作者 :Darren H. Chen
方向 :汽车芯片功能安全分析与故障注入实践
Demo :D14_safety_evidence_package
标签:汽车芯片、功能安全、安全证据、FMEDA、故障注入、Diagnostic Coverage、Residual FIT、Traceability、Review Package、Safety Case
1. 为什么这一篇重要?
上一篇文章中,我们使用 measured diagnostic coverage、residual FIT、unsafe fault evidence 和 review policy 更新了 FMEDA-style tables。
D13 生成的输出包括:
text
fmeda_table.csv
fmeda_delta.csv
fmeda_review_items.csv
safety_metric_summary.csv
residual_fit_by_failure_mode.csv
residual_fit_by_part.csv
fmeda_summary.md
fmeda_warnings.csv这些输出对工程分析很有价值。
但是,一个功能安全流程需要的不只是若干单独的 CSV 文件。
下一个问题是:
如何把所有 evidence 打包成一个连贯、可评审、可追溯的 safety evidence package?
本篇对应的 Demo 是:
text
D14_safety_evidence_package本篇引入的通用工具名是:
text
safeic-evidencesafeic-evidence 的目标,是把前面步骤产生的安全产物收集并组织成结构化 evidence package:
text
input assumptions
FIT model evidence
structure extraction evidence
diagnostic coverage estimates
safety mechanism decisions
fault list generation evidence
VCD context evidence
fault campaign execution evidence
fault outcome classification evidence
measured diagnostic coverage evidence
FMEDA update evidence
review items
traceability index
package manifest核心思想是:
Safety evidence 不是一堆文件,而是一个 traceable argument package,用来连接 assumptions、design structure、fault injection results、metrics、FMEDA rows 和 review decisions。
2. D14 在整体流程中的位置
D14 是第一个 packaging 和 review-preparation 步骤。
D01-D05 Analysis Artifacts
D14 Evidence Package
D06-D13 Metric and FMEDA Artifacts
Fault Campaign Logs and Results
Traceability Index
Review Package
Evidence Summary
Open Review Items
图 1:D14 把 analysis artifacts、campaign artifacts、metric artifacts 和 review items 打包成 safety evidence package。
前面的 Demo 已经回答了:
text
分析了什么?
使用了哪些 assumptions?
注入了哪些 faults?
观察到了哪些 outcomes?
计算了哪些 metrics?
更新了哪些 FMEDA rows?D14 回答的是:
text
Reviewer 能否把每个 safety claim 追溯回 evidence?
所有 required artifacts 是否都存在?
哪些 assumptions 仍然没有被验证?
哪些结果是 measured,哪些结果是 estimated?
哪些 review items 仍然 open?
这个 package 是否可以归档或共享?这一步把流程从 analysis generation 转向 evidence management。
3. 什么是 Safety Evidence Package?
Safety evidence package 是一个结构化 folder 或 archive,包含:
text
data files
reports
logs
configuration files
policies
manifests
traceability tables
review notes
warnings
checksums
summary documents它应该让另一个工程师能够理解:
text
运行了什么?
使用了哪个 design?
使用了哪些 assumptions?
使用了哪些 tools?
生成了哪些 inputs 和 outputs?
每个 metric 的 evidence 来源是什么?
还有哪些问题 open?一个最小 evidence package 可能类似:
text
evidence_package/
package_manifest.yaml
evidence_index.csv
traceability_matrix.csv
review_items.csv
summaries/
metrics/
fmeda/
campaigns/
assumptions/
logs/Evidence package 不替代 safety review。
它是为了 review 准备 evidence。
4. Evidence Package 不等于最终 Safety Case
Safety evidence package 不会自动成为最终 safety case。
最终 safety case 通常需要 structured arguments、claims、reasoning、independent review 和 project-specific compliance mapping。
Evidence package 是 artifact foundation。
Raw Artifacts
Evidence Package
Review
Safety Argument
Safety Case
图 2:Evidence package 负责组织 artifacts;review 和 argumentation 才会把它们转化为 safety case。
D14 关注的是:
text
artifact completeness
traceability
evidence indexing
review readiness
reproducibility后续 report demos 可以在这个 package 基础上生成更正式的 safety arguments。
5. 为什么 Packaging 很重要?
