VerlässlicheEchtzeitsysteme- KönnenwirunserenAutos Nochvertrauen?
Verlässliche Echtzeitsysteme –Können wir unseren Autos noch vertrauen?Bernhard SechserMethod Park Software AG, Erlangen30.04.2012
Contents Who is Method Park? Why do we need Safety Standards? Process and Safety demands in Automotive Hazard Analysis and Risk Assessment Functional and Technical Development Software Process in detail Tool Qualification Summary 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 2 of 69
Contents Who is Method Park? Why do we need Safety Standards? Process and Safety demands in Automotive Hazard Analysis and Risk Assessment Functional and Technical Development Software Process in detail Tool Qualification Summary 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 3 of 69
Method Park - Facts and FiguresFactsAwards200420082011 Founded in 2001 Locations:Germany: Erlangen, MunichUSA: Detroit, Miami2006, 2007, 2009Revenue & employees20052009Business unit revenue33%ProductsTraining & ConsultingEngineering45%22% 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 4 of 69
PortfolioProductSolution for integratedprocess managementEngineeringAreas: Project Coaching Software Development & Support On Site Support Off Site Projects Fixed Price ProjectsConsulting/CoachingTrainingTopics: Software Process Improvement CMMI , SPICE, Automotive SPICE AUTOSAR, Functional Safety Requirements Management Project and Quality Management Software Architecture & Design Software TestingWide range of seminars in the divisionsystem and software developmentAccredited by the following organizations:SEI, ISTQB, ISQI, INTACS, IREP 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 5 of 69
Our CustomersAutomotive Audi Automotive Lighting Blaupunkt BMW Bosch Brose Continental Daimler Delphi ETAS Helbako IAV Knorr-Brakes Marquardt Peiker Acustic Preh Thales TRW Volkswagen Webasto ZF ZollnerEngineering/Automation 7 layers ABB BDT Carl Schenk EBM Papst HeidelbergerDruckmaschinen Insta Kratzer Automation Magirus Mettler Toledo Mühlbauer Group Rohde&Schwarz Siemens Industries WagoGovernment/Public Bundesagentur für Arbeit Curiavant Kassenärztliche VereinigungBaden-WürttembergHealthcare Carl Zeiss Siemens Fresenius Agfa Ziehm Imaging NewTec Innovations Software TechnologyIT/Telecommunications GFT Intersoft Nash Technologies NEC Micronas Siemens Teleca 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeDefense Airbus Deutschland Diehl EADS Raytheon Anschütz KIDFurther Bosch und Siemens Hausgeräte Deutsche Post GMC Software Technologies Kodak Landesbank Kiel Raab Karcher Giesecke & Devrient Thales Rail SignalingSlide 6 of 69
Contents Who is Method Park? Why do we need Safety Standards? Process and Safety demands in Automotive Hazard Analysis and Risk Assessment Functional and Technical Development Software Process in detail Tool Qualification Summary 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 7 of 69
ExamplesAriane 5 (July 4th, 1996)Detonation shortly aftertakeoff because of an errorin the control softwareRoot cause:Insufficient tests of a reused“proven in use” softwarecomponentSource: ESA 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSource: YouTubeSlide 8 of 69
ExamplesApplication that can cause harm (a risk): Airbag exploding when infant is sitting in front seatNeed to assess the risk Infant getting injured – “not good at all”Find a mitigation strategy, e.g. a safety function: Detecting infant in front seat and disabling airbaga) sensor delivers signal tob) software/hardware controlling anc) actuator (disabler)Question:How to measureand agree on theFunctional Safety is then:measures? An infant in front seat is not exposedto an unacceptable (unreasonable) risk 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 9 of 69
ExamplesQuestion:Do we dare puttingsoftware in directcontrol of people’s life? 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 10 of 69
Reasons for Failures63%60%50%Root cause analysis ofsoftware failures in 90healthcare ectureRequirementsOtherDesign Source: Fraunhofer Institute for Experimental Software Engineering 2007 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 11 of 69
ComplexitySource: Courtesy of Daimler; Presentation given at Automotive Electronics and Electrical Systems Forum 2008, May 6, 2008, Stuttgart, Germany 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 12 of 69
Extract from German law§ 823 Abs. 1 BGB:„Anyone who injures intentionally or negligently the life, body,health, liberty, property or any other right of another person, isobliged to compensate for the resulting damages.“§ 1 Abs. 1 ProdhaftG:„If someone is killed, his body or health injured or an itemdamaged by a defect in a product, the manufacturer of the productis obliged to replace the resulting damages.“ 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 13 of 69
Contents Who is Method Park? Why do we need Safety Standards? Process & Safety demands in Automotive Hazard Analysis and Risk Assessment Functional and Technical Development Software Process in detail Tool Qualification Summary 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 14 of 69
