Sari, B. and Reuss, H., "A Model-driven Approach for Dependent Failure Analysis in Consideration of Multicore Processors using Modified Architecture Description Language (ADL)," SAE Technical Paper 2017-01-0065, 2017.
Safety is becoming more and more important with the ever increasing level of safety related E/E Systems built into the cars. Increasing functionality of vehicle systems through electrification of power train and autonomous driving leads to complexity in designing system, hardware, software and safety architecture. The application of multicore processors in the automotive industry is becoming necessary because of the needs for more processing power, more memory and higher safety requirements. Therefore it is necessary to investigate the safety solutions particularly for ASIL-D-Systems. This brings additional challenges because of additional requirements of ISO 26262 for ASIL-D safety concepts. The ISO 26262 provides the possibility to apply decomposition approach for ASIL-D safety requirements. An appropriate decomposition has the advantage to reduce the ASIL rating of the top events. But the application of ASIL decomposition requires redundancy of safety requirements, which should be allocated to sufficiently independent architectural elements. In order to apply the decomposition, ISO26262 requires to prove “freedom from interference (FFI)” and to carry out “dependent failure analysis (DFA)”, which then provides evidence about sufficient independency between decomposed function parts. Currently, “dependent failure analysis” is realized manually. This causes additional development effort, because the whole path from system decomposition down to software and hardware decompositions has to be analyzed to ensure that the signals and hardware parts are sufficiently independent. The other disadvantage of manual analysis is that it is difficult to achieve traceability. An approach, how the engineers deal with these challenges in an efficient and effective way is offered by model-driven system, software and safety development. This makes it possible to describe, analyze and verify the system, software and safety architecture with models in order to detect the design and systematic errors before implementation. This paper presents an approach for model-based “dependent failure analysis” and generation of safety work products. Therefore, the hardware modeling, function modeling and dependability package of EAST-ADL (Electronics Architecture and Software Technology - Architecture Description Language) are extended in a way that it now allows the modeling of a multicore processor with its hardware elements and software safety architecture which are necessary to prove hardware and software independency. Additionally, some scripts are developed to analyze the decomposition paths automatically from system level to software and hardware level and generate the analysis results. Additionally, we briefly discuss how the main activities from ISO 26262 such as hazard analysis and risk assessment, functional safety concept, technical safety concept, safety analysis, etc. can be developed model-driven. The extensions and developed scripts make it possible to gain sufficient transparency and traceability for the safety arguments and to support the whole safety process in a single solution even in hardware and software development.