3 research outputs found
ATRIUM -- Architecting Under Uncertainty for ISO 26262 compliance
The ISO 26262 is currently the dominant standard for assuring functional
safety of electrical and electronic systems in the automotive industry. The
Functional Safety Concept (FSC) subphase in the standard requires the
Preliminary Architectural Assumptions (PAA) for allocation of functional safety
requirements (FSRs). This paper justifies the need for, and defines a process
ATRIUM, for consistent design of the PAA. ATRIUM is subsequently applied in an
industrial case study for a function enabling highly automated driving at one
of the largest heavy vehicle manufacturers in Europe, Scania CV AB. The
findings from this study, which contributed to ATRIUM's institutionalization at
Scania, are presented. The benefits of the proposed process include (i) a fast
and flexible way to refine the PAA, and a framework to (ii) incorporate
information from legacy systems into safety design and (iii) rigorously track
and document the assumptions and rationale behind architectural decisions under
uncertain information. The contributions of this paper are the (i) analysis of
the problem (ii) the process ATRIUM and (iii) findings and the discussion from
the case study at Scania.
Keywords: ISO 26262, functional safety, automation, HCV, HGV, architectures,
highly automated driving, ATRIUM, decision making, architecting, uncertainty
managementComment: Added preprint copyright notic
AD-EYE: A Co-simulation Platform for Early Verification of Functional Safety Concepts
Automated Driving is revolutionizing many of the traditional ways of
operation in the automotive industry. The impact on safety engineering of
automotive functions is arguably one of the most important changes. There has
been a need to re-think the impact of the partial or complete absence of the
human driver (in terms of a supervisory entity) in not only newly developed
functions but also in the qualification of the use of legacy functions in new
contexts. The scope of the variety of scenarios that a vehicle may encounter
even within a constrained Operational Design Domain, and the highly dynamic
nature of Automated Driving, mean that new methods such as simulation can
greatly aid the process of safety engineering. This paper discusses the need
for early verification of the Functional Safety Concepts (FSCs), details the
information typically available at this stage in the product lifecycle, and
proposes a co-simulation platform named AD-EYE designed for exploiting the
possibilities in an industrial context by evaluating design decisions and
refining Functional Safety Requirements based on a reusable scenario database.
Leveraging our prior experiences in developing FSCs for Automated Driving
functions, and the preliminary implementation of co-simulation platform, we
demonstrate the advantages and identify the limitations of using simulations
for refinement and early FSC verification using examples of types of
requirements that could benefit from our methodology.Comment: 12 pages, single column in this preprin
Architecting Safe Automated Driving with Legacy Platforms
Modern vehicles have electrical architectures whose complexity grows year
after year due to feature growth corresponding to customer expectations. The
latest of the expectations, automation of the dynamic driving task however, is
poised to bring about some of the largest changes seen so far. In one fell
swoop, not only does required functionality for automated driving drastically
increase the system complexity, it also removes the fall-back of the human
driver who is usually relied upon to handle unanticipated failures after the
fact. The need to architect thus requires a greater rigour than ever before, to
maintain the level of safety that has been associated with the automotive
industry. The work that is part of this thesis has been conducted, in close
collaboration with our industrial partner Scania CV AB, within the Vinnova FFI
funded project ARCHER. This thesis aims to provide a methodology for
architecting during the concept phase of development, using industrial
practices and principles including those from safety standards such as ISO
26262. The main contributions of the thesis are in two areas. The first area
i.e. Part A contributes, (i) an analysis of the challenges of architecting
automated driving, and serves as a motivation for the approach taken in the
rest of this thesis, i.e. Part B where the contributions include, (ii) a
definition of a viewpoint for functional safety according to the definitions of
ISO 42010, (iii) a method to systematically extract information from legacy
components and (iv) a process to use legacy information and architect in the
presence of uncertainty to provide a work product, the Preliminary
Architectural Assumptions (PAA), as required by ISO 26262. The contributions of
Part B together comprise a methodology to architect the PAA. <read full
abstract in pdf