Forum Topic

Thursday 03 April 2008 3:18:01 pm

Hello
my questions to the experts: The new ISO13849 requires a the calculation of the average Diognostic coverage (DVavg) of a safety system. So I'm in charge calculating this stuff for sensors which has two channel architecture. (2 CPUS having its own watchdog and a comperator which compares the CPU signals). Usually a CPU has a DC smaller than 99%. This is due to restricted detection capabilities of software selftest routines (e.g RAM test achieve up to 99% but register tests not more than 90% so that the resulting DC is in range of 97%). For performance level (e) the ISO13849 requires DC > 99%. If each CPU channel has a DC of 97% the two channel system will not have a higher one if there would not be the comperator. The comperator allows the CPUs to compare its expections of the signals of the other CPU. Each difference would result in a safety shut off. Such a comparision would detect other faults than the software selftests. Hence such a system would have a higher DC than 97%. But how much is it?. Do you have an idea or a litereture referene for calculation of the DC for 1oo2D system where each channel as its own DC and the comperator adds with another DC?
I hope I could express what I mean.
rainercats

Saturday 26 April 2008 10:12:19 am

You make an FMEDA of the channel and when you introduce the failure modes you take into account whether the channel on its own can detect via diagnostics the failure or whether it can only be detected when you have the second channel and they communicate somehow.

Now traditionally an FMEDA only takes into account hardware failures and in order to get a DC you only need to address hardware failures. Software represents systematic failures and they are not taken into account when calculating DCs or SFFs.

So if the comparator is able to detect failures the DC will go up for the channel and thus for the complete system.
I hope this helps