Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safe Automotive soFtware architEcture

Published byJayden Collyer Modified over 9 years ago

Similar presentations

Presentation on theme: "Safe Automotive soFtware architEcture"— Presentation transcript:

1 Safe Automotive soFtware architEcture
Project Presentation SAFE project partners

2 Content Motivation Concept Level Implementation Level Organization

3 SAFE – Motivation Issues in Safety Analysis*)
The coherency issue How do safety analysis results relate to the actual design? How can safety engineers keep track with ongoing evolvements and changes in design models? The plausibility issue How can a system designer relate a cut set to „his“ model? How can he understand, how the cut-set can arise? How can the propagation of a failure be traced in the system? The accuracy issue How can mission phases be assessed without over-engineering? How can numerical thresholds be assessed? The completeness issue How can a safety designer assert, that all minimal cut sets have been identified? How can it be assessed that all relevant effects have been considered? *) Model-Based Safety Analysis - OFFIS 2006

4 SAFE – Motivation Model Based
Development Safety Analysis Requirements Functional Model System Architecture HW/SW Architecture Autocode Autotest Simulation Reuse Why not the safety analysis? We base the entire development cycle around the model! *) Model-Based Safety Analysis – University of Minnesota

5 SAFE – Motivation Model Based
Development Safety Analysis Common Model for Development and Safety Analysis To represent safety properties and requirements in the same notation of the development models To perform safety analysis having the possibility to trace back through the results in the system model in order to understand expected behavior Safety analysis based on formal models Facilitates consistency in safety analysis Facilitates completeness of safety analysis Makes safety analysis more systematic and repeatable Reduced manual effort in error-prone areas Automated support for safety analysis Explore various failure scenarios

6 SAFE – Motivation Model Based
Development Safety Analysis Requirement Environment Geometrical Function Variability Technical SAFETY Logical NEW Abstraction Levels Perspectives

7 SAFE – Motivation Additional perspective - ISO26262
Development Vehicle Vehicle Level (Features) System Level (Functional Blocks) Level of abstraction Development System System Level (Architectural Blocks) Component Level 1-2 (components) Component Development

8 SAFE – Motivation Scope and Goals
Automotive electronics architecture (system + software + electronic hardware including electrical distribution system) Goals Improve dependability from vehicle to component Ensure process compliance to ISO26262 at the best cost (automation required, and no over design) matching AUTOSAR requirements methods to reference supplier chain job split, liability and to respect intellectual property rights Early evaluation of safety architecture and reuse (quality and cost driven) Demonstrate preservation of functional design choice (safety oriented) on component architecture

9 SAFE – Motivation Scope with respect to ISO26262
3. Concept phase 2. Management of functional safety 2-5 Overall safety management 2-6 Safety management during item development 7. Production and operation 6-5 Initiation of product development at the software level 6-6 Specification of software safety requirements 6-7 Software architectural design 6-8 Software unit design and implementation 6-9 Software unit testing 6-10 Software integration and testing 6-11 Software verification 5-5 Initiation of product development at the hardware level 5-6 Specification of hardware safety requirements 5-7 Hardware design 5-8 Hardware architectural metrics 5-10 Hardware integration and testing Core processes 2-7 Safety management after release for production 3-6 Initiation of the safety lifecycle 1. Vocabulary 3-5 Item definition 3-7 Hazard analysis and risk assessment 3-8 Functional safety concept 7-6 Operation, service and decommissioning 7-5 Production 8. Supporting processes 8-5 Interfaces within distributed developments 8-6 Overall management of safety requirements 8-8 Change management 8-9 Verification 8-7 Configuration management 4. Product development: system level 4-5 Initiation of product development at the system level 4-7 System design 4-8 Item integration and testing 4-9 Safety validation 4-10 Functional safety assessment 4-11 Release for production 6. Product development: software level 5. Product development: hardware level 5-9 Evaluation of violation of the safety goal due to random HW failures 4-6 Specification of the technical safety requirements 9. ASIL-oriented and safety-oriented analyses 9-5 Requirements decomposition with respect to ASIL tailoring 9-6 Criteria for coexistence of 8-10 Documentation 8-11 Qualification of software tools 8-13 Qualification of hardware components 8-14 Proven in use argument 8-12 Qualification of software components 9-7 Analysis of dependent failures 9-8 Safety analyses 10. (Informative) Guidelines on ISO 26262

