This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Safety Element out of Context - A Practical Approach
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 16, 2012 by SAE International in United States
Annotation ability available
ISO 26262 is the actual standard for Functional Safety of automotive E/E (Electric/Electronic) systems. One of the challenges in the application of the standard is the distribution of safety related activities among the participants in the supply chain.
In this paper, the concept of a Safety Element out of Context (SEooC) development will be analyzed showing its current problematic aspects and difficulties in implementing such an approach in a concrete typical automotive development flow with different participants (e.g. from OEM, tier 1 to semiconductor supplier) in the supply chain. The discussed aspects focus on the functional safety requirements of generic hardware and software development across the supply chain where the final integration of the developed element is not known at design time and therefore an assumption based mechanism shall be used. The inherent ambiguity deriving from such assumption based distribution of requirements also makes the responsibility allocation on the development chain difficult.
This paper also proposes improvements and extensions of the SEooC concept which may lead to an increased usability of the approach in modern development lifecycles. In order to demonstrate and evaluate the proposed modifications of the SEooC approach, a concrete example (the implementation of a generic AUTOSAR complex device driver for electric motor control) will be described in the paper. The chosen case study is generic and representative for a large spectrum of functional safety relevant automotive applications like Electric Power Steering, Dynamic Steering, X-by-Wire, etc.
|Technical Paper||Hardware-in-the-Loop Testing in the Context of ISO 26262|
|Technical Paper||Tool Integration, from Tool to Tool Chain with ISO 26262|
|Technical Paper||High-Voltage Battery System Concepts for ISO 26262 Compliance|
CitationSchneider, R., Brandstaetter, W., Born, M., Kath, O. et al., "Safety Element out of Context - A Practical Approach," SAE Technical Paper 2012-01-0033, 2012, https://doi.org/10.4271/2012-01-0033.
- ISO 26262 Road vehicles - Functional safety - Part 1 to 10.
- AUTOSAR AUTomotive Open System ARchitecture. http://www.autosar.org/.
- IEC 61508 Functional safety of electrical / electronic / programmable electronic safety-related systems.
- Törngren, M., Chen, D., Malvius, D., and Axelsson, J. 2009. Model-Based Development of Automotive Embedded Systems. In Automotive Embedded Systems Handbook, Navet, N. and Simonot-Lion, F. Ed., Industrial Information Technology Series, CRC Press, Boca Raton.
- Copes, W, Sacco, W, Champion, H, Bain, L. Progress in Characterising Anatomic Injury. In Proceedings of the 33rd Annual Meeting of the Association for the Advancement of Automotive Medicine, Baltimore, MA, USA, pp. 205-218.
- Schwarz, J., Code of Practice for development, validation and market introduction of ADAS. 5th European Congress on ITS, Hannover, Germany. 3 June 2005.
- Schlingloff, Vulinovic: “Zuverlässigkeitsprüfung eingebetteter Steuergeräte mit modellgetriebener Fehlerinjektion”, Proceedings der Jahrestagung der ASIM/GI-Fachgruppe 4.5.5 ‘Simulation technischer Systeme’, 2005
- Olah, J. Majzik, I.: “Dependability of Computer Systems”, DepCos-RELCOMEX ′09. Fourth International Conference on, 2009
- Schneider, R., Kalhammer, M., Eberhard, D., and Brewerton, S., “Basic Single Microcontroller Monitoring Concept for Safety Critical Systems,” SAE Technical Paper 2007-01-1488, 2007, doi:10.4271/2007-01-1488.
- Brewerton, S., Schneider, R., and Eberhard, D., “Implementation of a Basic Single-Monitoring Concept for Safety Critical Systems on a Dual-Core Microcontroller,” SAE Technical Paper 2007-01-1486, 2007, doi:10.4271/2007-01-1486.