An Overview of Automotive Functional Safety Standards and Compliances
It has been observed that the frequency of traffic accidents has increased significantly over the last two decades, resulting in many fatalities. As per the WHO (World Health Organization) road safety report across the globe, about 1.2 million people lose their life on the roads each year, with another 20 to 50 million suffering quasi-injuries. One of the primary elements that have a direct impact on road user safety is the reliability of automobile devices and systems.
Autonomous vehicles are gaining immense popularity with the advancement in self-driving. Wireless connectivity and other substantial technologies are facilitating ADAS (Advanced Driver Assistant Systems), which consists of applications like adaptive cruise control, automated parking, navigation system, night vision & automatic emergency braking, etc, which play a critical role in the development of fully autonomous vehicles.
Safety Of The Intended Functionality SOTIF (ISO/PAS 21448) was created to solve the new safety challenges that software developers are encountering for autonomous (and semi-autonomous) vehicles. SOTIF (ISO 21448) refers to safety-critical functionality that necessitates sufficient situational awareness. By implementing these procedures, you can accomplish safety in situations where you might otherwise fail. SOTIF (ISO 21448) was designed to be ISO 26262: Part 14 at first. Since assuring safety in the absence of a system breakdown is so difficult, SOTIF (ISO 21448) has become its standard. Because AI and Machine Learning are the vital components of autonomous vehicles. The use of SOTIF (ISO 21448) will be critical in guaranteeing that AI can make appropriate judgments and avoid dangers.
Functional Safety – ISO 26262
FuSa (ISO 26262) automotive functional safety standard establishes a safety life cycle for automotive electronics, requiring designs to pass through an overall safety process to comply with the standard. As within the case of IEC (International Electrotechnical Commission), 61508 measures the reliability of safety functions and uses maximum probability while ISO 26262 is predicated on the violation of safety goals and provides requirements to realize a suitable level of risk. ISO 26262 validates a product’s compliance from conception to decommissioning to develop safety-compliant systems.
ISO 26262 employs the idea of Automotive Safety Integrity Levels (ASILs), a refinement of Safety Integrity Levels, to reach the objective of formulating and executing reliable automotive systems and solutions. ASILs are assigned to components and subsystems that have the potential to cause system failure and malfunction, resulting in hazards. The best allocation of safety levels to the system framework is a complicated issue that must ensure that the highest safety criteria are met while the development cost of the automobile system is kept to a minimum. Let us see what each part of this standard reflects.
Automotive Functional Safety Guidelines
Part 1 – Vocabulary: It relates to the definitions, terms, and abbreviations used in the standard to maintain unity and avoid misunderstanding.
Part 2 – Management of Functional Safety: It offers information on general safety management as well as project-specific information on management activities at various stages of the safety lifecycle.
Part 3 – Concept Phase: Analysis and assessment of risk are being evaluated in the early product development phase.
Part 4 – Product Development at the System Level: It covers system-level development issues comprising system architecture design, item integration & testing.
Part 5 – Product Development at the Hardware Level: It covers basic hardware level design and evaluation of hardware metrics.
Part 6 – Product Development at the Software Level: It comprises software safety, design, integration & testing of embedded software.
Part 7 – Production and Operation: This section explains how to create and maintain a production process for safety-related parts and products that will be installed in vehicles.
Part 8 – Support Processes: This section covers all stages of a product’s safety lifecycle, like proceeding to verification, undertaking tool qualification, documentation etc.
Part 9 – Automotive Safety Integrity Level (ASIL): It covers the requirement for ASIL analysis, defines ASIL decomposition state and analysis of dependent failures.
Part 10 – Guideline on ISO 26262: It covers an overview of ISO 26262 and other guidelines on how to apply the standard.
