SlideShare a Scribd company logo

Risks of funcional safety with es short

G
GerhardSchilling2

Fantastic Method to define Safe Functional Requirements

Engineering
1 of 21
Download to read offline
Smart Requirement Engineering Unrestricted © Visioneer GmbH, 2022 v2.0
2 FUNCTIONAL SAFETY PROCESS The todays Functional Safety Process has achieved great improvements in Safety! But even if Functional Safety is implemented, SW errors often remain in Embedded Systems!!! Unrestricted © Visioneer GmbH, 2022
3 ROOT CAUSE FOR MISSING SAFETY It is NOT secured, that the Functional Requirements resulting from the Functional Safety Process are implemented clearly (unambiguously), with all necessary details (consistency) and for any potential situation (completely) The weakest point in the safety process “As this is so far an unsolved challenge in the SW Requirement Engineering Process generally” Unrestricted © Visioneer GmbH, 2022
Supplement function 4 WHAT IS THE ROOT CAUSE ? Any concurring requirement (that can be defined somewhere else in the Requirement Specification) is affecting the safety of that function, e.g by disabling functions Even if the defined requirements are safe implemented in a function, it is NOT excluded that: ECU Expected behavior Driver HW Button pressed Passenger-Airbag shall be off Battery Low Battery Don‘t trust HW signals Safety critical function e.g: Realtime-systems must often handle a high number of expected behaviors in parallel → This is currently not solved methodically in the functional safety process Unrestricted © Visioneer GmbH, 2022
5 EXAMPLE Airbag on/off LED The following requirements are assigned to the ECU: Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then the HW signals are not trustable → The challenge is to define all combinations completely and unambiguously as functional requirements The customer has designed the following system: Unrestricted © Visioneer GmbH, 2022
6 HOW IS IT SOLVED TODAY? The requirement engineer often starts to create the combinations as text: E.g. FuncReq1: If SWITCH_STATE is ON or CAR_PRODUCTION_MODE is ACTIVATED and BATTERY_STATE is FULL, then the LED shall be ON FuncReq2: If SWITCH_STATE is OFF and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED shall be OFF FuncReq3: If CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is LOW, then the LED shall be OFF → The verification if all IO combinations are clearly defined, can be performed - manually e.g. with IO Tables - automatically through simulation e.g. requirement in the loop tests Unrestricted © Visioneer GmbH, 2022
7 Manual verification with IO Table The created requirements can also be described in a logic table (x = don’t care → Outputs are independent from that state) → This allows a systematic or formal verification to detect missing combinations or logical errors Unrestricted © Visioneer GmbH, 2022
8 Verification results: Error corrected: The combination of BATTERY_STATE is LOW and CAR_PRODUCTION_MODE is ACTIVATED wasn’t covered Manual verification with IO Table Unrestricted © Visioneer GmbH, 2022
9 Current Requirements Linking Method Any System Requirement shall be linked with one or more Functional Requirements → Traceability verification is passed Problem: This method is not identifying, if the requirements are just fulfilled intentionally (brown links) Unrestricted © Visioneer GmbH, 2022
To achieve these expectations, any FuncReq its relation to all SysReqs must be verified manually: Full Requirements Linking Method FuncReq1: If SWITCH_STATE is ON or CAR_PRODUCTION_MODE ACTIVATED and BATTERY_STATE is FULL, then the LED shall be ON contains logically excluded Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then the HW signals are not trustable FuncReq2: If SWITCH_STATE is OFF and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED shall be OFF Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then the HW signals are not trustable contains logically excluded logically excluded logically excluded → Verification is passed → Verification is failed: Separate Req for SWITCH_STATE = OFF needed Unrestricted © Visioneer GmbH, 2022
11 Full Requirements Linking Method 11 FuncReq3: If BATTERY_STATE is LOW, then the LED shall be OFF contradictory unclear Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then the HW signals are not trustable logically excluded → Verification is failed: 1. SysReq1 is not excluding FuncReq3: It is unclear which of the reqs is dominant and therefore it is unclear if the (silently?) chosen behavior (LED shall be OFF) is correct → Separate Req about their dominance needed 2. It is unclear, if SysReq3 is really relevant for FuncReq3: → Clear assignment required, if it is relevant for this component (Switch) 3. It is unclear, if the (silently?) chosen behavior (LED shall be OFF) is the expected solution → Separate Req about its specific solution needed Unrestricted © Visioneer GmbH, 2022
12 CONCLUSION Independently if the requirements are defined with or without MBSE: There is a High-Danger of false or missing behavior-requirements, that undermine the complete quality process, so the customer will find it .. Many specification errors exist because with current tools, it is not clearly defined: • what behavior and what solutions are expected for every input signal state separately • what functional-entities are affected by what High-Level Requirement • which of the parallel expected behaviors shall be dominant in any situation Additionally, it is an enormous effort and an error-prone activity to perform the described process manually due to the fact, that a high number of System- and Functional-Reqs are normal for ECUs. Unrestricted © Visioneer GmbH, 2022
13 SOLUTION Visioneer GmbH has invented a very simple method, which is a script-based add on for common RE Tools (e.g. Doors, Polarion, Word,..) • which reduces the requirement engineering efforts drastically • and which excludes the described weaknesses of the current process fundamentally → The next pages explain the necessary steps of this innovative method Unrestricted © Visioneer GmbH, 2022
