric for Random Hardware Failures. It is one of the design target values for hardware in ISO 26262, which is a time average of the probability of system failure during the vehicle lifetime.
Note 6: MPF stands for Multiple-point Fault, which is a fault that does not violate the safety goal at a single point, but becomes a violation of the safety goal when multiple faults are combined.
Note 7: LF stands for Latent Fault. Among MPFs, it is a fault that is not detected by the safety mechanism.
Note 8: LFM stands for Latent Fault Metric, which is a coverage of how many LFs are in the system and how many of them can be detected, and is one of the design target values for hardware in ISO 26262.
Note 9: EOTTI stands for Emergency Operation Tolerant Time Interval. It is a time interval during which a violation of safety objectives will not occur if the system is repaired or switched to an alternative process within this period.
Note 10: A fault-tolerant system is a safety-enhancing system that can substitute the original function without immediately losing the function in the event of a failure.