Browse Topic: Safety critical systems
Safety Management Systems (SMSs) have been used in many safety-critical industries and are now being developed and deployed in the automated driving system (ADS)-equipped vehicle (AV) sector. Industries with decades of SMS deployment have established frameworks tailored to their specific context. Several frameworks for an AV industry SMS have been proposed or are currently under development. These frameworks borrow heavily from the aviation industry although the AV and aviation industries differ in many significant ways. In this context, there is a need to review the approach to develop an SMS that is tailored to the AV industry, building on generalized lessons learned from other safety-sensitive industries. A harmonized AV-industry SMS framework would establish a single set of SMS practices to address management of broad safety risks in an integrated manner and advance the establishment of a more mature regulatory framework. This paper outlines a proposed SMS framework for the AV
Automotive chassis components are considered as safety critical components and must meet the durability and strength requirements of customer usage. The cases such as the vehicle driving through a pothole or sliding into a curb make the design (mass efficient chassis components) challenging in terms of the physical testing and virtual simulation. Due to the cost and short vehicle development time requirement, it is impractical to conduct physical tests during the early stages of development. Therefore, virtual simulation plays the critical role in the vehicle development process. This paper focuses on virtual co-simulation of vehicle chassis components. Traditional virtual simulation of the chassis components is performed by applying the loads that are recovered from multi-body simulation (MBD) to the Finite Element (FE) models at some of the attachment locations and then apply constraints at other selected attachment locations. In this approach, the chassis components are assessed
Security flaws in automotive software have significant consequences. Modern automotive engineers must assess software not only for performance and reliability but also for safety and security. This paper presents a tool to verify software for safety and security. The tool was originally developed for the Department of Defense (DoD) to detect cybersecurity vulnerabilities in legacy safety-critical software with tight performance constraints and a small memory footprint. We show how the tool and techniques developed for verifying legacy safety-critical software can be applied to automotive and embedded software using real-world case studies. We also discuss how this tool can be extended for software comprehension.
In recent years, battery electric vehicles (BEVs) have experienced significant sales growth, marked by advancements in features and market delivery. This evolution intersects with innovative software-defined vehicles, which have transformed automotive supply chains, introducing new BEV brands from both emerging and mature markets. The critical role of software in software-defined battery electric vehicles (SD-BEVs) is pivotal for enhancing user experience and ensuring adherence to rigorous safety, performance, and quality standards. Effective governance and management are crucial, as failures can mar corporate reputations and jeopardize safety-critical systems like advanced driver assistance systems. Product Governance and Management for Software-defined Battery Electric Vehicles addresses the complexities of SD-BEV product governance and management to facilitate safer vehicle deployments. By exploring these challenges, it aims to enhance internal processes and foster cross
Aerospace manufacturers are leveraging multicore processors and modularity to design smarter cockpit displays and avionic computers that are smaller and capable of supporting more applications from a single line replaceable unit (LRU). Some are also starting to embed more of the processing required to enable cockpit display applications within the display itself, rather than having it enabled by an associated LRU. The development of new electric vertical takeoff and landing (eVTOL) aircraft and avionics companies changing their approach to the development of safety critical computers and aircraft networking technologies are some of the aerospace industry factors driving this design trend. In the U.S., the Department of Defense (DoD) embracing the Modular Open Systems Approach (MOSA) across the purchase of all new aircraft technologies is influencing design changes in cockpit displays and aircraft computers as well.
The automotive PowerNet is in the middle of a major transformation. The main drivers are steadily increasing power demand, availability requirements, and complexity and cost. These factors result in a wide variety of possible future PowerNet topologies. The increasing power demand is, among other factors, caused by the progressive electrification of formerly mechanical components and a constantly increasing number of comfort and safety loads. This leads to a steady increase in installed electrical power. X-by-wire systems1 and autonomous driving functions result in higher availability requirements. As a result, the power supply of all safety-critical loads must always be kept sufficiently stable. To reduce costs and increase reliability, the car manufacturers aim to reduce the complexity of the PowerNet system, including the wiring harness and the controller network. The wiring harness e.g., is currently one of the most expensive parts of modern cars. These challenges are met with a
In a study, published in the Journal Waves in Random and Complex Media, researchers from the University of Bristol have derived a formula that can inform the design boundaries for a given component’s geometry and material microstructure.
