Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)

2019-10-27 | GO TO HEADER/FOOTER TO CHANGE TEXT
1

OUR VISION
Making Future
2 2021-04-21 | AUTOMOTIVE SOFTWARE SAFETY & ISO26262

AFRY’s five divisions
Process
Industries
Energy
Industrial &
Digital Solutions
Infrastructure Management
Consulting

Automotive Design &
Engineering
— AFRY has more than 40 different automotive
clients, mainly in Sweden, Brazil, UK, and
China
— AFRY is today running more than 20
automotive client satellites
— EE & Embedded Systems
5 AUTOMOTIVE SOFTWARE SAFETY & ISO26262
2021-04-21 |

AFRY Embedded Systems
Agile teams
Component and system in-house development
Modeling of systems and functions
Functional development, algorithm and calibration
Test methods development
HIL/MIL/SIL
AI / Machine learning
System Safety / ISO26262 / Cyber Security
EMC and Environmental
Data Analytics
2021-04-21 |

Today’s speaker –
Chaitanya Raju
— 10+ years of experience
— Software & System Safety Engineer
— Education: MSc Intelligent Transportation Systems
— Has been training customer POs/SW-
developers/SM/PM in SW safety
— Likes MTB Trips and playing with his son ☺
2021-04-21 |

8
AGENDA
• Introduction & Importance of Software Safety
• Introduction to ISO26262, Safety Lifecycle, ASIL
Questions – 5 minutes
• How to develop automotive software according to ISO26262?
• What is safety analysis and how to use it in software?
• How to manage software according to requirements from standard?
• What are the other constraints from ISO26262 towards software
development and testing?
Questions & Discussion

9
Introduction to Software Safety
• Ensure sate of art approach for development of safety critical
software
• How do we categorize Safety critical software from normal?
• Safety-critical software includes hazardous software (which
can directly contribute to, or control a hazard).
• Controls or monitors hazardous or safety-critical
hardware or software
• Provide information to safety critical software
• Software that resides with safety critical SW in same SOC
or Physical Platform
• ISO26262, Part 6 have clauses for developing safety critical
software
• Main Objectives:
• To ensure a suitable and consistent software
development process; and
• To ensure a suitable software development
environment.

10
Automotive software & E/E growth estimate - McKinsey
2021-04-21 | AUTOMOTIVE SOFTWARE SAFETY & ISO26262

11
Automotive Software growth breakdown

12
SW Recalls in 2019
https://sibros.medium.com/the-current-state-of-automotive-software-related-recalls-ef5ca95a88e2

13
Number of Software based Recalls Source: NHTSA
Database

14
Number of vehicles affected due to SW: NHTSA Database

15
ISO26262 Scope
• ISO 26262 is the adaptation of IEC 61508 to comply
with needs specific to the application sector of E/E
systems within road vehicles
• ISO 26262 states requirements on
• Management, culture, processes
• Product development, verification and validation
• Supplier relationship
• Documentation, change management,
configuration management
• Production, service, field monitoring, tools, etc.
• ISO 26262 applies to:
• Systems with safety related functions
• Realized in E/E systems (partly or completely)
• Series production vehicles
• Passenger cars
• Trucks, Buses etc.
• Motorcycles
• Not Applicable for heavy machinery

Impact of ISO26262

17
17
Safety Lifecycle
• Key Phases:
• Development
• Function Description
• Concept Development
• System Development
• Software Development
• Verification
• Software Verification
• System Verification
• Function Verification
• Production
• Planning
• Operation
• Handling Variants
• Servicing

ASIL Introduction
18
• ASIL
• Automotive Safety Integrity Level
• QM- Quality Management
• ASIL A & B – Basic Monitoring
• ASIL C & D - Redundancy

Questions?