如果不做 packaging,安全工作会很难被信任。
常见问题包括:
text
metrics without source data
FMEDA rows without evidence links
fault outcomes without campaign logs
measured DC without classification policy
campaign results without VCD context
review items separated from unsafe faults
scripts without input manifests
reports generated from unknown versions好的 evidence package 通过记录以下信息避免这些问题:
text
artifact origin
artifact type
generation step
input dependencies
output dependencies
file hash
review status
evidence role这样,安全分析才具备可复现性和可评审性。
6. Evidence Types
D14 应该对 evidence 进行类型分类。
建议 evidence types:
text
input_package
assumption
configuration
structural_model
fit_model
diagnostic_coverage
safety_mechanism_selection
fault_list
waveform_context
campaign_execution
fault_classification
measured_metric
fmeda_table
review_item
summary_report
log
warning示例:
csv
evidence_id,evidence_type,file,source_demo,review_status
E001,input_package,D01/outputs/input_inventory.csv,D01,reviewed
E020,structural_model,D05/outputs/structure_graph.json,D05,auto_generated
E050,fault_classification,D11/outputs/fault_outcomes.csv,D11,review_required
E070,fmeda_table,D13/outputs/fmeda_table.csv,D13,review_requiredEvidence type 可以帮助 reviewer 判断每个 artifact 应该如何使用。
7. Evidence Roles
一个文件在安全流程中可能承担特定角色。
建议 roles:
text
source_input
derived_artifact
metric_input
metric_output
review_basis
traceability_link
warning_record
decision_record
execution_log
reproducibility_record示例:
csv
file,role
fault_outcomes.csv,metric_input
measured_dc_by_failure_mode.csv,metric_output
fmeda_review_items.csv,review_basis
manifest.yaml,reproducibility_record
campaign_status.csv,execution_log这可以避免 reviewer 把所有文件等价对待。
有些文件是 inputs。
有些是 outputs。
有些是 evidence。
有些是 warnings。
有些是 decisions。
8. Package Manifest
Package manifest 是 evidence package 的顶层说明。
示例:
yaml
package:
name: automotive_safeic_practice_d14_evidence_package
demo: D14_safety_evidence_package
top_module: toy_counter
created_by: safeic-evidence
package_version: 0.1
scope:
design: toy_counter
safety_scope: functional safety analysis and fault injection practice
artifact_range:
from_demo: D01
to_demo: D13
inputs:
fmeda_table: ../D13_fmeda_update/outputs/fmeda_table.csv
fault_outcomes: ../D11_fault_outcome_classification/outputs/fault_outcomes.csv
measured_dc: ../D12_measured_diagnostic_coverage/outputs/measured_dc_summary.md
campaign_status: ../D10_fault_campaign_execution/outputs/campaign_status.csv
outputs:
evidence_index: outputs/evidence_index.csv
traceability_matrix: outputs/traceability_matrix.csv
package_summary: outputs/evidence_package_summary.mdManifest 定义了 evidence package 的边界。
9. Evidence Index
Evidence index 是核心文件清单。
推荐列:
text
evidence_id
file_path
artifact_name
artifact_type
evidence_role
source_demo
source_tool
input_or_output
review_status
hash
description示例:
csv
evidence_id,file_path,artifact_type,evidence_role,source_demo,review_status,description
E001,D03/outputs/base_fit_report.csv,fit_model,metric_input,D03,reviewed,base FIT contribution table
E002,D06/outputs/endpoint_dc.csv,diagnostic_coverage,metric_input,D06,review_required,estimated endpoint diagnostic coverage
E003,D11/outputs/fault_outcomes.csv,fault_classification,metric_input,D11,review_required,classified fault outcomes
E004,D13/outputs/fmeda_table.csv,fmeda_table,review_basis,D13,review_required,updated FMEDA table这个文件回答:
text
有哪些 evidence?
在哪里?
用于什么?
来自哪里?