14 Step 1: HL Requirements its Solutions Unrestricted © Visioneer GmbH, 2022 ReqID System Requirements Solution Assigned Functional- Entities SysReq1 If SWITCH_STATE is ON, then the LED shall be ON Mode = SWITCH_STATE LED_Handler SysReq2 In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Mode = CAR_PRODUCTION_MODE LED_Handler SysReq3 If BATTERY_STATE is LOW, then HW signals shall not be trustable Mode = BATTERY_STATE ECU It must be clearly defined, what solution is expected for any HL Requirement and by whom: Note: Blue text is created automatically Red text is defined by the requirement engineer Step 2: ECU Behavior Description For any ECU_Mode its States, the Entry Condition, the Expected ECU Behavior, the ECU Behavior Solutions and the Assigned Functions shall be defined ECU Mode State Entry Condition Expected ECU Behavior ECU Behavior-Solution Assigned Funct.- Entities BATTERY_STATE FULL BATTERY_STATE is FULL Full operation All functions shall be activated any Function LOW BATTERY_STATE is LOW No HW signal shall be trusted Last valid HW signal shall be used any Function Unrestricted © Visioneer GmbH, 2022
15 Unrestricted © Visioneer GmbH, 2022 Step 3: FNCT- and assigned ECU-Behavior Description In the same way for any FNCT_Mode of the Function LED_Handler shall be defined FNCT Mode State Entry Condition Expected FNCT-Behavior FNCT Behavior Solution CAR_PRODUCTION _MODE ACTIVATED CAR_PRODUCTION_MODE is ACTIVATED LED shall show its el. connection LED_OUT shall be ON NOT ACTIVATED CAR_PRODUCTION_MODE is NOT ACTIVATED LED is a function of the switch state LED_OUT is a function of the switch state SWITCH_STATE ON SWITCH_STATE is ON LED shall be ON LED_OUT shall be ON OFF SWITCH_STATE is OFF LED shall be OFF LED_OUT shall be OFF For the assigned dominant ECU behaviors, the Function its specific Solutions shall be defined Assigned ECU Behavior Assigned ECU Behavior-Solution Function specific Behavior-Solution No HW signal shall be trusted Last valid signal shall be used LED_OUT state shall be frozen
16 Step4: Dominant FNCT-Behavior Definition Unrestricted © Visioneer GmbH, 2022 Expected ECU Behavior: BATTERY_STATE [Full operation, No HW signal shall be trusted] Expected FNCT-Behavior: Dominant FNCT Behavior CAR_PRODUCTION_MODE [LED shall show its el. connection, LED is function of the switch state] SWITCH_STATE [LED shall be ON, LED shall be OFF] Full operation LED is function of the switch state LED shall be ON LED shall be ON LED shall be OFF LED shall be OFF No HW signal shall be trusted LED is function of switch state x No HW signal shall be trusted x LED shall show its el. connection x LED shall show its el. connection The dominance of the Assigned ECU- and the FNCT-Behaviors shall be clearly defined: Automatic verification if all pot. Combinations are defined
17 Unrestricted © Visioneer GmbH, 2022 Step5: Perform Automatism This is what the Requirement Engineer can do now (for instance), as he already has done his job: • Any High-Level Requirement is clearly assigned to a functional entity • The expected behavior is described for any input signal in any state • It is clearly defined in any situation, which of the parallel expected-behaviors is dominant • Any pot. combination of the parallel expected- behaviors is unambiguously defined →Automatic generation and linking of testable Functional Requirements
18 Automatic Functional Requirements Generation Unrestricted © Visioneer GmbH, 2022 1. The expected Behaviors are replaced by its Entry Criteria 2. The dominant FNCT Behaviors are replaced by its FNCT Behavior Solutions Erwartetes ECU Verhalten: BATTERY_STATE Erwartetes FNCT-Verhalten: Soll- FNCT Verhalten CAR_PRODUCTION_MODE SWITCH_STATE Full operation BATTERY_STATE is FULL LED is function of the switch state CAR_PRODUCTION_MODE is NOT ACTIVATED LED shall be ON SWITCH_STATE is ON LED shall be ON LED_OUT shall be ON LED shall be OFF SWITCH_STATE is OFF LED shall be OFF LED_OUT shall be OFF No HW signal shall be trusted BATTERY_STATE is LOW LED is function of the switch state CAR_PRODUCTION_MODE is NOT ACTIVATED x No HW signal shall be trusted LED_OUT state shall be frozen x LED shall show its el. Connection CAR_PRODUCTION_MODE is ACTIVATED x LED shall show its el. Connection LED_OUT shall be ON
19 Automatic Functional Requirements Generation Unrestricted © Visioneer GmbH, 2022 The following Functional Requirements are then generated automatically out of that table → The red parts are false defined or missing requirements in the example (created with todays methods) FuncReq1: If SWITCH_STATE is ON and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED_OUT shall be ON FuncReq2: If SWITCH_STATE is OFF and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED_OUT shall be OFF FuncReq3: If CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is LOW, then the LED_OUT shall be FROZEN FuncReq4: If CAR_PRODUCTION_MODE is ACTIVATED, then the LED_OUT shall be ON
20 FuncReq1: If SWITCH_STATE is ON and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED_OUT shall be ON contains excluded Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then HW signals shall not be trustable Solution1.1: If the SWITCH_STATE is ON, then LED_OUT shall be ON derived from Solution1.2: If the SWITCH_STATE is OFF, then LED_OUT shall be OFF Solution2.1: If CAR_PROD- UCTION_MODE is ACTIVATED, then LED_OUT shall be ON Solution2.2: If CAR_PROD- UCTION_MODE is NOT ACTIVATED, then LED_OUT is a function of the switch state subdominant Solution3.1: If the battery is LOW, then the last valid HW signal shall be used Solution3.1.1: If the battery is LOW, then LED_OUT state shall be frozen Solution3.2: If the battery is FULL, then all functions shall be activated sub- dominant abgeleitet von Automatic Generation of Requirements Diagram excluded excluded derived from derived from derived from derived from derived from The diagrams are in the same way gererated for the FuncReq2-4… Unrestricted © Visioneer GmbH, 2022
21 The benefits of complete and clear Functional Requirements: Unrestricted © Visioneer GmbH, 2022 Requirement Engineer Quality Assurance Test Engineer Functional Safety Customer More Information: www.visioneer.info Contact: Gerhard Schilling Tel. +49 179 3245588 schilling@visioneer.info

