ISO 26262 2 nd Edition 2015 3 24

ISO 26262 2 nd Edition 현재 이슈사항 2015년 3월 24일 고병각 (bgkoh@ktl. re. kr)

TC 22 개편(1) TC(Technical Committee) 22 – Road vehicles * SC : Sub Committee * WG : Working Group * JWG : Joint Working Group 2/21

TC 22 개편(2) TC 22 – Road vehicles * SC 3/WG 16 SC 32/WG 8 3/21

ISO TC 22 SC 32 WG 8 Convenor: Secretary: Schwarz, Jürgen(Daimler) E. Fritzsche, VDA 멤버 국가 한국 오스트리아 벨기에 중국 프랑스 독일 이탈리아 일본 스웨덴 KTL, HMC, MOBIS, IA, ETRI KTM, AIT Nissan, ON Semiconductor, Melexis CARARC, Schaettler, PATAC, Neusoft, CATL PSA, Renault, Valeo Diamler, BMW, Bosch, Volkswagen, Brose FCA, Magneti Marelli, IVECO/CHN, Resiltech, Yogitech, CUNA Toyota, Honda, Renesas, Nissan Delphi, Volvo, INFOTIV 영국 Jaguar Land Rover, MIRA, Renesas, ARM, Delphi 미국 TRW, FCA, Google Car, Texas Instrument, GM 4/21 2015. 3월 현재

2 nd edition revision schedule Legende: CD = Committee Draft; DIS = Draft International Standard; 5/21 IS = International Standard

2판 개정을 위한 work flow 7/21

WG 8 하부 작업그룹 TC 22/SC 32/WG 8 Functional safety Part group Sub group Topic group New Topic Part 1 -10 Semiconductor *FO Software *Part 11 Motorcycle *SOTIF Conf. Meas. *Part 12 Truck&Bus *Part 11 : Semi-Conductor topics *Part 12 : Motorcycle *FO : Fail Operational *SOTIF : Safety Of The Intended Functionality 8/21 …

2 nd edition 개정 현황 PAS 19451 SG Semiconductor PAS 2015. 11 SG Motorcycle Part 11 통합 : BFR, DFA, IP, Multicore, Analog, PLD HW qualification은 ISO 26262에 통합 PAS 19695 PAS Part 12 2015. tbd PAS 19451 폐지 PAS 19695 폐지 CD DIS FDIS IS 2016. 2 2016. 12 2017. 7 2018. 1 SG T&B Part 1 Part 2 TG FO Part 3 Part 4 Part 5 TG SOTIF Part 6 Part 7 Part 8 Software Part 9 Part 10 Part 11 Conf. Measures Part 12 Part XX ……. 2015. 6 2015. 10 교토 예테보리 9/21

SCOPE The following draft will be taken as the basis and used to develop the 2 nd edition until the DIS level: ISO 26262 is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles. ISO 26262 does not address unique E/E systems in special purpose vehicles such as vehicles designed for drivers with disabilities. 10/21

Semiconductor(1) – PAS 19451 내용 No. Category Issues 1 Programmable Logic Device - Fault models 와 failure modes - Safety Analysis - Safety Mechanisms 예제 - Systematic fault avoidance - Safety documentation 2 Analogue and mixed signal components - fault models 와 failure modes - Transient faults 관련 - Safety analysis - safety metrics의 검증 - systematic faults 방지 관련 - Safety documentation 3 IP - Work products for IP - Safety requirements for IP - Black box IP - Verification evidence for IP 11/21

Semiconductor(2) - PAS 19451 내용 No. Category Issues 4 Hardware Qualification - Complexity(복잡도) 에 대한 정의 - Hardware qualification 와 “Standard” qualification 차이 - 적용 범위 5 Dependent Failure Analysis - CCF, CF의 fault mechanism - DFA 적용 순서 - DFA 검증 방법 - DFA 적용 예제 6 Base failure rate - Reliability 표준 및 핸드북 비교 - 표준 및 핸드북 간 FIT 계산의 일관성 - Confidence level 관련 사항 - ESD/EMI의 Failure의 분류 7 Multi-Core - HW/SW interactions - Virtualization와 HW/SW support (MMU 등) - Timing 제약 요구사항 - Safety analyses 12/21

