On functional safety methods: A system of systems approach

摘要

The advent of automated driving and mobility as a service brings the automotive industry to a new era. Moreover, connectivity plays a crucial role in enabling automated vehicles to navigate, as well as in regulating this newly established network of connected vehicles as efficiently and safely as possible. As a result, modern vehicles are equipped with Vehicle to Vehicle (V2V) and Vehicle to other systems (V2X) communication capabilities. Vehicles, traditionally considered as a monolithic system, now become part of an ecosystem of vehicles, infrastructure and mobility services that can be characterized as a System of Systems (SoS). This creates a need for safety methods that are applicable for analyzing SoS. In this paper, we investigate the impact of applying safety analysis to a SoS with a conventional, "vehicle-centric" development process. We propose a tailored safety lifecycle based on guidelines of ISO 26262 that is augmented to encompass additional considerations pertinent to a SoS. We performed a comparative study by applying our proposed method as well as the traditional (vehicle-centric) approach as per ISO 26262 for safety engineering of a truck platooning application. The comparison results show the overall effectiveness of the proposed method. The "connected vehicles" development process resulted in more safety goals compared with the vehicle-centric approach. This may, at first thought, suggest that this approach requires a significant effort increase as the number of safety goals is an indicator of the amount of needed effort for the safety engineering process. However, the safety analysis (e.g. fault tree analysis) of the platoon system from a vehicle-centric approach exponentially grows in size. This increase in complexity of analyses of the traditional vehicle-centric approach means that the actual effort required of the proposed method for the SoS is comparatively more efficient. Besides, the proposed method showed us that the resulting safety analysis, in particular, the fault trees are less prone to error as the complexity of the analysis is greatly reduced. Creating an appropriate level of abstraction for the vehicle and the platoon makes the analysis more effective. The reduced complexity also impacts verification and validation activities as vehicle and platoon level testing are specified and conducted separately. This research shows the increased trust in the safety of the platoon system by performing a "connected vehicles" safety analysis.