Safe Automotive soFtware architEcture
The ITEA 2 SAFE project will speed up the efficient development of safety features in cars. The objective is to extend the AUTOSAR architectural model, enhance methods for defining safety goals and define development processes complying with the new ISO 26262 standard for functional safety in automotive electrical and electronic systems.
Electronics and software are now responsible for over 80% of all innovations in the automotive industry. Modern vehicles are equipped with many extremely complex embedded systems integrating a large number of software and hardware components from different suppliers.
As many of today’s innovations focus on active or passive safety, there are tough demands on systems reliability and functionality which, in turn, put pressure on development processes.
Such challenges require an efficient and cost-effective approach calling for standardisation of methods and architectures for use in system, software, and hardware design.
Leading automotive manufacturers, component suppliers, and software and microelectronics designers worked together to develop the automotive open system architecture (AUTOSAR) standard, now widely used in production vehicles and throughout the automotive supply chain. The new ISO 26262 standard addresses functional safety in car electrical/electronic systems, defining requirements for the entire development process including strict requirements in terms of process documentation, analysis and verification.
SAFE addresses the demands of these new standards, reducing software development efforts while ensuring a technological advantage for Europe through the fast realisation of innovative and high quality yet affordable products.
The three main objectives of SAFE are to:
1. Extend the AUTOSAR architecture model to integrate effectively artefacts associated with the application of ISO 26262. The extended model will be implemented in a technology reference platform;
2. Enhance methods such as efficient capturing of safety goals and requirements as well as for safety evaluation or conformance testing to benefit from the integrated model. The technology reference platform will be extended with a set of appropriate plug-ins to allow evaluation of the methods within significant industrial case studies; and
3. Define an ISO 26262-compliant process on top of model-based development using AUTOSAR. This will be evaluated in realistic and measurable industrial case studies, involving the complete automotive supply chain.
Such challenges can only be tackled effectively in a joint initiative that includes carmakers, their Tier One suppliers, chipmakers and tool suppliers – as well as research organisations which provide a significant background in relevant fields. SAFE project partners will impact the market at several levels:
- For car manufacturers SAFE will bring methods and tools that give the flexibility to develop new architectures with Safety In the Loop approach;
- First Tier suppliers will get the possibility to demonstrate safety conformity and to optimize the cost of the development;
- Semiconductor manufacturers are enabled to develop new architectures for safe hardware components;
- For tool vendors SAFE is an opportunity to provide an integrated tool-chain including design and safety analysis;
- Research organisations provide their conceptual work for analysis methods; and
- Certification authorities will get accreditation for automotive certification of functional safety assessment process.
Manufacturers, suppliers and research partners are focusing on the conceptual work on the development process, while the tool vendors are developing customised tool support, and certification authority provides contributions to the efficient implementation of conformity assessments.
The major outcomes of the SAFE will be:
- An assessment model for demonstration of compliance to the ISO 26262 standard in the context of automotive products and AUTOSAR architecture, defining which safety-related inputs/outputs are required at each of the design stage;
- A complete SAFE technology platform for development of automotive products according ISO26262, to perform early safety analysis at architecture level and to demonstrate safety property propagation at hardware/software component level; and
- A proposal for extension of the AUTOSAR standard, as spelt out in the final results of system, hardware and software meta-model, with specialised properties for safety analysis; but also AUTOSAR architecture recommendation and configuration through application rules obtained from the various use cases.
the main contributions of