ASIL accuracy

ASIL accuracy describes the maximum possible deviation of a measurement in a system in which a single point fault occurred before some diagnostic detects this fault. This concept applies to automotive systems designed under the ISO-26262 methodology for automotive functional safety, which defines Automotive Safety Integrity Levels (ASILs) to classify risks.

While accuracy refers to a single measurement, ASIL accuracy considers variation in the primary measurement being assessed as well as variation in the diagnostic measurement or measurements used to detect single point faults.

How to calculate
A conceptually simple implementation incorporates a fully redundant measurement. A fault in the primary measurement can be detected by comparing the primary and diagnostic measurements, and signaling a fault if the difference is outside the expected operating range. If the two measurements are truly independent and uncorrelated, in normal operation they can be at opposite ends of their operating ranges. If the primary measurement has an accuracy V1, and if the redundant diagnostic measurement has an accuracy V2, then the fault detection limit should be set to at least VLIM=V1+V2 to avoid false positives. The system shall flag a fault if the difference between V1 and V2 is greater than VLIM. The fault detection limit, however, should not be confused with ASIL accuracy. Consider the case of a single point fault in which the primary measurement drifts to an incorrect value. ASIL accuracy describes the maximum such drift before the fault is flagged. If the diagnostic measurement V2 is at the maximum of its operating range, the primary measurement can drift VLIM further before the fault is raised. The maximum possible drift in the primary measurement V1, then, is V2+VLIM, and so the ASIL accuracy VASIL=V2+VLIM.