20
How to develop Software according to ISO26262?
• Comply to Clauses in ISO26262 and Show evidence, build
Safety case
• Clauses?
• Requirements to satisfy for SW development & testing
• Actions:
• Plan to Satisfy Clauses from ISO26262 standard
• Develop Software Design
• Perform Safety Analysis
• Develop Software
• Verify Software Design & SW
• Use qualified tools for all actions
• Right Competence and safety mindset for reliable software
• Traceability is Key for success
20
SOC [QM]
App. SW
Basic SW[QM]
Comp A QM Comp B QM
SOC [ASIL B]
App. SW
Basic SW
Comp A
[ASIL B]
Comp B
[ASIL B]
WDG
[ASIL B]
PFM

Example of clause:
21
— “++” indicates that the method is highly recommended for the identified ASIL;
— “+” indicates that the method is recommended for the identified ASIL; and
— “o” indicates that the method has no recommendation for or against its usage for the
identified ASIL.

Example of clause:
22
identified ASIL.

Example of clause:
23
identified ASIL.

Error Detection Techniques:
• Range check: Out of Range data fault
• Monitoring if input/output is in range or out of range
• Plausibility Check: Not Valid Decision Faults
• Monitoring important signals
• Ex: vehicle speed 0 to 100kmph in 2 seconds
• Detection of Data error:Data error in Variable
• Individual data error monitoring with static values
• External monitoring mechanism: Execution Faults
• Watch dog reset for a program
• Control Flow Monitoring: Out of sequence fault
• Task monitoring, Inserting check points for sequence
• Redundancy with or with out voting
How to select type of SM in Software during Design?
Error Handling Techniques:
• Static Recovery Mechanism
• Reset HW or Re- execute SW
• Deactivation and reach safe state
• Gracefull Degradation
• Degrade to limit important functionalities instead of all
functionalities
• Independent parallel redundancy
• Redundancy of SW components
• Correcting codes of data
• Including error correcting codes, Masking error with default
values etc
Techniques in software for safety – Safety Mechanisms
24

Safety Analysis
• Identify Component Failures and Effects on system
• Common Techniques:
• FTA
• FMEA
• For Software:
• Choose right level for software to not repeat for every
small change(in agile context)
• Static Analysis (MISRA C Guidelines or MAAB for models)
• Software Error Analysis
• Interfaces Analysis
• Faults of interfaces
• Mitigation of Faults(Detection and Handling)
• End to End Protection (ASIL A – D)
• Combine FMEA(Extend from system) and SWEA
25
FTA
FMEA

Configuration Management
• Impact Analysis during change management
• List of affected ASIL SW components
• Traceability for every safety requirement
• Document Management for released version of software
• Requirements, Design
• Peer Review Reports
• Verification Reports
• Follow ASPICE for Software configuration management
26

ISO26262 Vs ASPICE
ASPICE: Automotive Software Process Improvement and Capability determination
27

Other Constraints
• Software Component Qualification
• Software Tool Qualification
• Agile Vs ASPICE
• HIL Testing and Vehicle Test Logs – ASIL C & D
• Build Safety Case
• to provide the argument for the achievement
of functional safety
• Dynamic Safety Case is suggested
• Handling Software for different vehicle variants
• Create Base version with Proper management
• Verify Software functionality with FSR’s
• Store Reports
Safety Case Impact Assessment in Automotive Software Systems: An Improved Model -Based Approach
28

Survey Results – 2019, Software teams
29
https://www.perforce.com/resources/qac/2019-state-automotive-software-development-survey-results-0#success

Questions?
30

Contact information
Speaker
Chaitanya Raju
penumatcha.chaitanyaraju@afry.com
Section manager
Erik Allerbo
erik.allerbo@afry.com
Recruiter
Frida Hörnquist
frida.hornquist@afry.com
2021-04-21 |

32

33

Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)

Similar to Afry software safety ISO26262 (Embedded @ Gothenburg Meetup) (20)

More from Dimitrios Platis

More from Dimitrios Platis (10)

Recently uploaded

Recently uploaded (20)

Afry software safety ISO26262 (Embedded @ Gothenburg Meetup)