Analysis and Specification of an AUTOSAR based ECU in compliance with ISO 26262 Functional Safety Standard: Analysis and Specification of an AUTOSAR based ECU in compliance withISO 26262 Functional Safety Standard

Layal, Vibhu

29 September 2016

Safety has been always been an important part, irrespective of the field of work that it accounts for. The functional safety standard that is currently being used in the automotive domain is the ISO 26262. This is an adaptation of the IEC 61508 safety standard. It is directed as a basic functional safety standard for a variety of industries. The version of ISO 26262 that is used in this thesis is the final draft released in January, 2011. In this thesis, various parts of the ISO 26262 functional safety standard are considered in order to understand the differences and interdependencies between them. The parts of ISO 26262 that are treated are as follows; Part 1: Vocabulary, Part 3: Concept phase, Part 4: Product development at the system level, Part 6: Product development at the software level and Part 9: Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analysis. During the entire course of this thesis the ISO 26262 standard is evaluated and the experience gained from it is jotted down. The understanding gained during this thesis about the ISO 26262 can be applied to ongoing or new development processes. As safety can never be overlooked, the wisdom that belongs to the ISO 26262 can be generously used into embedded systems that demand certain levels of safety.

info:eu-repo/classification/ddc/000

ddc:000

ISO 26262, ASIL, Software, Autosar

ISO 26262, ASIL, software, Autosar

Requirement specification Editor : REQUIREMENTS EDITOR BASED ON CONTRACT THEORY

Hedman, Per

January 2014

Vid utveckling av tyngre fordon inför man allt fler avancerade funktione. Mycket av denna funktionalitet handlar om att maskiner automatiskt ska utföra uppgifter för att assistera föraren. Detta leder till att nya risker uppstår. Och till följd av detta har man börjat skapa nya funktionella säkerhetsstandarder. ISO 26262 är en ny funktionell säkerhetsstandard som finns för vanliga personbilar men som ännu inte trätt i kraft för lastbilar. I ISO-26262 standarden ska krav kunna mappas till andra krav samt till systemarkitektur. I nuläget finns det vissa verktyg på marknaden som stödjer användaren när den skriver kravspecifikationer. Men undersökningar av verktyg ledde till att vi kommit fram till att alla hade någon brist. Och ingen hade bra stöd för mappning mellan krav och systemarkitektur. I detta examensarbete har arbetet varit att testa implementera funktionalitet för ett verktyg som assisterar användaren på olika sätt när den skriver kravspecifikationer. Baserat på kontraktteori och konceptet om portar som hjälp för att koppla samman krav med systemarkitektur ska applikationen se till att det finns en formell koppling mellan dessa. För att testa och validera att portar går att använda för att testa intressant funktionalitet har också en applikation utvecklats där mycket funktionalitet implementerats. Resultatet har varit lyckat då vi baserat på kontraktteori lyckats implementera och validera att det är möjligt att använda portar för att skapa koppling mellan krav och systemarkitektur, samt mellan krav och krav. Validering av att det valda lagringsformatet JSON också förser implementeraren med nog starkt stöd för att kunna spara dessa krav så att data i filerna kan brytas ner och lagras i temporära databasen Neo4J och på så sätt skapa ett fungerande kretslopp. / When developing new heavy vehicles today demands for increasingly more advanced features are asked for. A lot of the new functionality is about machines performing tasks automatically to assist the driver when driving. This leads to new risks, and as a result a new functional safety standard has been created. ISO 26262 is a functional safety standard that today exists for ordinary cars, but has not yet became a standard for trucks. According to the ISO 26262-standard requirements can be mapped to other requirements as well as to the system architecture. At present there are several tools on the market that supports the user when writing specifications. However, our research of the tools has led us to conclude that all lacked something. For example neither of the tools had good support for mapping between requirements and system architecture. In this thesis work, functionality for a tool which is supposed to support the user in various ways when writing requirements specifications was to be examined. Based on contract theory and the concept of ports that links requirements together with system architecture, an application can ensure that there is a formal link between the two. To test the suggested functionality a prototype is being developed. The result has been a successful as we based on contract theory could validate that using ports to create links between different requirements as well as between requirements and system architecture works through the implementation of the tool. Validation that the selected storage format JSON also provides the implementer with enough support to save the requirements in a way so that the data files can be decomposed and stored in the Neo4J database.

