1、61508-7 IEC:19971Version 4.0 05/12/97COMMISSIONCEIELECTROTECHNIQUEIECINTERNATIONALE61508-7INTERNATIONALELECTROTECHNICALCOMMISSIONFunctional safety of electrical/electronic/programmable electronic safety-related systemsPart 7:Overview of techniques and measures61508-7 IEC:19972Version 4.0 05/12/97Con
2、tentsForeword.10Introduction.111Scope.132Definitions and abbreviations.15Annex A(informative)Overview of techniques and measures for E/E/PES:control of randomhardware failures(referenced by part 2).16A.1Electrical.16A.1.1Failure detection by on-line monitoring of equipment under control.16A.1.2Mecha
3、nically interlocked relays.16A.1.3Comparator.16A.1.4Majority voter.17A.1.5Idle current principle(de-energised to trip).17A.2Electronic.17A.2.1Tests by redundant hardware.17A.2.2Dynamic principles.18A.2.3Standard test access port and boundary-scan architecture.18A.2.4Fail-safe hardware.18A.2.5Monitor
4、ed redundancy.19A.2.6Electrical/electronic components with automatic check.19A.2.7Analogue signal monitoring.19A.2.8De-rating.19A.3Processing units.20A.3.1Self-test by software:limited number of patterns(one-channel).20A.3.2Self-test by software:walking bit(one-channel).20A.3.3Self-test supported by
5、 hardware(one channel).20A.3.4Coded processing(one channel).21A.3.5Reciprocal comparison by software.21A.4Invariable memory ranges.21A.4.1Word saving multi-bit redundancy(for example ROM monitoring with a modifiedhamming code).21A.4.2Modified checksum.21A.4.3Signature of one word(8 bit).22A.4.4Signa
6、ture of a double word(16 bit).22A.4.5Block replication(for example double ROM with hardware or software comparison).2361508-7 IEC:19973Version 4.0 05/12/97A.5Variable memory ranges.23A.5.1RAM test“checkerboard”or“march”.23A.5.2RAM test“walkpath”.24A.5.3RAM test“galpat”or“transparent galpat”.24A.5.4R
7、AM test“Abraham”.24A.5.5One-bit redundancy(for example RAM monitoring with a parity bit).25A.5.6RAM monitoring with a modified hamming code.25A.5.7Double RAM with hardware or software comparison and read/write test.25A.6I/O-units and interfaces(external communication).26A.6.1Test pattern.26A.6.2Code
8、 protection.26A.6.3Multi-channel parallel output.26A.6.4Monitored outputs.27A.6.5Input comparison/voting.27A.7Data paths(internal communication).27A.7.1One-bit hardware redundancy.27A.7.2Multi-bit hardware redundancy.28A.7.3Complete hardware redundancy.28A.7.4Inspection using test patterns.28A.7.5Tr
9、ansmission redundancy.28A.7.6Information redundancy.28A.8Power supply.29A.8.1Overvoltage protection with safety shut-off.29A.8.2Voltage control(secondary).29A.8.3Power-down with safety shut-off.29A.9Temporal and logical program sequence monitoring.29A.9.1Watch-dog with separate time base without tim
10、e-window.30A.9.2Watch-dog with separate time base and time-window.30A.9.3Logical monitoring of program sequence.30A.9.4Combination of temporal and logical monitoring of programme sequences.30A.9.5Temporal monitoring with on-line check.31A.10 Ventilation and heating.31A.10.1 Temperature sensor.31A.10
11、.2 Fan control.31A.10.3 Actuation of the safety shut-off via thermal fuse.31A.10.4 Staggered message from thermo-sensors and conditional alarm.3161508-7 IEC:19974Version 4.0 05/12/97A.10.5 Connection of forced-air cooling and status indication.32A.11 Communication and mass-storage.32A.11.1 Separatio
12、n of electrical energy lines from information lines.32A.11.2 Spatial separation of multiple lines.32A.11.3 Increase of interference immunity.32A.11.4 Antivalent signal transmission.33A.12 Sensors.33A.12.1 Reference sensor.33A.12.2 Positive-activated switch.33A.13 Final elements(Actuators).33A.13.1 M
13、onitoring.34A.13.2 Cross-monitoring of multiple actuators.34Annex B(informative)Overview of techniques and measures for E/E/PES:avoidance of systematicfailures(referenced by parts 2 and 3).35B.1 General measures and techniques.35B.1.1Project management.35B.1.2Documentation.36B.1.3Separation of safet
14、y-related systems from non safety-related systems.37B.1.4Diverse hardware.37B.2E/E/PES safety requirements specification.37B.2.1Structured specification.38B.2.2Formal methods.38B.2.3Semi-formal methods.38B.2.3.1General.38B.2.3.2Finite state machines/state transition diagrams.39B.2.3.3 Time Petri net
15、s.39B.2.4Computer aided specification tools.40B.2.4.1General.40B.2.4.2Tools oriented towards no specific method.40B.2.4.3Model orientated procedure with hierarchical analysis.40B.2.4.4Entity models.41B.2.4.5 Incentive and answer.41B.2.5Checklists.41B.2.6 Inspection of the specification.42B.3E/E/PES
16、design and development.42B.3.1Observance of guidelines and standards.43B.3.2Structured design.43B.3.3Use of well tried components.4461508-7 IEC:19975Version 4.0 05/12/97B.3.4Modularisation.44B.3.5Computer aided design tools.45B.3.6Simulation.45B.3.7Inspection(reviews and analysis).45B.3.8Walkthrough.46B.4E/E/PES operation and maintenance procedures.46B.4.1Operation and maintenance instructions.46B.4.2User friendliness.47B.4.3Maintenance friendliness.47B.4.4Limited operation possibilities.47B.4.5