【汽车芯片功能安全分析与故障注入实践 15】安全报告生成:从 Evidence Package 到可评审工程报告

DarrenHChen_EDA2026-05-12 11:47

作者 :Darren H. Chen
方向 :汽车芯片功能安全分析与故障注入实践
Demo :D15_safety_report_generation
标签:汽车芯片、功能安全、安全报告、Evidence Package、FMEDA、故障注入、Diagnostic Coverage、Residual FIT、Traceability、Review Report

1. 为什么这一篇重要?

上一篇文章中,我们构建了 safety evidence package。

D14 已经组织了以下 artifacts:

text 复制代码 
package_manifest.yaml
evidence_index.csv
traceability_matrix.csv
claim_traceability.csv
assumption_register.csv
review_items.csv
completeness_check.csv
evidence_quality.csv
artifact_hashes.csv
evidence_package_summary.md

这些 evidence package 是 artifact foundation,也就是安全证据的基础。

但是,reviewer 通常不会从几十个 CSV 文件开始阅读。

下一个问题是:

如何把 evidence package 转换成一份可读、结构化、可评审的 safety engineering report?

本篇对应的 Demo 是:

text 复制代码 
D15_safety_report_generation

本篇引入的通用工具名是:

text 复制代码 
safeic-report

safeic-report 的目标,是从 D14 evidence package 生成 safety report,输入包括:

text 复制代码 
package manifest
evidence index
FMEDA table
measured DC tables
residual FIT summaries
fault outcome summaries
review items
assumption register
traceability matrix
evidence quality checks
package status

并输出:

text 复制代码 
safety_report.md
safety_report_summary.md
review_action_list.md
metric_tables_for_review.csv
report_warnings.csv

核心思想是:

Safety report 不是把所有数据重新打印一遍,而是对 scope、assumptions、evidence、metrics、findings、limitations 和 review actions 进行结构化解释。

2. D15 在整体流程中的位置

D15 位于 evidence packaging 之后。
D14 Evidence Package
D15 Safety Report Generation
Safety Report
Review Action List
Metric Tables for Review
Report Warnings

图 1:D15 把 evidence package 转换成 review-ready engineering report。

D14 回答的是:

text 复制代码 
哪些 artifacts 存在?
它们在哪里?
它们如何相互连接?
哪些 assumptions 和 review items 是 active?

D15 回答的是:

text 复制代码 
这些 evidence 意味着什么?
关键 metrics 是什么?
关键 risks 是什么?
哪些 safety mechanisms 起作用了?
哪些 failure modes 仍然较弱?
哪些 FMEDA rows 需要 review?
下一步应该做什么?

这一步是从 evidence management 转向 safety communication。

3. Evidence Package 与 Safety Report 的区别

Evidence package 和 safety report 的目的不同。

Item Purpose
Evidence package 存储、索引、追溯并保存 artifacts
Safety report 解释、总结、解读并指导 review
FMEDA table 提供 row-level safety data
Review action list 把 findings 转换成工程 actions
Traceability matrix 把 claims 连接到 evidence

Report 不应替代 evidence package。

Report 应该指向 evidence package。
Evidence Package
Safety Report
Traceability Matrix
FMEDA Table
Review Items
Engineering Review

图 2:Safety report 解释 evidence,而 evidence package 保留 traceability。

没有 evidence 的 report 很弱。

没有 report 的 evidence package 很难 review。

4. Report 应该做什么?

一份有用的 safety report 应该:

text 复制代码 
define the analysis scope
summarize the design under analysis
state assumptions and limitations
describe the analysis flow
summarize key metrics
highlight weak failure modes
highlight unsafe faults
summarize measured DC and residual FIT
show estimated-vs-measured gaps
show FMEDA update status
list open review items
link evidence files
recommend next actions

它不应该:

text 复制代码 
hide unresolved evidence
pretend demo data is production signoff
mix estimated and measured metrics without labels
omit policy assumptions
report a single number without context

