Abstract
Keywords - Active safety systems, automated FMEA, automated fault tree synthesis, cost-safety trade-offs, optimal fault tolerant design
Abstract - Increasing complexity in automotive technology caused by a shift towards function integration questions the applicability of classical safety techniques such as Failure Modes and Effects Analysis (FMEA) on new designs, e.g. advanced integrated car control systems. One difficulty is that new technologies introduce new classes of complex failure modes, commissions of functions for example where function is provided although not requested. More importantly, the combination of increasing system complexity with the manual nature of classical safety analysis challenge our ability to achieve complete and correct safety analyses within realistic budget and time constraints. To address this problem, in technical collaborations among the University of Hull, Volvo cars and other industrial partners, we are developing two computerised tools that we believe can simplify difficult aspects of safety design. The tools integrate design and safety analysis and simplify the overall process by partly automating safety assessment and fault tolerant design.
The first tool that we present in this paper generates system fault trees and FMEAs from structural models of a system represented in a modelling tool such as Matlab Simulink. In this approach, the analysis of a model starts with the definition of the local failure behaviour of components. In a second step, a computerised tool exploits the structure of the electronic model to determine how local failures propagate through connections between components and cause functional failures at the outputs of the system. This global view of system failure is captured in a set of fault trees and a system FMEA which are generated by the safety analysis tool. The process is largely automated and reduces the effort required to examine the effects of design modifications on safety while keeping designers in the loop.
The second tool that we describe in this paper extends the above concept to assist decisions on optimal component replication in fault tolerant design. Component replication is often essential to achieve required levels of safety or reliability. However, the options for replication in a non-trivial design are typically too many to consider in detail, so designers often rely on experience and evaluation of a few different design options to arrive at decisions about the location and level of component redundancies. In this paper, we show that it is possible to rationalize and automate this process by using techniques and tools that enable designers to progressively evolve an initial design model in which there is no replication of components to a design where replicas have been allocated in a way that minimizes the additional cost of replication while achieving given safety and reliability requirements.
The development of the above work has been supported by a number of organisations which include Volvo cars, DaimlerChrysler, EADS Airbus and Germanisher Lloyd. The safety analysis tools are experimental, but relatively mature and usable by third parties.