A simulation-based methodology for aiding advanced driver assistance systems hazard analysis and risk assessment

The increasing complexity of the Advanced Driver Assistance Systems (ADAS) is making more difficult to perform the Hazard Analysis and Risk Assessment (HARA). These items require high-performance Electronic Control Units (ECU) with extensive software functionalities. To correctly operate they interact with the driver, environment and other vehicle functions through high-speed in-vehicle networks, as well as a wide range of sensors and actuators. As a result, they implement complex behaviors whose outcome in presence of faults is not trivial to identify and classify as requested by the concept phase included in the most recent functional safety standards. In this paper we present a simulation-based methodology to perform the HARA of a vehicle function by mixing the usual industrial approach, based on the designers' knowledge, with one that makes use of a vehicle-level simulator. The simulation-based approach provides an automatic and systematic method to assess the complex interaction of the item under analysis with other vehicle functions in possibly complex operational situations, thus making the prediction of hazards easier. We choose to demonstrate the approach by applying it to a well-known automotive industry case study: an Advanced Emergency Braking System (AEBS). In this way, it is possible to analyze the effects of the function provided by the item, keeping into account the simulations results and comparing them to similar situations analysis available in literature. Thanks to the obtained simulation-based results, safety engineers can formulate a more objective hypothesis, in particular during the hazard classification subphase

A Novel ISO 26262-Compliant Test Bench to Assess the Diagnostic Coverage of Software Hardening Techniques against Digital Components Random Hardware Failures

This paper describes a novel approach to assess detection mechanisms and their diagnostic coverage, implemented using embedded software, designed to identify random hardware failures affecting digital components. In the literature, many proposals adopting fault injection methods are available, with most of them focusing on transient faults and not considering the functional safety standards requirements. This kind of proposal can benefit developers involved in the automotive market, where strict safety and cost requirements make the adoption of software-only strategies convenient. Hence, we have focused our efforts on compliance with the ISO 26262 automotive functional safety standard. The approach concerns permanent faults affecting microcontrollers and it provides a mapping between the failure mode described in part 11 of the Standard and the chosen fault models. We propose a test bench designed to inject permanent failures into an emulated microcontroller and determine which of them are detected by the embedded software. The main contribution of this paper is a novel fault injection manager integrated with the open-source software GCC, GDB, and QEMU. This test bench manages all the assessment phases, from fault generation to fault injection and the ISA emulation management, up to the classification of the simulation results

Towards Vehicle-Level Simulator Aided Failure Mode, Effect, and Diagnostic Analysis of Automotive Power Electronics Items

The increasing demand for Electronic Control Units able to perform safety-relevant tasks leads the automotive industry to find novel verification methodologies, capable to decrease the time-to-market and, at the same time, to improve the quality of the assessment. The ISO26262:2018 automotive functional safety standard requires to follow a strict development process, compliant with its “safety lifecycle”. It includes all the phases of the item life, from the concept to the decommissioning. The phase that places most difficulties about its objectivity and repeatability is the hardware/software integration verification since, usually, the software is in charge to mitigate the effects of some possible hardware failures. This paper proposes a novel technique, based on a simulation-based approach, to aid the designers during the Failure Mode, Effect, and Diagnostic Analysis (FMEDA). We consider a power electronics module, to be embedded into electric vehicles powertrains, as a challenging practical example. We performed some tests on it, considering a rear traction car with two independent electric motors, one per each wheel. This system, to allow the vehicle to curve, has to act like a differential gear. Hence, it has a strong safety impact on the driveability of the car. All the involved components have been simulated propagating their behaviours up to the entire vehicle. Due the strong coupling between item failures and vehicle dynamics, a structured way based on coupling fault injection with vehicle dynamic simulation is desirable

A Novel Method for Online Detection of Faults Affecting Execution-Time in Multicore-Based Systems

This article proposes a bounded interference method, based on statistical evaluations, for online detection and tolerance of any fault capable of causing a deadline miss. The proposed method requires data that can be gathered during the profiling and worst-case execution time (WCET) analysis phase. This article describes the method, its application, and then it presents an avionic mixed-criticality use case for experimental evaluation, considering both dual-core and quad-core platforms. Results show that faults that can cause a timing violation are correctly identified while other faults that do not introduce a significant temporal interference can be tolerated to avoid high recovery overheads

Novel Control Flow Checking Implementations for Automotive Software

Safety-critical applications shall be implemented on highly dependable systems, and a part of their reliability is based on checking if the software is executed correctly. Various techniques are available for this purpose, like Control Flow Checking (CFC). Many CFC algorithms can be found in the literature, but their detection performances are assessed in theoretical scenarios, when implemented in Assembly language. The international standard on functional safety for automotive applications is ISO26262. It mandates to develop using high-level programming languages and the computation of the Diagnostic Coverage (DC). The DC measures the effectiveness of the chosen hardening method, in order to detect various Failure Modes (FMs). This paper discusses two alternative solutions, one software-only, and the other involving customized hardware, for these concerns: (i) address the FMs affecting the computation units described by Table 30 of part 11 of the ISO26262 (ii) guarantee the Freedom From Interference between the hardening method and the monitored entity

