AltaRica 3 Based Models for ISO 26262 Automotive Safety Mechanisms

  • Abraham Cherfi
  • Antoine Rauzy
  • Michel Leeman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8822)


Cars embed a steadily increasing number of Electric and Electronic Systems. The ISO 26262 defines a number of constraints, rules and requirements that the development of Automotive E/E Systems must obey in order to guaranty their Functional Safety. One of the means at hand to enhance the safety of these systems is to reinforce them with so-called Safety Mechanisms. The Standard discusses at length how to estimate the contribution of these mechanisms to Functional Safety. These calculations rely however on Fault Tree models or ad-hoc formulas that are hard to check for completeness and validity. In this article, we propose generic AltaRica 3 for Electric and Electronic Systems protected by first and second order safety mechanisms. These models are of a great help to clarify the behavior of these systems as well as to determine the domain of validity of simpler models such the above mentioned Fault Trees or ad-hoc formulas.


Automotive Functional Safety ISO 26262 Safety Mechanisms AltaRica Markov Models 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ISO 26262, Road vehicles – Functional safety, Working Group ISO TC22 SC3 (2011)Google Scholar
  2. 2.
    IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems, parts 1–7. Geneva: International Electrotechnical Commission (1998)Google Scholar
  3. 3.
    Innal, F., Dutuit, Y., Rauzy, A., Signoret, J.-P.: New insight into the average probability of failure on demand and the probability of dangerous failure per hour of safety instrumented systems. Journal of Risk and Reliability 224, 75–86 (2010)Google Scholar
  4. 4.
    Jin, H., Lundteigen, M.A., Rausand, M.: Reliability performance of safety instrumented systems: A common approach for both low- and high-demand mode of operation. Reliability Engineering and System Safety 96, 365–373 (2011)CrossRefGoogle Scholar
  5. 5.
    Boiteau, M., Dutuit, Y., Rauzy, A., Signoret, J.-P.: The AltaRica Data-Flow Language in Use: Assessment of Production Availability of a MultiStates System. Reliability Engineering and System Safet 91(7), 747–755 (2006)CrossRefGoogle Scholar
  6. 6.
    Brameret, P.-A., Rauzy, A., Roussel, J.M.: Preliminary System Safety Analysis with Limited Depth Markov Chain Generation. In: Proceedings of 4th IFAC Workshop on Dependable Control of Discrete Systems, DCDS 2013, York, Great Britain (September 2013)Google Scholar
  7. 7.
    Cherfi, A., Rauzy, A., Leeman, M., Meurville, F.: Modeling Automotive Safety Mechanisms: A Markovian Approach, Reliability Engineering and System Safety (accepted in April 2014), doi:,04.013
  8. 8.
    Prosvirnova, T., Batteux, M., Brameret, P.-A.: The AltaRica 3.0 project for Model-Based Safety Assessment. In: DCDS 2013, York, Great Britain (September 2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Abraham Cherfi
    • 1
    • 2
  • Antoine Rauzy
    • 3
  • Michel Leeman
    • 2
  1. 1.LIX - Ecole PolytechniquePalaiseau cedexFrance
  2. 2.GEEDS - ValeoFrance
  3. 3.Chaire Blériot-Fabre - Ecole Centrale de Paris, Grande Voie des VignesChâtenay-MalabryFrance

Personalised recommendations