The FMEDA and FTA, recommended by Part 5 of ISO 26262, are the most widely used quantitative safety analysis techniques in the automotive industry. In any quantitative analysis, “Diagnostic Coverage (DC)” of the safety mechanisms is a crucial parameter that affects the final safety metrics. So, what is the meaning of “Diagnostic Coverage,” and how do we use it in practice?
Diagnostic coverage is a measure of effectiveness of the diagnostics implemented in the system. Mathematically, it is the ratio of the failures detected and/or controlled by a Safety mechanism to the total failures) in the element. For example, if a given Cyclic Redundancy Check (CRC) can detect 1,022 out of a possible 1,024 potential errors in a transmitted message, then the diagnostic coverage would be 1,022 divided by 1,024, or 99.8%.
Determining diagnostic coverage in practice is not trivial. To simplify the process, ISO 26262 provides a “starting point” for estimating the DC values of a safety mechanism based on their applicability to a system. They are classified as Low (60%), Medium (90%) and High (99%) diagnostic coverage. The safety mechanisms are classified to these corresponding levels (low, medium, high) depending on factors varying from:
- Variations in the source of the fault type detected by the diagnostic
- Specific implementation of a safety mechanism
- Technologies implemented in the system
- The execution timing of the safety mechanism, etc.
The table shown above is a short summary for power supplies. Many additional elements, including semiconductor elements such as ALUs, digital and analog I/O, memory, and bus communications, are summarized in the same table in ISO 26262 Part 5 Annex D.