Recommended

Risks of funcional safety v2.1
Risks of funcional safety v2.1Risks of funcional safety v2.1
Risks of funcional safety v2.1VisioneerUG
 
Risks of funcional safety with es short v2.0
Risks of funcional safety with es short v2.0Risks of funcional safety with es short v2.0
Risks of funcional safety with es short v2.0VisioneerUG
 
105996292 electrical-control-automation-studio
105996292 electrical-control-automation-studio105996292 electrical-control-automation-studio
105996292 electrical-control-automation-studioTùng Nguyễn
 
PLC Programming
PLC ProgrammingPLC Programming
PLC ProgrammingAbhishek Attri
 
Embeded system
Embeded systemEmbeded system
Embeded systemsanjay joshi
 
Automation Studio
Automation StudioAutomation Studio
Automation StudioRoque Ramos
 
Fuzzy imp in part
Fuzzy imp in partFuzzy imp in part
Fuzzy imp in partMonotheist Jilani
 
Pendant Control System report
Pendant Control System reportPendant Control System report
Pendant Control System reportShwetonKedia
 

Recommended

Risks of funcional safety v2.1
Risks of funcional safety v2.1Risks of funcional safety v2.1
Risks of funcional safety v2.1VisioneerUG
 
Risks of funcional safety with es short v2.0
Risks of funcional safety with es short v2.0Risks of funcional safety with es short v2.0
Risks of funcional safety with es short v2.0VisioneerUG
 
105996292 electrical-control-automation-studio
105996292 electrical-control-automation-studio105996292 electrical-control-automation-studio
105996292 electrical-control-automation-studioTùng Nguyễn
 
PLC Programming
PLC ProgrammingPLC Programming
PLC ProgrammingAbhishek Attri
 
Embeded system
Embeded systemEmbeded system
Embeded systemsanjay joshi
 
Automation Studio
Automation StudioAutomation Studio
Automation StudioRoque Ramos
 
Fuzzy imp in part
Fuzzy imp in partFuzzy imp in part
Fuzzy imp in partMonotheist Jilani
 
Pendant Control System report
Pendant Control System reportPendant Control System report
Pendant Control System reportShwetonKedia
 
PLC Programming | Innovative Automation
PLC Programming | Innovative AutomationPLC Programming | Innovative Automation
PLC Programming | Innovative AutomationInnovative Automation
 
A novel approach of lift control in automatic car parking using plc
A novel approach of lift control in automatic car parking using plcA novel approach of lift control in automatic car parking using plc
A novel approach of lift control in automatic car parking using plceSAT Journals
 
PLC: Principios básicos del controlador lógico programable mediante el softwa...
PLC: Principios básicos del controlador lógico programable mediante el softwa...PLC: Principios básicos del controlador lógico programable mediante el softwa...
PLC: Principios básicos del controlador lógico programable mediante el softwa...SANTIAGO PABLO ALBERTO
 
Parking Control System using PLC
Parking Control System using PLCParking Control System using PLC
Parking Control System using PLCZunAib Ali
 
