Abstraction can be seen as a grouping principle while maintaining a hierarchy of levels. Being safety engineers, it is crucial we understand that the level of abstraction can alter the approach to an element. Various parts in the ISO 26262 standard have similar work products, but these can vary a great deal in content depending on the phase of the product’s development.

To illustrate this, the qualitative analysis of requirements can be performed at multiple levels:

  • A system level analysis to ensure that the Functional Safety requirements comply with the System Functions
  • A functional level analysis to ensure that the Technical Safety requirements comply with the Functional Safety requirements
  • A technical level analysis to ensure that the Hardware safety requirements and the Software safety requirements comply with the Technical Safety requirements

A lower level of granularity during analysis is beneficial as it allows for a better understanding of the failure modes and the failure mode distributions, whereas a higher level of granularity allows for a clear allocation of safety mechanisms.

Similarly, quantitative and qualitative analysis are performed at the appropriate level of abstraction during the various phases. Quantitative analysis quantifies the failure rates and its distribution while qualitative analysis identifies the failure modes. Quantitative analysis can also be performed at multiple levels. For example, a quantitative FTA can be performed at the system level, while a quantitative FMEDA can be performed at the hardware part level. Hence it is important to understand that the level of abstraction can be consequently adjusted depending on the target of analysis [1].

The table [2] below depicts an example of an IC at various levels of design abstraction (high – low) from the Vehicle manufacturer down to a semiconductor expert.

From these examples, it is clear to see that the approach to an element depends strongly on the abstraction level. Thus, the end result (work product) can easily go wrong if the safety engineer focuses on the element from a different level. It can be summed up that it is crucial in ISO 26262 to understand the level of abstraction depending on the work product and the scope of the project.

  1. ISO/PAS 19451-1:2016, Application of ISO 26262:2011-2012 to semiconductors — Part 1: Application of concepts
  2. ISO/PAS 19451-2:2016, Application of ISO 26262:2011-2012 to semiconductors — Part 2: Application of hardware qualification

Leave a Reply.