Report 是一个技术沟通 artifact。

它的价值来自清晰性、可追溯性和诚实性。

5. Report 是 Evidence 之上的一层

D15 不应该重新计算所有 metrics。

它应该消费 D14 以及前面步骤的输出。

text 复制代码 
D12:
  measured diagnostic coverage

D13:
  FMEDA table and review items

D14:
  evidence index, traceability, assumptions, package status

D15:
  report generation

D12 Metrics
D15 Report
D13 FMEDA
D14 Evidence Package
Markdown Report
Review Summary
Action List

图 3:D15 是 report layer,不是 metric recomputation layer。

这种分离能保持 workflow 模块化。

如果 D12 变化,就重新生成 D13 和 D14,然后再生成 D15。

6. Report Inputs

建议输入:

text 复制代码 
inputs/
  report_config.yaml
  report_template.md
  package_manifest.yaml
  evidence_index.csv
  package_status.csv
  evidence_package_summary.md
  fmeda_table.csv
  fmeda_review_items.csv
  safety_metric_summary.csv
  residual_fit_by_failure_mode.csv
  residual_fit_by_part.csv
  measured_dc_by_endpoint.csv
  measured_dc_by_failure_mode.csv
  measured_dc_by_safety_mechanism.csv
  estimated_vs_measured_dc.csv
  fault_outcomes.csv
  outcome_summary.csv
  assumption_register.csv
  claim_traceability.csv
  traceability_matrix.csv

D15 可以从 D14 package folder 中读取这些文件。

第一版 Demo 可以使用复制好的 sample CSV 文件。

7. Report Outputs

建议输出:

text 复制代码 
outputs/
  safety_report.md
  safety_report_summary.md
  review_action_list.md
  metric_tables_for_review.csv
  report_warnings.csv
  report_manifest.yaml

后续可选输出:

text 复制代码 
safety_report.html
safety_report.pdf
review_deck_outline.md

对于 GitHub Demo,Markdown 是最合适的第一格式。

原因是 Markdown:

text 复制代码 
easy to version-control
easy to review in GitHub
easy to diff
easy to generate
easy to convert later

8. Report Configuration

Report 应由配置文件驱动。

示例 report_config.yaml

yaml 复制代码 
report:
  title: Automotive Safe-IC Functional Safety Analysis Report
  subtitle: Fault Injection and FMEDA Evidence Summary
  demo: D15_safety_report_generation
  top_module: toy_counter
  format: markdown

sections:
  include_scope: true
  include_flow_overview: true
  include_key_metrics: true
  include_fmeda_summary: true
  include_measured_dc: true
  include_fault_campaign: true
  include_unsafe_findings: true
  include_assumptions: true
  include_traceability: true
  include_review_items: true
  include_limitations: true
  include_next_actions: true

policies:
  show_estimated_vs_measured: true
  show_confidence_labels: true
  show_open_review_items: true
  fail_on_missing_required_tables: false
  warn_on_low_confidence_metrics: true

output:
  markdown: outputs/safety_report.md
  summary: outputs/safety_report_summary.md
  action_list: outputs/review_action_list.md

Report configuration 让 generator 可复用。

不同受众可以使用不同 report profiles。

9. Report Template

一个简单 report template 可以是带 placeholders 的 Markdown。

示例:

md 复制代码 
# {{ report.title }}

Design: {{ project.top_module }}  
Evidence Package: {{ package.name }}  
Generated by: {{ tool.name }}  

## 1. Scope

{{ scope.summary }}

## 2. Key Metrics

{{ metrics.overview_table }}

## 3. FMEDA Summary

{{ fmeda.summary_table }}

## 4. Key Findings

{{ findings.key_findings }}

## 5. Review Items

{{ review.items_table }}

Template-based reporting 可以把 style 和 data extraction 分离。

当同一组数据需要输出到不同场景时,这一点很重要:

text 复制代码 
GitHub article
internal review
customer demo
engineering checkpoint
management summary

