Tesi etd-01242017-133119 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
PAOLUCCI, CLAUDIA
URN
etd-01242017-133119
Titolo
Functional safety concept and safety analyses with System-C fault injection modelling of a current sensor for automotive applications
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
INGEGNERIA ELETTRONICA
Relatori
relatore Fanucci, Luca
Parole chiave
- FMEDA
- FTA
- ISO26262
- Methodology
Data inizio appello
24/02/2017
Consultabilità
Non consultabile
Data di rilascio
24/02/2087
Riassunto
More than 38,000 people, in 2015, died in motor vehicle crashes; some of these fatalities involved people who drive for a living. According to Injury Facts 2016, the Council’s annual report on injuries, the three biggest causes of fatalities on the road include:
Alcohol (30.8%)
Speeding (30%)
Distracted driving (26%)
As an answer to these tragic results, the automotive market is moving in the autonomous drive direction with which it is estimated that road accidents will be reduced up to 90%. The way to reach the complete autonomous drive however is still long and in the meanwhile a lot of automatization steps have been and will be realized.
To reach significant hazard reduction, the electronics shall have a tending toward zero fail probability. This affects all the development process and requires new verification methods.
In order to provide guidance to these new needs, the ISO26262 Safety Standard has been introduced in 2011. The standard poses stringent requirements for development of safety critical applications in terms of work products and team composition in the safety product development and the minimum results to reach trough specific Safety analyses on the product. However the standard doesn’t give indication on how to reach these results and so gives freedom about the methodology to use, to define the product Safety concept.
The scope of this work is to study and develop a new methodology for Safety concept and architecture definition for modern automotive electronic devices.
This new methodology starts from an initial architecture including the insertion of some Safety Mechanisms deriving from previous designs, state of the art techniques, engineering experience. Starting from this initial architecture, a redefinition iterative loop is exploited in which safety analyses are progressively performed to evaluate the actual functional safety level of the architecture and take the necessary counter-measures.
This refinement loop enables an architecture optimization during the product development and will stop when all the Safety analyses defined by the ISO 26262 standard have been performed giving results that are in line with the functional safety targets of the particular product under development for which the production costs and performance constraints are of course fulfilled as well.As part of the safety concept definition methodology a validation method for safety analyses assumptions and implementation, has been defined. This method allows also better evaluating the importance of each safety mechanism in terms of safety metrics and comparing it with its implementation cost in terms of area consumption and/or needed implementation effort. This provides an instrument to refine the set of safety measures skipping the un-needed ones.
In addition to that, in order to further support the safety analyses and more in general the development of the safety concept inside the product architecture, the use of fault injection analysis has been investigated. This has been performed by SystemC product modelling through specific errors injection, and it helps to verify the product reaction to them, in order to prove and refine the Safety analyses results.
The effectiveness of the methodology has been verified in a real application: for this scope, a current sensor under development for industrial applications has been analyzed and modelled.
After the proposed methodology has been applied on the current sensor device, the following conclusions can be taken:
the product Safety concept definition has been obtained for potential reuse of the IC in a derivative for automotive application.
the overall architecture has been defined.
the SystemC model featuring fault injection capabilities demonstrated to be useful to support the Safety analyses and to provide solid background for safety analyses results defense in front of customers.
Considering these results, this new methodology shows to have good analysis capabilities.
Of course there are other successful methodologies that can be used; however in these first years of ISO26262 application the investigated one demonstrated to be valid and can be reapplied in other similar processes.
Alcohol (30.8%)
Speeding (30%)
Distracted driving (26%)
As an answer to these tragic results, the automotive market is moving in the autonomous drive direction with which it is estimated that road accidents will be reduced up to 90%. The way to reach the complete autonomous drive however is still long and in the meanwhile a lot of automatization steps have been and will be realized.
To reach significant hazard reduction, the electronics shall have a tending toward zero fail probability. This affects all the development process and requires new verification methods.
In order to provide guidance to these new needs, the ISO26262 Safety Standard has been introduced in 2011. The standard poses stringent requirements for development of safety critical applications in terms of work products and team composition in the safety product development and the minimum results to reach trough specific Safety analyses on the product. However the standard doesn’t give indication on how to reach these results and so gives freedom about the methodology to use, to define the product Safety concept.
The scope of this work is to study and develop a new methodology for Safety concept and architecture definition for modern automotive electronic devices.
This new methodology starts from an initial architecture including the insertion of some Safety Mechanisms deriving from previous designs, state of the art techniques, engineering experience. Starting from this initial architecture, a redefinition iterative loop is exploited in which safety analyses are progressively performed to evaluate the actual functional safety level of the architecture and take the necessary counter-measures.
This refinement loop enables an architecture optimization during the product development and will stop when all the Safety analyses defined by the ISO 26262 standard have been performed giving results that are in line with the functional safety targets of the particular product under development for which the production costs and performance constraints are of course fulfilled as well.As part of the safety concept definition methodology a validation method for safety analyses assumptions and implementation, has been defined. This method allows also better evaluating the importance of each safety mechanism in terms of safety metrics and comparing it with its implementation cost in terms of area consumption and/or needed implementation effort. This provides an instrument to refine the set of safety measures skipping the un-needed ones.
In addition to that, in order to further support the safety analyses and more in general the development of the safety concept inside the product architecture, the use of fault injection analysis has been investigated. This has been performed by SystemC product modelling through specific errors injection, and it helps to verify the product reaction to them, in order to prove and refine the Safety analyses results.
The effectiveness of the methodology has been verified in a real application: for this scope, a current sensor under development for industrial applications has been analyzed and modelled.
After the proposed methodology has been applied on the current sensor device, the following conclusions can be taken:
the product Safety concept definition has been obtained for potential reuse of the IC in a derivative for automotive application.
the overall architecture has been defined.
the SystemC model featuring fault injection capabilities demonstrated to be useful to support the Safety analyses and to provide solid background for safety analyses results defense in front of customers.
Considering these results, this new methodology shows to have good analysis capabilities.
Of course there are other successful methodologies that can be used; however in these first years of ISO26262 application the investigated one demonstrated to be valid and can be reapplied in other similar processes.
File
Nome file | Dimensione |
---|---|
Tesi non consultabile. |