PROGRAMMABLE LOGIC CONTROLLERS
PROGRAMMABLE LOGIC CONTROLLERSPROGRAMMABLE LOGIC CONTROLLERS
PROGRAMMABLE LOGIC CONTROLLERSRAHUL DESHMUKH
 
PLC Internal Relays
PLC Internal RelaysPLC Internal Relays
PLC Internal RelaysAmeen San
 
Siemens s7 300 programming
Siemens s7 300 programming Siemens s7 300 programming
Siemens s7 300 programming satyajit patra
 
06 binary operations
06 binary operations06 binary operations
06 binary operationsEman Sulaeman
 
Basic plc-programming-e book_Reliance High Tech Ltd
Basic plc-programming-e book_Reliance High Tech LtdBasic plc-programming-e book_Reliance High Tech Ltd
Basic plc-programming-e book_Reliance High Tech LtdMarsus Marsus
 
Simatic manager siemens S7 guide
Simatic manager siemens S7 guideSimatic manager siemens S7 guide
Simatic manager siemens S7 guideRoopesh Matale
 
Advanced insrumentation lab manual
Advanced insrumentation lab manualAdvanced insrumentation lab manual
Advanced insrumentation lab manualGautam sai teza
 
Plc based elevator
Plc based elevatorPlc based elevator
Plc based elevatorShivamChauhan143
 
PLC Based Elevator, Power Electronic Project
PLC Based Elevator, Power Electronic Project PLC Based Elevator, Power Electronic Project
PLC Based Elevator, Power Electronic Project Mahamudul karim Khondaker
 
Automationcontrol4
Automationcontrol4Automationcontrol4
Automationcontrol4liyanagek
 
Plc
PlcPlc
PlcTarunaVicky
 
IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...
IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...
IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...IRJET Journal
 
NXP Functional Safety High Voltage Low voltage
NXP Functional Safety High Voltage Low voltageNXP Functional Safety High Voltage Low voltage
NXP Functional Safety High Voltage Low voltagessuser57b3e5
 
Embeded system
Embeded systemEmbeded system
Embeded systemsanjay joshi
 
Electrician Training for USAF
Electrician Training for USAFElectrician Training for USAF
Electrician Training for USAFBusiness Industrial Network
 
Autel j2534 maxiflash pro for maxisys ms908 manual
Autel j2534 maxiflash pro for maxisys ms908 manualAutel j2534 maxiflash pro for maxisys ms908 manual
Autel j2534 maxiflash pro for maxisys ms908 manualOBD365
 
Autel MaxiFlash Elite J2534 ECU Programming Tool User Manual
Autel MaxiFlash Elite J2534 ECU Programming Tool User ManualAutel MaxiFlash Elite J2534 ECU Programming Tool User Manual
Autel MaxiFlash Elite J2534 ECU Programming Tool User ManualBuyobdtoolShop
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking systemEcway Technologies
 

More Related Content

What's hot

PLC Programming | Innovative Automation
PLC Programming | Innovative AutomationPLC Programming | Innovative Automation
PLC Programming | Innovative AutomationInnovative Automation
 
A novel approach of lift control in automatic car parking using plc
A novel approach of lift control in automatic car parking using plcA novel approach of lift control in automatic car parking using plc
A novel approach of lift control in automatic car parking using plceSAT Journals
 
PLC: Principios básicos del controlador lógico programable mediante el softwa...
PLC: Principios básicos del controlador lógico programable mediante el softwa...PLC: Principios básicos del controlador lógico programable mediante el softwa...
PLC: Principios básicos del controlador lógico programable mediante el softwa...SANTIAGO PABLO ALBERTO
 
Parking Control System using PLC
Parking Control System using PLCParking Control System using PLC
Parking Control System using PLCZunAib Ali
 
PROGRAMMABLE LOGIC CONTROLLERS
PROGRAMMABLE LOGIC CONTROLLERSPROGRAMMABLE LOGIC CONTROLLERS
PROGRAMMABLE LOGIC CONTROLLERSRAHUL DESHMUKH
 
PLC Internal Relays
PLC Internal RelaysPLC Internal Relays
PLC Internal RelaysAmeen San
 
Siemens s7 300 programming
Siemens s7 300 programming Siemens s7 300 programming
Siemens s7 300 programming satyajit patra
 
06 binary operations
06 binary operations06 binary operations
06 binary operationsEman Sulaeman
 
Basic plc-programming-e book_Reliance High Tech Ltd
Basic plc-programming-e book_Reliance High Tech LtdBasic plc-programming-e book_Reliance High Tech Ltd
Basic plc-programming-e book_Reliance High Tech LtdMarsus Marsus
 
Simatic manager siemens S7 guide
Simatic manager siemens S7 guideSimatic manager siemens S7 guide
Simatic manager siemens S7 guideRoopesh Matale
 
Advanced insrumentation lab manual
Advanced insrumentation lab manualAdvanced insrumentation lab manual
Advanced insrumentation lab manualGautam sai teza
 
