Abstract
Today’s innovative automated driving systems (ADS) functions are realised by highly interconnected and networking cyber-physical systems based on existing automated driving assistance systems (ADAS). These interconnections increase the complexity of so-called systems of systems, because automation requires information and interaction with its environment. All possible interactions must be known for the definition of the intended system behaviour in order to identify any malfunctions of ADS, which may propagate over the system boundaries and influence other systems to fail in a harmful way. Hidden links are able to affect unwanted operational system states so that they cannot be perceived as failure modes. For that reason, functional safety is an important topic for reduction of safety-critical risk to cause failures in complex automotive systems.
The chapter presented discusses the application of the automotive functional safety standard ISO 26262 in context of ADS. The following main topics are highlighted: Complexity of automated driving systems, issues concerning availability and reliability, importance of the concept phase and the role of the driver. Furthermore, proposals are made on how to handle these challenges and for feasible enhancements of the current ISO 26262 standard. Existing and promising methods are discussed that deal with the increasing complexity for the development of future ADS.
Notes
- 1.
Knight Industries, 2000.
- 2.
Germany Federal Highway Research Institute (BASt)—http://www.bast.de.
- 3.
US National Highway Traffic Safety Administration (NHTSA)—http://www.nhtsa.gov/.
- 4.
Emergency Brake Assist.
- 5.
Lane Keeping Assist.
- 6.
Original equipment manufacturer.
- 7.
Car-to-x means a communication between the car and any other external system, e.g. other cars C2C or the infrastructure C2I.
- 8.
Aviation Rulemaking Advisory Committee—http://avstop.com/legal/2.htm.
- 9.
For example, Austrian Federal Act—Governing the Liability for Defective Product/Product Liability [7]: §5. (1) A product §5. (1) A product shall be deemed defective if it does not provide the safety which, taking all circumstances into account, may be reasonably expected, in particular with respect to: (1) the presentation of the product, (2) the use to which it can reasonably be expected that the product would be put and (3) the time when the product was put into circulation.
- 10.
An item is a system or array of systems for implementing a function at vehicle level, to which ISO 26262 is applied.
- 11.
See definition at http://v-modell.iabg.de/v-modell-xt-html-english/index.html.
- 12.
See also ‘dependability’—umbrella term to describe different quality attributes of a system.
- 13.
Emergent entities (properties or substances) ‘arise’ out of more fundamental entities and yet are ‘novel’ or ‘irreducible’ with respect to them [13].
- 14.
Hazard and operability study.
- 15.
Failure mode and effects analysis.
- 16.
Depending on the classification as S and/or E.
- 17.
Time span in which fault(s) can occur in a system before a hazardous event ([2], Part 3, 1.45).
- 18.
Amount of time in which a safety mechanism takes online diagnostic tests ([2], Part 3, 1.26).
- 19.
Time span between detecting a fault and reaching the safe state ([2], Part 3, 1.44).
- 20.
Amount of time between achieving the safe state before a hazard could occur.
- 21.
Systems Modelling Language—http://www.omg.org/spec/SysML/.
- 22.
Modelling and Analysis of Real Time and Embedded systems—http://www.omgmarte.org/.
- 23.
Electronics Architecture and Software Technology—Architecture Description Language—http://www.east-adl.info/.
- 24.
A method is a set of related activities, techniques, conventions, representations, and artefacts that implement one or more processes and is generally supported by a set of tools.
