Simulink Model Architecture for Lean Development of Software Components Supporting ISO26262 Freedom From Interference
SAE-PP-00373
12/17/2023
- Content
- One key concept in ISO 26262 centers around Freedom From Interference (FFI) [1]. ISO 26262 has five distinct safety levels (Quality Management and ASIL A–D) that are used to classify system and software-level functionality based on functional safety requirements. As described in [2], A system with multiple ASIL components will benefit from an architecture that efficiently segments these algorithms into separate containers. The benefit will be seen for two reasons: • Each ASIL can have different development, validation, and verification requirements. • Separating and segmenting ASILs enables freedom from interference. AUTOSAR software architecture [7] fully supports 26262 FFI by providing a mechanism for memory partitioning for the different ASIL components and the exchange the data between these components via the Real Time Environment (RTE) software layer. As stated in [3], the AUTOSAR operating system offers protection against faulty overwriting of memory contents. The protection is achieved by partitioning each functional group into a so-called OS application. Each OS application’s data is allocated in separate memory partitions. Incorrect access to these memory partitions is prevented by a Memory Protection Unit (MPU), which is part of the microprocessor hardware. Using AUTOSAR architecture provides significant benefits supporting ISO26262. However, it comes at the expense of additional resources in memory, throughput, and development time. The latter is due to the necessity to re-generate RTE software every time the changes in AUTOSAR components’ interfaces. This paper describes the hands-on approach for complying with ISO 26262 FFI requirements using the Simulink model architecture with ASIL segmentation of the Application Software layer in conjunction with AUTOSAR-based Simulink model architecture. The paper states the main criteria for FFI-supporting Simulink model architecture. The prime focus of the paper is on the lean development process employing an optimized version of RTE with limited needs for RTE software re-generation.
- Citation
- Vitkin, L., "Simulink Model Architecture for Lean Development of Software Components Supporting ISO26262 Freedom From Interference," SAE MobilityRxiv™ Preprint, submitted December 17, 2023, https://doi.org/10.47953/SAE-PP-00373.