Neo4J

Grafdatabas

.Net

C#

Visual Studio

Contract theory

ISO 26262

Neo4J

Grafdatabas

.Net

C#

Visual Studio

Contract theory

ISO 26262

Computer and Information Sciences

Data- och informationsvetenskap

Development of an ISO 26262 ASIL D compliant verification system

Carlsson, Daniel

January 2013

In 2011 a new functional safety standard for electronic and electrical systems in vehicles waspublished, called ISO 26262. This standard concerns the whole lifecycle of the safety criticalelements used in cars, including the development process of such elements. As the correctnessof the tools used when developing such an element is critical to the safety of the element,the standard includes requirements concerning the software tools used in the development,including verification tools. These requirements mainly specify that a developer of a safetycritical element should provide proof of their confidence in the software tools they are using.One recommended way to gain this confidence is to use tools developed in accordance to a“relevant subset of [ISO 26262]”.This project aims to develop a verification system in accordance to ISO 26262, exploringhow and what specifications should be included in this “relevant subset” of ISO 26262 andto which extent these can be included in their current form. The work concludes with thedevelopment of a single safety element of the verification system, to give an demonstrationof the viability of such a system.

ISO 26262

Verification Systems

Tool Qualification

Automotive Embedded Systems

Functional Safety

Ontology centric design process : Sharing a conceptualization

Taofifenua, Ofaina, Taofifenua, Ofaina

10 July 2012

In the strongly competitive worldwide market of today, a car manufacturer has to offer to its customersrelevant, innovative, reliable, environment friendly and safe services. All this must be done at verycompetitive costs while complying with more and more stringent regulations and tighter deadlines. Thiswork addresses these challenges and aims at improving the design process for automotive safety criticalmechatronics systems. It shows that the use of formal and informal models can commit to a commonsemantic model, i.e., a system and safety ontology, that enables to ensure the consistency of the wholedesign process and compliance with standard ISO 26262. The concepts in this work have been appliedon a regenerative hybrid braking system integrated into an electrical vehicle. It demonstrated that therealized ontology enables to record the information produced during design and that using ontologieseffectively enables to detect semantic inconsistencies which improves design information quality, promotesreuse and ensures ISO 26262 compliance.

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

Ontology

Systems engineering

Iso 26262

Investigation of Resources Types for OSLC domains Targeting ISO 26262 : Focus on Knowledge Representation of the Right side of the ISO 26262 Software V-model

Padira, Kathyayani

January 2016

Context: ISO 26262 requires compilation of traceable work products across the application lifecycle as product based safety evidence. The compilation of such safety evidence is a time consuming and arduous task. Open Services Lifecycle Collaboration (OSLC) is an initiative that supports traceability through tool interoperability. The meta modelling of the ISO 26262 work products in the structure of Resource Description Framework (RDF) can be used for achieving interoperability. Thus, OSLC services used on the RDF exchanged between interoperating tools aids in an effective way of compiling the product based safety evidence for ISO 26262 safety case. Objectives: Representing the compilation of traceable work product types for the software testing and verification in ISO 26262, in form of a RDF-based conceptual meta-model. Testing and extending the concepts by instantiating the meta-model with work products to be represented in RDF for a case of a truck Electronic Control Unit (ECU) system. Lastly, validating the effectiveness of the conceptual meta-model for its compliance to ISO 26262. Methods: To realise the objectives, a case study was conducted at Scania CV AB, Södertälje, Sweden, a manufacturer of safety critical ECU systems used in heavy automobiles. The case study was conducted in three consecutive cycles. The first cycle of qualitative inductive content analysis of the ISO 26262 standard and its related document at the company for defining the conceptual meta model. The second cycle of qualitative deductive content analysis for testing, extending and refining the conceptual meta model. The last cycle of validating the effectiveness of the tested and extended conceptual meta model for compliance to ISO 26262. Results: The main result was the tested, extended and refined RDF based ISO 26262 conceptual meta model depicting traceable work product types for software testing and verification of a safety critical ECU system. The testing and extending of the conceptual meta model was performed with respect to the Main1 (M1) ECU system at Scania. The RDF was defined for the work products of M1 ECU system. Finally, the conceptual meta model was validated for its effectiveness in realising the criteria of abstraction, confirmability and traceability based on ISO 26262.  Conclusions: Thus, the RDF-based conceptual meta-model depicting product based safety evidence provides a structure for realising the traceability required for compiling the software testing and verification part of ISO 26262 safety case. The meta model was tested by defining the RDF for the work products of a truck ECU system that would be exchanged for achieving interoperability. Finally, the conceptual meta-model was validated for representing the knowledge required for showing traceable product based safety evidence for ISO 26262 safety case. / ESPRESSO, Scania CV AB, Södertälje / Gen&ReUsableSafety