10. 建议 Report 结构

D15 report 可以采用以下结构:

text 复制代码 
1. Executive Summary
2. Scope and Inputs
3. Analysis Flow Overview
4. Evidence Package Summary
5. Key Metrics
6. Diagnostic Coverage Summary
7. Residual FIT Summary
8. Fault Campaign Summary
9. Fault Outcome Summary
10. FMEDA Update Summary
11. Key Findings
12. Open Review Items
13. Assumptions and Limitations
14. Traceability Summary
15. Recommended Next Actions
16. Appendix: Artifact Index

这个结构兼顾可读性和可追溯性。

它先给结论,再进入 evidence。

11. Executive Summary

Executive summary 应该简短直接。

示例:

md 复制代码 
## Executive Summary

This report summarizes a functional safety analysis and fault injection practice flow for `toy_counter`.

The current evidence indicates:

- Counter state data corruption is covered by endpoint parity in the demo campaign.
- Diagnostic state corruption remains unsafe.
- Alarm-not-asserted failure mode remains unsafe.
- Measured DC values are low-confidence because the sample campaign is intentionally small.
- FMEDA rows for diagnostic state and alarm path require review.

The evidence package is complete for the demo scope, but it is not production signoff evidence.

Executive summary 应该清楚说明优势和限制。

12. Scope and Inputs

Report 必须定义 scope。

示例:

md 复制代码 
## Scope and Inputs

Design under analysis: `toy_counter`  
Safety analysis scope: functional safety analysis and fault injection practice  
Evidence range: D01 to D14  
Report generated from: D14 evidence package  

Included evidence:

- FIT model outputs
- structural safety model outputs
- estimated diagnostic coverage
- fault list generation
- VCD safety context
- fault campaign execution
- fault outcome classification
- measured diagnostic coverage
- FMEDA update
- review items and assumption register

Scope 可以防止过度宣称。

Demo report 应明确说明这是 methodology demonstration。

13. Analysis Flow Overview

Report 应包含流程图。
Input Package
FIT Modeling
Structure Model
Estimated DC
Safety Mechanism Selection
Fault List
VCD Context
Campaign Execution
Outcome Classification
Measured DC
FMEDA Update
Evidence Package
Safety Report

图 4:报告中总结的 safety analysis and fault injection flow。

Report 应帮助 reviewer 理解每个 artifact 从哪里来。

14. Key Metrics Section

Key metrics section 应总结:

text 复制代码 
total base FIT
total residual FIT
weighted selected DC
measured DC
rows requiring review
unsafe fault count
unresolved fault count
evidence quality
execution quality

示例:

md 复制代码 
## Key Metrics

| Metric | Value |
|---|---:|
| Total base FIT | 0.078 |
| Total residual FIT | 0.0204 |
| Weighted selected DC | 0.738 |
| FMEDA rows total | 3 |
| Rows requiring review | 2 |
| Rows with low confidence | 1 |
| Unsafe faults | 2 |
| Unresolved faults | 0 |

Metrics 要简洁,但必须带 context。

单独一个 measured DC 数字是不够的。

15. Diagnostic Coverage Summary

Diagnostic coverage 应按有意义的 group 汇总。

示例:

md 复制代码 
## Diagnostic Coverage Summary

### By Failure Mode

| Failure Mode | Detected | Unsafe | Measured DC | Confidence |
|---|---:|---:|---:|---|
| FM_DATA_CORRUPTION | 2 | 0 | 1.000 | LOW |
| FM_DIAGNOSTIC_STATE_CORRUPTION | 0 | 1 | 0.000 | LOW |
| FM_ALARM_NOT_ASSERTED | 0 | 1 | 0.000 | LOW |

Report 应清楚标注:

text 复制代码 
estimated DC
measured DC
selected DC
confidence

不要混在一起。

16. Estimated vs Measured DC Section

这一节很重要,因为它解释 assumptions 是否与 evidence 一致。

示例:

md 复制代码 
## Estimated vs Measured Diagnostic Coverage

| Group | Estimated DC | Measured DC | Status | Recommendation |
|---|---:|---:|---|---|
| toy_counter.count | 0.90 | 1.00 | INSUFFICIENT_SAMPLE | keep estimated and expand campaign |
| FM_ALARM_NOT_ASSERTED | 0.85 | 0.00 | MEASURED_LOWER_THAN_ESTIMATED | review mechanism assumption |

应加入解释文字:

text 复制代码 
Measured DC is lower than the estimate for FM_ALARM_NOT_ASSERTED.
This indicates that the alarm path assumption is not supported by the current fault campaign evidence.

