|
|
|
|
|
01/11/2011
 Email to a friend
 Comment on this article
|
Electronics are increasingly controlling a vehicle's safety system. But are they reliable? Chris Edwards investigates
 In less than three years, vehicle manufacturers will need to have added several electronic safety systems to their entire product lines to comply with European Union directives. The European Commission is planning to add more to the list. But the systems now being considered are forcing OEMs and tier one suppliers to re-evaluate how they approach designing safe behaviour into a complex network of electronic subsystems.
In 2008, the European Commission decided, after analysing casualty statistics,that electronic stability control should be made mandatory. From 2014, all new vehicles must use such systems. Developers of new passenger cars had a more stringent deadline: to ensure they had stability control in place by November 2011.
Attention is turning to systems that put even more control in the hands of the electronic control units (ECUs) within the vehicle. Features such as advanced emergency braking – engaging when the vehicle in front is deemed by the computer to be too close – are likely to be made mandatory in cars. But, because of the cost, the commission decided to impose them, along with lane-departure warnings, only on new heavy vehicles going on sale from 2013. However, various features are being added voluntarily by car makers, in the attempt to win sales.
Richard Robinson, director of the automotive, multimedia and communications service at Strategy Analytics, explained at the 2011 European Semiconductor Forum: "ECU revenues are increasingly coming from advanced safety applications, particularly in Japanese- and German-produced vehicles. The active safety market is still pretty small, in unit terms, with fewer than 110 million systems installed in 2011. But growth is quite significant, with stability control, parking sensors and adaptive lighting all showing good growth."
Mark Walker, senior engineer at modelling software specialist The MathWorks, comments: "The level of complexity in how these systems are coupled is going up and the way information is shared around a system is changing. For example, active safety systems will communicate with powertrain functions."
Robinson says instances of this can be seen in the use of cameras in vehicles, with the same units being used for multiple functions, such as collision avoidance, lane detection and traffic sign recognition. The sensor inputs are handled by a variety of ECUs that work together to act on signs of danger, but this trend is raising a red flag of its own.
Systems complexity
"What worries me is the increasing complexity of systems that are being developed and used," states Tom Anderson, founder of Praxis Critical Systems and now an independent safety consultant. "A very tiny compromise in a digital system may be disastrous for the whole system."
If a car is using sensors in order to generate warnings, software failures may simply result in irritating false alarms. But automakers are developing lane-assistance functions that do not just warn the driver haptically when leaving the lane by creating a rumble strip-like vibration, but produce a steering torque that brings the vehicle back into lane. This introduces the risk of the computer steering the vehicle at the wrong time and potentially into danger.
Independent consultant software engineer Martyn Thomas says the following of an industry that has been beset in recent years with difficult-to-diagnose faults serious enough to warrant expensive product recalls: "It is not easy to determine why a recall occurred. You don't even know whether a particular accident was caused by a software problem. You may have a suspension system that usually stiffens at the right time, but sometimes it doesn't, because of a software fault. If, as a result, you spin off the road one time, there is no metal fatigue to look at. There was just the software that was always there. You would probably never know that the accident was caused by software."
Proper investigation
And he adds: "There is at least a proper investigation process in the airline industry that means these analyses and recommendations are carried out. That you don't see in other industries."
Seeing the potential hazards, the automotive industry is adopting practices from other industries, such as aviation and industrial control, that are designed to improve safety. The IEC 61508 standard is now widely recognised and the industry has adopted several recommendations from the Motor Industry Software Reliability Association (MISRA).
But, in response to the massive increase in the complexity of vehicle control systems, national initiatives from France and Germany clubbed together to form the basis of a safety standard that would focus on electronic systems in road vehicles. The result was the ISO 26262 standard, published officially – barring one of its 10 parts – in November 2011.
The biggest change implied by the adoption of ISO 26262 is the introduction of the safety-case concept. This is a document that describes the way in which the designers establish the evidence that their systems will not behave in an unsafe way.
Walker says the publication will not change overnight the way in which vehicle makers develop systems: "MISRA has been defining good practice for 20 years plus. But each automaker and tier one supplier will have to look at the standard and decide what their response to ISO 26262 will be. They have to map their activities into how the standard expects you to build that safety case. They are all planning how that mapping will work.
Answers needed
"I think it's big enough that it will be taken up. Every big automaker will have to have an answer. If you get something like sudden unintended acceleration happening and it causes accidents, the question will be: what practices were used during development? If I ignored ISO, it will be a harder case to make that you took the proper precautions. Compared to the rest of the industry, you will be an outlier. And, if you're an outlier, you will have to show your practices are at least consistent with the standard. It's big enough for that to happen.
"ISO 26262 provides guidance on how you do something," he adds. "You say, 'I do this, using this simulation or test generation to work towards this objective'. And that is what people are building a map for."
Companies are using simulation tools not just to plan how components in the system will talk to each other, but also to perform failure mode effects analysis (FMEA) to see what happens when faults occur in the network.
Moving ahead
"FMEA is a good way to work out which scenarios to consider," says Walker. "But it doesn't tell you the cases you haven't thought of. Using formal analysis, you can run a proof on a model that asks a very different kind of question: 'Is there any way the system can do this?'
For example, is it possible to engage the hand brake, while you are going round a corner? Those techniques are now common and can be used in pretty large-scale models. Formal techniques are definitely moving on."
Martyn Thomas concludes: "You see a number of companies doing things well in various industries. There are a number of different formal, mathematical methods being used in aviation, even though they are not mandated, because it is seen as a cheaper way of getting to the level of assurance they need."
ISO 26262 is just the start of a process that will see the OEMs and subsystem manufacturers make major changes to the way in which they develop safer vehicles.
|
|
| |
Author
Chris Edwards
|
| |
| |
Copyright AD Media Europe.
See Terms and Conditions.
One-off usage is permitted but bulk copying is not.
For multiple copies contact the sales team.
|
| |
|
|
| |
To access the whitepaper section you need to complete our 60 second registration process. Once completed this then allows you to download any and all white papers, register for e-zines and access our detailed supplier directory for FREE.
If you are all ready a registered user then enter your e-mail address and login.
You will need to have logged in prior to entering your comments in the boxes provided.
|
|
Engineering Recruitment Partner:
|