Conference Paper

Improved Pattern for ISO 26262 ASIL Decomposition with Dependent Requirements

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The ISO26262 standard presents an ASIL decomposition technique to reduce the safety requirement of parts of the system into redundant components. The authors of [6] improve the technique by adding additional checking elements to prove that the original Functional Safety Requirements (FSRs) are met. These additional checks can be found also in [3] and [4], where we define splitter and merger functionality to manage the redundant parts of the application. ...
Article
Full-text available
Safety-critical systems such as Advanced Driving Assistance Systems and Autonomous Vehicles require redundancy to satisfy their safety requirements and to be classified as fail-operational. Introducing redundancy in a system with high data rates and processing requirements also has a great impact on architectural design decisions. The current self-driving vehicle prototypes do not use a standardized system architecture but base their design on existing vehicles and the available components. In this work, we provide a novel analysis framework that allows us to qualitatively and quantitatively evaluate an in-vehicle architecture topology and compare it with others. With this framework, we evaluate different variants of two common topologies: domain and zone-based architectures. Each topology is evaluated in terms of total cost, failure probability, total communication cable length, communication load distribution, and functional load distribution. We introduce redundancy in selected parts of the systems using our automated process provided in the framework, in a safety-oriented design process that enables the ISO26262 Automotive Safety Integrity Level decomposition technique. After every design step, the architecture is re-evaluated. The advantages and disadvantages of the different architecture variants are evaluated to guide the designer towards the choice of correct architecture, with a focus on the introduction of redundancy.
... Literature experience describe main design criteria for such applications, including appropriate system topology, and the testing procedures needed to quantify their functional reliability, fault tolerance and applicability on road vehicles [5,6]. In this context, ISO2626 provides a solid framework for system development which is applicable to x-by-wire analysis, possibly integrated with modeling activities [7,8,9,10,11,12]. ...
Article
Full-text available
Newly electric vehicle architectures require intensive virtual and physical testing for safety assessment, due to the increasing relevance of By-Wire systems and the presence of innovative control algorithms for ordinary driving scenario, potential emergency situations or Advanced Driver-Assistance Systems implementation purpose. To reduce the development time while increasing system reliability and the a priori knowledge about its safety requirements, the evaluation of such aspects should be performed. In accordance to ISO26262 standard, authors propose a systematic approach based on Virtual FMEA, in order to assess the functional safety level of hybrid brake plant. Plant modification and securing strategy as been presented and implemented in target vehicle model, evaluating their performances in simulation environments, in order to met required Automotive Safety Integrity Level. This work is developed in the ambit of OBELICS European Project.
Conference Paper
The automotive industry is moving ahead to introduce drive-by-wire (DBW) electronic systems to replace mechanical controls and linkages that have changed little since cars were first introduced. Electronic drive-by-wire systems offer enormous potential to improve vehicle performance and safety, but matching the dependability of simple mechanical components with electronics will be a challenge. Highly dependable electronic controls require a fault-tolerant approach with both a primary and a backup system as a minimum. Aircraft fly-by-wire systems go beyond this, using triple and quadruple redundant electronics to tolerate more than one failure during the same flight. Automobile drive-by-wire must also provide some capability to allow the car to be driven safely to a repair facility after a failure occurs. This paper examines some possible drive-by-wire systems architectures, presents a mathematical analysis of the predicted dependability (expressed as the probability the system will fail in a given time period) of these alternatives and investigates the impact of how the vehicle is operated and maintained on its dependability. Architectural alternatives considered include both dual and triple redundant systems. The mathematical analysis builds on techniques developed to analyze aircraft systems using Markov reliability modeling. The uncertainty associated with such predictions will be discussed along with comparisons to acceptable risk levels for other established technologies.
Conference Paper
In functional safety standards such as ISO 26262 and IEC 61508, Safety Integrity Levels (SILs) are assigned to top-level safety requirements on a system. The SILs are then either inherited or decomposed down to safety requirements on sub-systems, such that if the sub-systems are sufficiently reliable in fulfilling their respective safety requirements, as specified by the SILs, then it follows that the system is sufficiently reliable in fulfilling the top-level safety requirement. Present contract theory has previously been shown to provide a suitable foundation to structure safety requirements, but does not include support for the use of SILs. An extension of contract theory with the notion of SILs is therefore presented. As a basis for structuring the breakdown of safety requirements, a graph, called a contract structure, is introduced that provides a necessary foundation to capture the notions of SIL inheritance and decomposition in the context of contract theory.
Conference Paper
This paper examines the ISO 26262 approach to ASIL decomposition, more appropriately called “requirements decomposition”, and how it may be applied correctly during the requirements analysis and architectural design of a safety-related automotive control system.
Driver-centred Motion Control of Heavy Trucks
  • Kristoffer Tagesson
Differentials, the Theory and Practice
  • P Edwards