본문 바로가기

 

 

02. Terms & Definitions/English

Understanding Freedom From Interference (FFI) in 5 Minutes

by The GSEG 2022. 3. 18.

This is 'The GSEG (Global Safety Experts Group)'.

I would like to briefly explain one of the most hard-to-understand terms in applying ISO 26262 to a project, that is "Freedom From Interference (FFI)".

Freedom From Interference (FFI)

 

 

What is the definition of Freedom from interference?

The term 'Freedom from interference' is mainly being used to allow the coexistance eventhough there are SW components with different ASILs assigned within the same HW element (i.e. uC).

As the degree to control the potential systematic failure is different among the SW components where the different ASIL is assigned, the functionality of SW components developed with higher ASIL (quality of the function) could be influenced by the SW components developed with lower ASIL.

This is so called "Freedom from interference" from ISO 26262.


For instance, once you take a look at the picture above there are 4 SW components within HW element_1 and two ASIL B(D), ASIL A and QM are assigned to each of them.

In this case, the developer shall demonstrate that there is no any interference from the SW which implements ASIL A requirement to the SW which implements ASIL B(D) requirement.

Otherwise, all 4 SW components shall be developed considering highst ASIL (i.e. ASIL B(D)) which is not practical in the real project.

Just simply imagine that how many basic SWs we need to implement one single function in the vehicle successfully using the complex HW processor.

So, one hand it is not an option to verify the freedom from interference in the project.

 

 

Do you need support or help for your project regarding functional safety?
Please let us sit down together with you and help you out in the end.
 
We will be there to solve your any topics on functional safety.
e-mail address: tofusiexpertask@gmail.com.

Please note that the cost of this work will be determined by each individual's decision in the form of a donation

2022.10.13 - [ISO 26262 engineering (Eng)] - Do you need support or help for your WPs?

 

Do you need support or help for your WPs?

This is The GSEG (Global Safety Experts Group). The GSEG has decided to help a safety engineer or safety manager with the creation of related products through an internal meeting at the request of those who have difficulties in applying ISO26262 / Function

iso26262engineering.tistory.com

 

Interference, how can it be explained?

The meaning of interference can be classified into 3 categories as below.


1) Data interference
For example, the SWC_1 consumes the data memory in HW element_1 to perform the dedicated function to SWC_1.


And the interference would be occurred if the memory which is being used by SWC_1 is corrupted by SWC_2 as the memory address is known to any one and accessible if there is no limition given.


So in this case, we could say "the functionality of SWC_1 is interfered by".
Please note that the main point of freedom from inteference is potential systematic failure on SWC_2 not the HW random failures.

2) Timing interference
We have to remind ourselves w.r.t the objective of ISO 26262 that is to secure the safety of the vehicle by eliminating the undesired hazard in a timley fashion which means the SW components performing safety relevant functions shall be executed within the dedicated time interval as intended in a defined sequence.


But it could be delayed or not executed within the dedicated time interval if the CPU is occupied by another SWC too long than expected and there was no time for the SWC which performs safety related functions as CPU can be accessed by anyone as much as possible by mistake or by intended.


For instance, let's assume that SWC_1, SWC_3 and SWC_2 shall be executed in a row.

Under this assumption, there will be no chance for SWC_1 or SWC_3 to be executed if SWC_2 occupies the CPU quite long by systematic failure on it (i.e. no exit condition).

And we could call it again "the functionality of SWC_1 is interfered by".

3) Interference by data exchange

The interference by data exchange inbetween the SW components with different ASIL assigned is not 100% avoidable in the project as the high level SW integration which performs the system level function will be done in the end by integrating all lower level's SW components and it is not possible to develop all SW components with same level of quality (ASIL).


If the functionality of SWC performing ASIL B assigned requirement is affected by the data coming from the SWC performing ASIL A assigned requirement, it can be regarded as "interference".


Then, the next question is what shall we do to prove the Freedom from interference?
This gonna be explained in the following posting.

 

 

Comment