This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
SysML as Backbone for Engineering and Safety - Practical Experience with TRW Braking ECU
Technical Paper
2014-01-0212
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
Today's Automotive ECU development is a global engineering exercise. It requires efficient planning, design and implementation. Time to market, innovative customer functions and cost effective design are key to success. Not only the technical realization with compressed time schedules and frequent change requests, but also the documentation, and the proof of compliance to ISO-26262 requires efficient solutions to be applied.
Key to successful ECU development of complex safety critical systems inside a global team is a systematic approach to identify the ideal realization out of multiple design alternatives. This is why TRW Electronics Engineering for its Braking ECU products decided to design the new product generation with the help of Model Based System Engineering methods (MBSE). With these methods the team is realizing the opportunities provided by top-down driven development considering Requirements Engineering, Semi-formal Architecture Description, and early support to create evidence to conform to ASIL D in accordance to ISO 26262. This is seen as an approach consistent with the state-of-the-Art of automotive engineering by allowing early proof of concept, and realizing efficient evaluation of design solutions. Also, it supports design engineers in their necessary tasks like interface definition, requirements allocation, testing etc. as needed for global development teams. Beside this it supports safety evidence generation which is needed to assure high quality and to satisfy customers and internal safety auditors, who need to be convinced of safe and ISO compliant design solutions (safety case).
Traditionally in many companies safety may still be in “its own world”, with dedicated safety specialists and safety tools. This leads to significant effort in alignment between safety investigations and system design, as it evolves. The main aspect of the presented TRW approach is to use the design information (system structure and behaviour) from the ECU SysML model also for the development of the ECU safety concept. This integration ensures that changes in design can be reanalyzed with high efficiency. As safety aspects are linked directly into their system models, the design engineers become immediately aware of functional safety needs, and they can support the necessary safety analyses more efficiently. Further benefits come from fewer issues with inconsistencies, due to the possibility to perform automated traceability checks, as well as other consistency- and completeness-checks on the model.
The paper evaluates key success factors in comparison to legacy development process, reflects our experience in this field, and gives outlook to further future improvements:
- Interface management (System / OEM / Suppliers / Software)
- Requirements Engineering
- Design and Alternatives Evaluation
- Test, Verification, and Validation
- Safety Management and Safety Analysis
- Assessment and Audit Support
- Change Management
The paper concludes with a summary of advantages and achievements and discussion of remaining challenges and outlook to possible future solutions.
Recommended Content
Authors
Citation
Lovric, T., Schneider-Scheyer, M., and Sarkic, S., "SysML as Backbone for Engineering and Safety - Practical Experience with TRW Braking ECU," SAE Technical Paper 2014-01-0212, 2014, https://doi.org/10.4271/2014-01-0212.Also In
References
- ISO 26262 Road vehicles - Functional safety Part 1-10, First-Edition (Part 1-9: 2011-11-15; part 10 2012 08 01
- Leue Stefan , Leitner-Fischer Florian Case Study Model-based Engineering and ISO26262 3rd International Conference on Applying ISO 26262 20 22 March 2013 Munich, Germany Quant UM Safety Analysis of Complex Sytem and Software Architectures www.quantum-tool.com
- Svancara , K. , Priddy , J. , Lovric , T. , Miller , J. et al. Advantages of the Alternative Method for Random Hardware Failures Quantitative Evaluation - a Practical Survey for EPS SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 6 2 377 388 2013 10.4271/2013-01-0190
- Chick Karl , Kazeminia Amir Architecting an ECU AutomotiveSPICE® and Functional Safety Conference October 9 10 2012
- AUTOSAR Automotive Open System Architecture http://www.autosar.org/
- Medini Analyze http://www.ikv.de
- Rhapsody http://www.ibm.com
- International Council on Systems Engineering (INCOSE) SYSTEMS ENGINEERING VISION 2020 INCOSE-TP-2004-004-02, Version/Revision 2.03 September 2007
- OMG XMI Standard http://www.omg.org/spec/SysML/20120401/SysML.xmi
- IKV medini analyze http://www.ikv.de/