10 SAFE – Motivation Approach
ISO26262 Developer Requirements Modeling Language 3-7 Hazard analysis and risk assessment Seamless tool- supported development Interoperable Toolset 3-8 Functional safety concept Guidelines, Application Rules 4-6 Specification of technical safety requirements 5-6 Specification of hardware safety requirements 6-6 Specification of software safety requirements HW-SW Component Models

11 SAFE – Motivation Results
Concept Level Open meta-model for description of system, software, hardware Assessment process to demonstrate compliance to ISO26262 Implementation Level Technology Platform, i.e. set of interfaces, plug-ins and tools to realize open meta-model Industrial use cases demonstrating methods and tools Completive Material Training Material Recommendation and Guidelines

12 Content Motivation Concept Level Implementation Level Organization
Open Meta-model Assessment Methodology Implementation Level Organization

13 SAFE – Concept Level Meta-model for Model based Safety Analysis
Modeling Language Safety goals modeling Architecture modeling Methods for analysis Variant Management Safety code generation Interoperable Toolset Hazard analysis, safety goals and ASIL def. Failure and cut-sets analysis Safety Requirement Expression System and Software models enhancement Safety evaluation Safety case documentation Hardware Description safety and multi-criteria architecture benchmarking Guidelines, Application Rules COTS evaluation Integrated Meta-Model ReqIF EAST-ADL AUTOSAR Approach: existing, base technologies are used and extended

14 SAFE – Concept Level Hazard analysis and risk assessment
ISO26262 3-7 Hazard analysis and risk assessment SAFE – Safety Goal Modeling Item Definition 3-8 Functional safety concept Hazard 4-6 Specification of technical safety requirements Hazardous Event Operational Situation 5-6 Specification of hardware safety requirements 6-6 Specification of software safety requirements ASIL QM C D B A Safety Goal

15 SAFE – Concept Level Functional safety concept
ISO26262 Specification of the functional safety requirements … and their interaction necessary to achieve the safety goals. 3-7 Hazard analysis and risk assessment SAFE - Functional safety concept Safety Goal 3-8 Functional safety concept ASIL QM C D B A Safe State 4-6 Specification of technical safety requirements 5-6 Specification of hardware safety requirements 6-6 Specification of software safety requirements Functional Safety Requirement Functional Architecture Item

16 SAFE – Concept Level Technical safety concept
ISO26262 Specification of the technical safety requirements and their allocation to system elements for implementation by the system design. 3-7 Hazard analysis and risk assessment SAFE – Technical safety concept 3-8 Functional safety concept Functional Safety Requirement Functional Architecture Item 4-6 Specification of technical safety requirements Technical Safety Requirement Technical Architecture Item 5-6 Specification of hardware safety requirements 6-6 Specification of software safety requirements

17 SAFE – Concept Level HW-SW Safety concept
ISO26262 SAFE – Architecture modeling 3-7 Hazard analysis and risk assessment Technical Safety Requirement Technical Architecture Item 3-8 Functional safety concept HW SW HW Safety Requirement SW Safety Requirement 4-6 Specification of technical safety requirements HW – SW Interface Specification 5-6 Specification of hardware safety requirements 6-6 Specification of software safety requirements HW Architecture Item SW Architecture Item

18 SAFE – Concept Level Summary: Safety Requirement Expression
Modeling Language Functional analysis at vehicle level Hazard analysis and risk assessment Safety Goals Functional Safety Requirements Technical Safety HW/SW Safety Interoperable Toolset Guidelines, Application Rules System design & Architecture Functional safety concept Component design & Architecture Technical safety concept HW/SW HW/SW safety concept

19 SAFE – Concept Level Meta-model integration approach
Process Validation System Hardware Software Configuration Requirements References Hazards Dysfunctional Analysis Initial release Intermediary release Final release