Use of Facial Expressions to Improve the Social Acceptance of Level 4 and 5 Automated Driving System Equipped Vehicles

According to the World Health Organization (WHO), more than one million people die yearly from car accidents. At the same time, between 20 and 50 million people suffer non-fatal injuries, which can also lead to permanent disabilities. Recently, vehicles equipped with SAE level 3, 4, and 5 Automated Driving System (ADS) have become one of the hottest topics in the automotive industry. In fact, their main expected benefit is that they could significantly reduce the number of road accidents. Their actual success will depend on how people react to their introduction: considering that the absence of the steering wheel and pedals is possible for levels 4 and 5, will people trust these advanced forms of driving automation? In this regard, the authors of this paper have proposed two different ideas. The first, which can be implemented during the proactive phase, consists in calibrating the driving algorithm of the vehicle based on the volunteers’ reaction to simulations of common driving situations. The second, which can be implemented during the reactive phase, consists in dynamically adapting the driving style of the vehicle based on the average feeling inside the vehicle. Both of these ideas could help improve social acceptance and facilitate the transition to vehicles equipped with SAE level 4 and 5 ADS

Multilevel Simulation Methodology for FMECA Study Applied to a Complex Cyber-Physical System

Complex systems are composed of numerous interconnected subsystems, each designed to perform specific functions. The different subsystems use many technological items that work together, as for the case of cyber-physical systems. Typically, a cyber-physical system is composed of different mechanical actuators driven by electrical power devices and monitored by sensors. Several approaches are available for designing and validating complex systems, and among them, behavioral-level modeling is becoming one of the most popular. When such cyber-physical systems are employed in mission- or safety-critical applications, it is mandatory to understand the impacts of faults on them and how failures in subsystems can propagate through the overall system. In this paper, we propose a methodology for supporting the failure mode, effects, and criticality analysis (FMECA) aimed at identifying the critical faults and assessing their effects on the overall system. The end goal is to analyze how a fault affecting a single subsystem possibly propagates through the whole cyber-physical system, considering also the embedded software and the mechanical elements. In particular, our approach allows the analysis of the propagation through the whole system (working at high level) of a fault injected at low level. This paper provides a solution to automate the FMECA process (until now mainly performed manually) for complex cyber-physical systems. It improves the failure classification effectiveness: considering our test case, it reduced the number of critical faults from 10 to 6. The remaining four faults are mitigated by the cyber-physical system architecture. The proposed approach has been tested on a real cyber-physical system in charge of driving a three-phase motor for industrial compressors, showing its feasibility and effectiveness

Vrtlarski rad i izloženost teškim metalima u gradskom okružju

Urban soil may be a source of occupational exposure to various pollutants in gardening and land cultivation. This paper presents data of a one-year follow-up of lead, cadmium, nickel, chromium, and vanadium in the environment of the city of Bologna. Samples of soil and leaves were collected at three locations; gardens from the inner-city high-traffic area, parks in moderatetraffic area, and parks in suburban, low-traffic area. The top and deeper layers of soil and leaves were mainly polluted by lead at all locations, which corresponded to the traffic density. Personal samplers recorded greater concentrations of airborne metals than did the area samplers but the values kept below the threshold limit established by the American Conference of Governmental Industrial Hygienists for the working environment. Due to cumulative nature and interactive effects of toxic metals with other toxic and essential elements, long-term exposure to metals in the urban environment may be a health risk for occupationally exposed gardeners.Gradsko tlo može biti izvorom profesionalne izloženosti različitim onečišćivačima u vrtlara, uključujući otrovne teške metale koji se talože iz onečišćenog zraka na tlo i lišće. U radu su prikazani podaci jednogodišnjeg praćenja koncentracija olova, kadmija, niklja, kroma i vanadija u talijanskom gradu Bologni. Uzorci tla i lišća skupljani su na tri mjesta s različitom gustoćom prometa; u središtu grada s velikom gustoćom prometa, u parkovima s umjerenim prometom u okolišu i u prigradskim parkovima sa slabim prometom. Na svim lokacijama gornji i dublji slojevi tla bili su podjednako onečišćeni ponajprije olovom i to je bilo u svezi s prometnom gustoćom. Koncentracije metala u zraku utvr|ene u filtrima osobnih skupljača bile su više od koncentracija u skupljačima na tlu. Vrijednosti metala u zraku bile su niže od graničnih vrijednosti utvr|enih za radni okoliš od Američke konferencije vladinih industrijskih higijeničara (American Conference of Governmental Industrial Hygienists). Zaključeno je da vrtlari, u usporedbi s općim stanovništvom, i pri niskim razinama izloženosti u gradskom okolišu imaju povećan zdravstveni rizik za štetna djelovanja otrovnih metala i drugih onečišćivača okoliša zbog dugotrajne izloženosti u svezi s njihovim radom