References
K. Bengler et al., Three Decades of Driver Assistance Systems: Review and Future Perspectives, in Intelligent Transportation Systems Magazine, IEEE 6.4, 2014, pp. 6–22
International Organization for Standardization, ISO 26262—Road Vehicles—Functional Safety, Part 1–10. ISO/TC 22/SC 32—Electrical and Electronic Components and General System Aspects, 15 Nov 2011
European Commission, CARE Project: Road Safety Evolution in the EU, Mar 2015, [On-line] http://ec.europa.eu/transport/road\_safety/pdf/observatory/historical\_evol.pdf. Accessed 12 Oct 2015
O. Carstena et al., Vehicle-based studies of driving in the real world: the hard truth? Accid. Anal. Prev. 58, 162–174 (2013)
SAE International, SAE J3016—Taxonomy and Definitions for Terms Related to On-Road Motor Vehicle Automated Driving Systems. J3016-201401, 1 Jan 2014
National Highway Traffic Safety Administration (NHTSA), Preliminary Statement of Policy Concerning Automated Vehicles, 30 May 2013, [On-line] http://www.nhtsa.gov/staticfiles/rulemaking/pdf/Automated\_Vehicles\_Policy.pdf. Accessed 12 Oct 2015
Austrian Federal Act, Governing the Liability for a Defective Product (Product Liability Act). 21 Jan 1988, [On-line] www.ris.bka.gv.at/Dokumente/BgblPdf/1988\_99\_0/1988\_99\_0.pdf. Accessed 12 Oct 2015
International Electrotechnical Commission, IEC 61508—Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, 2nd edn. TC 65/SC 65A—System aspects, 4 Apr 2010
R.W.A. Barnard, What is wrong with Reliability Engineering? INCOSE Int. Symp. 18, 357–365 (2008). doi:10.1002/j.2334-5837.2008.tb00811.x
N. Leveson, Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, Jan 2012, [On-line] https://mitpress.mit.edu/books/engineering-safer-world. Accessed 12 Oct 2015
H. Butz, Safety and Fault Tolerance in a Complex Human Centred Automation Environment. Innovation Forum Embedded Systems, Munich, 24 Apr 2009, [On-line] http://bicc-net.de/events/innovation-forum-embedded-systems. Accessed 12 Oct 2015
H. Butz, Systemkomplexität methodisch erkennen und vermeiden, in Anforderungsmanagement in der Produktentwicklung, R. Jochem, K. Landgraf (Hrsg) (Symposion Publishing GmbH, Düsseldorf, 2011), pp. 183–217
Stanford Encyclopedia of Philosophy, Emergent Properties, 28 Feb 2012, [On-Line] http://plato.stanford.edu/archives/spr2012/entries/properties-emergent. Accessed 12 Oct 2015
D. Campos et al., Egas–collaborative biomedical annotation as a service. Proc. Fourth BioCreative Challenge Evaluation Workshop 1, 254–259 (2013)
IAV GmbH—Ingenieurgesellschaft Auto und Verkehr, Standardized E-Gas Monitoring Concept for Gasoline and Diesel Engine Control Units, Version 6, 22 Sept 2015, [On-Line] https://www.iav.com/en/publications/technical-publications/etc-monitoring-concepts. Accessed 12 Oct 2015
International Electrotechnical Commission, IEC 60812—Analysis techniques for system reliability—Procedure for failure mode and effects analysis (FMEA), TC 56—Dependability, 26 Jan 2006
International Electrotechnical Commission, IEC 61025—Fault tree analysis (FTA). TC 56—Dependability, 13 Dec 2006
S. Friedenthal, A. Moore, S. Rick, A Practical Guide to SysML: The Systems Modeling Language, 3rd edn. (Morgan Kaufmann, Amsterdam, 2014)
H. Martin et al., Model-based Engineering Workflow for Automotive Safety Concepts. No. 2015-01-0273, SAE Technical Paper, 2015
G. Biggs et al., A profile for modelling safety information with design information in SysML. Softw. Syst. Model 15(1), 147–178 (2014). Springer
B. Meyer, Applying ‘design by contract’. Comput. IEEE 25(10), 40–51 (1992). 2015
