Satisfying ASIL Requirements: Ensure the Functional Safety of Automotive Software

Ensure the Functional Safety of Automotive Software

Safety functions are increasingly being carried out by electrical, electronic, or programmable electronic systems. These systems are usually complex, making it impossible in practice to fully determine every failure mode or to test all possible behavior. Although it is difficult to predict the safety performance, testing is still essential. The challenge is to design the system in such a way as to prevent dangerous failures or to control them when they arise.

Safety is one of the key issues of today's and tomorrow's automobile development. New functionality—not only in the area of driver assistance, but also in vehicle dynamics control and active and passive safety systems—increasingly touches the domain of safety engineering. Future development and integration of these functionalities will further strengthen the need to have safe system development processes and to provide evidence that all reasonable safety objectives are satisfied.

With the trend of increasing complexity, software content, and mechatronic implementation, there are rising risks of systematic failures and random hardware failures. ISO/DIS 26262 includes guidance to reduce these risks to a tolerable level by providing feasible requirements and processes.

The purpose of this document is to detail how the use of Parasoft C/C++test can help automotive software development teams meet requirements for particular ASIL levels. It first introduces the concept of ASIL as defined by the ISO/DIS 26262 standard. Next, it describes Parasoft C/C++test: an integrated solution for automating best practices in software development and testing. Finally, it presents how Parasoft C/C++test can be used to fully or partially satisfy software development process requirements for particular ASILs.

Automotive Safety Integrity Levels (ASIL)

Safety Integrity Level (SIL)—as defined by the IEC 61508 standard—or Automotive Safety Integrity Level (ASIL)—as defined by the ISO/DIS 26262 standard—is one of the four levels (1-4 in IEC 61508, A-D in ISO/DIS 26262) to specify the necessary safety measures for avoiding an unreasonable residual risk. 4 or D represents the most stringent level and 1 or A represents the least stringent level. Note that safety integrity level is a property of a given safety function, not a property of the whole system or a system component.

Each safety function in a safety-related system needs to have an appropriate safety integrity level assigned. According to ISO/DIS 26262, the risk of each hazardous event is evaluated based on the following attributes:

    • Frequency of the situation, a.k.a. “exposure”• Impact of possible damage, a.k.a. “severity”• Controllability

Depending on the values of these three attributes, the appropriate safety integrity level for a given functional defect is evaluated. This determines the overall ASIL for a given safety function.

The ISO/DIS 26262 standard specifies the requirements (safety measures) for achieving each automotive safety integrity level. These requirements are more rigorous at higher levels of safety integrity in order to achieve the required lower likelihood of dangerous failures...

***


To read more, download the complete Satisfying ASIL Requirements for Software paper as a PDF.