只有数字没有解释,容易误读。

17. Residual FIT Summary

Residual FIT 往往是最有用的 risk-prioritization output。

示例:

md 复制代码 
## Residual FIT Summary

| Failure Mode | Base FIT | Selected DC | Residual FIT | Review Status |
|---|---:|---:|---:|---|
| FM_DATA_CORRUPTION | 0.064 | 0.90 | 0.0064 | low_confidence |
| FM_DIAGNOSTIC_STATE_CORRUPTION | 0.004 | 0.00 | 0.0040 | review_required |
| FM_ALARM_NOT_ASSERTED | 0.010 | 0.00 | 0.0100 | review_required |

后面可以加一段简短解释:

text 复制代码 
The dominant residual FIT contribution comes from the alarm-not-asserted failure mode.
This suggests that alarm path protection should be prioritized in the next design iteration.

18. Fault Campaign Summary

Report 应总结 campaign execution。

示例:

md 复制代码 
## Fault Campaign Summary

| Item | Value |
|---|---:|
| Golden run status | PASS |
| Faulted runs requested | 5 |
| Faulted runs executed | 5 |
| Passed runs | 5 |
| Failed runs | 0 |
| Not classified | 0 |
| Execution mode | emulation |

如果 campaign 使用了 emulation mode,report 必须说明。

示例:

text 复制代码 
The current campaign results are generated in emulation mode for methodology demonstration.
They are not final design validation evidence.

这可以避免过度宣称。

19. Fault Outcome Summary

Report 应总结 classified outcomes。

示例:

md 复制代码 
## Fault Outcome Summary

| Outcome | Count |
|---|---:|
| detected | 3 |
| safe | 0 |
| unsafe | 2 |
| unresolved | 0 |
| not_classified | 0 |

同时应突出 unsafe faults:

md 复制代码 
### Unsafe Faults

| Fault ID | Node | Failure Mode | Reason |
|---|---|---|---|
| F003 | toy_counter.count_parity | FM_DIAGNOSTIC_STATE_CORRUPTION | diagnostic state corrupted and no alarm observed |
| F004 | toy_counter.alarm | FM_ALARM_NOT_ASSERTED | alarm stuck inactive |

Unsafe findings 不应被埋在 appendix 深处。

20. FMEDA Update Summary

Report 应总结 FMEDA 状态。

示例:

md 复制代码 
## FMEDA Update Summary

| Row | Failure Mode | Selected DC | Residual FIT | Review Status |
|---|---|---:|---:|---|
| R001 | FM_DATA_CORRUPTION | 0.90 | 0.0064 | low_confidence |
| R002 | FM_DIAGNOSTIC_STATE_CORRUPTION | 0.00 | 0.0040 | review_required |
| R003 | FM_ALARM_NOT_ASSERTED | 0.00 | 0.0100 | review_required |

这个表显示哪里需要 review。

21. Key Findings Section

Key findings section 应把 metrics 转换成工程结论。

示例:

md 复制代码 
## Key Findings

1. Counter state corruption is covered by endpoint parity in the current demo campaign.
2. Diagnostic state corruption remains unsafe and requires additional protection or justification.
3. Alarm-not-asserted remains the dominant residual FIT contributor.
4. Measured DC sample size is too small to increase FMEDA selected DC.
5. Current evidence package is complete for the demo scope but not sufficient for production signoff.

这是 report 对决策者真正有用的地方。

22. Open Review Items

Report 应提供 action list。

示例:

md 复制代码 
## Open Review Items

| ID | Severity | FMEDA Row | Issue | Recommended Action |
|---|---|---|---|---|
| I001 | HIGH | R003 | alarm path has unsafe fault | add redundant alarm or alarm path monitor |
| I002 | MEDIUM | R002 | diagnostic state unprotected | add protection or justify residual risk |
| I003 | LOW | R001 | measured DC confidence low | increase campaign sample size |

Review items 应该是可执行的。

避免模糊表达:

text 复制代码 
Need more analysis.