20 Content Motivation Concept Level Implementation Level Organization
Open Meta-model Assessment Methodology Implementation Level Organization

21 SAFE – Concept Level Assessment Methodology
Modelling Language Objectives Tackle the introduction of a comprehensive functional safety process according to ISO26262 to a real engineering team Assessment procedure for functional safety Process step and adequate measures to allow seamless implementation in the different engineering disciplines Interoperable Toolset Guidelines, Application Rules

22 Content Motivation Concept Level Implementation Level Organization
Technology Platform Industrial use cases Organization

23 SAFE – Concept Level Meta-model for Model based Safety Analysis
Modelling Language Tool Interfacing Specialized Plugins Interoperable Toolset Autofocus (Fortiss) Traceability and requirement import CATIA V6 (Dassault Systèmes) Failure and cutset analysis HeRaClea (OFFIS) Guidelines, Application Rules Variability seamless integration PREEvision (Vector) pure::variants (pure-systems) Safety and multi-criteria architecture benchmarking Safety code generator SAFE Meta-Model Implementation RMF (ReqIF modeling framework) EATOP (EAST-ADL tool platform) ARTOP (AUTOSAR tool platform) Platform Software platform for mixed criticality Sphinx Eclipse

24 Content Motivation Concept Level Implementation Level Organization
Technology Platform Industrial use cases Organization

25 SAFE – WP 5 Evaluation Scenarios
Mixed criticality software layer Project Targets Tier1’s perspective (eGas & Electrical Brake) safety analysis of a system with MCU and MCAL SAFE Requirements (WP2) Definition of assessment criteria loop safety analysis at high level safety code generation Requirements on WP 3/4/6 Evaluation Scenarios (WP5) WP 3/4/6 results

26 Content Motivation Concept Level Implementation Level Organization

27 SAFE – Project Organization Consortium
OEMs BMW-CarIT (G) Tiers1 Continental Automotive (G) Continental Automotive (Fr) Continental Teves (G) Valeo EEM(Fr) ZF (G) Engineering Partner AVL Software & Function (G) Silicon Supplier Infineon Technologies (G) Tool suppliers & SME Aquintos (G) Dassault Systemes (Fr) ITEMIS France (Fr) Pure Systems (G) TTTEch (Aut) Accreditation body TÜV NORD Mobilität (G) Academia Fortiss (G) FZI, Karlsruhe University (Ge) OFFIS (Ge) LaBRi, Bordeaux University (Fr)

28 SAFE – Project Organization Basic Data
Duration: 36 months Timing: – Partners: 18 Countries: Austria, France, Germany Budget: 12 M€ Coordinator: Dr. Stefan Voget, Continental Automotive (G) OEM Advisory Board Audi (G) Daimler (G) Fiat (It) Renault (Fr) Volvo Technology (Swe)

29 SAFE – Project Organization Work-Package Structure
WP2: Requirement Elicitation WP7: Training, Dissemination WP1: Project Management, Exploitation WP3: Model Based Development for Functional Safety WP4: Technology Platform WP6: Methodology & Application Rules WP5: Evaluation Scenarios Guidelines, Interoperable Toolset Modelling Language

30 SAFE – Project Organization Milestones
Requirements MS1 (04.12) MS2 (06.12) MS4 (12.12) Loop 1 Loop 3 Platform v1 v2 v3 Meta model and method definition M3 (09.12) MS5 (02.13) Loop 2 Development of tool support Evaluation Development of tool MS6 (07.13) MS7 (12.13) MS10 (06.14) MS8 (02.14) MS9 (04.14)

31 SAFE – Miscellaneous Link to
SAFE Project contract regulations All SAFE parties give each other the right to integrate results into AUTOSAR The SAFE parties grant to all AUTOSAR partners & members the rights to use the results of SAFE The only way of providing input to AUTOSAR is that a SAFE party submits that input to AUTOSAR. AUTOSAR status AUTOSAR R4.0 includes safety mechanism and documentation report SAFE provides to AUTOSAR Set up link to ISO26262 and engineering processes Provide complete overview on system level Complement hardware description