A new industry-first open platform for developing the software-defined vehicle (SDV) combines processing, vehicle networking and system power management with integrated software. NXP Semiconductors' new S32 CoreRide Platform was designed to run “multiple time-critical, safety-critical, security-critical applications in parallel,” Henri Ardevol, executive vice president and general manager of Automotive Embedded Systems for NXP Semiconductors, told SAE Media. NXP's new foundation platform for SDVs differs from the traditional approach of using multiple electronic control units (ECUs), each designed to handle specific vehicle system control tasks. Since each unit requires its own integration work, the integration workload exponentially increases with each additional ECU on a vehicle.
The development of highly automated driving functions (AD) recently rises the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is increasing rapidly and especially in vehicles with highly automated functions, there is a high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who should no longer occupied with driving tasks. But the connectivity is accompanied by potential cyber security risks, eventually
Kognic's advanced interpretation of sensor data helps artificial intelligence and machine learning recognize the human thing to do. In December 2023, Kognic, the Gothenburg, Sweden-based developer of a software platform to analyze and optimize the massively complex datasets behind ADAS and automated-driving systems, was in Dearborn, Michigan to accept the Tech.AD USA award for Sensor Perception solution of the year. The company doesn't make sensors, but one might say it makes sense of the data that comes from sensors. Kognic, established in 2018, is well-known in the ADAS/AV software sector for its work to help developers extract better performance from and enhance the robustness of safety-critical “ground-truth” information gleaned from petabytes-upon-petabytes of sensor-fusion datasets. Kognic CEO and co-founder Daniel Langkilde espoused a path for improving artificial intelligence-reliant systems based on “programming with data instead of programming with code.”
Wheel rims and wheel hub bearings are critical components of Heavy Commercial Vehicle (HCV) suspension systems and are subjected to extensive fatigue loading throughout their operational life. Actual loading conditions on wheels are a combination of radial loads (vertical loads) and cornering loads (lateral loads) acting simultaneously and are directly influenced by payload and road conditions. Currently for Indian usage, there are test guidelines [1] only for separate uniaxial Radial Fatigue Test (RFT) and Cornering Fatigue Test (CFT) for wheel rims which might not represent realistic combined loading conditions, and no generic guidelines are available for testing of wheel hub bearings. There is a biaxial test guideline defined for European usage scenario, but no guidelines defined for Indian usage scenario [5] Thus, there was a need to define test guidelines for biaxial fatigue testing of wheel rims and wheel hub bearings, based on data acquired for Indian roads and usage conditions
Recent rapid advancement in machine learning (ML) technologies have unlocked the potential for realizing advanced vehicle functions that were previously not feasible using traditional approaches to software development. One prominent example is the area of automated driving. However, there is much discussion regarding whether ML-based vehicle functions can be engineered to be acceptably safe, with concerns related to the inherent difficulty and ambiguity of the tasks to which the technology is applied. This leads to challenges in defining adequately safe responses for all possible situations and an acceptable level of residual risk, which is then compounded by the reliance on training data. The Path to Safe Machine Learning for Automotive Applications discusses the challenges involved in the application of ML to safety-critical vehicle functions and provides a set of recommendations within the context of current and upcoming safety standards. In summary, the potential of ML will only
Developing embedded application software is an expensive business, especially when the software is to be used in a critical application. Composable modularity can streamline development through the reuse of software modules, making it a highly desirable attribute in the architecture of embedded software. The U.S. Department of Defense (DoD) has embraced this concept with the Modular Open Systems Approach (MOSA). This strategic standardization initiative highlights how interoperable modular components built by different companies across different programs or procurements can perform together. The Future Airborne Capability Environment (FACE™) Consortium, a collaboration between government and industry entities, has developed the FACE technical standard to fulfil the requirements of a MOSA for military aviation software development. However, there is nothing about the principles of the FACE technical standard and MOSA that makes them applicable only to military systems. They therefore