是否已经 review?10. Traceability Matrix
Traceability matrix 连接 claims、metrics 和 evidence。
示例 trace chain:
text
FMEDA row R003
→ failure mode FM_ALARM_NOT_ASSERTED
→ unsafe fault F004
→ fault outcome D11
→ campaign run D10
→ fault list D08
→ VCD context D09
→ structure model D05一行 matrix 可能是:
csv
trace_id,claim_or_row,evidence_id,dependency_type,description
T001,R003,E004,defines_row,FMEDA row for alarm not asserted
T002,R003,E003,supported_by_fault_outcome,unsafe fault F004 linked
T003,F004,E010,executed_by_campaign,D10 campaign run produced raw result
T004,F004,E008,defined_by_fault_list,D08 fault list defined target and expected alarm
T005,F004,E009,context_from_vcd,D09 VCD context provided injection windowFMEDA Row
Measured DC
Fault Outcomes
Campaign Runs
Fault List
Structure / VCD Context
图 3:Traceability 把 FMEDA rows 和 metrics 追溯到 fault outcomes、campaign runs、fault lists 和 structural context。
这是 D14 最重要的输出之一。
11. Claim-Oriented Traceability
除了 trace files,D14 还应该 trace engineering claims。
示例 claims:
text
C001: toy_counter.count data corruption is protected by endpoint parity.
C002: toy_counter.alarm path remains weak and requires review.
C003: measured DC for FM_ALARM_NOT_ASSERTED is low.
C004: diagnostic state corruption remains unsafe.Claim table:
csv
claim_id,claim,claim_type,status,primary_evidence,review_status
C001,toy_counter.count data corruption is protected by endpoint parity,coverage_claim,supported,E012,low_confidence
C002,toy_counter.alarm path remains weak,risk_claim,supported,E030,review_required
C003,FM_ALARM_NOT_ASSERTED measured DC is 0.0,metric_claim,supported,E025,review_requiredClaims 比 raw files 更适合 review。
Reviewer 通常问的是:
text
你在主张什么?
支持这个主张的 evidence 是什么?
仍然不确定的地方是什么?D14 应帮助回答这些问题。
12. Evidence Completeness Check
Package 应检查 required artifacts 是否存在。
示例 required artifacts:
text
input inventory
FIT report
structure graph
estimated DC
safety mechanism selection
fault list
VCD context
campaign status
fault outcomes
measured DC
FMEDA table
review itemsCompleteness output:
csv
required_artifact,expected_file,present,status
base_fit_report,D03/outputs/base_fit_report.csv,true,PASS
structure_graph,D05/outputs/structure_graph.json,true,PASS
fault_outcomes,D11/outputs/fault_outcomes.csv,true,PASS
fmeda_table,D13/outputs/fmeda_table.csv,true,PASS
campaign_logs,D10/runs,false,WARNCompleteness 本身不等于 safety,但 missing artifacts 会立即削弱 package 的可信度。
13. Evidence Quality Check
Completeness 回答:
text
文件是否存在?Evidence quality 问的是:
text
这个 evidence 是否可用,是否足够强?Quality factors 包括:
text
review status
confidence
sample size
unresolved ratio
not-classified ratio
warnings
scope mismatch
missing signals
low evidence coverage
open review items示例:
csv
evidence_area,status,reason
fault_classification,PASS,no unresolved faults in demo sample
measured_dc,LOW_CONFIDENCE,sample size is too small
fmeda_update,REVIEW_REQUIRED,unsafe faults linked to two rows
campaign_execution,PASS,all demo runs executed or emulatedEvidence quality 应在 package summary 中显式呈现。
14. Review Items Integration
D13 已经生成了 review items。
D14 应把它们纳入 package,并将每个 review item 连接到 evidence。
示例:
csv
item_id,severity,row_id,issue,evidence_id,recommended_action,status
I001,HIGH,R003,alarm path has unsafe fault,E030,add redundant alarm or alarm path monitor,open
I002,MEDIUM,R002,diagnostic state unprotected,E031,add protection or justify residual risk,open
I003,LOW,R001,measured DC confidence low,E025,increase campaign sample size,open这会把 evidence package 变成一个实用的工程交付物。
Package 不应该隐藏 open issues。
Open issues 正是 reviewer 最需要看到的内容。
15. Assumption Register
Safety evidence package 应包含 assumptions。
示例:
text
fault model set is limited to stuck-at and transient flip
toy design is representative only for methodology
measured DC is count-based unless otherwise configured
safe faults are excluded from primary DC
unresolved faults are reported separately
emulation mode results are not final validation evidenceAssumption register 示例:
csv
assumption_id,assumption,source,status,impact
A001,fault models are limited to stuck_at_0/stuck_at_1/transient_flip,D08,active,limits coverage scope
A002,primary measured DC uses detected/(detected+unsafe),D12,active,affects measured DC value
A003,D10 demo campaign may run in emulation mode,D10,active,not final validation evidence
A004,measured DC with low sample size does not replace estimated DC,D13,active,keeps FMEDA conservativeAssumptions 本身不是弱点。
未声明的 assumptions 才是真正的问题。
16. Configuration and Policy Archive
D14 应归档 configuration 和 policy files。
示例:
text
dc_policy.yaml
selection_policy.yaml
faultgen_policy.yaml
vcd_policy.yaml
campaign_policy.yaml
classification_policy.yaml
measurement_policy.yaml
fmeda_update_policy.yaml为什么要归档 policies?
