GB/T 41295.3-2022 PDF in English
GB/T 41295.3-2022 (GB/T41295.3-2022, GBT 41295.3-2022, GBT41295.3-2022)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GB/T 41295.3-2022 | English | 230 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Application guide of functional safety - Part 3: Testing and verification
| Valid |
Standards related to: GB/T 41295.3-2022
PDF Preview
GB/T 41295.3-2022: PDF in English (GBT 41295.3-2022) GB/T 41295.3-2022
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 25.040
CCS N 10
Application guide of functional safety - Part 3: Testing and
verification
ISSUED ON: MARCH 09, 2022
IMPLEMENTED ON: OCTOBER 01, 2022
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of China.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions... 5
4 Abbreviations ... 6
5 General ... 7
6 Hardware testing ... 9
7 Software testing ... 9
8 Integration testing... 11
9 Fault injection test ... 13
10 Validation testing ... 16
References ... 19
Application guide of functional safety - Part 3: Testing and
verification
1 Scope
This document specifies the testing and verification of functional safety systems,
including hardware, software, integration and system-level tests that perform safety-
related functions.
This document applies to the functional safety system development stage,
manufacturing stage, system integration stage, commissioning stage or field validation
stage. Testing activities include internal testing and external testing of the team for
functional safety system research and development.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this
document and are indispensable for its application. For dated references, only the
version corresponding to that date is applicable to this document; for undated references,
the latest version (including all amendments) is applicable to this document.
GB/T 20438.4-2017, Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 4: Definitions and abbreviations
IEC 61326-3-1, Electrical equipment for measurement, control and laboratory use -
EMC requirements - Part 3-1: Immunity requirements for safety-related systems and
for equipment intended to perform safety-related functions (functional safety) -
General industrial applications
IEC 61326-3-2, Electrical equipment for measurement, control and laboratory use -
EMC requirements - Part 3-2: Immunity requirements for safety-related systems and
for equipment intended to perform safety-related functions (functional safety) -
Industrial applications with specified electromagnetic environment
3 Terms and definitions
Terms and definitions determined by GB/T 20438.4-2017, and the following ones are
applicable to this document.
3.1
functional safety system
A system that performs safety-related functions, has functional safety-related
characteristics, and satisfies a specific Safety Integrity Level (SIL).
Note: The system here is a generalized concept that includes different levels, such as
safety components, safety equipment or safety control systems. In an actual
industrial process, the functional safety system may be a transmitter, a relay, a
safety programmable controller or a safety instrumented system.
[Source: GB/T 41295.1-2022, 3.6]
3.2
team for functional safety system research and development
The liability subject for the design and development of functional safety systems.
Note: Including functional safety system hardware developers, software developers,
verification testers, functional safety managers, etc.
[Source: GB/T 41295.2-2022, 3.2]
3.3
fault injection test
A test method that artificially generates a failure mode in a functional safety system and
verifies whether the response of the system in the failure state meets the safety
requirements.
[Source: GB/T 41295.2-2022, 3.4]
4 Abbreviations
The following abbreviations apply to this document.
EMC: Electromagnetic Compatibility
FMEA: Failure Mode and Effect Analysis
FMEDA: Failure Mode, Effect and Diagnostic Analysis
HDL: Hardware Description Language
MC/DC: Modified Condition/Decision Coverage
SIL: Safety Integrity Level
b) unexpected modifications or unexpected changes to embedded programs and
applications;
c) unexpected modification in the storage and exchange process of application data;
d) unacceptable deviation in the accuracy of the analog input/output interface;
e) response time of the communication process exceeding the allowable limit;
f) scan cycle and response time within the component/system exceeding the
allowable limits;
g) clock error;
h) cannot be initialized or reset normally;
i) components/systems cannot be switched between different operating modes, such
as "initialization", "normal operation", "failure", etc.
5.8 If an appropriate performance criterion has been defined in the relevant product
standard, the performance criterion should be adopted.
6 Hardware testing
6.1 The hardware testing can be carried out by members of the hardware R&D team for
functional safety system, and the personnel who perform the test should be different
from the R&D personnel of this part of the hardware.