Motorcycle 13/21

Truck & Bus • ISO 26262 -1~9 의 내용을 T&B 관점에서 검토하여 개정 반영 • S 3는 그대로 유지 (사망사고당 평균 사망자 수 ; 미국 1. 091, 일본 1. 03) • OEM, Tier, Body Builder(BB), Machine Equipment Manufacturer(MEM) 등 Truck use case 고려 - Long product life cycle 특성; legacy componen에 대한 고려 필요 - safety case 는 Type approval(regulation)을 위해 사용되면 안됨. - OEM-BB/Tier 2 -BB/OEM-MEM/MEM-BB 등 ISO 26262의 적용범위 및 방법(DIA, Safety Manual) • Dangerous Goods : 위험물 운송과 관련된 법규 고려(예 speed limitation device는 ISO 26262 적용) 14/21

SOTIF(1) ADAS에 대한 ISO 26262의 문제점 Topic ISO 26262 Function definition Used in prerequisites, defined outside of ISO 26262 Actuation pattern and performance in the case of an appropriate actuation Used as prerequisite to the HARA, defined outside of ISO 26262 (Nominal performance) Systematic faults that lead to the violation of the safety goal : design faults, software bugs, etc Analyzed in ISO 26262, safety measures and mechanisms specified within the scope of ISO 26262 Random HW faults that lead to the violation of the safety goal Analyzed in ISO 26262, safety measures and mechanisms specified within the scope of ISO 26262 Violation of the safety goal without fault, due to inappropriate situation detection and/or arbitration by the system No guidance in ISO 26262 (neither for specification and design, nor for verification and validation) 15/21

SOTIF(2) • The main point is to insure consistency between the safety of the intended function and functional safety so we can reconcile the views in a single set of requirements at some point in the development process • 자율주행기술 고려 필요여부 등 • V&V method Real-life development model and describe it in a ‘initiaition’ section 16/21

Fail Operational • • 목적 : 결함이 발생하더라도, 특정 서비스를 제공할 수 있도록 설계 현재 초안작성안을 재검토 중 Dual-dual design for fail operational systems 3 -way voting design for fail operational systems 17/21

Software • Safety Analysis on SW architectural level 논의 중 • SW analysis 방법 예 소개 : SW FMEA(NASA-GB-1740 13), Shared resource analysis, SW design HAZOP, SW interface analysis 등등. • Qualitative Vs. Quantitative – no information on SW failure rates • Safety analysis는 Code level이 아닌 architecture level(BSW, OS, M/W)에서 수행 • SW error modeling – SW error에 정의 • 일부mechanism 추가 : 예) error detection mechanism-access permission control mechanism 추가 • 6월 교토회의에서 좀더 구체화된 정리내용 발표 18/21

Confirmation measures Improvement of the Objectives that they represent the relevant requirements can be separated as a technical or a process Objective get more relevance Split or tag via attributes the ISO 26262 requirement to separate technical and process motivated requirements Clarify “Evaluation” for Audit & Assessment => Objective based Evaluation, e. g. “functional safety assessment evaluates the objectives of the functional safety achievedby the item. ” Independence requirement for confirmation measures should be discussed and adjusted 19/21

TC 22/SC 32/WG 8 Face to Face 회의 일정 구분 일정 장소 SWG T&B 2014. 10. 7 -9 스웨덴 예테보리 Volvo사 SWG Semiconductor 2014. 10. 27 -29 이탈리아 피사 Yogitech사 WG 16 2015. 1. 28 -30 독일 베를린 WG 16 2015. 6. 10 -12 일본 교토 WG 16 2015. 10. 21 -23 스웨덴 예테보리 20/21

END of Presentation 고병각(bgkoh@ktl. re. kr) 042 -939 -6001 21/21