DefinitionsSafety is the absence of unacceptable (unreasonable) risks that cancause harm achieved through a planned strategyFunctional Safety is part of the overall safety that depends on a system orequipment operating correctly in response to its inputs. is achieved when every specified safety function is carried outand the level of performance required of each safety function ismet is not to provide the perfect car, but a safe car.Functional Safety Management is the management (plan, do, act, check) of all activitiesnecessary to reach functional safety. 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 15 of 69
Existing StandardsIEC 61508Functional safety of electrical / electronic /programmable electronic safety-related systemsEN 62061ISO 13849ManufactoringIEC 61513IEC 60880NuclearIEC 62304MedicalEN 50271EN 50402Gas MeasuringDO 178BAviationIEC 61511AutomationEN 50126EN 50128EN 50129RailISO 26262Automotive 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 16 of 69
Scope of ISO 26262Why not using IEC 61508?Lessons learnt from application of IEC 61508 in automotive industry: Not adapted to real-time and integrated embedded systems Not adapted to automotive development and life cycles No requirements for manufacturer / supplier relationship No ‘consumer-goods’ orientation Companies had to solve these issues themselves until introduction of 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 17 of 69
Structure of ISO 26262Source: ISO/FDIS 26262 - BL18 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 18 of 69
ISO 15504 & Automotive SPICE Primary Life Cycle ProcessesProcess CategoryProcess GroupProcessAcquisitionAcquisition ProcessProcess GroupGroup (ACQ)(ACQ)AAAAAAAAAAAAAAACQ.1ACQ.1 AcquisitionAcquisition preparationpreparationACQ.2SupplierACQ.2 Supplier selectionselectionACQ.3ACQ.3 ContractContract agreementagreementHH ACQ.4SupplierACQ.4 Supplier monitoringmonitoringACQ.5ACQ.5 CustomerCustomer acceptanceacceptanceACQ.11ACQ.11 TechnicalTechnical requirementsrequirementsACQ.12ACQ.12 LegalLegal andand administrativeadministrative CQ.13 Project requirementsACQ.14ACQ.14 RequestRequest forfor proposalsproposalsACQ.15ACQ.15 SupplierSupplier qualificationqualificationSupplySupply ProcessProcess GroupGroup (SPL)(SPL)AAAASPL.1SPL.1 SupplierSupplier tenderingtenderingSPL.2ProductSPL.2 Product releasereleaseSPL.3SPL.3 ProductProduct acceptanceacceptance supportsupportA Automotive SPICE H HIS-ScopeEngineeringEngineering ProcessProcess GroupGroup (ENG)(ENG)AAAAAAAAAAAAAAAAAAAAENG.1ENG.1 RequirementsRequirements elicitationelicitationHH ENG.2SystemENG.2 System requirementsrequirements analysisanalysisHH ENG.3ENG.3 SystemSystem architecturalarchitectural designdesignHH ENG.4ENG.4 SoftwareSoftware requirementsrequirements analysisanalysisHH ENG.5SoftwaredesignENG.5 Software designHH ENG.6ENG.6 SoftwareSoftware constructionconstructionHH ENG.7ENG.7 SoftwareSoftware integrationintegrationHH ENG.8ENG.8 SoftwareSoftware testingtestingHH ENG.9SystemENG.9 System integrationintegrationHH ENG.10ENG.10 SystemSystem testingtestingENG.11SoftwareENG.11 Software installationinstallationENG.12ENG.12 SoftwareSoftware andand systemsystem maintenancemaintenanceSupporting Life Cycle ProcessesSupportSupport ProcessProcess GroupGroup (SUP)(SUP)AA HH SUP.1SUP.1 QualityQuality assuranceassuranceAASUP.2VerificationSUP.2 VerificationSUP.3SUP.3 ValidationValidationAASUP.4SUP.4 JointJoint reviewreviewSUP.5SUP.5 AuditAuditSUP.6SUP.6 ProductProduct evaluationevaluationAASUP.7SUP.7 DocumentationDocumentationAA HH SUP.8SUP.8 ConfigurationConfiguration managementmanagementAA HH SUP.9ProblemSUP.9 Problem resolutionresolution managementmanagementAA HH SUP.10SUP.10 ChangeChange requestrequest managementmanagementOrganizational Life Cycle ProcessesManagementManagement ProcessProcess GroupGroup (MAN)(MAN)AAAAAAProcessProcess ImprovementImprovement ProcessProcess GroupGroup (PIM)(PIM)AAPIM.1PIM.1 ProcessProcess establishmentestablishmentPIM.2ProcessPIM.2 Process assessmentassessmentPIM.3PIM.3 ProcessProcess improvementimprovementResourceResource && InfrastructureInfrastructure ProcessProcess GroupGroup (RIN)(RIN)RIN.1RIN.1 HumanHuman resourceresource managementmanagementRIN.2TrainingRIN.2 TrainingRIN.3RIN.3 KnowledgeKnowledge managementmanagementRIN.4RIN.4 InfrastructureInfrastructureOperationOperation ProcessProcess GroupGroup (OPE)(OPE)OPE.1OPE.1 OperationalOperational useuseOPE.2CustomerOPE.2 Customer supportsupportMAN.1MAN.1 OrganizationalOrganizational alignmentalignmentMAN.2MAN.2 OrganizationalOrganizational managementmanagementHH MAN.3MAN.3 ProjectProject managementmanagementMAN.4MAN.4 QualityQuality managementmanagementMAN.5MAN.5 RiskRisk managementmanagementMAN.6MAN.6 MeasurementMeasurementReuseReuse ProcessProcess GroupGroup (REU)(REU)AAREU.1REU.1 AssetAsset managementmanagementREU.2ReuseREU.2 Reuse programprogram managementmanagementREU.3REU.3 DomainDomain engineeringengineering 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 19 of 69