因为如果不知道 policy,metrics 就无法解释。
例如:
text
measured DC = 0.60这个数字本身意义很有限,除非知道:
text
safe faults excluded?
unresolved faults excluded?
count-based or FIT-weighted?
late alarms counted?
secondary alarms allowed?
low confidence update allowed?Policy archive 让 package 可复现。
17. Artifact Hashes
为了 review 和 reproducibility,D14 可以计算 file hashes。
示例:
csv
evidence_id,file_path,sha256
E001,D13/outputs/fmeda_table.csv,9e2a...
E002,D12/outputs/measured_dc_by_failure_mode.csv,4a17...
E003,D11/outputs/fault_outcomes.csv,bb09...Hashes 可以帮助识别 packaging 之后文件是否被意外修改。
对早期 Demo 来说,hashes 是可选项,但建议实现。
18. Evidence Dependency Graph
Dependency graph 展示 artifacts 之间的依赖关系。
示例:
Structure Model
Estimated DC
Fault List
Measured DC Comparison
Campaign Execution
VCD Context
Fault Classification
FMEDA Update
Evidence Package
图 4:Evidence dependency graph 展示早期 analysis 和 campaign artifacts 如何进入 FMEDA 和 evidence package。
D14 可以把这个 graph 作为 Markdown Mermaid 文本生成。
这对 GitHub 文档展示很有用。
19. Package Summary Report
Evidence package summary 应该是工程师可读的。
一个好的 summary 应包含:
text
package scope
design under analysis
artifact completeness
key metrics
key unsafe findings
key open review items
assumptions
evidence quality
next recommended actions示例 summary:
md
# D14 Safety Evidence Package Summary
Design: toy_counter
Scope: functional safety analysis and fault injection practice
Evidence range: D01 to D13
## Key Metrics
Total base FIT: 0.078
Total residual FIT: 0.0204
Weighted selected DC: 0.738
## Key Findings
1. Counter state data corruption is protected by endpoint parity.
2. Diagnostic state corruption remains unsafe.
3. Alarm-not-asserted failure mode remains unsafe.
4. Measured DC sample size is low.
## Review Items
- Add or justify alarm path protection.
- Add protection for diagnostic state.
- Expand fault campaign sample size.
## Evidence Quality
Package completeness: PASS
Metric confidence: LOW for demo sample
Open high-severity review items: 1Summary 不是封面。
它是 review 的入口。
20. Review Readiness Criteria
D14 可以定义 review readiness criteria。
示例:
yaml
review_readiness:
required:
- fmeda_table_present
- fault_outcomes_present
- measured_dc_present
- review_items_present
- assumptions_present
quality_gates:
max_missing_required_artifacts: 0
max_high_severity_open_items_for_release: 0
max_unresolved_ratio_for_measured_update: 0.10
require_policy_archive: true输出:
csv
criterion,status,reason
fmeda_table_present,PASS,file found
fault_outcomes_present,PASS,file found
measured_dc_present,PASS,file found
high_severity_open_items,FAIL,1 high severity review item open
policy_archive_present,PASS,policy files indexed这会让 review readiness 显式化。
21. Evidence Package Structure
建议目录结构:
text
D14_safety_evidence_package/
README.md
run_demo.sh
run_demo.csh
manifest.yaml
inputs/
package_config.yaml
review_readiness_policy.yaml
package/
package_manifest.yaml
evidence_index.csv
traceability_matrix.csv
claim_traceability.csv
assumption_register.csv
review_items.csv
completeness_check.csv
evidence_quality.csv
artifact_hashes.csv
summaries/
evidence_package_summary.md
metric_summary.md
fmeda_summary.md
metrics/
measured_dc_by_endpoint.csv
measured_dc_by_failure_mode.csv
measured_residual_fit.csv
safety_metric_summary.csv
fmeda/
fmeda_table.csv
fmeda_delta.csv
fmeda_review_items.csv
campaign/
campaign_status.csv
raw_fault_results.csv
fault_outcomes.csv
policies/
measurement_policy.yaml
classification_policy.yaml
fmeda_update_policy.yaml
logs/
warnings.csv
package_build.log
outputs/
package_status.csv
evidence_package_summary.mdPackage folder 后续可以归档为:
text
automotive_safeic_practice_d14_evidence_package.zip22. Package Configuration
示例 package_config.yaml:
yaml
package:
name: automotive_safeic_practice_d14_evidence_package
top_module: toy_counter
include_hashes: true
copy_artifacts: true
preserve_relative_paths: true
artifact_sources:
D03_base_fit:
path: ../D03_base_fit_rate/outputs/base_fit_report.csv
type: fit_model
role: metric_input
D11_fault_outcomes:
path: ../D11_fault_outcome_classification/outputs/fault_outcomes.csv
type: fault_classification
role: metric_input
