Review of the Latest Developments in Automotive Safety Standardization for Driving Automation Systems

The ISO 26262: Functional Safety – Road Vehicles Standard has been the de-facto automotive functional safety standard since it was first released in 2011. With the introduction of complex driving automation systems, new standardization efforts to deal with safety of these systems have been initiated to address emerging gaps such as the human/automation roles and responsibilities in the presence/absence of the driver/user, the impact of the technological limitations and the verification and validation needs of automation systems to name a few. This paper highlights some of these gaps and introduces some of the latest developments in automotive safety standardization for driving automation systems

Overview of the Second Edition of ISO 26262: Functional Safety— Road Vehicles

Functional safety is of the utmost importance in the development of safety-critical automotive systems, especially with the introduction of driver assist and automated driving systems. ISO 26262: Functional Safety – Road Vehicles, has been the de facto standard for functional safety in the automotive electronics domain since the release of its first edition in 2011. It is currently available in its second edition, published in December 2018. In this paper, we present an overview of the standard, which applies to all activities during the safety lifecycle of system development. In the concept phase of ISO 26262, the hazard and risk assessment process focuses on identifying possible hazards caused by malfunctioning behavior of electrical/electronic (E/E) safety-related systems and mitigating them through the identification of safety goals. The design phase includes system, hardware, and software development, with requirements developed from the safety goals. ISO 26262 also prescribes the functional safety management activities to be performed during the safety lifecycle and provides requirements for the supporting processes. In addition to presenting an overview of the standard, this paper highlights some major changes introduced in the second edition of ISO 26262

Failure diagnosis of decentralized discrete event systems.

We address the problem of failure diagnosis in discrete event systems with decentralized information. We propose a coordinated decentralized architecture consisting of local sites communicating with a coordinator that is responsible for diagnosing the failures occurring in the system. We extend the notion of diagnosability, originally introduced in Sampath et al. (IEEE Trans. on Automatic Control, Sep. 1995) for centralized systems, to the proposed coordinated decentralized architecture. We specify three protocols that realize the proposed architecture; each protocol is defined by the diagnostic information generated at the local sites, the communication rules used by the local sites, and the coordinator's decision rule. We analyze the diagnostic properties of each protocol. We state and prove conditions for a language to be diagnosable under each protocol. These conditions are verifiable off-line. The on-line diagnostic process is carried out using the diagnosers introduced in Sampath et al. or a slight variation of these diagnosers. The key features of the proposed protocols are: (i) they achieve, each under a set of assumptions, the same diagnostic performance as the centralized diagnoser; and (ii) they highlight the performance vs. complexity tradeoff that arises in coordinated decentralized architectures. The correctness of two of the protocols relies on some stringent global ordering assumption on message reception at the coordinator's site, the relaxation of which is analyzed. We present an algorithm that attempts the ordering of messages at the coordinator site without the use of timing information. We prove that the algorithm may degrade the diagnostic performance of a protocol. Moreover, the implementation of the algorithm requires considerable additional memory and processing power at the coordinator site. We also study an optimization problem in sensor selection that could be applied to the area of failure diagnosis. We formulate the sensor selection problem as a Markovian decision problem and identify one instance where the optimal solution can be analytically determined.Ph.D.Applied SciencesSystems scienceUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/132769/2/9990876.pd

Coordinated Decentralized Protocols for Failure Diagnosis of Discrete Event Systems

We address the problem of failure diagnosis in discrete event systems with decentralized information. We propose a coordinated decentralized architecture consisting of local sites communicating with a coordinator that is responsible for diagnosing the failures occurring in the system. We extend the notion of diagnosability, originally introduced in [1] for centralized systems, to the proposed coordinated decentralized architecture. We `specify three protocols, i.e. the diagnostic information generated at the local sites, the communication rules used by the local sites, and the coordinator's decision rule, that realize the proposed architecture. We analyze the diagnostic properties of each protocol. We also state and prove necessary and sufficient conditions for a language to be diagnosable under each protocol. These conditions are checkable off-line. The on-line diagnostic process is carried out using the diagnosers introduced in [1] or a slight variation of these diagnosers. The key f..

