Martin Hillenbrand

Failure mode and effect analysis based on electric and electronic architectures of vehicles to support the safety lifecycle ISO/DIS 26262

The draft international standard under development ISO 26262 (Road Vehicles — Functional safety —) describes a safety lifecycle for road vehicles and thereby influences all parts of development, production, operation and decommissioning. Starting from 2011, all developments of new cars should be aligned to this standard. The rapid application and adaption of the ISO 26262 is mandatory to develop safe, advanced and competitive automotive systems and systems of systems. The failure mode and effect analysis (FMEA) is a well applied engineering quality method in the automotive industry and proposed by the ISO 26262 for several analyses. The communication structure of the automotive control system are specified by the electric and electronic architecture (EEA). For a short time all this information can be processed in one tool. It can form an important contribution to the determination of input data for safety assessments. With the FMEA flow embedded in the EEA modeling, analysis can be rapidly provided with altered input data resulting from architecture modifications. This paper presents a formalized tool flow for rapid determination and accumulation of input data for failure mode and effect analysis based on an EEA model, the accomplishment of the analysis within an EEA modeling tool and the automated generation of reports, documenting the results from the FMEA according to a predefined form.

An Approach to Supply Simulations of the Functional Environment of ECUs for Hardware-in-the-Loop Test Systems Based on EE-architectures Conform to AUTOSAR

Today’s vehicles include a complex network of programmableelectronic control units with software components. Avehicle’s electric and electronic (EE) architecture has to bemodeled in an early design phase to evaluate design alternatives.The tool PREEvision offers possibilities to modelEE-architectures considering feature function networks,function networks, component networks as well as wiringharness and the respective mappings.The software architecture specified by AUTOSAR separateshardware dependent and hardware independent softwaremodules. This allows the mapping of hardware independentsoftware applications to different hardware platforms.Hardware-in-the-Loop (HiL) is an established technologyfor testing electronic control units (ECU) and to assurequality. HiL-test-systems (HiL-TS) simulate the ECU’sfunctional environment (car, driver, road, tires, etc.) andadditionally offers the possibility to insert logical faults aswell as electrical faults (short circuit, open load, etc.).Mostly, this HiL-simulation is individually engineered forevery single ECU.This paper introduces a concept for the automated supportof such simulations. This includes the derivation of relevantinformation from the model of the EE-architecture as wellas the portation of the AUTOSAR software architecture tothe HiL-TS. Following this concept, engineering costs canbe reduced and the quality and correctness of the simulationincreased.

ISO/DIS 26262 in the context of electric and electronic architecture modeling

The draft international standard under development ISO 26262 describes a safety lifecycle for road vehicles and thereby influences all parts of development, production, operation and decommissioning. All systems affected by the standard, like anti-trap protection or advanced driver assistance systems, contain hierarchical electric and electronic parts. After publishing the final version, they all should be designed, assessed and documented to the demands of ISO 26262. The intercommunication structure of the distributed automotive control system, consisting of electronic control units (ECU), sensors and actuators, and functions computed by this control system, are specified by the electric and electronic architecture (EEA). In the context of the ISO 26262, the EEA contributes to the intercommunication of distributed, safety related functions plus the determination of architectures. This article discusses the impact of the standard on the EEA development and the handling of safety requirements demanded by ISO 26262 during early development phases.

An approach for rapidly adapting the demands of ISO/DIS 26262 to electric/electronic architecture modeling

The draft international standard ISO 26262 describes a safety lifecycle for road vehicles and thereby influences all parts of development (specification, prototyping, implementation, integration, test, etc.). All functionalities affected by the standard, contain hierarchical electric and electronic systems. Starting from 2011, they should be designed, analyzed, assessed and documented strictly to the demands of ISO 26262. The adaption of the standard to the OEMs (original equipment manufacturer) existing development lifecycle comes along with numerous additional challenges and time-consuming activities. The rapid application and adaption of the ISO 26262 is imperative for OEMs and tier one suppliers to stay competitive and avoid the risk of delayed development kick-offs. The electric and electronic architecture (EEA) of a vehicle comprises the distributed automotive control system (electronic control units (ECU), sensors, actuators, etc.), and the computed functions. The EEA is designed and evaluated during the concept phase of the vehicle development. The EEA design has groundbreaking impact on succeeding development phases. Conformity of the EEA to the demands of the ISO 26262 and well-wrought design decisions enable for fast and safe progress of succeeding phases of the development lifecycle and thereby rapid development of intelligent and future-oriented vehicular systems. This article discusses impacts of the ISO 26262 to the EEA development and the handling of demanded safety requirements during the early phases of EEA development.