ISO 26262

Software testing

Traceability

Open Services Lifecycle Collaboration

Knowledge representation

Software Engineering

Programvaruteknik

Requirement Recognition: Evaluierung von Ansätzen zur automatischen Generierung von Code aus Kundenanforderungen

Kraus, Patrice

12 September 2018

Innerhalb der Automobilindustrie hat sich MATLAB/Simulink als Standardsoftware zur Entwicklung von Steuergerätsoftware durchgesetzt und besticht durch eine hohe technische Abstraktion sowie eine gute Lesbarkeit. Dabei bedient sich Simulink den Prinzipien der modellgetriebenen Softwareentwicklung, bei denen Software in einer domänenspezifischen Sprache entwickelt wird und anschließend auf eine technisch niedrigere Abstraktionsebene transformiert wird. Das in dieser Masterarbeit entwickelte Anforderungskonzept für eingebettete Systeme ermöglicht die teilautomatisierte Übertragung von Softwareanforderungen in ein Simulink-Modell und fügt dem Konzept der modellgetriebenen Softwareentwicklung eine zusätzliche Abstraktionsebene hinzu. Das Augenmerk liegt hierbei auf der Reduzierung von manuellen und redundanten Arbeitsschritten sowie einer hohen Übereinstimmung von Pflichtenheft und Modell. Das vorgestellte Konzept unterstützt eine vollautomatische Architekturgenerierung auf Basis des Pflichtenheft sowie Parameter und Signaldefinitionen. Ergänzend wird auch eine Notation zur teilautomatischen Generierung funktionaler Anforderungen vorgestellt aber auch informelle Anforderungsdefinitionen unterstützt und Softwaregestaltungsrichtlinien der ISO-26262 konzeptionell mitberücksichtigt. Abschließend wird eine prototypische Implementierung eines Transformators aufgezeigt und die Funktionalität anhand eines Fallbeispiels demonstriert. Hierbei hat sich gezeigt das auf Basis von wenigen Anforderungen ein hochspezifiziertes Simulink-Modell erstellt werden kann, welches dem Entwickler zahlreiche Routineaufgaben abnimmt und eine Konzentration auf die konzeptionell schwierigen Elemente der Softwareentwicklung erlaubt. / Within the automotive industry MATLAB/Simulink has established itself as standard software for the development of electronic control unit software and impresses with its high technical abstraction and good readability. Simulink uses the principles of model-driven software development, in which software is developed in a domainspecific language and then transformed to a technically lower abstraction level. The requirements concept for embedded systems developed in this master thesis enables the semi-automated transfer of software requirements into a Simulink model and adds an additional abstraction level to the concept of model-driven software development. The focus here is on the reduction of manual and redundant work steps as well as a high degree of conformity between the specifications and the model. The presented concept supports a fully automatic architecture generation based on the requirement specification as well as parameters and signal definitions. In addition, a notation for semi-automatic generation of functional requirements is presented, but informal requirement definitions are also supported and software design guidelines of ISO-26262 are conceptually taken into account. Finally, a prototype implementation of a transformer will be displayed and its functionality demonstrated by means of a case study. This has shown that a highly specified Simulink model can be created on the basis of a few requirements, which relieves the developer of numerous routine tasks and allows concentration on the conceptually difficult elements of software development.

info:eu-repo/classification/ddc/004

ddc:004

MATLAB; Simulink; Anforderung

Test Scenario Development Process and Software-in-the-Loop Testing for Automated Driving Systems

Patil, Mayur

January 2019

No description available.

Automotive Engineering

Mechanical Engineering

An overview of the approaches for automotive safety integrity levels allocation

Gheraibia, Y., Kabir, Sohag, Djafri, K., Krimou, H.

