HOME   Cart(1)   Quotation   About-Us Tax PDFs Standard-List
Powered by Google-Search & Google-Books www.ChineseStandard.net Database: 189759 (18 Feb 2024)

GB/T 34590.5-2022 (GB/T34590.5-2022)

Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 34590.5-2022English1040 Add to Cart 0-9 seconds. Auto-delivery. Road vehicles -- Functional safety -- Part 5: Product development at the hardware level Valid


GB/T 34590.5-2022: PDF in English (GBT 34590.5-2022)

GB/T 34590.5-2022
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 43.040
CCS T 35
Replacing GB/T 34590.5-2017
Road Vehicles - Functional Safety - Part 5: Product
development at the hardware level
(ISO 26262-5:2018, MOD)
ISSUED ON: DECEMBER 30, 2022
IMPLEMENTED ON: JULY 1, 2023
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of China.
Table of Contents
Foreword ... 4
Introduction ... 8
1 Scope ... 12
2 Normative references ... 13
3 Terms and definitions ... 14
4 Requirements ... 14
4.1 Purpose... 14
4.2 General requirements ... 14
4.3 Interpretations of tables ... 15
4.4 ASIL-dependent requirements and recommendations ... 16
4.5 Adaptation for motorcycles ... 16
4.6 Adaptation for cargo trucks, buses, special vehicles, trailers ... 16
5 General topics for the product development at the hardware level ... 16
5.1 Objectives ... 16
5.2 General ... 16
6 Specification of hardware safety requirements ... 18
6.1 Objectives ... 18
6.2 General ... 18
6.3 Inputs to this clause ... 18
6.4 Requirements and recommendations ... 19
6.5 Work products ... 21
7 Hardware design ... 21
7.1 Objectives ... 21
7.2 General ... 22
7.3 Inputs to this clause ... 22
7.4 Requirements and recommendations ... 23
7.5 Work products ... 29
8 Evaluation of the hardware architectural metrics ... 29
8.1 Objectives ... 29
8.2 General ... 29
8.3 Inputs of this clause ... 30
8.4 Requirements and recommendations ... 31
8.5 Work products ... 36
9 Evaluation of safety goal violations due to random hardware failures ... 36
9.1 Objectives ... 36
9.2 General ... 36
9.3 Inputs to this clause ... 37
9.4 Requirements and recommendations ... 37
9.5 Work products ... 49
10 Hardware integration and verification ... 49
10.1 Objectives ... 49
10.2 General ... 49
10.3 Inputs of this clause ... 49
10.4 Requirements and recommendations ... 50
10.5 Work products ... 52
Annex A (informative) Overview of and workflow of product development at the ... 53
hardware level ... 53
Annex B (informative) Failure mode classification of a hardware element ... 56
Annex C (informative) Hardware architectural metrics ... 58
Annex D (informative) Evaluation of the diagnostic coverage ... 65
Annex F (informative) Example calculation of hardware architectural metrics: "single
point fault metric" and "latent-fault metric" ... 89
Annex F (informative) Example for rationale that objectives of Clause 9 in accordance
with 4.2 are met... 96
Annex G (informative) Example of a PMHF budget assignment for an item consisting of
two systems ... 102
Annex H (informative) Example of latent fault handling ... 106
Bibliography ... 110
Foreword
This document was drafted in accordance with the rules provided in GB/T 1.1-2020 Directives
for Standardization - Part 1: Rules for the Structure and Drafting of Standardizing Documents.
This document is Part 5 of GB/T 34590 Road Vehicles - Functional Safety. GB/T 34590 has
issued the following parts:
-- Part 1: Vocabulary;
-- Part 2: Management of Functional Safety;
-- Part 3: Concept Phase;
-- Part 4: Product Development at the System Level;
-- Part 5: Product Development at the Hardware Level;
-- Part 6: Product Development at the Software Level;
-- Part 7: Production, Operation, Service and Decommissioning;
-- Part 8: Supporting Processes;
-- Part 9: Automotive Safety Integrity Level (ASIL)-oriented and Safety-oriented Analyses;
-- Part 10: Guideline;
-- Part 11: Guidelines on Applications to Semiconductors;
-- Part 12: Adaptation for Motorcycles.
