A Study of Automatic Allocation of Automotive Safety Requirements in Two Modes: Components and Failure Modes

ISO 26262 describes a safety engineering approach in which the safety of a system is considered from the early stages of design through a process of elicitation and allocation of system safety requirements. These are expressed as automotive safety integrity levels (ASILs) at system level and are then progressively allocated to subsystems and components of the system architecture. In recent work, we have demonstrated that this process can be automated using a novel combination of model-based safety analysis and optimization metaheuristics. The approach has been implemented in the HiP-HOPS tool, and it leads to optimal economic decisions on component ASILs. In this paper, first, we discuss this earlier work and demonstrate automatic ASIL decomposition on an automotive example. Secondly, we describe an experiment where we applied two different modes of ASIL decomposition. In HiP-HOPS, it is possible to decompose ASILs either to the safety requirements of components or individual failure modes of components. Protection against independent failure modes could, in theory, be achieved at different ASILs and this will lead to reduced design costs. Although ISO26262 does not explicitly support this option, we have studied the implications of this more refined decomposition on system costs but also on the performance of the decomposition process itself, and we report on the results. Finally, motivated by our study on ASIL decomposition, we discuss the general need for increased automation of safety analysis in complex systems, especially autonomous systems where an infinity of possible operational states and configurations makes manual analysis infeasible

Computing In-Service Aircraft Reliability

International audienceThis paper deals with the modeling and computation of in-service aircraft reliability at the preliminary design stage. This problem is crucial for aircraft designers because it enables them to evaluate in-service interruption rates, in view of designing the system and of optimizing aircraft support. In the context of a sequence of flight cycles, standard reliability methods are not computationally conceivable with respect to industrial timing constraints. In this paper, first we construct the mathematical framework of in-service aircraft reliability. Second, we use this model in order to demonstrate recursive formulae linking the probabilities of the main failure events. Third, from these analytic developments, we derive relevent reliability bounds. We use these bounds to design an efficient algorithm to estimate operational interruption rate indicators. Finally, we show the usefulness of our approach on real-world cases provided by Airbus

Modélisation et évaluation des performances de disponibilité d’un avion dans un contexte opérationnel lors des phases de conception

This thesis deals with the modelling and computation of in-service aircraft availability at the preliminary design stage. This problem is crucial for designers because it enables them to evaluate availability indicators in order to improve systems under design and to optimize aircraft support. We formalize the dynamic process of technical incidents and their effects on corrective maintenance in airline’s aircraft operations. In the context of a mission defined by a sequence of flight cycles, standard reliability methods are not computationally conceivable with respect to industrial timing constraints. Based on analytic developments, we introduce a methodology that provides an efficient algorithm for computing bounds for availability indicators. Finally, we show the usefulness of our approach on use-cases inspired by real-world aircraft systems.Ce rapport de thèse traite de la modélisation et de l'évaluation de la disponibilité d'un avion en phase de conception. Ce problème est crucial pour les concepteurs aéronautiques car il leur permet d'évaluer des indicateurs de disponibilité afin d’améliorer la conception des systèmes et d’optimiser le soutien de l'avion. Nous avons formalisé le processus dynamique des incidents techniques et leurs effets sur la maintenance corrective lors de l'exploitation de l'avion par une compagnie aérienne. Dans le contexte d'une mission, définie par une séquence de cycles de vol, les méthodes classiques de fiabilité des systèmes ne sont pas utilisables en respectant les contraintes industrielles de temps de calcul. Basée sur des développements analytiques, nous introduisons une méthodologie qui fournit un algorithme efficace de calcul des bornes des indicateurs de disponibilité. Finalement, nous montrons l'utilité de notre approche par des expérimentations inspirées de cas réels de systèmes d’un avion

Méthode d'allocation d'objectifs de fiabilité pour la conception d'un système partiellement nouveau

International audienceSummary The work presented in this communication was accomplished during a four-month internship at CLAAS TRACTOR on the allocation of reliability objectives, with the purpose of improving the methodologies used in dependability. As part of the reliability growth process, CLAAS TRACTOR needs a reliability objective allocation method that considers the diversity of systems and components for a new tractor model, in order to associate feedback with a predictive reliability analysis. The method developed is an adaptation of existing methods, aiming to take into consideration all the components with or without feedback to define the reliability objectives for the systems / components of an agricultural tractor. The reliability objective assignment for the new components is based on severity and occurrence values derived from FMEA. As a result, we have succeeded in applying the proposed method on projects in progress. By implementing this method, we were able to provide an allocation to all the components of a new agricultural tractor, including new elements, which meets the expectations of CLAAS.Le travail exposé dans cette communication a été accompli lors d'un stage de 4 mois au sein de CLAAS TRACTOR sur l'allocation d'objectifs de fiabilité, dans une perspective de maitrise et d'amélioration des méthodologies utilisées en sûreté de fonctionnement. Dans le cadre du processus de croissance de fiabilité, l'entreprise CLAAS TRACTOR a besoin d'une méthode d'allocation d'objectifs de fiabilité prenant en compte la diversité des systèmes et des composants pour un nouveau modèle de tracteur, afin d'associer retour d'expérience avec une analyse de fiabilité prévisionnelle. La méthode développée est une adaptation de méthodes existantes permettant de prendre en considération l'ensemble des composants avec ou sans retour d'expérience afin de définir les objectifs de fiabilité pour les systèmes/composants d'un tracteur agricole. L'attribution d'objectif de fiabilité pour les composants nouveaux est basée sur les valeurs de sévérité et d'occurrence issues des AMDECs. De ce fait, nous avons réussi à appliquer la méthode proposée sur des projets en cours de réalisation. L'application de la méthode a permis de fournir une allocation à l'ensemble des composants d'un nouveau tracteur agricole, comprenant des éléments nouveaux, ce qui correspondaient aux attentes de l'entreprise CLAAS