J.-P. Blanquart et al., Towards cross-domains model-based safety process, methods and tools for critical embedded systems: The CESAR approach, in Computer Safety, Reliability, and Security, ed. by F. Flammini, S. Bologna, V. Vittorini. Lecture Notes in Computer Science, vol. 6894 (Springer, Berlin, 2011), pp. 57–70
A. Baumgart et al., A model-based design methodology with contracts to enhance the development process of safety-critical systems, in Software Technologies for Embedded and Ubiquitous Systems, ed. by S.L. Min, R. Pettit, P. Puschner, T. Ungerer. Lecture Notes in Computer Science, vol. 6399 (Springer, Berlin, 2011), pp. 59–70
J. Westman et al., Structuring safety requirements in ISO 26262 using contract theory, in Computer Safety, Reliability, and Security, ed. by F. Bitsch, J. Guiochet, M. Kaâniche (Springer, Berlin, 2013), pp. 166–177
A. Benveniste et al., Contracts for System Design. INRIA, Rapport de recherche RR-8147, Nov 2012, [Online] http://hal.inria.fr/hal-00757488. Accessed 12 Oct 2015
M. Fischer et al., Modular and scalable driving simulator hardware and software for the development of future driver assistance and automation systems, in New Developments in Driving Simulation Design and Experiments, 2014, pp. 223–229
M. Karner, et al., System Level Modeling, Simulation and Verification Workflow for Safety-Critical Automotive Embedded Systems. No. 2014-01-0210, SAE Technical Paper, 2014
M. Krammer, H. Martin et al., System Modeling for Integration and Test of Safety-Critical Automotive Embedded Systems. No. 2013-01-0189, SAE Technical Paper, 2013
P. Graignic et al., Complex system simulation: Proposition of a MBSE framework for design-analysis integration. Proc. Comput. Sci. 16, 59–68 (2013)
D. Krajzewicz, Traffic simulation with SUMO—Simulation of urban mobility, in Fundamentals of Traffic Simulation, Series: International Series in Operations Research and Management Science, ed. by J. Barceló, vol. 145 (Springer, Berlin, 2010)
J. Erdmann, Lane-Changing Model in SUMO. German Aerospace Center (2014), [On-Line] http://elib.dlr.de/89233/1/SUMO\_Lane\_change\_model\_Template\_SUMO2014.pdf. Accessed 12 Oct 2015
A. Rousseau et al., Electric Drive Vehicle Development and Evaluation Using System Simulation, in Proceedings of the 19th IFAC World Congress, 2014, pp. 7886–7891
M. Klauda et al., Automotive Safety und Security aus Sicht eines Zulieferers, 4 Oct 2013, [On-line] http://subs.emis.de/LNI/ Proceedings/Proceedings210/13.pdf. Accessed 12 Oct 2015
T. M. Gasser, Legal consequences of an increase in vehicle automation. Bundesanstalt für Straßenwesen, 2013, [On-Line] http://bast.opus.hbznrw.de/volltexte/2013/723/pdf/Legal\_consequences\_of\_an\_increase\_in\_vehicle\_automation.pdf. Accessed 12 Oct 2015
H. Winner, W. Wachenfeld, Absicherung automatischen Fahrens, in 6.FAS-Tagung München, 29 Nov 2013, [On-Line] http://tubiblio.ulb.tu-darmstadt.de/63810/. Accessed 12 Oct 2015
B. Walker Smith, SAE Levels of Driving Automation. The Center for Internet and Society at Stanford Law School, 18 Dec 2013, [On-line] http://cyberlaw.stanford.edu/loda. Accessed 12 Oct 2015
H. Winner et al., Handbuch Fahrerassistenzsysteme, 3. Auflage. ATZ/MTZ-Fachbuch, (Springer Fachmedien, Berlin, 2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Martin, H., Tschabuschnig, K., Bridal, O., Watzenig, D. (2017). Functional Safety of Automated Driving Systems: Does ISO 26262 Meet the Challenges?. In: Watzenig, D., Horn, M. (eds) Automated Driving. Springer, Cham. https://doi.org/10.1007/978-3-319-31895-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-31895-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31893-6
Online ISBN: 978-3-319-31895-0
eBook Packages: EngineeringEngineering (R0)