Diagnostic Coverage

The Functional safety spielt eine zentrale Rolle bei der Entwicklung sicherheitskritischer Systeme. Der Diagnosedeckungsgrad (DC, Diagnostic Coverage) ist dabei eine essenzielle Kennzahl. Er beschreibt das Verhältnis der erkannten gefahrbringenden Ausfälle zur Gesamtzahl aller gefahrbringenden Ausfälle und beeinflusst maßgeblich den erreichbaren Sicherheitslevel. Besonders in den Normen DIN EN ISO 13849-1 und IEC 61508 wird der DC-Wert als Kriterium zur Bewertung der Sicherheit von Steuerungssystemen herangezogen.

Diagnostic Coverage and Safe Failure Fraction (SFF)

There are two different metrics for evaluating diagnostic coverage:

Diagnostic Coverage Ratio of detected dangerous failures to total dangerous failures:

Diagnostic Coverage Formula = λ_DD/λ_D; simple equation, relevant for electronics and embedded software.

whereby

  • lambdaD = Overall failure rate for dangerous errors
  • lambdaDD Recognizably dangerous failures (Dangerous Detected)

Safe Failure Fraction Additionally, consider safe failures:

SFF Formula: (λ_S + λ_DD)/(λ_S + λ_D) – Graphic for electronics, relevant for functional safety.

where λs for safe failures.

A possible connection between DC and SFF arises if we assume, for example, that 50 % failures are safe and 50 % failures are dangerous:

Formula SFF = 50% + 0.5 × DC – Schematic diagram of the electronics.

Example: If DC = 90 %, the SFF is approximately 95 %.

Calculation of the DC value

The DC value can be calculated at different levels – at the component level, for a specific block, or for the entire safety-related parts of the control system (SRP/CS). There are two common methods for this:

Calculation of the failure rate (λ)

The DC value is calculated in detail by determining the failure rates of individual components. Three types of failures are considered here:

  • Total failure rate
  • Recognizable failure ratedangerous detectable)
  • An unrecognizable failure rate (Dangerous and undetectable.)

The formula for calculating the diagnostic coverage rate, considering both detectable and undetectable failure rates, is:

DC* = λ_DD/(λ_DD+λ_DU); Formula representation from electronics, relevant for embedded software.

This method requires a detailed Failure Mode and Effects Analysis (FMEA) to determine the individual values for each component.

Approximate calculation by estimation

A simplified method for determining the DC value is based on a conservative estimate, which is frequently used in practice. In this method, the DC values of individual components are weighted with their MTTFd (Mean Time To Dangerous Failure) values and averaged:

Formula: weighted DC_avg = Σ(DC_i·MTTF_di)/Σ MTTF_di; Electronics and functional safety.

The calculated DC values are divided into four classes:

DC-ClassDC value in %Meaning
No diagnosisDC < 60 %Low or no diagnostic capability
Low60 % ≤ DC < 90 %Limited diagnostic measures
Middle90 % ≤ DC < 99 %Effective diagnostic measures
HighDC ≥ 99 %Very high diagnostic certainty

The ISO 13849-1 The definition of diagnostic coverage explicitly permits the use of estimates, provided they are based on verifiable technical assumptions and established empirical values. In practice, this means that a precisely calculated error detection rate is not required for every single measure. Instead, typical, normatively accepted ranges such as „low,“ „medium,“ or „high,“ as well as reference values (e.g., 90 % or 99 %), may be used if the underlying diagnostic measure and its effectiveness are sufficiently understood. The following table shows examples of measures along the functional chain (input, logic, output) and assigns typical diagnostic coverage levels to them, as used in practice and in the standard environment.

CategoryExemplary measureMaximum Diagnostic Coverage (DC)
Sensors / Input UnitsProcess fault detection via sensors (dependent on request rate)60% – 90%
Cyclic test pulse by changing input signals90 %
Plausibility check, e.g., positively driven relay contacts99 %
LogicDynamic principles (e.g., interlocking circuits in relay systems, ON-OFF-ON requirements)99 %
Test of Watchdog reaction capability via main channel90 %
Actuators / Output UnitsRedundant shutdown circuit with monitoring90%
Direct monitoring, e.g., control valves or electromechanical units with forced guidance99 %
Mechanical measuresSwitches with positively driven contacts for plausibility check99 %

Summary

The diagnostic coverage (DC) is a central metric for functional safety, as it indicates how many dangerous failures can be detected. SFF extends this concept by also considering safe failures, with the relationship between DC and SFF being merely illustrative. High diagnostic coverage reduces the probability of dangerous failures and contributes to the safety of control systems. The calculation can be performed either through detailed FMEA analyses or through approximation methods. Whether diagnostics or redundancy are preferred depends on the architecture and safety-related requirements. By combining failure modeling, redundancy, and diagnostic techniques, a high level of safety can be achieved without introducing unnecessary complexity into the system.

Synonyme:
Diagnosedeckungsgrad, DC, Diagnoseabdeckung
Zurück zum Glossar

Related Posts