应使用明确 actions:

text 复制代码 
Add alarm path monitor or justify residual risk for FM_ALARM_NOT_ASSERTED.

23. Assumptions and Limitations

这一节非常关键。

示例:

md 复制代码 
## Assumptions and Limitations

- The demo fault model set is limited to stuck-at and transient flip.
- The current campaign sample size is intentionally small.
- Primary measured DC uses detected / (detected + unsafe).
- Safe and unresolved faults are reported separately.
- Some results may be generated in emulation mode.
- The report demonstrates methodology and is not production safety signoff.

能公开说明 limitations 的 report 更可信。

24. Traceability Summary

Report 应包含简短 traceability summary,并指向完整 traceability 文件。

示例:

md 复制代码 
## Traceability Summary

The following traceability artifacts are included in the evidence package:

- `evidence_index.csv`
- `traceability_matrix.csv`
- `claim_traceability.csv`
- `artifact_hashes.csv`

Example trace:

FMEDA row `R003` is linked to unsafe fault `F004`, which is linked to D10 campaign execution, D08 fault list generation, and D09 VCD safety context.

完整 traceability matrix 可以保留在 evidence package 中。

Report 只需要展示足够内容,证明 traceability 存在。

25. Report Warnings

D15 应在 report 可能产生误导时生成 warnings。

示例 warnings:

text 复制代码 
measured DC sample size is low
campaign mode is emulation
high-severity review items remain open
measured DC lower than estimated DC for key failure mode
missing evidence file
unresolved ratio high
scope mismatch found

示例输出:

csv 复制代码 
warning_id,severity,message,source
W001,MEDIUM,Measured DC confidence is LOW for toy_counter.count,D12
W002,HIGH,FM_ALARM_NOT_ASSERTED has unsafe fault evidence,D13
W003,MEDIUM,Campaign execution mode is emulation,D10

Warnings 应同时出现在 CSV 和 report 中。

26. Report Generation Policy

Report policy 可以控制允许使用多强的表述。

示例:

yaml 复制代码 
report_policy:
  allow_claim_supported_only_if:
    confidence_at_least: medium
    no_high_severity_open_items: true

  wording:
    low_confidence_prefix: "Current demo evidence suggests"
    high_confidence_prefix: "Evidence supports"

  warnings:
    show_emulation_warning: true
    show_low_sample_warning: true
    show_open_high_severity_warning: true

这可以防止过度宣称。

例如:

text 复制代码 
Bad:
  The design is safe.

Better:
  Current demo evidence shows endpoint parity detects selected counter-state faults,
  but alarm path and diagnostic state rows remain review-required.

Report generator 应帮助保持谨慎表述。

27. Audience Profiles

不同受众需要不同报告。

可能 profiles:

text 复制代码 
engineering_deep_dive
management_summary
customer_demo
github_methodology
internal_review

示例:

yaml 复制代码 
audience_profile:
  name: github_methodology
  include_detailed_flow: true
  include_mermaid_diagrams: true
  include_limitations: true
  include_raw_table_links: true
  include_management_summary: false

对于本文章系列,默认 profile 应是:

text 复制代码 
github_methodology

它应该解释 workflow 和 evidence structure,而不是只给 final metrics。

28. 工具架构

通用工具 safeic-report 可以实现成分阶段 pipeline。
manifest.yaml
safeic-report
report_config.yaml
D14 Evidence Package
Report Template
Load Evidence Index
Load Metrics and FMEDA Tables
Load Review Items and Assumptions
Build Report Data Model
Render Markdown Sections
Generate Report Warnings
Write Report and Summary

图 5:safeic-report 读取 evidence package、构建 report data model、渲染 sections,并输出 review-ready documents。

