TRB Special Report 308: The Safety Challenge and Promise of Automotive Electronics Insights from Unintended Acceleration (2012) / Chapter Skim
Currently Skimming:
3 Safety Assurance Processes for Automotive Electronics
3 Safety Assurance Processes for Automotive Electronics
Pages 71-98
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 71... ...
All product design and development decisions are also influenced by anticipated product development, manufacturing, and warranty costs and by the need to comply with federal emissions, fuel economy, and safety standards. Beyond these generalizations, the specifics of product development differ by automotive manufacturer.
|
From page 72... ...
Thus, NHTSA does not prescribe or certify the use of specific design approaches, materials, safety analysis tools, testing protocols, or quality assurance methods to reduce the potential for failures or to minimize their impact -- for example, by demanding the use of protective shielding, dual memory locations, corrosion resistance, or diagnostic and fail-safe strategies. Because automobile manufacturers have wide latitude to choose their own product designs, architectures, and materials, they are left with the responsibility to devise the most appropriate analysis, testing, monitoring, and fault response strategies.
|
From page 73... ...
Automotive manufacturers already have much at stake in ensuring the safe and dependable performance of their products because of litigation, warranty claims, and loss of brand image and sales. The ISO standard is discussed because it demonstrates the apparent recognition within the automotive industry of the special assurance challenges arising from electronics systems.
|
From page 74... ...
Taken together, these approaches and strategies make up the product safety assurance processes that are referred to often in this report. Eliciting and Defining Product Safety Requirements All automotive manufacturers must comply with government regulations such as the FMVSSs.
|
From page 75... ...
OEMs know that vehicles and systems that do not perform safely will become the subject of consumer complaints, warranty claims, lawsuits, and possibly safety actions by NHTSA. Eliciting and defining these requirements before the design process begins are therefore central to the safety assurance processes of all manufacturers.
|
From page 76... ...
Traditional safety analysis tools such as failure mode and effects analyses (discussed below) help ensure that design choices are consistent with driver expectations and response tendencies.
|
From page 77... ...
Advances in driving simulators and instrumented vehicles are thus being developed to give human factors engineers new tools to assess and model how the driver and automotive electronics will inter act. In this sense, automotive vehicles exemplify the mass adop tion of the assisting or operating "robot," partnering with humans to ease or even take over the human workload.
|
From page 78... ...
Another frequently used method is to install a watchdog processor along with the main processor in a control unit. If the watchdog detects an abnormality
|
From page 79... ...
Two sensors in the pedal assembly measure the pedal position and send analog signals to digital converters, which send digitized values to the main processor. In addition, the main processor receives signals from one or more sensors that measure the position of the throttle plate.3 If the signals from the two pedal sensors are inconsistent, the processor will trigger a DTC.
|
From page 80... ...
Having carefully defined and well-articulated safety requirements can therefore guide developers of the ETC's architecture in making choices about the most appropriate system response to a failure. Safety Analysis During System Design and Development Figure 3-2, adapted from a recent paper by General Motors engineers (Sundaram and Hartfelder 2011)
|
From page 81... ...
FIGURE 3-2 Safety analysis during vehicle design, development, and production. (Source: Sundaram and Hartfelder 2011.)
|
From page 82... ...
. Improving data and methodologies for evaluating and testing for rare events remains a challenge for automotive manufacturers, as it does for manufacturers in other industries.
|
From page 83... ...
Indeed, the proliferation of standardized automotive hardware has made its supply much like that of a commodity, since all OEMs and suppliers have access to the same hardware components, from sensors and actuators to drive circuits and microprocessors. In general, automotive software development follows the same path as that described for automotive systems and components generally (Törngren et al.
|
From page 84... ...
The automotive industry has come to rely substantially on company- and industry-level testing stan dards for electromagnetic influences, including industry standards from ISO and SAE. During the committee's visits to OEMs, it found significant uniformity in the way EMC testing is performed.
|
From page 85... ...
Unlike hardware defects, all software deficiencies are by their nature design deficiencies rather than manufacturing flaws. Whereas various tools and techniques are used to check software for coding errors, defective coding is not the only possible source of software-related errors, many of which will not be revealed in software having nontrivial complexity even with the most exhaustive testing regime.
|
From page 86... ...
As automotive manufacturers integrate software developed during different time periods and by different suppliers, such verification can become even more important but more complicated and time-consuming. The challenges associated with software assurance are discussed further in Box 3-3.
|
From page 87... ...
do not exhibit unsafe behaviors under any circumstances. In the field of software development, a number of industrywide standards outline assurance processes to be followed during development, including standards specific to automotive software.1 These standards describe various assurance activities and steps to be followed during development and for verification and validation.
|
From page 88... ...
1 Examples from the automotive software field are Motor Industry Software Reliability Association guidelines and the pending ISO 26262 functional safety standard. Examples from defense and aviation are RTCA-178B and MIL–Std-882C/D.
|
From page 89... ...
. 5 A review of automotive software safety assurance processes and standards is given by Czerny et al.
|
From page 90... ...
induStry StandardS activitieS for electronicS Safety aSSurance Compared with the United States, many other countries with large automotive industries give their manufacturers less leeway to define all aspects of their safety assurance processes. The European Union (EU)
|
From page 91... ...
Since its introduction more than 10 years ago, IEC 61508 has induced the creation of a number of industry-specific standards for functional safety, including those for machinery, chemical processing, and nuclear power plants. Various guidance documents that are intended to help 7 The EU and Japan impose certain safety assurance process requirements on automobile manufactur ers as part of vehicle type certification.
|
From page 92... ...
Box 3-4 gives an example of the IEC-approved methodology for addressing EMC for functional safety. Although automotive manufacturers can follow the guidance of IEC 61508, until recently they have not had an industry-specific standard for ensuring the functional safety of vehicle electronics.
|
From page 93... ...
Among those processes are eliciting safety requirements, using safety analysis tools such as FMEAs and FTAs, and monitoring for safety performance in the field. To make safety assurance a prominent and transparent part of product development, ISO 26262 emphasizes formal management review of and sign-off on key safety-related decisions at all stages of product planning, development, verification, and validation.
|
From page 94... ...
These parts contain guidance on (a) specifying the technical safety requirements at the system, hardware, and software levels; (b)
|
From page 95... ...
chaPter findinGS Finding 3.1: Automotive manufacturers visited during this study -- and probably all the others -- implement many processes during product design, engineering, and manufacturing intended (a) to ensure that electronics systems perform as expected up to defined failure probabilities and (b)
|
From page 96... ...
Finding 3.4: Automotive manufacturers have been cooperating through ISO to develop a standard methodology for evaluating and establishing the functional safety requirements for their electronics systems. The pending standard -- ISO 26262, Road Vehicle Functional Safety -- originated from recognition within the automotive industry that the proliferation of electronics systems in vehicles is introducing greater complexity into both automotive systems and their development processes.
|
From page 97... ...
2004. How to Achieve Functional Safety and What Safety Standards and Risk Assessment Can Contribute.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.