21 October 2019

Yes / ISO 26262, titled Road Vehicles–Functional Safety, is the new automotive functional safety standard for passenger vehicle industry. In order to accomplish the goal of designing and developing dependable automotive systems, ISO 26262 uses the concept of Automotive Safety Integrity Levels (ASILs), the adaptation of Safety Integrity Levels. ASILs are allocated to the components and subsystems that can cause system failure and malfunctions that lead to hazards. ASILs allocation is a hard problem consists of finding the optimal allocation of safety levels to the system architecture which must guarantee that the highest safety requirements are met while development cost of the automotive system is kept minimum. There were many successful attempts to solve this problem using different techniques. However, it is worth pointing out that there is an absence of a review that provides an in-depth study of all the existing methods and highlights their merits and demerits. This paper presents an overview of different approaches that were used to solve ASILs allocation problem. The review provides an overview of safety requirements including the related standards followed by a study of the resolution methods of the existing approaches. The study of each approach provides a detailed explanation of the used methodology and a discussion of its strength and weaknesses including the main open challenges.

ISO 26262

Optimization

Exact solver

ASIL allocation

Automotive system

Safety requirement

Functional safety

Utvärdering av JTAG Boundary scan somtestmetod vid temperaturchocker / Evaluation of JTAG Boundary scan as testmethod for temperature shocks

Bergman, Robin, Nilsson, Johan

January 2020

Rapporten beskriver ett examensarbete som har genomförts hos Scania R&D. Målet har varit att testa om det är möjligt att använda JTAG för kontroll av Ball Grid Array på komponenter som sitter på kretskort. Vanliga mätmetoder kan inte användas med mindre än att man separerar komponenten från kretskortet. Det som framkommer är att JTAG kan användas för att kontrollera Ball Grid Array samtidigt som kretskortet finns i ett så kallat temperaturchockskåp (som används för att testa hur utrustning och komponenter reagerar vid snabba temperaturändringar). Svårigheten består att den flatkabel som för över signaler mellan dator och kretskort är så lång att arrangemanget blir störningskänsligt. Detta kan lösas med en Extender som förstärker signalen så att kabeln kan vara längre än 0,5 meter. Resultat visar att JTAG kan användas med kretskort som befinner sig i temperaturchockskåpet. Målet har även varit att utveckla en kontrollmetod för att kontrollera att det kretskort som levereras till Scania uppfyller kraven i ISO 26262. För att kunna kontrollera om en leverantör uppfyller ISO 26262 behövs dokumentation som verifierar att produkten utvecklats i enlighet med ISO 26262. I ISO standarden finns det tolv delar som beskriver kraven på produkten. I rapporten har fokus lagts på delen som handlar om hårdvara. Ingen kontrollmetod har kunnat utvecklats då ISO standarden var mer omfattade än väntat.

jtag boundary scan

temperature shock cycle

iso 26262

ball grid array

pcb

embedded system

cpu

cpld

mcu

JTAG boundary scan

temperaturchock

temperaturchockscykler

ISO 26262

ball grid array

pcb

inbyggda system

cpu

cpld

mcu

Engineering and Technology

Teknik och teknologier

Applying Model Checking for Verifying the Functional Requirements of a Scania’s Vehicle Control System

Sulyman, Muhammad, Ali, Shahid

January 2012

Model-based development is one of the most significant areas in recent research and development activities in the field of automotive industry. As the field of software engineering is evolving, model based development is gaining more and more importance in academia and industry. Therefore, it is desirable to have techniques that are able to identify anomalies in system models during the analysis and design phase instead of identifying them in development phase where it is difficult to detect them and a lot of time, effort and resources are required to fix them. Model checking is a formal verification technique that facilitates the identification of defects in system models during early stages of system development. There are a lot of tools in academia and industry that provide the automated support for model checking.  In this master thesis a vehicle control system of Scania the Fuel Level Display System is modeled in two different model checking tools; Simulink Design Verifier and UPPAAL. The requirements that are to be satisfied by the system model are verified by both tools. After verifying the requirements against the system model and checking the model against general design errors, it is established that the model checking can be effectively used for detecting the design errors in early development phases and can help developing better systems. Both the tools are analyzed depending upon the features supported. Moreover, relevance of model checking is studied with respect to ISO 26262 standard.

Model checking

Verification

Functional Requirements

Scania

Vehicle Control System

Fuel Level Display system

Simulink Design Verifier

UPPAAL

ISO 26262.