OASIS: An automotive analysis and safety engineering instrument

https://doi.org/10.1016/j.ress.2013.06.045Get rights and content

Abstract

In this paper, we describe a novel software tool named OASIS (AutOmotive Analysis and Safety EngIneering InStrument). OASIS supports automotive safety engineering with features allowing the creation of consistent and complete work products and to simplify and automate workflow steps from early analysis through system development to software development. More precisely, it provides support for (a) model creation and reuse, (b) analysis and documentation and (c) configuration and code generation. We present OASIS as a part of a tool chain supporting the application of a safety engineering workflow aligned with the automotive safety standard ISO 26262. In particular, we focus on OASIS' (1) support for property checking and model correction as well as its (2) support for fault tree generation and FMEA (Failure Modes and Effects Analysis) table generation. Finally, based on the case study of hybrid electric vehicle development, we demonstrate that (1) and (2) are able to strongly support FTA (Fault Tree Analysis) and FMEA.

Introduction

Powertrain1 electrification of vehicles transforms powertrains into complex, mechatronic systems. Due to the safety-criticality of the embedded system, sensors and actuators, they are developed according to safety standards like the automotive functional safety standard ISO 26262 [1] that provides a risk-based development process relying on quality management.

The standard requires the application of a concept phase. This phase aims at the functional description of a newly developed vehicle, the early application of PHA (Preliminary Hazard Analysis) and the derivation of safety requirements (top-level and functional). The standard also requires a subsequent system level development phase. In this phase, the system architecture (architecture of embedded system, connected sensors and controlled actuators) is designed and analyzed using FTA (Fault Tree Analysis) and FMEA (Failure Modes and Effects Analysis). Furthermore, technical safety requirements are defined. In addition, safety requirements and ASILs (Automotive Safety Integrity Levels) are allocated to the components of the system architecture. ISO 26262 also requires a subsequent software level development phase including the definition of software requirements and the design, implementation and integration of software.

Tool support for the application of the required phases exists. However, due to lacking support for safety engineering, (1) the concept phase and the system level development phase are difficult to apply. Another difficulty is (2) the effective transition from the system level development phase to the software level development phase. Both hinder the efficient creation of a complete and consistent set of work products. To overcome these problems, adequate tool support for safety engineering is required.

The contribution of this paper is a novel tool named OASIS (AutOmotive Analysis and Safety EngIneering InStrument). OASIS supports a safety engineering workflow aligned with ISO 26262's concept phase, system level development phase and software level development phase. OASIS's features allow (a) model2 creation and reuse, (b) analysis and documentation as well as (c) configuration and code generation. These features allow the creation of consistent and complete work products and to simplify and automate workflow steps. In particular, this paper focuses on OASIS' (1) support for property checking and model correction as well as its (2) support for fault tree generation and FMEA table generation and describes how (1) and (2) aid the application of FTA and FMEA.

The paper is organized as follows. Section 2 describes approaches supporting FTA or FMEA and how OASIS' support for applying FTA and FMEA is different. Section 3 illustrates OASIS as well as its use as part of a tool chain for applying a safety engineering workflow. OASIS' support for property checking and model correction as well as its support for fault tree generation and FMEA table generation are described in Sections 4 and 5. Section 6 explains how OASIS' features aid the application of FTA and FMEA based on the case study of HEV (Hybrid Electric Vehicle) development. Section 7 concludes the paper.