This document replaces GB/T 34590.5-2017 "Road vehicles - Functional safety - Part 5:
Product development at the hardware level". Compared with GB/T 34590.5-2017, the main
technical changes in this document are as follows:
- Change the scope of application of the standard from "mass-produced passenger cars" to
"mass-produced road vehicles other than mopeds" (see Clause 1 of this Edition, Clause
1 of Edition 2017);
- Add the suitability requirements for motorcycles (see 4.5 of this Edition);
- Add the applicability requirements for cargo trucks, buses, special vehicles and trailers (see
4.6 of this Edition);
- Change the title of Clause 5 (see Clause 5 of this Edition, Clause 5 of Edition 2017);
- Change the description about the purpose (see 5.1 of this Edition, 5.1 of Edition 2017);
- Change Figure 2 (see 5.2 of this Edition, 5.2 of Edition 2017);
- Delete the content in 5.3, 5.4, and 5.5 about "inputs, requirements and suggestions, and
work products of this Clause" (see Annex D of Edition 2017);
- Delete "safety plan (refined)" (see 6.3.1 of Edition 2017);
- Add hardware specification (from outside) (see 6.3.2 of this Edition);
- Change the description about the purpose (see 7.1 of this Edition, 7.1 of Edition 2017);
- Delete the safety plan (refined) (see 7.3.1 of Edition 2017);
- Add non-safety-related hardware requirements specification (from outside) (see 7.3.2 of
this Edition);
- Change Table 1 from "modular hardware design principles" to "hardware architecture
design principles" (see 7.4.1.6 of this Edition, 7.4.1.6 of Edition 2017);
- Add requirements for noise factors (see 7.4.1.7 of this Edition);
- Add requirements for ASIL (A) (see 7.4.3.3 of this Edition);
- Add requirements for ASIL (A) (see 7.4.3.4 of this Edition);
- Add the content about "provide evidence according to the hardware design verification
methods listed in Table 3" (see 7.4.4.1 of this Edition);
- Add the requirement to verify the validity of assumptions of SEooC (see 7.4.4.3 of this
Edition);
- Add requirements for the production, operation, service and scrapping of hardware
elements generated during the hardware design process (see 7.4.5.5 of this Edition);
- Add the requirements for "additional safety mechanisms" in items a) and b) (see 8.4.4 of
this Edition);
- Add examples of formulas related to SPFM target values (see 8.4.7 of this Edition);
- Change the description of the general provisions (see 9.2 of this Edition, 9.2 of Edition
2017);
- Add the content about "ASIL application level of this requirement" (see 9.4.1.1 of this
Edition);
- Add the content of the argument "to prove that the probability of a single point of failure
of a single hardware component is sufficiently low" (see 9.4.1.2 of this Edition);
- Add the content of the argument "to prove that the probability of residual failure of a
hardware component is sufficiently low" (see 9.4.1.3 of this Edition);
- Add the requirements for multiple systems constituting related items (see 9.4.2.3 of this
Edition);
- Delete the content about "failure rate combination and scale factor conversion" (see 9.4.2.7
of Edition 2017);
- Add applicable ASIL levels (see 9.4.3.4 of this Edition);
- Delete the content of failure rate conversion (see 9.4.3.12 of Edition 2017);
- Add the requirements for acceptable conditions for double-point failures that may be
caused by double-point failures (see 9.4.3.12 of this Edition);
- Add the content about "conditions leading to possible double-point failure when the
requirements of 9.4.3.11 or 9.4.3.12 cannot be met" (see 9.4.3.13 of this Edition);
- Change the title of Clause 10 (see Clause 10 of this Edition, Clause 10 of Edition 2017);
- Delete the hardware security requirements specification and hardware design specification
(see 10.3.1 of Edition 2017);
- Delete the project plan (refinement) (see 10.3.2 of Edition 2017);
- Add examples and qualification requirements for safety-related hardware components (see
10.4.3 of this Edition);
- Change the title of Table 12 (see 10.4.6, 10.4.6 of Edition 2017);
- Add hardware integration and verification specifications (see 10.5.1 of this Edition);
- Delete the content of "starting product development at the hardware level" (see Clause 5
and Table A.1 of Edition 2017).
The revision of this document adopts ISO 26262-5:2018 "Road vehicles - Functional safety -
Part 5: Product development at the hardware level".
The technical differences between this document and ISO 26262-5:2018 and their reasons are
as follows:
- Change the description of T&B vehicles from "trucks, buses, trailers and semi-trailers" to
"cargo trucks, buses, special vehicles, trailers" (see 4.6 of this Edition, 4.6 of ISO 26262-
5:2018), to be consistent with the vehicle types specified in GB/T 3730.1-2022 "Terms
and definitions of motor vehicles, trailers and combination vehicle -- Part 1: Types".
Attention is drawn to the possibility that some of the elements of this document may be the
subject of patent rights. The issuing authority shall not be held responsible for identifying any
or all such patent rights.
Road vehicles - Functional safety - Part 5: Product
development at the hardware level
1 Scope
This document specifies the requirements for product development at the hardware level for
automotive applications, including the following:
- general topics for the product development at the hardware level;
- specification of hardware safety requirements;
- hardware design;
- evaluation of the hardware architectural metrics;
- evaluation of safety goal violations due to random hardware failures;
- hardware integration and verification.
This document is intended to be applied to safety-related systems that include one or more
electrical and/or electronic (E/E) systems and that are installed in series production road
vehicles, excluding mopeds.
NOTE: Other specific safety standards can be used as a supplement to this document, and vice versa.
