Short series: Decomposition

Jody Nelson with SRES Shorts. And, in this short, I want to discuss a little bit about some of the common misunderstandings we see with decomposition. First of all, when we talk about decomposition in ISO 26262, we’re talking about decomposing the safety requirements. We are not decomposing hardware, we’re not decomposing software, and we’re not decomposing the safety goals themselves. What we are decomposing are the hardware safety requirements, the software safety requirements, the technical safety requirements, FSRs. So we decompose the safety requirements which then lead of course to these parallel independent paths of hardware or independent parallel paths of software. So that’s one misunderstanding often we see. The other one is about nomenclature. One critical aspect of the nomenclature if we’re building up to for example an ASIL D safety requirement and we’re going to use two ASIL B hardwares, we have to use that nomenclature of ASIL B of D for those hardware. Why this is critical? For each of those paths at the hardware level, we can develop them according to an ASIL B as in Boy level.

However, once we get into the integration and we look at the hardware metrics, then we’re up back to the original safety goal level of ASIL D level. And this brings me to the last point about the FMEDA, looking at the hardware metrics themselves. The target value for the hardware metrics does not change because of decomposition. And a lot of people don’t understand this. Well, we apply decomposition to our hardware safety requirements. Why don’t these metrics change? Well, if you think about it in a fault tree analysis perspective, if you truly have two independent parallel paths, these are ANDed together, so mathematically you do get the benefits because each can have a little bit higher fit rate and still a little bit higher fit rate and still get a lower fit rate at the top. So the top-level event in the fault tree remains the same but you do get the benefits if you run the quantitive safety analysis.