D12_measured_dc:
path: ../D12_measured_diagnostic_coverage/outputs/measured_dc_summary.md
type: measured_metric
role: summary_report
D13_fmeda_table:
path: ../D13_fmeda_update/outputs/fmeda_table.csv
type: fmeda_table
role: review_basis这个文件告诉 safeic-evidence 应该打包哪些内容。
23. 主输出:evidence_index.csv
示例:
csv
evidence_id,file_path,artifact_type,evidence_role,source_demo,review_status,description
E001,metrics/base_fit_report.csv,fit_model,metric_input,D03,reviewed,base FIT report
E002,campaign/fault_outcomes.csv,fault_classification,metric_input,D11,review_required,classified fault outcomes
E003,metrics/measured_dc_by_failure_mode.csv,measured_metric,metric_output,D12,review_required,measured DC by failure mode
E004,fmeda/fmeda_table.csv,fmeda_table,review_basis,D13,review_required,updated FMEDA table这是 package inventory。
24. 主输出:traceability_matrix.csv
示例:
csv
trace_id,source,target,relationship,description
T001,R003,F004,supported_by_unsafe_fault,alarm-not-asserted row linked to unsafe fault
T002,F004,D10_RUN_F004,executed_by,campaign run generated raw result
T003,D10_RUN_F004,D08_F004,defined_by_fault_list,fault came from generated list
T004,D08_F004,D09_CONTEXT,uses_context,VCD context provided injection and detection window
T005,R003,E004,included_in_fmeda,FMEDA row included in evidence package这是让 evidence 可评审的链路。
25. 主输出:claim_traceability.csv
示例:
csv
claim_id,claim,status,primary_evidence,supporting_evidence,open_issue
C001,counter state data corruption is covered by endpoint parity,supported,E003,E004,low sample size
C002,alarm-not-asserted remains an open risk,supported,E004,E002,unsafe fault F004
C003,diagnostic state requires protection,supported,E004,E002,unsafe fault F003Claim traceability 对文章、报告和 review deck 都很有用。
26. 主输出:assumption_register.csv
示例:
csv
assumption_id,assumption,source_demo,status,impact
A001,fault model set is limited to stuck-at and transient flip,D08,active,campaign scope limited
A002,primary measured DC excludes safe and unresolved faults,D12,active,affects measured DC formula
A003,low-confidence measured DC does not replace estimated DC,D13,active,keeps FMEDA conservative这让 assumptions 显式化。
27. 主输出:package_status.csv
示例:
csv
check,status,details
required_artifacts_present,PASS,all required artifacts found
hashes_generated,PASS,hashes generated for 18 artifacts
open_high_review_items,FAIL,1 high severity item open
metric_confidence,WARN,measured DC confidence is low for demo sample
package_ready_for_archive,WARN,package can be archived but not considered release-readyPackage status 应该诚实。
一个 Demo package 可以完整,但不代表 release-ready。
28. safeic-evidence 工具架构
通用工具 safeic-evidence 可以实现成分阶段 pipeline。
manifest.yaml
safeic-evidence
package_config.yaml
review_readiness_policy.yaml
Artifacts from D01-D13
Discover Artifacts
Validate Required Files
Copy or Link Artifacts
Generate Evidence Index
Generate Traceability Matrix
Generate Assumption Register
Generate Review Readiness Checks
Generate Package Summary
图 5:safeic-evidence 负责发现、校验、索引、追溯并总结 safety evidence artifacts。
建议内部模块:
text
safeic_evidence/
cli.py
manifest.py
load_config.py
artifact_discovery.py
artifact_copy.py
hashing.py
evidence_index.py
traceability.py
claims.py
assumptions.py
review_readiness.py
package_summary.py
report.py职责划分:
| 模块 | 职责 |
|---|---|
artifact_discovery.py |
Locate expected artifacts from previous demos |
artifact_copy.py |
Copy or link artifacts into package folder |
hashing.py |
Generate file hashes |
evidence_index.py |
Build evidence inventory |
traceability.py |
Build dependency and traceability matrix |
claims.py |
Build claim-oriented traceability |
assumptions.py |
Build assumption register |
review_readiness.py |
Apply readiness checks |
package_summary.py |
Generate human-readable summary |
report.py |
Generate CSV and Markdown outputs |
29. D14 Manifest
示例:
yaml
project:
name: automotive_safeic_practice
demo: D14_safety_evidence_package
top_module: toy_counter
inputs:
package_config: inputs/package_config.yaml
review_readiness_policy: inputs/review_readiness_policy.yaml
source_roots:
demos_root: ..