建议内部模块:

text 复制代码 
safeic_report/
  cli.py
  manifest.py
  load_config.py
  load_package.py
  data_model.py
  metrics_section.py
  fmeda_section.py
  campaign_section.py
  findings.py
  assumptions.py
  traceability.py
  warnings.py
  render_markdown.py
  report_summary.py

职责划分:

Module Responsibility
load_package.py Read D14 evidence package
data_model.py Build unified report data
metrics_section.py Render metric tables and interpretation
fmeda_section.py Render FMEDA summary
campaign_section.py Render campaign and outcome summary
findings.py Generate key findings
assumptions.py Render assumptions and limitations
traceability.py Summarize evidence traceability
warnings.py Generate report warnings
render_markdown.py Render final Markdown
report_summary.py Generate short summary

29. D15 目录结构

建议目录:

text 复制代码 
D15_safety_report_generation/
  README.md
  run_demo.sh
  run_demo.csh
  manifest.yaml

  inputs/
    report_config.yaml
    report_template.md

  package/
    evidence_index.csv
    package_status.csv
    assumption_register.csv
    traceability_matrix.csv
    claim_traceability.csv

    metrics/
      measured_dc_by_endpoint.csv
      measured_dc_by_failure_mode.csv
      measured_residual_fit.csv
      safety_metric_summary.csv
      estimated_vs_measured_dc.csv

    fmeda/
      fmeda_table.csv
      fmeda_review_items.csv

    campaign/
      campaign_status.csv
      fault_outcomes.csv
      outcome_summary.csv

  outputs/
    safety_report.md
    safety_report_summary.md
    review_action_list.md
    metric_tables_for_review.csv
    report_warnings.csv
    report_manifest.yaml

D15 消费 package 并生成 reports。

它不应重新运行 campaign,也不应重新计算 metrics,除非显式配置。

30. D15 Manifest

示例:

yaml 复制代码 
project:
  name: automotive_safeic_practice
  demo: D15_safety_report_generation
  top_module: toy_counter

inputs:
  report_config: inputs/report_config.yaml
  report_template: inputs/report_template.md
  evidence_package_dir: package

outputs:
  report: outputs/safety_report.md
  summary: outputs/safety_report_summary.md
  action_list: outputs/review_action_list.md
  metric_tables: outputs/metric_tables_for_review.csv
  warnings: outputs/report_warnings.csv
  report_manifest: outputs/report_manifest.yaml

Manifest 让 report generation 可复现。

31. D15 执行流程

Load Manifest
Load Report Config
Load Evidence Package
Validate Required Report Inputs
Load Metrics
Load FMEDA and Review Items
Load Assumptions and Traceability
Build Report Data Model
Generate Key Findings
Render Markdown Report
Generate Summary and Action List
Write Report Warnings

图 6:D15 执行流程:加载 package、校验 inputs、构建 report data、渲染 report 并生成 warnings。

示例 bash 脚本:

bash 复制代码 
#!/usr/bin/env bash
set -euo pipefail

safeic-report \
  --manifest manifest.yaml \
  --output-dir outputs

示例 csh 脚本:

csh 复制代码 
#!/bin/csh -f

set DEMO = D15_safety_report_generation
echo "Running $DEMO"

safeic-report \
  --manifest manifest.yaml \
  --output-dir outputs

预期输出:

text 复制代码 
outputs/safety_report.md
outputs/safety_report_summary.md
outputs/review_action_list.md
outputs/metric_tables_for_review.csv
outputs/report_warnings.csv
outputs/report_manifest.yaml

32. 校验规则

safeic-report 应校验:

text 复制代码 
report_config.yaml exists
evidence package directory exists
evidence_index.csv exists
fmeda_table.csv exists if FMEDA section enabled
measured DC tables exist if metric section enabled
fault_outcomes.csv exists if campaign section enabled
assumption_register.csv exists if assumptions section enabled
review_items.csv exists if review section enabled
report template exists
output directory is writable
all required placeholders can be resolved

