Search Results

Automated Driving Systems (ADSs) show great potential to improve our transport systems. Safety validation, before market launch, is challenging due to the large number of miles required to gather enough evidence for a proven in use argumentation. Hence there is ongoing research to find more effective ways of verifying and validating the safety of ADSs. It is crucial both for the design as well as the validation to have a good understanding of the environment of the ADS. A natural way of characterizing the external conditions is by modelling and analysing data from real traffic. Towards this end, we present a framework with the primary ultimate objective to completely model and quantify the statistically relevant actions that other vehicles conduct on motorways. Two categories of fundamental actions are identified by recognising that a vehicle can only move longitudinally and laterally.

Automated Driving is revolutionizing many of the traditional ways of operation in the automotive industry. The impact on safety engineering of automotive functions is arguably one of the most important changes. There has been a need to re-think the impact of the partial or complete absence of the human driver (in terms of a supervisory entity) in not only newly developed functions but also in the qualification of the use of legacy functions in new contexts. The scope of the variety of scenarios that a vehicle may encounter even within a constrained Operational Design Domain, and the highly dynamic nature of Automated Driving, mean that new methods such as simulation can greatly aid the process of safety engineering.

With the advent of ISO 26262 there is an increased emphasis on top-down design in the automotive industry. While the standard delivers a best practice framework and a reference safety lifecycle, it lacks detailed requirements for its various constituent phases. The lack of guidance becomes especially evident for the reuse of legacy components and subsystems, the most common scenario in the cost-sensitive automotive domain, leaving vehicle architects and safety engineers to rely on experience without methodological support for their decisions. This poses particular challenges in the industry which is currently undergoing many significant changes due to new features like connectivity, servitization, electrification and automation. In this paper we focus on automated driving where multiple subsystems, both new and legacy, need to coordinate to realize a safety-critical function.

Heavy commercial vehicles constitute the dominant form of inland freight transport. There is a strong interest in making such vehicles autonomous (self-driving), in order to improve safety and the economics of fleet operation. Autonomy concerns affect a number of key systems within the vehicle. One such key system is brakes, which need to remain continuously available throughout vehicle operation. This paper presents a fail-operational functional brake architecture for autonomous heavy commercial vehicles. The architecture is based on a reconfiguration of the existing brake systems in a typical vehicle, in order to attain dynamic, diversified redundancy along with desired brake performance. Specifically, the parking brake is modified to act as a secondary brake with capabilities for monitoring and intervention of the primary brake system.

The use of innovative power sources in future cars has long-ranging implications on vehicle safety. We studied these implications in the context of the guidance on software tool qualification in the then current ISO 26262 draft, when building an urban concept vehicle to participate in the 2011 Shell Eco-Marathon. While the guidance on tool qualification is detailed, the guidance in regard to tools integrated into tool chains is limited. It only points out that the environment that tools execute in needs to be taken into consideration. In this paper we clarify the implications of tool chains on tool qualification in the context of ISO 26262 by focusing on answering two questions; first, are there parts of the development environment related to tool integration that are likely to fall outside of tool qualification efforts as currently defined by ISO 26262; secondly, can we define if, and -if so- how, tool integration is affected by ensuring functional safety.

Failure Modes and Effects Analysis (FMEA) is a well established safety analysis technique used for the assessment of safety critical engineering systems in the automotive industry. Although FMEA has been shown to be useful, the analysis is typically restricted to the effects of single component failures; even partial analysis of combinations or sequences of multiple failures is in practice considered too complex, laborious and costly to perform. In this paper, we describe a new technique in which FMEAs are semi-automatically built from the topology of a system and component-level specifications of failure data. The proposed technique allows an extended form of “combinatorial & sequential FMEA” in which assessment of the effects of combinations and sequences of failures becomes feasible and cost effective.

Automotive electronic systems are becoming safety related causing a need for more systematic and stringent approaches for demonstrating the functional safety. The safety case consists of an argumentation, supported by evidence, of why the system is safe to operate in a given context. It is dependent on referencing and aggregating information which is part of the EAST-ADL2, an architecture description language for automotive embedded systems. This paper explores the possibilities of integrating the safety case metamodel with the EAST-ADL2, enabling safety case development in close connection to the system model. This is done by including a safety case object in EAST-ADL2, and defining the external and internal relations.

This work is part of a larger effort to define a modeling approach suitable for complex embedded control systems for which modeling techniques are in the progress of maturing. Modeling constitutes an indispensable part of engineering, forming an important basis for documentation, communication, and design automation. In order to describe and compare different modeling techniques, a framework has been developed. The current state of the framework is presented together with lessons learned. We will illustrate the framework with an automotive application. The framework combines a generic concept of systems and the modeling concepts that have been extracted from a study of 12 modeling approaches covering different levels of design and disciplines. Future work will refine the framework by studying additional modeling techniques and by considering more domain specific modeling needs in automotive systems.