Safety in Automotive Software: An Overview of Current Practices

2003

A new generation of advanced automotive systems are being implemented to enhance vehicle safety, performance, and comfort. As these new, often complex systems are added, system safety programs are employed to help eliminate potential hazards. A key component of these advanced automotive systems is software. Software itself cannot fail or wear out, but its complexity coupled with its interactions with the system and the environment can directly and indirectly lead to potential system hazards. As such, software safety cannot be considered apart from system safety, but the unique aspects of software warrant unique development and analysis methods. In this paper we describe the main elements of a software safety process for safety-critical advanced automotive systems. We describe how this proposed process may be integrated with an established system safety process for by-wire automotive systems, and how it may be integrated with an established software development process.

The replacement of the former, purely mechanical, functionality with mechatronics-based solutions, the introduction of new propulsion technologies, and the connection of cars to their environment are just a few reasons for the continuously increasing electrical and/or electronic system (E/E system) complexity in modern passenger cars. Smart methodologies and techniques have been introduced in system development to cope with these new challenges. A topic that is often neglected is the definition of the interface between the hardware and software subsystems. However, during the development of safety-critical E/E systems, according to the automotive functional safety standard ISO 26262, an unambiguous definition of the hardware-software interface (HSI) has become vital. This paper presents a domain-specific modelling approach for mechatronic systems with an integrated hardware-software interface definition feature. The newly developed model-based domain-specific language is tailored to the needs of mechatronic system engineers and supports the system’s architectural design including the interface definition, with a special focus on safety-criticality.

Microprocessors and Microsystems, 2017

The promising advent of Fully Electric Vehicles (FEVs) also means a shift towards fully electrical control of the existing and new vehicle functions. In particular, critical X-by-wire functions require sophisticated redundancy solutions. As a result, the overall Electric/Electronic (E/E) architecture of a vehicle is becoming even more complex and costly. The SafeAdapt project provides an integrated approach for engineering such adaptive, complex and safe systems, ranging from tool chain support, reference architectures, system modelling and networking, up to early validation and verification. In this paper, we give an overview of the SafeAdapt project methodology. We also describe a particular aspect of the project which is the validation of the system adaptive behavior. To validate the adaptive behavior of a vehicle system, an architecture description language for automotive embedded systems (i.e. EAST-ADL) is used for designing the system. The system design model is then used for generating the embedded software. To ensure that the system behaves correctly at runtime, its adaptive behavior is analyzed using fault injection and monitoring techniques on a virtual platform.

e & i Elektrotechnik und Informationstechnik, 2015

Development of embedded automotive systems has become tremendously complex in recent years. The trend of replacing traditional mechanical systems by modern embedded systems, and the launch of automotive multi-core systems enable deployment of more advanced control strategies. However, these applications require different safety concepts with different levels of criticality; and providing consistency of the safety concept during the entire product lifecycle is a tedious task. Additionally, new automotive safety standards, such as ISO 26262, and the de-facto industry standard AUTOSAR require efficient and consistent product development and tool support. The aim of the presented work is to establish a model-driven system and safety-engineering framework to support the seamless description of safety-critical systems, from requirements at the system level to final component implementation.

2012 38th Euromicro Conference on Software Engineering and Advanced Applications, 2012

In this paper, we present a tool enhancement that allows an effective transition from the system level development phase to the software level development phase of a tool-supported safety engineering workflow aligned with the automotive functional safety standard ISO 26262. The tool enhancement has capabilities for model generation and code generation. Whereas the generation of Simulink models supports the development of application software, the configuration and generation of safety drivers supports the development of the basic software required for initialization, runtime fault detection and error handling. We describe the safety engineering workflow and its supporting tool chain including the tool enhancement. Moreover we demonstrate that the enhancement supports the transition from the system level development phase to the software level development phase using the case study of a hybrid electric vehicle development.

2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI), 2014

In the same time with the growing of complexity for E/E systems, the level of safety needed to be fulfilled by the work products increased very fast. Could we determine the way to fulfill a standard safety level for all manufacturers? Are these standardized and applicable? The article sheds light these standards and provides the basic knowledge to design a functional safety system from the software point of view. Functional safety concepts are described in the ISO 26262[1] standard where concepts as ASIL, risk assessment methods and hazards analysis are described very clear. The article briefly describes these concepts in a manner related to software development. Also, in AUTOSAR complaint system the needed for functional safety concepts is very huge because in the context of standardized interfaces between modules can leads also to some errors. But for avoiding this, the AUTOSAR requirements provide some methods that are taken into consideration and described alsoin the article. Last part of the article presents a lightweight implementation of a safety system considering as use case the designing of a remote keyless entry system.

IFAC Proceedings Volumes, 1997

Automotive engineering presents some of the more challenging opportunities for electronic systems. This contribution looks at some of the design requirements, the associated areas for compromise and speculates on the future development paths that are likely to be adopted. The three main factors considered are system safety, cost and the overall trade-offs involved in software and hardware choices. Underpinning these are the disciplines required to produce a very reliable and affordable vehicle into a changing and demanding marketplace.

2013 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (QR2MSE), 2013

In recent years, most of the modern automobiles are equipped with embedded electronic systems which include lots of Electronic Controller Units (ECUs), electronic sensors, signals, bus systems and coding. Due to the complex application in electrical, electronics and programmable electronics, the need to carry out detailed safety analyses which focuses on the potential risk of malfunction is crucial for automotive systems. IEC 61508 has become a foundation for international standard safety-related system for airborne systems, railway, nuclear power plants, medical equipment, energy and process systems, machinery, furnaces and automobiles. The failure of such system could have significant impact on the safety of humans and/or the environment. Thus, ISO 26262 has been introduced in November, 2011 for automotive electrical/electronic (E/E) systems which address the complete safety installation from sensor to actuator with its technical as well as management issues. In this paper, the international trends on pre and post introduction of ISO 26262 will be analyzed in which to see the direction of potential research in this area.

In the same time with the growing of complexity for E/E systems, the level of safety needed to be fulfilled by the work products increased very fast. Could we determine the way to fulfill a standard safety level for all manufacturers? Are these standardized and applicable? The article sheds light these standards and provides the basic knowledge to design a functional safety system from the software point of view. Functional safety concepts are described in the ISO 26262[1] standard where concepts as ASIL, risk assessment methods and hazards analysis are described very clear. The article briefly describes these concepts in a manner related to software development. Also, in AUTOSAR complaint system the needed for functional safety concepts is very huge because in the context of standardized interfaces between modules can leads also to some errors. But for avoiding this, the AUTOSAR requirements provide some methods that are taken into consideration and described alsoin the article. Last part of the article presents a lightweight implementation of a safety system considering as use case the designing of a remote keyless entry system.

Annual Reviews in Control, 2003

This paper reviews some results in improving software safety in computer control systems. The discussion covers various aspects of the software development process, as opposed to the product features. Software diversity, off-the-shelf software, rigorous and formal software development are discussed.