示例信息:

text 复制代码 
[PASS] report config loaded
[PASS] evidence package found
[PASS] FMEDA table loaded
[PASS] measured DC by failure mode loaded
[WARN] campaign mode is emulation; report will include limitation note
[WARN] measured DC confidence is LOW for multiple groups
[ERROR] report template references unknown placeholder {{ metrics.unknown_table }}

Report generation 应在 template 无效时报错,但对 low-confidence data 给出 warning。

33. 常见错误

33.1 报告 Metrics 但没有 Context

Measured DC 必须带 scope、sample size、confidence 和 policy。

33.2 隐藏 Unsafe Findings

Unsafe faults 和 review-required FMEDA rows 应出现在主报告中。

33.3 隐藏 Limitations

Demo scope、小样本量和 emulation mode 应明确说明。

33.4 混淆 Estimated、Measured 和 Selected DC

必须始终分别标注这些值。

33.5 生成无法追溯的 Report

每个主要 finding 都应能连接到 evidence artifacts。

33.6 过度宣称 Safety

基于 methodology demo data 生成的 report 不应声称 production safety compliance。

33.7 报告太长但没有 Summary

长报告仍然需要 executive summary 和 key findings。

34. D15 如何连接到后续 Demo?

D15 为一个 evidence package 创建 report。

后续 Demo 可以比较多个 iterations、跟踪 regressions,并比较不同工具输出。
D15 Safety Report
D16 Regression and Trend Tracking
D17 Commercial Tool Comparison
D18 Website / Demo Publication
Metric Trend Report
Tool Comparison Report
Public Methodology Demo

图 7:D15 为后续 trend analysis 和 tool comparison 创建 single-run report foundation。

一次 report 有价值。

跨多轮 iteration 的 report sequence 更有价值。

35. 推荐实现阶段

D15 可以分阶段实现。

Stage 1:Static Markdown Report

读取关键 CSV 文件并生成 safety_report.md

交付物:

text 复制代码 
safety_report.md
report_warnings.csv

Stage 2:Template-Based Report

加入 report_template.md 和 placeholder rendering。

交付物:

text 复制代码 
safety_report.md
report_manifest.yaml

Stage 3:Key Findings Generator

根据 metrics 和 review items 自动生成 key findings。

交付物:

text 复制代码 
safety_report_summary.md
review_action_list.md

Stage 4:Traceability Integration

把 traceability links 加入 report sections。

交付物:

text 复制代码 
traceability_summary.md

Stage 5:Multi-Profile Reporting

支持 GitHub、engineering review 和 management summary profiles。

交付物:

text 复制代码 
github_report.md
engineering_review_report.md
management_summary.md

这种分阶段方法让 D15 立即可用,同时保持架构可扩展。

36. 总结

Safety report generation 把结构化 evidence package 转换成可读的工程报告。

D15 Demo:

text 复制代码 
D15_safety_report_generation

引入通用工具:

text 复制代码 
safeic-report

该工具消费:

text 复制代码 
D14 evidence package
report_config.yaml
report_template.md
metrics
FMEDA tables
fault campaign summaries
assumptions
traceability
review items

并生成:

text 复制代码 
safety_report.md
safety_report_summary.md
review_action_list.md
metric_tables_for_review.csv
report_warnings.csv
report_manifest.yaml

核心结论是:

Safety report 应该解释 evidence,而不是简单复制数据。它必须说明 scope、assumptions、metrics、confidence、unsafe findings、FMEDA status、traceability、limitations 和 next actions。

D15 让 safety workflow 变得可读、可评审。

37. D15 Demo Checklist

对于 D15_safety_report_generation,预期交付物如下:

text 复制代码 
[ ] README.md
[ ] run_demo.sh
[ ] run_demo.csh
[ ] manifest.yaml

[ ] inputs/report_config.yaml
[ ] inputs/report_template.md

[ ] package/evidence_index.csv
[ ] package/package_status.csv
[ ] package/assumption_register.csv
[ ] package/traceability_matrix.csv
[ ] package/claim_traceability.csv

[ ] package/metrics/measured_dc_by_endpoint.csv
[ ] package/metrics/measured_dc_by_failure_mode.csv
[ ] package/metrics/measured_residual_fit.csv
[ ] package/metrics/safety_metric_summary.csv
[ ] package/metrics/estimated_vs_measured_dc.csv

