EDACafe Editorial Peggy Aycinena
Peggy Aycinena is a contributing editor for EDACafe.Com Functional Safety: ISO, IEC, my Dishwasher, your CarJuly 26th, 2017 by Peggy Aycinena
I jumped up and ran to the kitchen. “It’s just steam,” I mocked, and opened the dishwasher door to prove my point. Lots of steam. When I re-closed the door, however, the dishwasher did not start back up. The buttons atop the door wouldn’t take any input commands. Reaching under the sink, I unplugged the dishwasher and plugged it back in. Rebooted, the dishwasher now accepted the Start command, and I returned to my study to work further on ISO 26262. “It’s still smoking!” someone yelled from the kitchen. Again I jumped up and ran to the kitchen, jerked opened the dishwasher door and yep, it was indeed burning, internally. Rancid smoke was coming up out of the vent holes at the top of the door, just adjacent to the cycle-select buttons. Reaching under the sink one more time, I quickly unplugged the dishwasher and then went to get a screwdriver. Disassembling the interior panel of the door of the dishwasher, it was easy to spot the problem. The entire black box/electronic control complex housed inside the door-casing was smoking. One side of it had developed an enormous blister of mushy, hot plastic and on the other side, an array of 8-10 wires were embedded in a sticky hot goo of melted wire-wrap insulation. With the kitchen reeking of atomized plastic, I searched through the cupboards for the GE Profile Dishwasher User Manual. My particular unit was manufactured in 2003 and installed in 2004, and had up until now given us no grief whatsoever. Now however, the gummy hot mess that used to be the electronic control box was stinky, probably toxic, and definitely terrifying: What would have happened if someone hadn’t spotted the smoke? What if no one had been home? Back at the laptop, I typed in “GE Dishwasher Recalls” and found to my disbelief that my exact unit had been under recall since way back in 2010. Per the website:
What?? We never got any notice of a recall. Have we been living on borrowed time for more than 7 years? Where were the Functional Safety Standards for Home Appliances when this dishwasher was first designed?
Under the hood of your car today, there’s a hunka hunka hunka of [hopefully not burning] semiconductors, packaging, discreet components, mother boards, wiring, oil, fuel, friction, and miscellaneous debris – all living cheek-to-jowl with some pretty wicked temperatures. What are the auto manufacturers supposed to do to guarantee this witch’s brew of flammability [that you belt yourself into every single day] will stay cool, calm and collected, month after month, year after year, no matter how extreme the conditions under the hood? Well, the auto manufacturers are trying to design and produce cars that are as safe as possible, and protect themselves from some future liability at the same time – and ISO 26262 is among the important guidelines they’re using to help navigate that effort. But as I’ve learned in my hours of online research, mastering ISO 26262 is not easy. First you need to study a boatload of vocabulary referenced in the standard – everything from specific definitions for fault and error, to those for hazardous event and safety goal. Then you’ve also got to wrestle with concepts like Safety Life Cycle, Risk Management, and Automotive Safety Integrity Level, otherwise known as ASIL. You’ll also need to be familiar with IEC 61508 – “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems” – and understand how this standard is the progenitor of ISO 26262. Which means you need to know how the IEC is different from the ISO, how the International Electrotechnical Commission differs from the International Organization for Standardization. The IEC, for instance, traces its roots back 100+ years, counts 82 countries as members, with another 82 countries as associates, is based in Geneva, and oversees upwards of 7000 standards. While the IOS has been around for 70 years, is also headquartered in Switzerland, counts 162 countries as members, and oversees 21,500+ standards. Meanwhile and apropos to my dishwasher, both the IEC and the ISO do have standards relevant to dishwasher design, which combined with new-ish installation standards included in the NEC – National Electric Code – should make things like house fires caused by dishwashers a far-less likely scenario. But dishwashers are small potatoes [unless they’re igniting a fire in my house, of course]. The real issue here is your car and what kinds of functional safety standards are being followed in designing and manufacturing your ‘system on wheels’ so neither rain nor sleet nor user error nor car crash can cause a system failure – can cause your car to go ‘dishwasher’ on you, no matter the amount of mechanical damage, while you’re diligently going from home to work, or from home to Big Box store to buy a replacement dishwasher. The people who make cars do not want – and cannot afford – for your car to suddenly start smoking, melting, or bursting into flame just because a little water or oil or fuel dribbled through the wrong hole somewhere under the hood and short-circuited one or more of the thousands of electrical connections that live there. And there’s so much more: You’re going to be surrendering your autonomy and life over to your vehicle, just as soon as the car guys can got those ADAS systems perfected, guaranteed, and in-line with the functional safety standards. The moral of my story: Take pity on the people in companies large and small who are wrestling with the massive safety commandments codified into ISO 262626, IEC 61508, and a host of other standards which are believed to be critical for developing safe cars. These people have got a lot to do, and your life depends on how successfully they do it – now and going forward.
[These from Texas Instruments’ Karl Greb and Anthony Seely presenting at ARMtechcon] IEC 61508 Definition * Safety is the freedom from unacceptable risk of physical injury, or of damage to the health of people, either directly, or indirectly as a result of damage to property or to the environment. * Functional Safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs. ISO 26262 Definition: * Functional Safety is the absence of unacceptable risk due to hazards caused by mal-functional behavior of electrical and/or electronic systems.
[From Wikipedia regarding ISO 26262] Severity Classifications (S): S0 No Injuries Exposure Classifications (E): E0 Incredibly unlikely Controllability Classifications (C): C0 Controllable in general
***************** Tags: ADAS, Anthony Seely, ASIL, Functional Safety, GE Profile Dishwasher, IEC 61508, International Electrotechnical Commission, International Organization for Standardization, ISO 26262, Karl Greb, National Electric Code One Response to “Functional Safety: ISO, IEC, my Dishwasher, your Car” |
Very thought-provoking article. Safety and security are getting so complex as we trust our daily life and experiences to electronic systems. Great outlook for verification and related technologies. No shortage of need for improvement and better solutions.