Iec 62061 Safety Metrics Computation - ST STM32F2 Series User Manual
Hide thumbs
Also See for STM32F2 Series:
- User manual (1372 pages) ,
- Application note (56 pages) ,
- User manual (19 pages)
Table of Contents
Advertisement
Cat.
Ref. §
Summary
Any single failure does not lead to a loss of the SRCF; it is
equivalent to 1oo2d with HFT = 1, with diagnostic function(s).
D
6.7.8.2.5
NOTE: diagnostic function provides the Logic Solver with a
diagnosis of an external subsystem, e.g. the actuator
Based on IEC 62061 §6,
generic control architecture depicted in figure B.1 of the standard where the microprocessor here presented is an
STM32F2 Series device with the adoption of the safety mechanisms as defined in Conditions of use.
A.2.2
IEC 62061 safety metrics computation
The failure rate (λ) in T is the smaller proof test interval or the life time of the subsystem.
As seen in ISO 13849, the approximation §6.7.8.2.1 NOTE2 is still considered valid, hence
λ = 1/ MTTF, where it is assumed that 1> > λ x T.
So, as PFH
= λ
D
Safety analysis executed for STM32F2 Series according IEC61508 is more and more accurate for the definition of
dangerous failure identifications that can be re-mapped in IEC 62061 domain. Thus, values of λ and PFH that are
reported in the FMEDA (refer to
previous paragraph.
There is no need for re-computation for the SFF of a microcontroller. The end-user uses the same value resulting
from this Safety Manual.
As previously discussed in
architectures with an HFT = 1, the end-user uses the same result, if available, as achieved by the IEC 61508
approach (refer to IEC 61508:2010-6 Annex D). Alternatively, the end-user can apply the simplified approach from
the standard (refer to Annex F) to calculate the β factor value to be used in formulas for PFHD.
UM1845 - Rev 4
Figure 9.
shows how to proceed with the development of SRECS implementing the
Figure 9.
Allocated functions and integrity requirements
SRECS
Input
Logic solver
PEi
x
x
Subsystem
Subsystem element
x 1h, so PFHD = 1 / MTTF.
D
Section 4 Safety
Section 4.2 Dependent failures
Basic architecture of Logic
Dual channel architecture with two identical MCUs
Diagnostic function is in charge of the end user
•
SILCL = 1 if SFF < 60%
•
SILCL = 2 if 60% ≤ SFF < 90%
•
SILCL = 3 if SFF ≥ 90%
For β factor see
Section 4.2
DC (Diagnostic Coverage) as resulting from FMEDA
In this case:
•
ʎ
= ʎ
De1
De2
•
T2 has to be defined at Logic Solver level by end user
SRECS high-level diagram
Logic solver
PEc
PEo
PEd
x
STM32XX Series with implemented diagnostics
results), are still valid and can be used into formulas of the
analysis, in evaluating CCF for those basic
UM1845
IEC 62061:2005/AMD1:2012
= ʎ
De
Output
page 94/108
Advertisement
Table of Contents
Need help?
Do you have a question about the STM32F2 Series and is the answer not in the manual?
Questions and answers