On an Optimization Problem in Sensor Selection*

We address the following sensor selection problem. We assume that a dynamic system possesses a certain property, call it Property D, when a set Γ of sensors is used. There is a cost c A associated with each set A of sensors that is a subset of Γ. Given any set of sensors that is a subset of Γ, it is possible to determine, via a test, whether the resulting system-sensor combination possesses Property D. Each test required to check whether or not Property D holds incurs a fixed cost. For each set of sensors A that is a subset of Γ there is an a priori probability p A that the test will be positive, i.e., the system-sensor combination possesses Property D. The objective is to determine a test strategy, i.e., a sequence of tests, to minimize the expected cost, associated with the tests, that is incurred until a least expensive combination of sensors that results in a system-sensor combination possessing Property D is identified. We determine conditions on the sensor costs c A and the a priori probabilities p A under which the strategy that tests combinations of sensors in increasing order of cost is optimal with respect to the aforementioned objective.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/45068/1/10626_2004_Article_5094313.pd

On the Effect of Communication Delays in Failure Diagnosis of Decentralized Discrete Event Systems

We study the effect of communication delays on the performance of a coordinated decentralized architecture for failure diagnosis of untimed discrete event systems. The architecture consists of local sites communicating with a coordinator that is responsible for diagnosing the failures occurring in the system. A protocol that realizes the architecture is defined by the diagnostic information generated at the local sites, the communication rules used by the local sites, and the decision rule used by the coordinator to infer the occurrence of failures. Our prior work (Debouk et al., 2000) has addressed the performance of a set of protocols under the assumption that messages are received by the coordinator in the order in which they are sent globally. In this work we relax the abovementioned assumption. We modify the coordinator's decision rule for two of the protocols analyzed in Debouk et al. (2000) to account for the reception of out of order messages. We discover conditions on the system structure under which the modified protocols perform as well as the centralized diagnostic scheme proposed in Sampath et al. (1995).Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/45079/1/10626_2004_Article_5124357.pd

Coordinated Decentralized Protocols for Failure Diagnosis of Discrete Event Systems

We address the problem of failure diagnosis in discrete event systems with decentralized information. We propose a coordinated decentralized architecture consisting of local sites communicating with a coordinator that is responsible for diagnosing the failures occurring in the system. We extend the notion of diagnosability, originally introduced in [1] for centralized systems, to the proposed coordinated decentralized architecture. We specify three protocols that realize the proposed architecture; each protocol is dened by the diagnostic information generated at the local sites, the communication rules used by the local sites, and the coordinator's decision rule. We analyze the diagnostic properties of each protocol. We also state and prove necessary and sucient conditions for a language to be diagnosable under each protocol. These conditions are checkable o-line. The on-line diagnostic process is carried out using the diagnosers introduced in [1] or a slight variation of these diagn..

A Coordinated Decentralized Protocol For Failure Diagnosis Of Discrete Event Systems

We address the problem of failure diagnosis in discrete event systems with decentralized information. We propose a coordinated decentralized architecture consisting of two local sites communicating with a coordinator that is responsible for diagnosing the failures occurring in the system. We extend the notion of diagnosability, originally introduced in [1] for centralized systems, to the proposed coordinated decentralized architecture. We specify one protocol that realizes the proposed architecture. We analyze the diagnostic properties of this protocol. The key feature of the proposed protocol is that it achieves the same diagnostic performance as the centralized diagnoser. 1 Introduction Failure detection and isolation is an important task in the automatic control of large complex systems, and consequently, the problem of failure diagnosis has received considerable attention in the literature. Many schemes ranging from fault-tree and analytical redundancy methods to discrete event s..