[ ] package/fmeda/fmeda_table.csv
[ ] package/fmeda/fmeda_review_items.csv

[ ] package/campaign/campaign_status.csv
[ ] package/campaign/fault_outcomes.csv
[ ] package/campaign/outcome_summary.csv

[ ] outputs/safety_report.md
[ ] outputs/safety_report_summary.md
[ ] outputs/review_action_list.md
[ ] outputs/metric_tables_for_review.csv
[ ] outputs/report_warnings.csv
[ ] outputs/report_manifest.yaml

一次成功的 D15 运行应该回答:

text 复制代码 
Report scope 是什么?
使用了哪个 evidence package?
关键 metrics 是什么?
哪些 failure modes 主导 residual FIT?
哪些 safety mechanisms 看起来有效?
哪些 faults 仍然 unsafe?
哪些 FMEDA rows 需要 review?
适用哪些 assumptions 和 limitations?
哪些 evidence files 支撑主要 findings?
下一步应该采取哪些 review actions?
这份 report 是否适合 GitHub methodology presentation 或 engineering review?
相关推荐
DarrenHChen_EDA4 小时前
【汽车芯片功能安全分析与故障注入实践 14】Safety Evidence Package:从 FMEDA 表到可评审安全证据包
功能安全·故障注入·汽车芯片·fmeda·安全证据·residual fit·traceability
汽车电子安全技术研究社2 天前
ISO_PAS 8800_2024 技术深度解读:全球首个道路车辆AI安全标准的核心框架与实施路径
网络安全·汽车电子·功能安全·aspice·预期功能安全
DarrenHChen_EDA2 天前
【汽车芯片功能安全分析与故障注入实践 10】Failure Mode Library:如何把系统级失效模式落到模块级?
功能安全·汽车芯片·fmeda·failure mode·失效模式库
DarrenHChen_EDA2 天前
【汽车芯片功能安全分析与故障注入实践 06】Startpoint、Endpoint、Cone:安全分析的结构骨架
功能安全·结构分析·汽车芯片·fit/dc·sp/ep/cone
DarrenHChen_EDA2 天前
【汽车芯片功能安全分析与故障注入实践 09】Safety Mechanism 不是越多越好:如何选择 Parity/ECC/Lockstep?
dc·功能安全·ecc·汽车芯片·parity·lockstop
DarrenHChen_EDA2 天前
【汽车芯片功能安全分析与故障注入实践 08】Diagnostic Coverage 是怎么算出来的?
dc·功能安全·汽车芯片·fmeda
DarrenHChen_EDA2 天前
【汽车芯片功能安全分析与故障注入实践 07】Endpoint FIT Contribution:如何找到最值得保护的节点?
功能安全·fit·汽车芯片·安全机制选择·风险排序
DarrenHChen_EDA3 天前
【汽车芯片功能安全分析与故障注入实践 05】Architectural、RTL、Netlist 三个阶段的安全分析差异
安全·汽车·功能安全·rtl·architecture·汽车芯片·netlist
DarrenHChen_EDA3 天前
【汽车芯片功能安全分析与故障注入实践 02】一个功能安全验证项目需要哪些输入文件?
功能安全·汽车芯片
热门推荐
01GitHub 镜像站点02Codex 接入 DeepSeek API 完整配置文档03【AI】2026 年具身智能模型和世界模型总结04CC-Switch & Claude 基于 Linux 服务器安装使用指南05零基础教你claude code 接入 deepseek V406Windows端Codex接入第三方模型(DeekSeek,BaiLian)07要裂开了!ChatGPT要手机号验证了?注册Codex要求验证电话号码怎么办?2026年登陆Codex要手机号验证的解决办法08Cursor 接入 DeepSeek‑V4‑Pro 完整指南(2026 实测)09裂开!ChatGPT 居然开始要手机号验证,附详细解决方法102026年AI前瞻:量子AI、具身智能与科学发现的新纪元