Search Results

Developing requirements for automotive electric/electronic systems is challenging, as those systems become increasingly software-intensive. Designs must account for unintended interactions among software features, combined with unforeseen environmental factors. In addition, engineers have to iteratively make architectural tradeoffs and assign responsibilities to each component in the system to accommodate new safety requirements as they are revealed. ISO 26262 is an industry standard for the functional safety of automotive electric/electronic systems. It specifies various processes and procedures for ensuring functional safety, but does not limit the methods that can be used for hazard and safety analysis. System Theoretic Process Analysis (STPA) is a new technique for hazard analysis, in the sense that hazards are caused by unsafe interactions between components (including humans) as well as component failures and faults.

Automobiles are becoming ever more complex as advanced safety features are integrated into the vehicle platform. As the pace of integration and complexity of new features rises, it is becoming increasingly difficult for system engineers to assess the impact of new additions on vehicle safety and performance. In response to this challenge, a new approach for analyzing multiple control systems as an extension to the Systems Theoretic Process Analysis (STPA) framework has been developed. The new approach meets the growing need of system engineers to analyze integrated control systems, that may or may not have been developed in a coordinated manner, and assess them for safety and performance. The new approach identifies unsafe combinations of control actions, from one or more control systems, that could lead to an accident. For example, independent controllers for Auto Hold, Engine Idle Stop, and Adaptive Cruise Control may interfere with each other in certain situations.