32 SAFE – Motivation Market Impact
OEMs Methods and tools that will give the flexibility to develop new architectures with a Safety In the Loop approach Possibility to deploy new architectures with a shorter time to market. First Tiers Possibility to demonstrate safety conformity of developed ECUs and automotive subsystems Optimize the cost of the development Allow reduction of re-certification due to late changes Semiconductor manufacturers and IP hardware providers Help to develop and focus on new component architectures capable to support ISO26262. Tool vendors Opportunity to develop an integrated tool-chain, including design and safety analysis in a single process Easy to adapt the tools to other embedded domains with strong concerns in Safety like Aerospace and Train.

33 Content BACKUP

34 SAFE – WP 2 Requirements Elicitation
Filter: Project Targets ISO26262 Requirements on model based development > 500 requirements State of the art Parallel projects to cooperate with SAFE Project Requirements Use Cases Exemplarily industrial use cases > 60 requirements

35 Thank you for your attention This document is based on the SAFE project in the framework of the ITEA2, EUREKA cluster program Σ! 3674. The work has been funded by the German Ministry for Education and Research (BMBF) under the funding ID 01IS11019, and by the French Ministry of the Economy and Finance (DGCIS). The responsibility for the content rests with the authors.

Download ppt "Safe Automotive soFtware architEcture"

Similar presentations

© Telelogic AB Modeling DoDAF Compliant Architectures Operational Systems Technical.

© Telelogic AB Modeling DoDAF Compliant Architectures Operational Systems Technical.
2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
SAFe Automotive aRchItecture SAFARI. SAFARI_Presentation_Short_v1.ppt 2 / /P. Cuenot/ 2009.09.03 © Continental AG ARTEMIS/Call2 R&D Project Proposal Project.

SAFe Automotive aRchItecture SAFARI. SAFARI_Presentation_Short_v1.ppt 2 / /P. Cuenot/ © Continental AG ARTEMIS/Call2 R&D Project Proposal Project.
System Integration Verification and Validation

System Integration Verification and Validation
Model based development for function safety Continental Automotive France Philippe CUENOT OFFIS Thomas PEIKENKAMP.

Model based development for function safety Continental Automotive France Philippe CUENOT OFFIS Thomas PEIKENKAMP.
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
Sixth Hour Lecture 10:30 – 11:20 am, September 9 Framework for a Software Management Process – Artifacts of the Process (Part II, Chapter 6 of Royce’ book)

Sixth Hour Lecture 10:30 – 11:20 am, September 9 Framework for a Software Management Process – Artifacts of the Process (Part II, Chapter 6 of Royce’ book)
EAST-ADL dependability package illustrated by a brake example Dr. Stefan Voget.

EAST-ADL dependability package illustrated by a brake example Dr. Stefan Voget.
A framework for describing IT Project Management Processes and Tool Set Features Enterprise Project Management Framework.

A framework for describing IT Project Management Processes and Tool Set Features Enterprise Project Management Framework.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.

The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Introduction to Software Testing

Introduction to Software Testing
Merlin ITEA Symposium 2006. 2006Merlin Overview2 Problem domain Companies hardly develop embedded products completely on their own Embedded systems need.

Merlin ITEA Symposium Merlin Overview2 Problem domain Companies hardly develop embedded products completely on their own Embedded systems need.
10th TTCN-3 User Conference, 7-9 June 2011, Bled, Slovenia AUTOSAR Conformance Tests - Feedback on their development and utilization Alain Feudjio-Vouffo,

10th TTCN-3 User Conference, 7-9 June 2011, Bled, Slovenia AUTOSAR Conformance Tests - Feedback on their development and utilization Alain Feudjio-Vouffo,
Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration
Developing Enterprise Architecture

Developing Enterprise Architecture
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.

Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.
S/W Project Management

S/W Project Management
UML - Development Process 1 Software Development Process Using UML (2)

UML - Development Process 1 Software Development Process Using UML (2)
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)

Similar presentations

Ads by Google