Category Archives: Related areas

Functional safety manager can’t assure that this product is safe. instead, he/she knows that it is not safe.

There is saying about interview. An interviewer cannot make a interviewee be hired but can make him/her failed to be hired. I believe that this is true and a similar correspondence can be possible in the functional safety project.

I review functional safety documents frequently, and functional safety scope is too vast for one person to know everything fully so I sometimes conduct incomplete review. Incomplete review means that even though I approve it, it cannot be ensured that it is fully achieved.

Because I understand my weakness, I tried to find nonconformances in the documents. At least I’m first auditor in this project. And if I don’t agree, then it cannot be proceed. In the near future, I have to respond against customer auditor’s questions. There should be some layers of reviewers like me. They act as if ‘safety-nets’ in the project, and they protect systematic faults in the project.

Final reviewer shall be customer side auditors(or assessors). In some ways, customer have to not only have a deep knowledge about product knowledge but also have a deep technical functional safety knowledge. If a person does not have both, team has to be arranged. And who does not have a deep knowledge about the project but has a functional safety knowledge has to enough review experience whether the product under review is well documented or not. And he has to help a customer side product champion to determine whether supplier’s safety concepts or their approaches are good to satisfy their safety requirements.

But…. even though they conduct such audit or assess, they cannot ensure that safety is fully achieved.


FIT budgeting

FIT Budgeting occurs when a item consists of more than one system. It is very similar to apportion of Target level of safety(TLS) in avionics domain. FIT budgeting is related to division of random hardware failure rate for some systems. If more than one supplier has to develop, it will not be easy.

Regarding ASIL decomposition, decomposed QM means that the decomposed requirement do not have to develop according to ISO 26262, but FIT budgeting is still valid. Total FIT number is not changed even though you decompose safety requirements.

In this case, the system which is allocated QM(original ASIL) has determined to be no risks in the systematic aspect.

If this policy follows similarly in the avionics domain, a subsystem which is included in the high SIL systems but is not allocated to safety requirements, it might be okay develop as QM. Of course, FIT budgeting (I mean, apportion of TLS) needs to be considered. I’m not sure, it is my guess.


[Scrap] Fast Accurate Memory Test Code in C

IS026262의 Part5. 중 메모리에 대한 요구사항이 있다. 메모리 테스트에 대한 내용이 필요하여 아래 포스팅을 번역함. 재사용이 가능한 임베디드 소프트웨어가 있다면 메모리 테스트입니다. 이 포스팅에서는 세 가지 효율적이고 적용 가능한 메모리 테스트 기능 셋을 사용하여 가장 일반적인 메모리 문제를 테스트하는 방법을 보여줍니다. 거의 모든 임베디드 개발자는 자신의 경력 중 어느 시점에 도달하였을때 메모리 테스트를 작성하여야 합니다. 종종 프로토타입 하드웨어가 […]

방법: Fast Accurate Memory Test Code in C — ::Dump