include_demos:
- D03_base_fit_rate
- D05_structural_safety_model
- D08_fault_list_generation
- D09_vcd_safety_context
- D10_fault_campaign_execution
- D11_fault_outcome_classification
- D12_measured_diagnostic_coverage
- D13_fmeda_update
outputs:
package_dir: package
package_status: outputs/package_status.csv
summary: outputs/evidence_package_summary.mdManifest 定义 package build。
30. D14 执行流程
Load Manifest
Load Package Config
Load Review Readiness Policy
Discover Required Artifacts
Check Completeness
Copy or Link Artifacts
Generate Hashes
Build Evidence Index
Build Traceability Matrix
Build Claim Traceability
Build Assumption Register
Run Review Readiness Checks
Generate Package Summary
图 6:D14 执行流程:发现 artifacts、检查 completeness、打包文件、构建 traceability、记录 assumptions,并总结 review readiness。
示例 bash 脚本:
bash
#!/usr/bin/env bash
set -euo pipefail
safeic-evidence \
--manifest manifest.yaml \
--output-dir outputs示例 csh 脚本:
csh
#!/bin/csh -f
set DEMO = D14_safety_evidence_package
echo "Running $DEMO"
safeic-evidence \
--manifest manifest.yaml \
--output-dir outputs预期输出:
text
package/package_manifest.yaml
package/evidence_index.csv
package/traceability_matrix.csv
package/claim_traceability.csv
package/assumption_register.csv
package/review_items.csv
package/completeness_check.csv
package/evidence_quality.csv
package/artifact_hashes.csv
outputs/package_status.csv
outputs/evidence_package_summary.md31. 校验规则
safeic-evidence 应校验:
text
package_config.yaml exists
review readiness policy exists
required artifacts exist
artifact paths are unique
evidence IDs are unique
artifact types are valid
review statuses are valid
trace links reference existing evidence IDs
claim links reference existing evidence IDs
assumption IDs are unique
hash generation succeeds when enabled
package directory is writable示例信息:
text
[PASS] package config loaded
[PASS] D13 fmeda_table.csv found
[PASS] D11 fault_outcomes.csv found
[PASS] evidence index generated with 18 artifacts
[WARN] D10 campaign logs folder not found; package includes summary only
[WARN] one high-severity review item remains open
[ERROR] traceability link references unknown evidence ID E999D14 不应该在 required artifacts 缺失时假装 package 是完整的。