Section snippets

Related work

The approaches described in [2], [3], [4], [5], [6], [7], [8], [9], [10], [11], [12] use models describing structure and/or behavior of a system (typically of a computer-based system that shall be dependable, reliable or safe). These models are complemented with quantitative or qualitative information concerning the behavior of the system in the presence of faults (typically about faults and failures and their propagation). These underlying models are used by all approaches as input to fault

OASIS

OASIS is a novel software tool for automotive safety engineering (see Fig. 1). It provides features that allow simplifying and automating workflow steps from early analysis through system development to software development (an overview of the proposed workflow is presented in Fig. 2). OASIS can be combined with other tools to form a tool chain supporting an automotive safety engineering workflow aligned with ISO 26262. An overview of OASIS' architecture and features is presented in Section 3.1

Support for property checking and model correction

As described in Section 3.1.1, OASIS provides support for model creation and reuse (see Fig. 1). This includes support for property checking and model correction. This is realized using a Property Checker and a Model Corrector that ease the creation of a consistent and complete EAST-ADL model (the same model is input to generation of fault trees and FMEA tables). Thus, the Property Checker and the Model Corrector fully support the workflow phases described in Sections 3.3.1 (including PHA) and

Support for fault tree and FMEA table generation

As described in Section 3.1.2, OASIS provides support for analysis and documentation (see Fig. 1). This includes support for fault tree and FMEA table generation. This is achieved using an FTA Generator and an FMEA Generator. They can generate fault trees and an FMEA table from an EAST-ADL model (the same model is input to automatic property checking and model correction) ensuring consistency of PHA results, fault trees and FMEA table. The FTA Generator and the FMEA Generator are especially

Experimental evaluation

The tool OASIS was designed and implemented as a plugin for the tool Papyrus as described in 3.1 Architecture and features, 4 Support for property checking and model correction, 5 Support for fault tree and FMEA table generation. A tool chain was set up as described in Section 3.2 (the tool Code Composer Studio was chosen as software development IDE). Section 6.1 presents the application of the safety engineering workflow being supported by OASIS' support for property checking and model

Conclusion

The paper describes a novel software tool named OASIS (AutOmotive Analysis and Safety EngIneering InStrument). Being part of a tool chain supporting an automotive safety engineering workflow, OASIS sustains the creation of a consistent and complete set of work products and simplifies and automates workflow steps from early analysis through system development to software development. This is achieved by providing support for (a) model creation and reuse, (b) analysis and documentation as well as

Acknowledgments

The authors wish to thank the COMET K2 Forschungsförderungs-Programm of the Austrian Federal Ministry for Transport, Innovation and Technology (BMVIT), the Austrian Federal Ministry of Economics and Labour (BMWA), Österreichische Forschungsförderungsgesellschaft mbH (FFG), Das Land Steiermark and Steirische Wirtschaftsförderung (SFG) for their financial support. Additionally, we would like to thank the supporting company and project partner AVL List GmbH as well as Graz University of

References (23)

  • International Organization for Standardization, ISO 26262 road vehicles—functional safety;...
  • Papadopoulos Y, Maruhn M. Model-based synthesis of fault trees from Matlab—Simulink models. In: Proceedings of the...
  • Y. Papadopoulos et al.

    Evolving car designs using model-based automated safety analysis and optimisation techniques

    The Journal of Systems and Software

    (2004)
  • Biehl M, DeJui C, Törngren M. Integrating safety analysis into the model-based development toolchain of automotive...
  • Pai G, Dugan J. Automatic synthesis of dynamic fault trees from UML system models. In: Proceedings of the 13th...
  • Domis D, Trapp M. Integrating safety analyses and component-based design. In: Proceedings of the 27th international...
  • Elmqvist J, Nadjm-Tehrani S. Tool support for incremental failure mode and effects analysis of component-based systems....
  • Latif-Shabgahi G, Tajarrod F. A new approach for the construction of fault trees from system Simulink. In: Proceedings...
  • Bozzano M, Cimatti A, Katoen J, Nguyen V, Noll T, Roveri M, et al. A model checker for AADL. In: Proceedings of the...
  • Esteve M-A, Katoen J-P, Nguyen V, Postma B, Yushtein Y. Formal correctness, safety, dependability, and performance...
  • C. Lauer et al.

    Fault tree synthesis from UML models for reliability analysis at early design stages

    ACM SIGSOFT Software Engineering Notes

    (2011)
  • Cited by (0)

    View full text