Search Results

In the field of electric and electronic (E/E) design for the automotive industry, there are separate traditions related to functional safety and software quality assurance. Both relying on the evaluation of the processes used; Automotive SPICE provides detailed guidance on how to perform this evaluation whilst ISO 26262 does not and simply mention Automotive SPICE as one possible solution. ISO 26262 additionally requires for an evaluation of the functional safety achieved by the product and uses the process evaluation (or functional safety audit in ISO 26262 terms) to support the final functional safety assessment. The purpose is to evaluate the implementation of the necessary safety processes according to the claimed scope defined in the safety plan. Automotive SPICE does not make a distinction on whether the application of the software under evaluation is safety related or not.

This paper presents measurements on Vehicle to Vehicle (V2V) communication between participants in a platooning application. Platooning, according to the SARTRE concept, implies several vehicles travelling together in tight formation, with a manually driven heavy lead vehicle. The platoon being studied consists of five vehicles; two trucks in the lead and three passenger cars. The V2V-communication node in each vehicle contains an 802.11p radio at 5,9 GHz. It is used to send messages between vehicles to coordinate movements and maintain safety in the platoon. Another cooperative application that relies on V2V-communication is multiple UAVs flying in formation; as investigated in KARYON. This project also investigates cooperative autonomous vehicles. In both applications, V2V-communication is an enabling technology. Two metrics are studied to quantify the V2V-communication quality: system packet error rate and consecutive packet loss.

This paper investigates what challenges arise when extending the scope of functional safety for road vehicles to also include cooperative systems. Two generic alternatives are presented and compared with one another. The first alternative is to use a vehicle centric perspective as is the case in the traditional interpretation of ISO 26262 today. Here, an “item” (the top level system or systems for which functional safety is to be assured) is assumed to be confined to one vehicle. In the vehicle centric perspective inter-vehicle communication is not an architectural element and is therefore not a candidate for redundancy as part of the functional safety concept. The second alternative is to regard a cooperative system from a cooperative perspective. This implies that one item may span over several vehicles. The choice of perspective has implications in several ways.

Nowadays, vehicle integrators (OEMs) put over fifty different control units (ECUs) in a vehicle. The AUTOSAR standard for Basic Software (BSW) describes in detail how the communication software components should be implemented in order to enable these ECUs to seamless work together. When integrating ECUs with BSW from different vendors, one needs to ensure that the standard is interpreted in the same way. This requires testing, but the traditional testing approach of manually crafted tests has failed due to the enormous configurability of the software. By using a novel approach based on automatically generated test cases from models and configurations, we solve this testing problem. In addition to the obvious requirement that an acceptance test strategy must have high coverage with respect to specification requirements, it is also very important that the tests have a low life cycle cost (LCC). A low LCC implies as well low cost for developing the test as a high maintainability.