32. 常见错误
32.1 把 Evidence 当作 File Dump
一堆文件夹不等于 evidence package,除非它有 index、traceability、assumptions 和 review status。
32.2 丢失 Policy Files
如果没有 policy files,metrics 无法解释。
必须归档 classification、measurement 和 update policies。
32.3 隐藏 Open Review Items
Open issues 是 evidence package 的一部分。
它们应当可见。
32.4 缺少 Traceability
如果 FMEDA values 无法追溯到 campaign outcomes 和 assumptions,package 就很弱。
32.5 未标注 Estimated 和 Measured Evidence
Estimated values 和 measured results 必须明确区分。
32.6 忽略 Artifact Versioning
没有 hashes 或 version records 的 report 更难复现。
32.7 过度宣称 Demo Evidence
Methodology demo package 不等同于 production safety signoff。
Summary 应说明 evidence scope 和 limitations。
33. D14 如何连接到后续 Demo?
D14 创建 consolidated evidence package。
后续 Demo 可以生成 reports、dashboards 和 iteration tracking。
D14 Evidence Package
D15 Safety Report Generation
D16 Regression and Trend Tracking
D17 Commercial Tool Comparison
Review Report
Metric Trend
Comparison Report
图 7:D14 为 safety reports、regression tracking 和 tool comparison 提供 package foundation。
当 evidence 被打包后,后续步骤就可以专注 presentation、comparison、automation 和 iteration。
34. 推荐实现阶段
D14 可以分阶段实现。
Stage 1:Package Inventory
收集关键 artifacts,并生成 evidence_index.csv。
交付物:
text
evidence_index.csv
package_manifest.yamlStage 2:Completeness and Quality Checks
检查 required artifacts,并总结质量。
交付物:
text
completeness_check.csv
evidence_quality.csv
package_status.csvStage 3:Traceability Matrix
连接 FMEDA rows、fault outcomes、campaign runs 和 source artifacts。
交付物:
text
traceability_matrix.csvStage 4:Claims and Assumptions
生成 claim traceability 和 assumption register。
交付物:
text
claim_traceability.csv
assumption_register.csvStage 5:Package Summary and Archive
生成 summary 和可选 archive。
交付物:
text
evidence_package_summary.md
automotive_safeic_practice_d14_evidence_package.zip这种分阶段方法使 D14 在正式 report generator 之前就可以发挥作用。
35. 总结
Safety evidence packaging 是把分析输出转化成可评审 artifact set 的步骤。
D14 Demo:
text
D14_safety_evidence_package引入通用工具:
text
safeic-evidence该工具消费:
text
artifacts from D01-D13
package_config.yaml
review_readiness_policy.yaml并生成:
text
package_manifest.yaml
evidence_index.csv
traceability_matrix.csv
claim_traceability.csv
assumption_register.csv
review_items.csv
completeness_check.csv
evidence_quality.csv
artifact_hashes.csv
package_status.csv
evidence_package_summary.md核心结论是:
Safety evidence 只有在被 indexed、traceable、policy-aware、assumption-aware 和 review-ready 之后才真正有用。没有背后 evidence chain 的单个 metric 或 FMEDA table 是不够的。
D14 为后续 reporting、comparison 和 iterative safety improvement 做准备。
36. D14 Demo Checklist
对于 D14_safety_evidence_package,预期交付物如下:
text
[ ] README.md
[ ] run_demo.sh
[ ] run_demo.csh
[ ] manifest.yaml
[ ] inputs/package_config.yaml
[ ] inputs/review_readiness_policy.yaml
[ ] package/package_manifest.yaml
[ ] package/evidence_index.csv
[ ] package/traceability_matrix.csv
[ ] package/claim_traceability.csv
[ ] package/assumption_register.csv
[ ] package/review_items.csv
[ ] package/completeness_check.csv
[ ] package/evidence_quality.csv
[ ] package/artifact_hashes.csv
[ ] package/summaries/evidence_package_summary.md
[ ] package/metrics/measured_dc_by_endpoint.csv
[ ] package/metrics/measured_dc_by_failure_mode.csv
[ ] package/metrics/measured_residual_fit.csv
[ ] package/fmeda/fmeda_table.csv
[ ] package/fmeda/fmeda_delta.csv
[ ] package/fmeda/fmeda_review_items.csv
[ ] package/campaign/campaign_status.csv
[ ] package/campaign/fault_outcomes.csv
[ ] package/policies/classification_policy.yaml
[ ] package/policies/measurement_policy.yaml
[ ] package/policies/fmeda_update_policy.yaml
[ ] outputs/package_status.csv
[ ] outputs/evidence_package_summary.md一次成功的 D14 运行应该回答:
text
Evidence package 包含哪些 artifacts?
哪些 required artifacts 缺失?
哪些 metrics 和 FMEDA rows 有 evidence 支撑?
哪些 claims 被支撑,哪些仍然 open?
哪些 assumptions 是 active?
哪些 review items 仍未解决?
哪些 artifacts 是 estimated,哪些是 measured?
哪些文件支撑 measured DC 和 residual FIT?
Reviewer 能否把 FMEDA rows 追溯回 fault outcomes 和 campaign data?
Package 是否 ready for review、archive 或 further report generation?