PLC Based Elevator, Power Electronic Project
PLC Based Elevator, Power Electronic Project PLC Based Elevator, Power Electronic Project
PLC Based Elevator, Power Electronic Project Mahamudul karim Khondaker
 
Automationcontrol4
Automationcontrol4Automationcontrol4
Automationcontrol4liyanagek
 
IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...
IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...
IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...IRJET Journal
 

What's hot (16)

PLC Programming | Innovative Automation
PLC Programming | Innovative AutomationPLC Programming | Innovative Automation
PLC Programming | Innovative Automation
 
A novel approach of lift control in automatic car parking using plc
A novel approach of lift control in automatic car parking using plcA novel approach of lift control in automatic car parking using plc
A novel approach of lift control in automatic car parking using plc
 
PLC: Principios básicos del controlador lógico programable mediante el softwa...
PLC: Principios básicos del controlador lógico programable mediante el softwa...PLC: Principios básicos del controlador lógico programable mediante el softwa...
PLC: Principios básicos del controlador lógico programable mediante el softwa...
 
Parking Control System using PLC
Parking Control System using PLCParking Control System using PLC
Parking Control System using PLC
 
PROGRAMMABLE LOGIC CONTROLLERS
PROGRAMMABLE LOGIC CONTROLLERSPROGRAMMABLE LOGIC CONTROLLERS
PROGRAMMABLE LOGIC CONTROLLERS
 
PLC Internal Relays
PLC Internal RelaysPLC Internal Relays
PLC Internal Relays
 
Siemens s7 300 programming
Siemens s7 300 programming Siemens s7 300 programming
Siemens s7 300 programming
 
06 binary operations
06 binary operations06 binary operations
06 binary operations
 
Basic plc-programming-e book_Reliance High Tech Ltd
Basic plc-programming-e book_Reliance High Tech LtdBasic plc-programming-e book_Reliance High Tech Ltd
Basic plc-programming-e book_Reliance High Tech Ltd
 
Simatic manager siemens S7 guide
Simatic manager siemens S7 guideSimatic manager siemens S7 guide
Simatic manager siemens S7 guide
 
Advanced insrumentation lab manual
Advanced insrumentation lab manualAdvanced insrumentation lab manual
Advanced insrumentation lab manual
 
Plc based elevator
Plc based elevatorPlc based elevator
Plc based elevator
 
PLC Based Elevator, Power Electronic Project
PLC Based Elevator, Power Electronic Project PLC Based Elevator, Power Electronic Project
PLC Based Elevator, Power Electronic Project
 
Automationcontrol4
Automationcontrol4Automationcontrol4
Automationcontrol4
 
Plc
PlcPlc
Plc
 
IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...
IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...
IRJET- Implementation of Ideal Stop and Go Deactivation Logic for Passeng...
 

Similar to Risks of funcional safety with es short

NXP Functional Safety High Voltage Low voltage
NXP Functional Safety High Voltage Low voltageNXP Functional Safety High Voltage Low voltage
NXP Functional Safety High Voltage Low voltagessuser57b3e5
 
Autel j2534 maxiflash pro for maxisys ms908 manual
Autel j2534 maxiflash pro for maxisys ms908 manualAutel j2534 maxiflash pro for maxisys ms908 manual
Autel j2534 maxiflash pro for maxisys ms908 manualOBD365
 
Autel MaxiFlash Elite J2534 ECU Programming Tool User Manual
Autel MaxiFlash Elite J2534 ECU Programming Tool User ManualAutel MaxiFlash Elite J2534 ECU Programming Tool User Manual
Autel MaxiFlash Elite J2534 ECU Programming Tool User ManualBuyobdtoolShop
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking systemEcway Technologies
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking systemEcwaytechnoz
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking systemEcwaytech
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking systemEcwayt
 
Et0007 automatic clutch & braking system
Et0007 automatic clutch & braking systemEt0007 automatic clutch & braking system
Et0007 automatic clutch & braking systemEcwaytech
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking systemEcway2004
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking systemEcwaytechnoz
 
Et0007 automatic clutch & braking system
Et0007 automatic clutch & braking systemEt0007 automatic clutch & braking system
Et0007 automatic clutch & braking systemEcway Technologies
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking systemEcway Technologies
 
Improvements of Funcional Safety for ES.pdf
Improvements of Funcional Safety for ES.pdfImprovements of Funcional Safety for ES.pdf
Improvements of Funcional Safety for ES.pdfVisioneerUG
 
EEP301: Ca06 sample
EEP301: Ca06 sampleEEP301: Ca06 sample
EEP301: Ca06 sampleUmang Gupta
 
Mc5600 rsu operator guide
Mc5600 rsu operator guideMc5600 rsu operator guide
Mc5600 rsu operator guideMetroCount
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking systemecwayerode
 
A Mechatronics Approach For Concerting the Programmable Logic Controller With...
A Mechatronics Approach For Concerting the Programmable Logic Controller With...A Mechatronics Approach For Concerting the Programmable Logic Controller With...
A Mechatronics Approach For Concerting the Programmable Logic Controller With...IRJET Journal
 