6.2 Consider planning hardware testing cases based on hardware detailed design.
6.3 If digital application-specific integrated circuits are used, the following tests need
to be considered:
a) module-level functional testing, such as: using (V)HDL test platform;
b) top-level functional testing;
c) functional testing of embedded environments;
d) test through the simulation of gate-level netlist, including timing sequence,
reference model, etc.
7 Software testing
7.1 Software testing can be carried out by members of the software R&D team for
functional safety system, and the personnel who perform the testing need to be different
from the R&D personnel of this part of the software.
d) To verify whether the allowable online maintenance procedures, such as module
replacement, operate as designed;
e) To verify the correctness of the secure communication design.
9.5 Consider the following process for the flow of fault injection test:
a) Collect required input materials, including detailed design of software and
hardware, failure analysis report of software and hardware, etc.;
b) Design fault injection test cases and form fault injection test plans;
c) Prepare the fault injection system under test, test environment and test equipment,
to check the function and performance of the system under test (see the
performance criteria in Chapter 5) to ensure that there is no abnormality in the
system before the test;
d) Perform the fault injection test, and record the test time, phenomenon, personnel
and other information; if a problem is found during the test, perform the design
modification, and then return to the third step to restart the test. Whether
completed tests need to be repeated depends on the impact of the design
modification;
e) Prepare a fault injection report.
9.6 Consider the following when determining fault injection test points:
a) where the determination of the failure effect is not clear in the failure analysis,
including the determination of whether safety or danger can be diagnosed;
b) where the failure rate of the failure mode is relatively large;
c) all diagnostic measures used for fault disclosure when the system is running;
d) dedicated complex devices (such as analog-to-digital conversion chips) for
specific functions;
e) diagnostic measures implemented by software for the internal of some complex
devices;
f) fault diagnostic measures in the safety communication process.
Note: Due to the large number of components/modules in the functional safety system,
it is generally unrealistic to simulate the failure modes of all
components/modules. It is necessary to screen out representative test points. By
fault injection at representative test points, it can be demonstrated whether the
diagnostic capabilities of this part of the signal chain are actually working.
c) For systems above SIL2, carry out extended functional tests, that is, to test whether
components/systems can enter or maintain a safe state when accidents other than
those described in the safety requirements occur, or in extreme cases;
d) According to the application of the functional safety system, black-box testing,
worst-case testing and statistical testing should be carried out (specific
descriptions are in accordance with Table 3).
10.3 For functional tests under environmental conditions (type tests), the following
should be considered:
a) The test items can demonstrate that the application environmental conditions
defined in the safety requirements are met;
b) Meet the type test in the application standard or product standard of the specific
functional safety system field [such as the safety programmable logic controller
meets the test requirements in IEC 61131 (all parts)], typically including climate
test, mechanical test;
c) Carry out type test through a third-party testing laboratory that complies with
GB/T 27025-2019 accreditation rules.
10.4 For functional safety systems, it’s necessary to consider enhanced electromagnetic
compatibility testing (EMC), including:
a) Compared with conventional systems, functional safety systems need to be
considered for enhanced electromagnetic compatibility tests. These tests are
based on national or industry-mandated considerations with an appropriate
increase in intensity, such as the time and number of tests, etc.;
b) Use IEC 61000-1-2:2016 as a methodological guide for ensuring functional safety
against electromagnetic phenomena;
c) For systems that are not specifically stipulated for the functional safety EMC test
content in international standards or national standards, the level strength of the
electromagnetic compatibility test follows the relevant content of IEC 61326-3-1
and IEC 61326-3-2;
d) For systems that have special provisions for functional safety EMC test content
in international standards or national standards, the level strength of the
electromagnetic compatibility test can be implemented in accordance with the
requirements of these product or field standards [for example, programmable
controllers shall conform to IEC 61131 (all part)];
e) Carry out the EMC test through a third-party testing laboratory that complies with
the GB/T 27025-2019 accreditation rules and has the EMC standard test
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|