Iec 62061 Architectural Categories; Table 122. Iec 62061 Architectural Categories - ST STM32F2 Series User Manual
Hide thumbs
Also See for STM32F2 Series:
- User manual (1372 pages) ,
- Application note (56 pages) ,
- User manual (19 pages)
Table of Contents
Advertisement
A.2.1
IEC 62061 architectural categories
The standard in §6.7.8.2 defines a set of basic system architectures to be used for the design of SRECS
implementing their SRCFs. A key point is the definition of "subsystem", refer to §3.2.5, as the level of parts for a
system architecture where a dangerous failure could lead to the loss of the safety function.
Focusing on the microcontrollers, IEC 62061 proposed architectures are here quickly summarized for supporting
end users in the development of their Logic Solver units usable as subsystems for the implementation of a SRCF.
The assumptions for the correct understanding of the architectures are listed hereafter:
1.
The SRCF is completely in the scope of the end user.
2.
The STM32F2 Series device with the adoption of safety mechanism described in this Safety Manual as
single compliant item is by itself suitable for applications up to SILCL 2.
3.
Two identical STM32F2 Series devices with the adoption of safety mechanism described in this Manual must
be used for achieving HFT ≠ 0, when required by basic architectures.
4.
For a microcontroller, the parameter T1, mentioned in the standard as the minimum between service life or
proof test, is intended as the lifetime (mission time) assumed equal to 10 years, as per
3.3.1 Assumed safety requirements
Cat.
Ref. §
Summary
Equivalent of 1oo1, with HFT = 0, no diagnostic function(s).
A
6.7.8.2.2
Overall PFH
DssA
Equivalent to 1oo2 with HFT = 1, a single failure does not lead
B
6.7.8.2.3
It is the equivalent of 1oo1d with a diagnostic function that
initiates a reaction function as a dangerous failure happens on
C
6.7.8.2.4
NOTE: diagnostic function provides the Logic Solver with a
diagnosis of an external subsystem, e.g. the actuator
UM1845 - Rev 4
of this Manual.
Table 122.
IEC 62061 architectural categories
is the probability of dangerous failure of MCU
to the loss of SRCF.
No diagnostic function(s).
SRCF.
IEC 62061:2005/AMD1:2012
Basic architecture of Logic
Single channel architecture, one MCU in 1oo1, n=1
PFH
= ʎ
DSSA
De1
•
SILCL = 1 if SFF < 90%
•
SILCL = 2 if 90% ≤ SFF < 99%
•
SILCL = 3 if SFF ≥ 99%
Dual channel architecture with two identical MCUs
•
SILCL = 1 if SFF < 60%
•
SILCL = 2 if 60% ≤ SFF < 90%
•
SILCL = 3 if SFF ≥ 90%
In this case:
2
× λ De 2 × T 1 + β × λ De
ʎ
= ʎ
= ʎ
= 1 − β
De1
De2
De
ʎ
DSSB
For β factor see
Section 4.2
Single channel architecture, one MCU in 1oo1, n=1
Diagnostic function is in charge of the end user
•
SILCL = 1 if SFF < 90%
•
SILCL = 2 if 90% < SFF < 99%
•
SILCL = 3 if SFF ≥ 99%
ʎ
= ʎ
(1-DC
)
DSSC
De1
1
1
DC (Diagnostic Coverage) as resulting from FMEDA
Hours
PFH
= ʎ
DSSC
DSSC
UM1845
Section
1
Hours
page 93/108
Advertisement
Table of Contents
Need help?
Do you have a question about the STM32F2 Series and is the answer not in the manual?
Questions and answers