In 2017, Tesla recalled 53,000 cars produced from February to October because of electronic parking brake (EPB) issues. Besides hardware issues, software-based recalls are also frequent in the automotive industry. Actually, software integration and operating software defects have become the most common types of failures in recent years.
Why does it happen?
Some manufacturers and software suppliers pay insufficient attention to automotive functional safety while working on new vehicles. They don’t follow ISO 26262 and other safety concepts that help to prevent systematic failures of automotive solutions.
This article explains what is functional safety in the automotive industry and how software engineers can ensure it. As an ISO 26262 and ASPICE-compliant vendor, Lemberg Solutions knows how to create safe software for OEMs and Tier 1 suppliers.
What is functional safety in automotive?
Functional safety is a broad concept that means two things: 1.) The ability of software or hardware to run without causing harm to anyone while performing the intended functions; 2.) A set of approaches, methods, and standards guiding manufacturers on implementing risk reduction and thorough system testing to make the final product secure and ensure end-users don’t get hurt.
Since software has become an integral part of modern vehicles, it’s no less critical for functional safety than hardware. Therefore, below we will explain what it takes to build safe automotive software solutions.
Why do we need functional safety of automotive software systems?
Vehicles consist of dozens of parts, and the smarter electronic systems are, the more complex software they require to connect these components. For example, the safety of a vehicle with an advanced driver assistance system (ADAS) directly depends on software reliability. If the system fails to respond to potential hazards on the road, the driver may end up hitting another car. Faulty navigation showing a dangerous road, distracting infotainment software, unreliable tire pressure monitoring systems, and other automotive software-related issues directly affect people’s safety.
That’s why automotive manufacturers must order software from companies complying with ISO 26262 and other standards that help achieve safety. Adherence to core functional safety practices is a sign of quality that minimizes the risk of software crashes and resulting accidents. Thus, manufacturers produce more reliable vehicles to compete successfully in the market.
Top automotive functional safety standards
With the emergence of microprocessor control systems use for automation, their complexity and functionality have started to scale rapidly. This has increased the need for software solutions to make these systems safe and reduce the risk of systematic or occasional failures.
Regulators started to work on the first general standard, IEC 1508: Functional Safety: Safety-Related Systems, at the beginning of the 1990s to release it in 1995. This standard covered two main types of critical incidents: control failures that may severely harm users and protection system failures. It regulated all automation systems that could harm users’ health, like industrial equipment and medical devices.
Soon it became clear that one standard cannot cover potential hazards and unacceptable risks in all industries since they significantly differ. As a result, a more specialized IEC 61508 Functional Safety of Electrical/Electronic/Programmable Electronic safety-related systems standard was developed from 1998 to 2010. This standard introduced the safety lifecycle concept, regulating such system design stages as development, implementation, use, maintenance, control and protection, to improve safety.
From 1998 automotive manufacturers used IEC 61508 until the first version of ISO 26262 Road vehicles was developed in 2011. Since then, ISO 26262 has been the core safety standard for road vehicles, not including trucks and bicycles.
Some other standards and safety regulations related to automotive hardware and software development include:
- SAE J1739 - specifies potential failure mode and effects analysis in design
- SAE J3061 - ensures the safety of cyber-physical vehicle systems
- FMVSS 126 - requires new vehicles to have electronic stability control systems
- ISO 21448 - regulates the safety of automated driving systems (ADS) in road vehicles
- IATF 16949 - introduces quality management system for organizations in the automotive industry
Automotive functional safety methods
Even though achieving automotive functional safety is challenging and takes a lot of effort, the good news is that this process is pretty standardized. Hence, with an experienced tech partner, you will know how to implement in-vehicle systems securely.
Overall, automotive software development teams follow these approaches:
|Hazard analysis and risk assessment (HARA)||Typically run at the start of the development process, it evaluates what failures can happen in specific situations to assign a severity rating to the hazard and identify ways to eliminate it|
|Failure mode and effects analysis (FMEA)||The detailed review of every automotive system component to detect modes where problems can happen, their causes, consequences, and preventive measures|
|Fault tree analysis (FTA)||Used at final development stages, this tree-like diagram includes possible faults and their causes, detecting the probability of each event|
|Automotive safety integrity level (ASIL) analysis||The risk classification scheme defined by ISO 26262 is used to determine the required level of safety for specific system components|
|Verification and validation (V&V)||This method implies system testing at every stage of the software development lifecycle|
Hence, while working on software for automotive and pursuing functional safety goals, you must adopt the listed methods. When combined, they help automotive engineers build robust and high-quality systems.
6 core steps to achieve the functional safety
The ISO 26262 automotive functional safety standard provides the main guidelines engineers follow to make road vehicles safe. Its implementation helps prevent systematic and occasional failures and includes the following steps:
1. Risk detection
Find and identify all possible risks related to the negative impact of the system on users’ health to specify the requirements for reducing them.
2. Risk analysis
Analyze the detected risks to find what elements of the product, system, or human behavior cause them. You must know the triggers, the probability of the risks, and how different parts of the product or system affect this probability.
3. Implement safety measures
Implement safety measures that would clarify which system design changes (these are usually additional safety elements) reduce each of the detected risks and how.
4. Check the risk reduction measures
Validate the implemented risk reduction measures for each identified risk. You need to test the system under various scenarios to check how it behaves when different failures or combinations of failures happen.
5. Document everything
Create documentation for all measures, approaches, and the result of checks. It will enable you to keep working on the robustness of your system and prove compliance with safety standards if necessary.
6. Identify the achieved level of safety
Once you go through all the previous steps, you are ready to assign a specific safety level to your system, according to ASIL. This is the final step to know whether the solution is reliable and ready for mass production.
It’s worth mentioning that this standard is not mandatory, and every manufacturer or automotive software provider decides the extent of its implementation and the desired safety level. Yet compliance is a powerful proof of system and product reliability that matters to most end users.
How сan we help you ensure functional safety?
Lemberg Solutions is an ISO 26262-compliant company that follows the best functional safety practices at each stage of the automotive software development cycle. You can hire us to complete system architecture design, software development, and testing in a way that makes the implemented solution more safe, secure, and robust.
What is the functional safety standard?
The main functional safety standard is ISO 26262, which provides guidelines on designing, developing, and testing electrical and electronic systems in vehicles. The standard ensures that drivers, passengers, and other road users are safe while the vehicle is in use.
What is the functional safety process?
The functional safety process is a sequence of steps and procedures used to ensure the planned risk mitigation of the system or product is achieved. It includes risk detection and analysis, safety measures implementation and validation, creation of documentation, and final audit.
What are functional safety requirements?
The main requirements include a risk assessment to detect the possible risks caused by product and system elements or user behavior. You must also determine the system design changes affecting these risks and find ways to minimize the vulnerabilities.