autosar functional safety
TRANSCRIPT
![Page 1: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/1.jpg)
AUTOSARAUTOSAR &&
Functional SafetyFunctional Safety
John Favaro Intecs
Jochen Olig Elektrobit
![Page 2: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/2.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 2
![Page 3: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/3.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 3
Mixed CriticalityMixed Criticality
![Page 4: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/4.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 4
Unsafe Airplanes?Unsafe Airplanes?
![Page 5: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/5.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 5
Strange BedfellowsStrange Bedfellows
• Are modern airplanes safe? Much controversy
• One reason: modern onboard flight systems include
– Extremely critical functions (e.g. flight control)
– Extremely non-critical functions (e.g. movies)
• This is mixed criticality
![Page 6: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/6.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 6
A Hot Topic Around the WorldA Hot Topic Around the World
![Page 7: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/7.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 7
EU Mixed Criticality ProjectsEU Mixed Criticality Projects
![Page 8: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/8.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 8
Why the Trend?Why the Trend?
“Because we can”
Modern multicore processors have
the power to support an incredible
amount of functionality
Lightweight, power efficient,
space saving, …
![Page 9: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/9.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 9
Integrated ArchitecturesIntegrated Architectures
Modern integrated
architectures make
it possible to host
all of the system
functionality on a
single platform
Integrated Modular Avionics (IMA)
![Page 10: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/10.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 10
AUTOSARAUTOSAR
(Uni Potsdam)
AUTOSAR enables integration of all kinds of functionality,
from applications to basic software, on the same platform
![Page 11: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/11.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 11
Functional SafetyFunctional Safety andand
Mixed CriticalityMixed Criticality
![Page 12: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/12.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 12
Functional Safety = ISO 26262Functional Safety = ISO 26262
• What does ISO 26262 say about mixed criticality?
• Part 9, Clause 6 describes the Criteria for Coexistence of Elements
Element
ASIL D
ASIL B
ASIL A
ASIL D ASIL B ASIL A
![Page 13: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/13.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 13
Freedom From InterferenceFreedom From Interference
• The key to mixed criticality software in ISO 26262 is to demonstrate freedom from interference
• Freedom from interference means that a software element is unable to make another software element fail through erroneous behavior
Failing
element
Affected
element
![Page 14: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/14.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 14
Kinds of Software InterferenceKinds of Software Interference
(erharoldsen.com)
TIME TIME SPACE SPACE
COMMUNICATION COMMUNICATION
“Babbling idiot”
“My personal space”
“Hogging the stage”
![Page 15: AUTOSAR Functional Safety](https://reader031.vdocuments.us/reader031/viewer/2022013000/61c9d0963f935737ff02ff0d/html5/thumbnails/15.jpg)
Favaro 11 Workshop on Automotive Software & Systems, Milano 07 November 2013 15
“Do“Do--ItIt--Yourself”?Yourself”?
• Why not just “do it yourself?”
– Construct your applications “very carefully”
• Unrealistic! Broken software cannot “heal itself”
– Too many unknown ways
– Too many unk-unks
• The only realistic path is platform-level support
– ISO 26262 agrees
No “do-it-yourself”