ISO 26262 classifies ASILs into four categories: A, B, C, and D. The lowest degree of automobile hazard is ASIL A, while the maximum degree is ASIL D. Since the dangers connected with their failure is the highest, systems like airbags, anti-lock brakes, and power steering require an ASIL-D rating, the highest level of rigor applied to safety assurance. Components like rear lights, on the other hand, are merely required to have an ASIL-A rating. ASIL-B would be used for headlights and brake lights, while ASIL-C would be used for cruise control.
Types of ASIL classification
Automotive Safety Integrity Levels are determined by two factors such as analysis of hazard and assessment of risk. Engineers measure three distinct factors for each electronic component in a vehicle, and those are based on the following factors.
- Intensity (the severity of the driver’s and passengers’ injuries)
- Amount of exposure (how frequently the vehicle is subjected to the hazard)
- Possibility of control (how much the driver can do to avoid an accident.)
MISRA C
The Motor Industry Software Reliability Association (MISRA) publishes standards for the development of safety and security-related electronic systems, embedded control systems, software-intensive applications, and independent software.
MISRA C contains components that protect automobile software from errors and failures. With over 140 rules for MISRA–C and more than 220 rules for MISRA–C++, the suggestions tackle code safety, portability, and reliability issues that affect embedded systems. For MISRA C compliance, developers must follow a set of mandatory rules. The goal of MISRA C is to provide the best performance in terms of software operation for software programs used in automobiles, as these programs can have a significant impact on the vehicle’s overall design safety. Developers utilize MISRA C as one of the tools for developing safe software for automobiles.
AUTOSAR
AUTOSAR (Automotive Open System Architecture) this standard’s goal is to provide a set of specifications that describe fundamental software modules, specify programmatic links, and implement common methods for further development using a standardized format.
AUTOSAR’s sole purpose is to provide a uniform standard across manufacturers, software suppliers, and tool developers while maintaining competition so that the result of the business is not harmed.
While reusability of software components lowers development costs and guarantees stability, it also increases the danger of spreading the same software flaw or vulnerability to other products that use the same code. To solve this significant issue, AUTOSAR advocates safety and security features in software architecture.
The design approach of AUTOSAR includes
- Product and system definition including software, hardware, and complete system.
- Allocating AUTOSAR to each ECU (Electronic Control Unit)
- Configuration of OS, drivers, and application for each ECU (Electronic Control Unit)
- Comprehensive testing to validate each component, at unit level and system level.
The necessity to assure functional safety at every level of product development and commissioning has grown even more crucial in today’s world when automotive designs have got increasingly complicated with many ECUs, sensors, and actuators. Therefore, today’s automakers are more concerned about adhering to the highest automobile safety requirements, such as the ISO 26262 standard and ASIL Levels.
At MosChip, we help automotive businesses to manufacture devices/chipsets complying with automotive safety standards and design Machine Learning based intelligent solutions such as automatic parallel parking, traffic sign recognition, object/lane detection, in-vehicle infotainment systems, etc. involving FPGAs, CPUs, and Microcontrollers. Our team of experts has experience working with autonomous driving platforms, middleware, and compliances like adaptive AUTOSAR, FuSa (ISO 26262), and MISRA C. We support our clients in the entire journey of intelligent automotive solution design.
About MosChip:
MosChip has 20+ years of experience in Semiconductor, Embedded Systems & Software Design, and Product Engineering services with the strength of 1300+ engineers.
Established in 1999, MosChip has development centers in Hyderabad, Bangalore, Pune, and Ahmedabad (India) and a branch office in Santa Clara, USA. Our embedded expertise involves platform enablement (FPGA/ ASIC/ SoC/ processors), firmware and driver development, BSP and board bring-up, OS porting, middleware integration, product re-engineering and sustenance, device and embedded testing, test automation, IoT, AIML solution design and more. Our semiconductor offerings involve silicon design, verification, validation, and turnkey ASIC services. We are also a TSMC DCA (Design Center Alliance) Partner.
Stay current with the latest MosChip updates via LinkedIn, Twitter, FaceBook, Instagram, and YouTube