Evidential Networks for Evaluating Predictive Reliability of Mechatronics Systems under Epistemic Uncertainties

In reliability predicting field, the probabilistic approaches are based on data relating to the components which can be precisely known and validated by the return of experience REX, but in the case of complex systems with high-reliability precision such as mechatronic systems, uncertainties are inevitable and must be considered in order to predict with a degree of confidence the evaluated reliability. In this paper, firstly we present a brief review of the non-probabilistic approaches. Thereafter we present our methodology for assessing the reliability of the mechatronic system by taking into account the epistemic uncertainties (uncertainties in the reliability model and uncertainties in the reliability parameters) considered as a dynamic hybrid system and characterized by the existence of multi-domain interaction between its failed components. The key point in this study is to use an Evidential Network “EN” based on belief functions and the dynamic Bayesian network. Finally, an application is developed to illustrate the interest of the proposed methodology

Computing In-Service Aircraft Reliability

International audienceThis paper deals with the modeling and computation of in-service aircraft reliability at the preliminary design stage. This problem is crucial for aircraft designers because it enables them to evaluate in-service interruption rates, in view of designing the system and of optimizing aircraft support. In the context of a sequence of flight cycles, standard reliability methods are not computationally conceivable with respect to industrial timing constraints. In this paper, first we construct the mathematical framework of in-service aircraft reliability. Second, we use this model in order to demonstrate recursive formulae linking the probabilities of the main failure events. Third, from these analytic developments, we derive relevent reliability bounds. We use these bounds to design an efficient algorithm to estimate operational interruption rate indicators. Finally, we show the usefulness of our approach on real-world cases provided by Airbus

Dynamic Bayesian Network for Reliability of Mechatronic System with Taking Account the Multi-Domain Interaction

This article presents a methodology for reliability prediction during the design phase of mechatronic system considered as an interactive dynamic system. The difficulty in modeling reliability of a mechatronic system is mainly due to failures related to the interaction between the different domains called Multi-domain interaction. Therefore in this paper, after a presentation of the state of the art of mechatronic systems reliability estimation methods, we propose a original approach by representing multi domain interactions by influential factors in the dysfunctional modeled by Dynamic Bayesian Networks. A case study demonstrates the interest of the proposed approach

Degradation and Reliability Modeling of EM Robustness of Voltage Regulators Based on ADT: An Approach and A Case Study

International audienceThis paper presents an approach to develop degradation and reliability models of analog integrated circuit (IC) voltage regulators based on the long-term evolution of the electromagnetic compatibility (EMC) performance degradation due to the stress time-dependent accelerated degradation test (ADT). The ADT plan is designed and conducted on six samples of both UA78L05 and L78L05 ICs placed inside a climatic chamber combining both the thermal step-stress (i.e., 70-110 ∘C) and constant electrical overstress (i.e., 9 and 12 V) conditions for a total stress duration of 950 hours. All the selected UA78L05 and L78L05 samples are subjected to the direct power injection (DPI) measurement test under nominal conditions in order to characterize their immunity to electromagnetic interference (EMI). The statistical degradation data (i.e., the average injected power) of the aged samples is computed across the entire DPI frequency range for a variety of stress time duration. The proposed log-linear accelerated life-stress test (ALT) model is combined with the Weibull unreliability distribution function model to estimate the failure lifetime data against the applied voltage stress at three different failure threshold criterion. At various constant voltage overstress and threshold constraints, the lifetime reliability performance parameters (i.e., time-to-failure, probability of failure, model constants) of the tested device under tests (DUTs) were evaluated based on the measured degradation data. It is demonstrated that, for a limited number of samples under the combined influence of thermal step-stress with voltage overstress conditions, the proposed reliability model predicts with a very acceptable accuracy the lifetime reliability of both UA78L05 and L78L05 tested ICs, developed based on the conducted immunity degradation data. The physics-based modeling approach is utilized to develop the model for the degradation paths based on the observed monotonic degradation of the measured degradation data as well as the conditions of the thermal step-stress ADT. In order to estimate the unknown parameters of the developed degradation model, the maximum likelihood estimation (MLE) method is combined with a genetic optimisation algorithm

Safety Driven Optimization Approach for Automotive Systems

Communication (Communication avec actes dans un congrès)International audienceIn this paper, we propose an approach for system design and&nbsp; architecture optimization driven by safety and cost constraints. It consists of an architecture synthesis and mapping approach that takes into account the safety constraints in the ISO 26262 context. It allows, at one hand, to reach a system preliminary architecture by choosing the best component that reduce the overall cost. On the other hand, it leads&nbsp; to a mapping that respects the safety constraints related to safety levels and to dependent failures.We use exhaustive and genetic algorithm based approaches&nbsp; for the optimization. The use of these two approaches depends on the size of the considered problem. We demonstrate&nbsp; that these approaches can be used efficiently to reach an optimal design.</p