Luís Pedro da Silva Azevedo

Assisted Assignment of Automotive Safety Requirements

ISO 26262, a functional-safety standard, uses Automotive Safety Integrity Levels (ASILs) to assign safety requirements to automotive-system elements. System designers initially assign ASILs to system-level hazards and then allocate them to elements of the refined system architecture. Through ASIL decomposition, designers can divide a functions safety requirements among multiple components. However, in practice, manual ASIL decomposition is difficult and produces varying results. To overcome this problem, a new tool automates ASIL allocation and decomposition. It supports the system and software engineering life cycle by enabling users to efficiently allocate safety requirements regarding systematic failures in the design of critical embedded computer systems. The tool is applicable to industries with a similar concept of safety integrity levels.

Automatic decomposition and allocation of safety integrity levels using a penalty-based genetic algorithm

Automotive Safety Integrity Levels (ASILs) are used in the new automotive functional safety standard, ISO 26262, as a key part of managing safety requirements throughout a top-down design process. The ASIL decomposition concept, outlined in the standard, allows the safety requirements to be divided between multiple components of the system whilst still meeting the ASILs initially allocated to system-level hazards. Existing exhaustive automatic decomposition techniques drastically reduce the effort of performing such tasks manually. However, the combinatorial nature of the problem leaves such exhaustive techniques with a scalability issue. To overcome this problem, we have developed a new technique that uses a penalty-based genetic algorithm to efficiently explore the search space and identify optimum assignments of ASILs to the system components. The technique has been applied to a hybrid braking system to evaluate its effectiveness.

A synthesis of logic and bio-inspired techniques in the design of dependable systems

Much of the development of model-based design and dependability analysis in the design of dependable systems, including software intensive systems, can be attributed to the application of advances in formal logic and its application to fault forecasting and verification of systems. In parallel, work on bio-inspired technologies has shown potential for the evolutionary design of engineering systems via automated exploration of potentially large design spaces. We have not yet seen the emergence of a design paradigm that effectively combines these two techniques, schematically founded on the two pillars of formal logic and biology, from the early stages of, and throughout, the design lifecycle. Such a design paradigm would apply these techniques synergistically and systematically to enable optimal refinement of new designs which can be driven effectively by dependability requirements. The paper sketches such a model-centric paradigm for the design of dependable systems, presented in the scope of the HiP-HOPS tool and technique, that brings these technologies together to realise their combined potential benefits. The paper begins by identifying current challenges in model-based safety assessment and then overviews the use of meta-heuristics at various stages of the design lifecycle covering topics that span from allocation of dependability requirements, through dependability analysis, to multi-objective optimisation of system architectures and maintenance schedules.

Driving design refinement

Abstract There is increasing agreement that, to achieve high dependability in complex systems, design processes should move in a direction where dependability and other quality attributes are controlled from the early stages rather than left to emerge (or not) at the end. This is clearly a very desirable goal that would greatly benefit several industries, and it is enshrined in contemporary standards like the aerospace ARP4754-A and the automotive ISO 26262 safety standards. These documents prescribe processes in which dependability requirements, captured early through system level hazard analysis and risk assessment, are rationally allocated to progressively more refined subsystem elements of the architecture—with respect to software—in the form of Development Assurance Levels (DALs), Safety Integrity Levels, or other similar concepts. A study of the problem shows that the manual processes described in the standards for software requirements allocation become complex when applied to large networked architectures which deliver multiple functions; such systems lead to huge numbers of potential allocation solutions and exploring these manually is often infeasible. Current standards do not advise on how this type of allocation can be done effectively, optimally, and efficiently, for example, with the support of automated algorithms and tools. This is an area where research opportunities arise to address important questions: for instance, which architectural proposals will fulfill dependability requirements better in the context of design refinement, and, given a proposed architecture, how can integrity requirements be optimally allocated to its elements? or how can design refinements be achieved with minimal design iterations whilst preserving the desired system properties throughout, from early stages to the end of a project? We address these questions by proposing a method for controlled refinement and allocation of system requirements that is applicable from the early stages of design. In this chapter we use the aerospace industry as an application domain, where dependability requirements for the system are typically translated to integrity requirements expressed in the form of DALs. DALs are a concept introduced in major standards for the aerospace industry, namely the RTCA DO-178C/EUROCAE ED-12C and the SAE ARP4754-A. Their purpose is to signify and summarize the effort required to develop a function or an element of the aircraft to a certain level of integrity that is consistent with the aircraft’s overall safety requirements. Allocating the DALs to an architectural design typically requires assigning a DAL to a high-level function, then decomposing it and allocating lower DALs to its supporting elements in such a way that DALs of supporting elements together satisfy the higher level function DAL. The refinement and decomposition of DALs is a top–down iterative process that proceeds alongside the refinement of the design. The process is based on rules defined in the standard and is applied with an aim to reduce the overall cost of the system, as DALs that signify high integrity typically involve disproportionally higher development and production costs in their associated elements. Applying this process manually to large and complex systems can be a challenging task. Furthermore, finding the optimal allocation, with regards to the overall cost and integrity of the architecture, is a hard combinatorial problem that cannot be solved efficiently with exhaustive methods. To solve this problem, we propose a method that uses state-of-the-art model-based dependability analysis and meta-heuristics to automatically find the optimal allocation of DALs on a given architectural design proposal. We demonstrate the effectiveness of this technique on an aircraft wheel braking system. The method has direct applicability to the aerospace industry but the concepts are easily transferable to complex software and system design in the automotive and other domains.