Rapid specification of hardware-in-the-loop test systems in the automotive domain based on the electric / electronic architecture description of, vehicles

The fast growth of complexity of modern cars, motorbikes and commercial vehicles continues. Although the number of applied Electronic Control Units (ECUs) decreases [1], they have to fulfill more and more functions concerning performance, comfort and safety [2], [3]. The electric and electronic architecture (EEA) of a vehicle forms the basis for those features and functionalities. An elaborated and evaluated EEA is developed in the concept phases of the vehicle development lifecycle. For a short time, the tool PREEvision offers the possibilities to model EEAs considering different views to the architecture (requirements, software, hardware, wiring harness, topology, etc.). For test and evaluation of the vehicles functionalities, Hardware in the Loop (HiL) technology is utilized to cover the integration phase of hardware and software. The specification and design of HiL test systems (HiL-TS) is a complex and time-consuming procedure that can be supported by information about electric and electronic artifacts and their relationship, both available in the EEA model. This paper presents an approach for rapid specification, development and application of HiL-TSs as well as rapidly prototyping systems.

Connected efficiency – A paradigm to evaluate energy efficiency in tactical vehicle-environments

As traffic density is increasing, determination and optimization of energy consumption of vehicles can no longer be considered in isolation to their reactive environment. Optimization of energy efficiency is a connected issue of considering interactions between vehicles in their tactical vehicle-environment. In this paper we present a definition of tactical vehicle-environment on multilane roads and introduce the term connected efficiency. The connected efficiency facilitates the quantification of energy efficiency across several vehicles. The utilization of connected efficiency is shown in a simulated highway scenario.

Development of electric/electronic architectures for safety‐related vehicle functions

The development of software‐based systems for vehicles in compliance with the new standard ISO 26262 – functional safety for road vehicles – requires a common understanding between the two domains. In this paper, we consider the impact of the ISO 26262 to the concept phase of the vehicle development, especially the model‐based development of electric/electronic architectures. To found a formal basis for the electric/electronic architecture modeling, located in the development process and addressed by ISO 26262, we introduce a meta‐model, combining the major concepts and relations of electric/electronic architectures and ISO 26262. Safety analysis can be supported by data available in the electric/electronic architecture model. In this paper, we present a methodology to facilitate and accumulate context‐based information from electric/electronic architecture models to use them as input information for safety analysis. We also demonstrate how to perform the safety analysis method, that is, failure mode and effect analysis, based on the same architecture description language as the electric/electronic architecture model and also within the same modeling tool. We also present a methodology for the modeling and consideration of safety aspects and requirements crossing different system perimeters. This facilitates the consistent description and analysis of systems of systems, such as contemporary vehicles. Copyright

Rapid automotive bus system synthesis based on communication requirements

The complexity of modern cars and along their electric/electronic architecture (EEA), rapidly increased during the last years. New applications like driver assistance systems are highly distributed over the network of hardware components. More and more systems share common sensors placed in sensor clusters. This leads to a greater number of mutually connected electronic control units (ECUs) and bus systems. The traditional domain specific approach of grouping connatural ECUs into one bus system, does not necessarily lead to an overall optimal EEA design. We developed a method to automatically determine a network structure based on the communication requirements of ECUs. Based on the EEA model, which is developed during the vehicle development life-cycle, we have all the information we need, like cycle times and data width, to build a network of automotive bus systems. We integrated our method into the EEA tool PREEvision to allow rapid investigation of realization alternatives. The relocation of functions from one ECU to another can ideally be supported by our method, since we can generate a new network structure within minutes, fitting the new communication demands.

Ontology-based knowledge representation of failure mode and effect analysis on Electric/Electronic Architecture modeling conforming to the ISO 26262

In this paper, we propose knowledge representation of Failure Mode and Effect Analysis (FMEA) on Electric/Electronic Architecture (EEA) tailored to ISO 26262. FMEA, EEA, and ISO 26262 are composed of abstract and concrete data. Description and representation of abstract and meta models are complex. Indeed, to simplify and feasibly represent the data for software/hardware development of the EEA, we approach the knowledge representation of the FMEA for the concrete and abstract models of EEA using ontology. With the ontology, FMEA, EEA, ISO 26262, and combination of the three aspects can be presented using concrete models, and are able to be defined in the form of class models. These class models will be occupied for the development of the software aspect of FMEA for EEA accommodating the ISO 26262. Hence, this type of representation is considered to an adequate model to represent the abstract, concrete and meta models of FMEA for EEA conforming to ISO 26262.

Development of Electronic Architectures for Safety-Related Functions

The development of software‐based systems for vehicles in compliance with the new standard ISO 26262 – functional safety for road vehicles – requires a common understanding between the two domains. In this paper, we consider the impact of the ISO 26262 to the concept phase of the vehicle development, especially the model‐based development of electric/electronic architectures. To found a formal basis for the electric/electronic architecture modeling, located in the development process and addressed by ISO 26262, we introduce a meta‐model, combining the major concepts and relations of electric/electronic architectures and ISO 26262. Safety analysis can be supported by data available in the electric/electronic architecture model. In this paper, we present a methodology to facilitate and accumulate context‐based information from electric/electronic architecture models to use them as input information for safety analysis. We also demonstrate how to perform the safety analysis method, that is, failure mode and effect analysis, based on the same architecture description language as the electric/electronic architecture model and also within the same modeling tool. We also present a methodology for the modeling and consideration of safety aspects and requirements crossing different system perimeters. This facilitates the consistent description and analysis of systems of systems, such as contemporary vehicles. Copyright