Similar to Risks of funcional safety with es short (20)

NXP Functional Safety High Voltage Low voltage
NXP Functional Safety High Voltage Low voltageNXP Functional Safety High Voltage Low voltage
NXP Functional Safety High Voltage Low voltage
 
Embeded system
Embeded systemEmbeded system
Embeded system
 
Electrician Training for USAF
Electrician Training for USAFElectrician Training for USAF
Electrician Training for USAF
 
Autel j2534 maxiflash pro for maxisys ms908 manual
Autel j2534 maxiflash pro for maxisys ms908 manualAutel j2534 maxiflash pro for maxisys ms908 manual
Autel j2534 maxiflash pro for maxisys ms908 manual
 
Autel MaxiFlash Elite J2534 ECU Programming Tool User Manual
Autel MaxiFlash Elite J2534 ECU Programming Tool User ManualAutel MaxiFlash Elite J2534 ECU Programming Tool User Manual
Autel MaxiFlash Elite J2534 ECU Programming Tool User Manual
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking system
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking system
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking system
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking system
 
Et0007 automatic clutch & braking system
Et0007 automatic clutch & braking systemEt0007 automatic clutch & braking system
Et0007 automatic clutch & braking system
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking system
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking system
 
Et0007 automatic clutch & braking system
Et0007 automatic clutch & braking systemEt0007 automatic clutch & braking system
Et0007 automatic clutch & braking system
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking system
 
Improvements of Funcional Safety for ES.pdf
Improvements of Funcional Safety for ES.pdfImprovements of Funcional Safety for ES.pdf
Improvements of Funcional Safety for ES.pdf
 
EEP301: Ca06 sample
EEP301: Ca06 sampleEEP301: Ca06 sample
EEP301: Ca06 sample
 
Mc5600 rsu operator guide
Mc5600 rsu operator guideMc5600 rsu operator guide
Mc5600 rsu operator guide
 
Automatic clutch & braking system
Automatic clutch & braking systemAutomatic clutch & braking system
Automatic clutch & braking system
 
review-1
review-1review-1
review-1
 
A Mechatronics Approach For Concerting the Programmable Logic Controller With...
A Mechatronics Approach For Concerting the Programmable Logic Controller With...A Mechatronics Approach For Concerting the Programmable Logic Controller With...
A Mechatronics Approach For Concerting the Programmable Logic Controller With...
 

Recently uploaded

ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 

Recently uploaded (20)

ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 

Risks of funcional safety with es short

  • 1. Smart Requirement Engineering Unrestricted © Visioneer GmbH, 2022 v2.0
  • 2. 2 FUNCTIONAL SAFETY PROCESS The todays Functional Safety Process has achieved great improvements in Safety! But even if Functional Safety is implemented, SW errors often remain in Embedded Systems!!! Unrestricted © Visioneer GmbH, 2022
  • 3. 3 ROOT CAUSE FOR MISSING SAFETY It is NOT secured, that the Functional Requirements resulting from the Functional Safety Process are implemented clearly (unambiguously), with all necessary details (consistency) and for any potential situation (completely) The weakest point in the safety process “As this is so far an unsolved challenge in the SW Requirement Engineering Process generally” Unrestricted © Visioneer GmbH, 2022
  • 4. Supplement function 4 WHAT IS THE ROOT CAUSE ? Any concurring requirement (that can be defined somewhere else in the Requirement Specification) is affecting the safety of that function, e.g by disabling functions Even if the defined requirements are safe implemented in a function, it is NOT excluded that: ECU Expected behavior Driver HW Button pressed Passenger-Airbag shall be off Battery Low Battery Don‘t trust HW signals Safety critical function e.g: Realtime-systems must often handle a high number of expected behaviors in parallel → This is currently not solved methodically in the functional safety process Unrestricted © Visioneer GmbH, 2022
  • 5. 5 EXAMPLE Airbag on/off LED The following requirements are assigned to the ECU: Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then the HW signals are not trustable → The challenge is to define all combinations completely and unambiguously as functional requirements The customer has designed the following system: Unrestricted © Visioneer GmbH, 2022
  • 6. 6 HOW IS IT SOLVED TODAY? The requirement engineer often starts to create the combinations as text: E.g. FuncReq1: If SWITCH_STATE is ON or CAR_PRODUCTION_MODE is ACTIVATED and BATTERY_STATE is FULL, then the LED shall be ON FuncReq2: If SWITCH_STATE is OFF and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED shall be OFF FuncReq3: If CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is LOW, then the LED shall be OFF → The verification if all IO combinations are clearly defined, can be performed - manually e.g. with IO Tables - automatically through simulation e.g. requirement in the loop tests Unrestricted © Visioneer GmbH, 2022
  • 7. 7 Manual verification with IO Table The created requirements can also be described in a logic table (x = don’t care → Outputs are independent from that state) → This allows a systematic or formal verification to detect missing combinations or logical errors Unrestricted © Visioneer GmbH, 2022
  • 8. 8 Verification results: Error corrected: The combination of BATTERY_STATE is LOW and CAR_PRODUCTION_MODE is ACTIVATED wasn’t covered Manual verification with IO Table Unrestricted © Visioneer GmbH, 2022
  • 9. 9 Current Requirements Linking Method Any System Requirement shall be linked with one or more Functional Requirements → Traceability verification is passed Problem: This method is not identifying, if the requirements are just fulfilled intentionally (brown links) Unrestricted © Visioneer GmbH, 2022
  • 10. To achieve these expectations, any FuncReq its relation to all SysReqs must be verified manually: Full Requirements Linking Method FuncReq1: If SWITCH_STATE is ON or CAR_PRODUCTION_MODE ACTIVATED and BATTERY_STATE is FULL, then the LED shall be ON contains logically excluded Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then the HW signals are not trustable FuncReq2: If SWITCH_STATE is OFF and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED shall be OFF Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then the HW signals are not trustable contains logically excluded logically excluded logically excluded → Verification is passed → Verification is failed: Separate Req for SWITCH_STATE = OFF needed Unrestricted © Visioneer GmbH, 2022
  • 11. 11 Full Requirements Linking Method 11 FuncReq3: If BATTERY_STATE is LOW, then the LED shall be OFF contradictory unclear Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then the HW signals are not trustable logically excluded → Verification is failed: 1. SysReq1 is not excluding FuncReq3: It is unclear which of the reqs is dominant and therefore it is unclear if the (silently?) chosen behavior (LED shall be OFF) is correct → Separate Req about their dominance needed 2. It is unclear, if SysReq3 is really relevant for FuncReq3: → Clear assignment required, if it is relevant for this component (Switch) 3. It is unclear, if the (silently?) chosen behavior (LED shall be OFF) is the expected solution → Separate Req about its specific solution needed Unrestricted © Visioneer GmbH, 2022
  • 12. 12 CONCLUSION Independently if the requirements are defined with or without MBSE: There is a High-Danger of false or missing behavior-requirements, that undermine the complete quality process, so the customer will find it .. Many specification errors exist because with current tools, it is not clearly defined: • what behavior and what solutions are expected for every input signal state separately • what functional-entities are affected by what High-Level Requirement • which of the parallel expected behaviors shall be dominant in any situation Additionally, it is an enormous effort and an error-prone activity to perform the described process manually due to the fact, that a high number of System- and Functional-Reqs are normal for ECUs. Unrestricted © Visioneer GmbH, 2022
  • 13. 13 SOLUTION Visioneer GmbH has invented a very simple method, which is a script-based add on for common RE Tools (e.g. Doors, Polarion, Word,..) • which reduces the requirement engineering efforts drastically • and which excludes the described weaknesses of the current process fundamentally → The next pages explain the necessary steps of this innovative method Unrestricted © Visioneer GmbH, 2022
