In this paper, we present a method to assess functional safety of architectures for Automated Driving Systems (ADS). The ISO 26262 standard defines requirements and processes in support of achieving functional safety of passenger vehicles, but does not address in particular autonomous driving functions. Autonomous driving will bring with it a number of fundamental changes affecting functional safety. First, there will no longer be a driver capable of controlling the vehicle in case of a failure of the ADS. Second, the hardware and software architectures will become more complex and flexible than those used for conventional vehicles. We present an automated method to assert functional safety of ADS systems in the spirit of ISO 26262 in light of these changes. The approach is model-based and implemented in the QuantUM analysis tool. We illustrate its use in functional safety analysis using a proposed practical ADS architecture and address, in particular, architectural variant analysis.
展开▼
机译:在本文中,我们提出了一种评估自动驾驶系统(ADS)架构功能安全性的方法。 ISO 26262标准定义了支持实现乘用车功能安全的要求和过程,但没有特别涉及自动驾驶功能。自动驾驶将带来许多影响功能安全的根本变化。首先,在ADS发生故障的情况下,将不再有能够控制车辆的驾驶员。其次,硬件和软件架构将比常规车辆所用的硬件和软件架构更加复杂和灵活。鉴于这些变化,我们提出了一种自动方法,可以根据ISO 26262的精神断言ADS系统的功能安全性。该方法基于模型,并在QuantUM分析工具中实现。我们使用拟议的实用ADS体系结构和地址,特别是体系结构变体分析,说明其在功能安全分析中的使用。
展开▼
