Abstract
Safety concerns in the automotive and other industries are amplified by the prospect of integration of critical and non-critical vehicle functions on networks of embedded controllers. It is anticipated that such networks will deliver new and improved active safety functions cost effectively. However, the implications of integration of currently isolated functions on a common platform, i.e. control by complex software, interaction, interoperation and sharing of hardware resources are serious and include new classes of hazardous failures, potential for common cause failure and unpredicted dependent failure of critical functions caused by malfunction of non-critical functions.
In this paper, we argue that key for the containment of new hazards, arising from increasingly complex technology, is the establishment of improved safety assessment processes in which composability and reuse of safety analyses becomes possible, not only later in the system life cycle, but also earlier, during the design phase. Such processes are already vaguely prescribed by modern safety standards in other sectors of industry. The CENELEC railway standards (1), for example, introduce the concept of composable safety cases, according to which the safety case, i.e. the collective evidence of safety of a system, is composed of the safety cases of its sub-systems or components, which in theory could be produced and certified independently. This type of composability in safety analysis is expected to bring similar benefits to those introduced by well-tested and trusted software components in general software engineering.
To achieve this goal, over recent years we have developed a model-based safety and reliability analysis technique that largely automates and simplifies part of the assessment, the development of system Failure Modes and Effects Analyses (FMEAs). The technique enables a largely automated and thus simplified form of compositional safety analysis in which FMEAs are automatically constructed from knowledge about the topology of the system and local specifications of failure at component level. This simplifies the analysis and allows it to be used as part of an iterative design process. In this paper we outline the technique focusing on recent improvements and application on a complex automotive prototype. We describe mechanisms that enable the fast synthesis of multiple failure mode FMEAs, and show how such FMEAs are not confined to the effects of single component failures as traditional manual FMEAs are, but go further to identify critical combinations of failures. Finally, we present a case study that applies this approach to the design of a prototypical active safety system designed by Volvo cars, and discuss the process and the results of the analysis, drawing conclusions about the potential and further direction of this work.
Keywords - Active and intelligent safety systems, Safety-directed design, Fault Identification, Automated FMEA.