Systems and their components that have been released for production or are in development
prior to the publication date of this document do not apply to this document. When changes are
made to the system and its components that have completed production release before the
release of this document, this document tailors the activities of the safety life cycle based on
these changes. When a system not developed in accordance with this document is integrated
with a system developed in accordance with this document, the safety life cycle needs to be
tailored according to this document.
This document addresses possible hazards caused by malfunctioning behaviour of safety-
related E/E systems, including interaction of these systems. It does not address hazards related
to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion,
release of energy and similar hazards, unless directly caused by malfunctioning behaviour of
safety-related E/E systems.
This document describes a framework for functional safety to assist the development of safety
related E/E systems. This framework is intended to be used to integrate functional safety
activities into a company-specific development framework. Some requirements have a clear
technical focus to implement functional safety into a product; others address the development
process and can therefore be seen as process requirements in order to demonstrate the capability
of an organization with respect to functional safety.
This document does not address the nominal performance of E/E systems.
The requirements of this document for hardware elements are applicable to both non-
programmable and programmable elements, such as ASIC, FPGA and PLD. Further guidelines
can be found in GB/T 34590.10-2022 and GB/T 34590.11-2022.
Annex A provides an overview on objectives, prerequisites and work products of this document.
2 Normative references
The following referenced documents are indispensable for the application of this document. For
dated references, only the edition cited applies. For undated references, the latest edition of the
referenced document (including any amendments) applies.
GB/T 34590.1-2022, Road vehicles - Functional safety - Part 1: Vocabulary (ISO 26262-
1:2018, MOD)
NOTE: There is no technical difference between the referenced content of GB/T 34590.1-2022 and
the referenced content of ISO 26262-1:2018.
GB/T 34590.2-2022, Road vehicles - Functional safety - Part 2: Management of functional
safety (ISO 26262-2:2018, MOD)
NOTE: There is no technical difference between the referenced content of GB/T 34590.2-2022 and
the referenced content of ISO 26262-2:2018.
GB/T 34590.4-2022, Road vehicles - Functional safety - Part 4: Product development at the
system level (ISO 26262-4:2018, MOD)
NOTE: There is no technical difference between the referenced content of GB/T 34590.4-2022 and
the referenced content of ISO 26262-4:2018.
GB/T 34590.6-2022, Road vehicles - Functional safety - Part 6: Product development at the
software level (ISO 26262-6:2018, MOD)
NOTE: There is no technical difference between the referenced content of GB/T 34590.6-2022 and
the referenced content of ISO 26262-6:2018.
GB/T 34590.7-2022, Road vehicles - Functional safety - Part 7: Production, operation,
service and decommissioning (ISO 26262-7:2018, MOD)
NOTE: There is no technical difference between the referenced content of GB/T 34590.7-2022 and
the referenced content of ISO 26262-7:2018.
NOTE 1: The considered failure rate is the hardware part failure rate and does not take into account the
effectiveness of the safety mechanisms.
NOTE 2: The proportion of safe faults of the hardware part can be considered when determining the
coverage of the safety mechanisms. In this case the calculation of the coverage is done analogously to
the calculation of the single‑point fault metric, but at the hardware part level instead of at the item level.
9.4.3.8 This requirement applies to ASIL D of the safety goal. A dual-point failure shall be
considered plausible if:
a) at least one of both hardware parts involved has a diagnostic coverage (with respect to the
latent faults) of less than 90%; or
b) one of the dual-point faults causing the dual-point failure remains latent for a time longer
than the multiple-point fault detection interval as specified in requirement 6.4.8.
NOTE: The proportion of safe faults of the hardware part can be considered when determining the
coverage of the safety mechanisms. In this case the calculation of the coverage is done analogously to
the calculation of the latent fault metric, but at the hardware part level instead of at the item level.
9.4.3.9 This requirement applies to ASIL C of the safety goal. A dual-point failure shall be
considered plausible if:
a) at least one of both hardware parts involved has a diagnostic coverage (with respect to the
latent faults) of less than 80%; or
b) one of the dual-point faults causing the dual-point failure remains latent for a time longer
than the multiple-point fault detection interval as specified in requirement 6.4.8.
NOTE: The proportion of safe faults of the hardware part can be considered when determining the
coverage of the safety mechanisms. In this case the calculation of the coverage is done analogously to
the calculation of the latent fault metric, but at the hardware part level instead of at the item level.
9.4.3.10 This requirement applies to ASIL C and D of the safety goal. A dual-point failure that
is implausible shall be considered compatible with the safety goal target and thus acceptable.
9.4.3.11 This requirement applies to ASIL C and D of the safety goal. A dual-point fault
occurring in a hardware part and contributing to a plausible dual-point failure shall be
considered acceptable if the corresponding hardware part complies with the targets for the
failure rate class ranking and diagnostic coverage (with respect to latent faults) given in Table
9.
NOTE 1: The considered failure rate is the hardware part failure rate. Therefore, it does not consider the
effectiveness of safety mechanisms.
......