  • 14. 14 Step 1: HL Requirements its Solutions Unrestricted © Visioneer GmbH, 2022 ReqID System Requirements Solution Assigned Functional- Entities SysReq1 If SWITCH_STATE is ON, then the LED shall be ON Mode = SWITCH_STATE LED_Handler SysReq2 In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Mode = CAR_PRODUCTION_MODE LED_Handler SysReq3 If BATTERY_STATE is LOW, then HW signals shall not be trustable Mode = BATTERY_STATE ECU It must be clearly defined, what solution is expected for any HL Requirement and by whom: Note: Blue text is created automatically Red text is defined by the requirement engineer Step 2: ECU Behavior Description For any ECU_Mode its States, the Entry Condition, the Expected ECU Behavior, the ECU Behavior Solutions and the Assigned Functions shall be defined ECU Mode State Entry Condition Expected ECU Behavior ECU Behavior-Solution Assigned Funct.- Entities BATTERY_STATE FULL BATTERY_STATE is FULL Full operation All functions shall be activated any Function LOW BATTERY_STATE is LOW No HW signal shall be trusted Last valid HW signal shall be used any Function Unrestricted © Visioneer GmbH, 2022
  • 15. 15 Unrestricted © Visioneer GmbH, 2022 Step 3: FNCT- and assigned ECU-Behavior Description In the same way for any FNCT_Mode of the Function LED_Handler shall be defined FNCT Mode State Entry Condition Expected FNCT-Behavior FNCT Behavior Solution CAR_PRODUCTION _MODE ACTIVATED CAR_PRODUCTION_MODE is ACTIVATED LED shall show its el. connection LED_OUT shall be ON NOT ACTIVATED CAR_PRODUCTION_MODE is NOT ACTIVATED LED is a function of the switch state LED_OUT is a function of the switch state SWITCH_STATE ON SWITCH_STATE is ON LED shall be ON LED_OUT shall be ON OFF SWITCH_STATE is OFF LED shall be OFF LED_OUT shall be OFF For the assigned dominant ECU behaviors, the Function its specific Solutions shall be defined Assigned ECU Behavior Assigned ECU Behavior-Solution Function specific Behavior-Solution No HW signal shall be trusted Last valid signal shall be used LED_OUT state shall be frozen
  • 16. 16 Step4: Dominant FNCT-Behavior Definition Unrestricted © Visioneer GmbH, 2022 Expected ECU Behavior: BATTERY_STATE [Full operation, No HW signal shall be trusted] Expected FNCT-Behavior: Dominant FNCT Behavior CAR_PRODUCTION_MODE [LED shall show its el. connection, LED is function of the switch state] SWITCH_STATE [LED shall be ON, LED shall be OFF] Full operation LED is function of the switch state LED shall be ON LED shall be ON LED shall be OFF LED shall be OFF No HW signal shall be trusted LED is function of switch state x No HW signal shall be trusted x LED shall show its el. connection x LED shall show its el. connection The dominance of the Assigned ECU- and the FNCT-Behaviors shall be clearly defined: Automatic verification if all pot. Combinations are defined
  • 17. 17 Unrestricted © Visioneer GmbH, 2022 Step5: Perform Automatism This is what the Requirement Engineer can do now (for instance), as he already has done his job: • Any High-Level Requirement is clearly assigned to a functional entity • The expected behavior is described for any input signal in any state • It is clearly defined in any situation, which of the parallel expected-behaviors is dominant • Any pot. combination of the parallel expected- behaviors is unambiguously defined →Automatic generation and linking of testable Functional Requirements
  • 18. 18 Automatic Functional Requirements Generation Unrestricted © Visioneer GmbH, 2022 1. The expected Behaviors are replaced by its Entry Criteria 2. The dominant FNCT Behaviors are replaced by its FNCT Behavior Solutions Erwartetes ECU Verhalten: BATTERY_STATE Erwartetes FNCT-Verhalten: Soll- FNCT Verhalten CAR_PRODUCTION_MODE SWITCH_STATE Full operation BATTERY_STATE is FULL LED is function of the switch state CAR_PRODUCTION_MODE is NOT ACTIVATED LED shall be ON SWITCH_STATE is ON LED shall be ON LED_OUT shall be ON LED shall be OFF SWITCH_STATE is OFF LED shall be OFF LED_OUT shall be OFF No HW signal shall be trusted BATTERY_STATE is LOW LED is function of the switch state CAR_PRODUCTION_MODE is NOT ACTIVATED x No HW signal shall be trusted LED_OUT state shall be frozen x LED shall show its el. Connection CAR_PRODUCTION_MODE is ACTIVATED x LED shall show its el. Connection LED_OUT shall be ON
  • 19. 19 Automatic Functional Requirements Generation Unrestricted © Visioneer GmbH, 2022 The following Functional Requirements are then generated automatically out of that table → The red parts are false defined or missing requirements in the example (created with todays methods) FuncReq1: If SWITCH_STATE is ON and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED_OUT shall be ON FuncReq2: If SWITCH_STATE is OFF and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED_OUT shall be OFF FuncReq3: If CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is LOW, then the LED_OUT shall be FROZEN FuncReq4: If CAR_PRODUCTION_MODE is ACTIVATED, then the LED_OUT shall be ON
  • 20. 20 FuncReq1: If SWITCH_STATE is ON and CAR_PRODUCTION_MODE is NOT ACTIVATED and BATTERY_STATE is FULL, then the LED_OUT shall be ON contains excluded Sys Req1 : If SWITCH_STATE is ON, then the LED shall be ON Sys Req2: In CAR_PRODUCTION_MODE is ACTIVATED, then the LED shall be ON Sys Req3: If BATTERY_STATE is LOW, then HW signals shall not be trustable Solution1.1: If the SWITCH_STATE is ON, then LED_OUT shall be ON derived from Solution1.2: If the SWITCH_STATE is OFF, then LED_OUT shall be OFF Solution2.1: If CAR_PROD- UCTION_MODE is ACTIVATED, then LED_OUT shall be ON Solution2.2: If CAR_PROD- UCTION_MODE is NOT ACTIVATED, then LED_OUT is a function of the switch state subdominant Solution3.1: If the battery is LOW, then the last valid HW signal shall be used Solution3.1.1: If the battery is LOW, then LED_OUT state shall be frozen Solution3.2: If the battery is FULL, then all functions shall be activated sub- dominant abgeleitet von Automatic Generation of Requirements Diagram excluded excluded derived from derived from derived from derived from derived from The diagrams are in the same way gererated for the FuncReq2-4… Unrestricted © Visioneer GmbH, 2022
  • 21. 21 The benefits of complete and clear Functional Requirements: Unrestricted © Visioneer GmbH, 2022 Requirement Engineer Quality Assurance Test Engineer Functional Safety Customer More Information: www.visioneer.info Contact: Gerhard Schilling Tel. +49 179 3245588 schilling@visioneer.info