The power of advanced driver assistance systems (ADAS) continues to increase alongside vehicle code and software complexity. To ensure ADAS functionality and maximize safety, cost efficiency, and customer satisfaction, original equipment manufacturers (OEMs) must adopt a solution that allows them to mine data, extract meaningful information, send remote software updates and bug fixes, and manage software complexity. All of this is possible with an embedded telematics-based software and data management solution. Event-based logging enables OEMs to actively measure ADAS effectiveness and performance. It allows them to analyze driver behaviors, such as whether response times increase after a certain time of day, and adjust the ADAS settings to increase functionality, such as providing an earlier warning or automated response. A vertically integrated solution also enables the identification and correction of software and calibration defects for the entire vehicle life cycle through over
ABSTRACT System and software requirements provide a definition of what the system implementation is required to do, and are a necessary component to independent requirement based testing for safety critical systems. However as vital as these requirements are, the requirements often are not analyzed until a safety assessment is performed, or the system fails during testing. Automating the system analysis and testing can be used to help to shift left the software life cycle, particularly when the automation augments, rather than replaces, human test developers. This paper presents a method to convert textual requirements into a logical model of the system. This logical model can be used for various automated system analysis procedures, as well as automated test generation. We show this automation can provide significant insight into possible issues in the system, as well as significantly accelerating the time required for test development. Citation: M. Lingg, H. Paul, S. Kushwaha, J
This document provides recommended practices regarding how System Theoretic Process Analysis (STPA) may be applied to safety-critical systems in any industry.
Formal verification plays an important role in proving the safety of autonomous vehicles (AV). It is crucial to find errors in the AV system model to ensure safety critical features are not compromised. Model checking is a formal verification method which checks if the finite state machine (FSM) model meets system requirements. These requirements can be expressed as linear Temporal logic (LTL) formulae to describe a sequence of states with linear Temporal properties to be satisfied. NuSMV is a dedicated software for performing model checking based on Temporal logic formulae on FSM models. However, NuSMV does not provide model-based design. On the other hand, Stateflow in MATLAB/SIMULINK is a powerful tool for designing the model and offers an interactive Graphical User Interface (GUI) for the user/verifier but is not as efficient as NuSMV in model checking. Hence, model transformation becomes vital to convert the AV model in Stateflow to an input language of model checking software
Preventing systematic software failures is of paramount importance for any highly automatic vehicle control system, in particular for safety-critical AUTOSAR software. Among the most critical software defects are runtime errors like buffer overflows or data races. They may cause erroneous or erratic behavior, induce system failures, and constitute security vulnerabilities. Sound static analysis can be used to report all such defects in the code, or to prove their absence. It can also determine dependencies between software components and show freedom of interference without missing any data and control flow through data or function pointers. In the past, AUTOSAR projects often had to be decomposed or simplified to achieve satisfactory analysis time or memory consumption. Creating the analysis model, i.e., determining the tasks and ISRs to analyze, their priorities, synchronization, etc., required significant manual effort. In this article we present novel analysis concepts, developed
The software architecture behind modern autonomous vehicles (AV) is becoming more complex steadily. Safety verification is now an imminent task prior to the large-scale deployment of such convoluted models. For safety-critical tasks in navigation, it becomes imperative to perform a verification procedure on the trajectories proposed by the planning algorithm prior to deployment. Signal Temporal Logic (STL) constraints can dictate the safety requirements for an AV. A combination of STL constraints is called a specification. A key difference between STL and other logic constraints is that STL allows us to work on continuous signals. We verify the satisfaction of the STL specifications by calculating the robustness value for each signal within the specification. Higher robustness values indicate a safer system. Model Predictive Control (MPC) is one of the most widely used methods to control the navigation of an AV, with an underlying set of state and input constraints. Our research aims
Items per page:
50
1 – 50 of 483