Structure of ISO 26262Management Process Improvement Resource & InfrastructureEngineering pplySupportISO 15504 Process Groups 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeReuseSource: ISO/FDIS 26262 - BL18Slide 20 of 69
Safety Lifecycle Overview2-5 to 2-77-6 n of thesafety lifecycle3-7Hazard analysisand risk assessment3-8Functional safetyconcept4Product development:system level5HWlevel6SWlevelConcept phaseItem definitionAllocationto velopment4-9Safety validation4-10Functional safetyassessment4-11Releasefor production7-5Production7-6Operation, serviceanddecommissioningProductionIn the case of amodification, back tothe appropriatelifecycle phaseProduct developmentConcept3-5After therelease forproduction Management of functional safetySource: ISO/FDIS 26262-2 – BL18 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 21 of 69
Safety Lifecycle OverviewConcept Phase Focus on entire systemRisksSafety Goals and RequirementsSafety functions 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 22 of 69
Safety Lifecycle OverviewProduct Development System, Hardware and SoftwareSafety validation and assessmentProduction and Operation(Planning) 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 23 of 69
Product DevelopmentProduct Development at theSystem LevelSource: ISO/FDIS 26262-2 – BL18Source: ISO/FDIS 26262-4 – BL18 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 24 of 69
Product DevelopmentProduct Development at theHardware LevelISO 26262-5: Product development at the hardware level4.7System DesignScope of ISO 26262-55.57.5Production7.6Operation, service (maintenanceand repair), and decommissioningInitiation of product developmentat the hardware level5.6Specification of hardware safetyrequirements5.7Hardware design5.8Evaluation of the hardwarearchitectural metrics5.9Evaluation of safety goal violationsdue to random hardware failures8.13Qualification of hardwarecomponentsSource: ISO/FDIS 26262-2 – BL185.10Hardware integration and testing4.8Item integration and testingSource: ISO/FDIS 26262-5 – BL18 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 25 of 69
Product DevelopmentProduct Development at theSoftware LevelSource: ISO/FDIS 26262-2 – BL18Source: ISO/FDIS 26262-6 – BL18 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 26 of 69
Safety Lifecycle OverviewAfter Release for Production Production Installation Operation Maintenance and reparationDisassembly 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 27 of 69
Contents Who is Method Park? Why do we need Safety Standards? Process and Safety demands in Automotive Hazard Analysis and Risk Assessment Functional and Technical Development Software Process in detail Tool Qualification Summary 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 28 of 69
Hazard Analysis and Risk AssessmentRisk reduction to an acceptable levelSource: IEC 61508-5 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 29 of 69
Hazard Analysis and Risk AssessmentSituation analysis and hazard identification List of driving and operating situations Estimation of the probability of Exposure Detailing failure modes leading to hazards inspecific situations Estimation of Controllability Evaluating consequences of the hazards Estimation of potential Severity Respect only the plain item (do not takerisk-reducing measures into account!) Involve persons with good knowledgeand domain experience 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 30 of 69
Hazard Analysis and Risk AssessmentAssociations of the central concepts 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 31 of 69
Hazard Analysis and Risk AssessmentSeverity – Measure of theextent of harm to an individualin a specific situationClassDescriptionS0NoinjuriesS1Light andmoderateinjuriesS2Severe and lifethreatening injuries(survival probable) 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeS3Life-threatening injuries(survival uncertain), fatalinjuriesSlide 32 of 69
Hazard Analysis and Risk AssessmentExposure – State of being inan operational situation that canbe hazardous if coincident withthe failure mode under analysisClassE0E1E2E3E4DescriptionIncredibleVery robabilityTimeNot specifiedLess than 1%of averageoperating time1% - 10% ofaverageoperating time 10% ofaverageoperating timeEventSituations thatoccur lessoften thanonce a yearfor the greatmajority ofdriversSituations thatoccur a fewtimes a yearfor the greatmajority ofdriversSituations thatoccur once amonth or moreoften for anaverage driverAll situationsthat occurduring almostevery drive onaverage 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 33 of 69
Hazard Analysis and Risk AssessmentControllability – Avoidance ofthe specified harm or damagethrough the timely reactions ofthe persons involvedClassC0C1C2C3DescriptionControllablein cult to control oruncontrollableDefinitionControllablein general99% or more ofall drivers orother trafficparticipants areusually able toavoid a specificharm.90% or more ofall drivers orother trafficparticipants areusually able toavoid a specificharm.Less than 90% of alldrivers or othertraffic participantsare usually able, orbarely able, to avoida specific harm. 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 34 of 69
Hazard Analysis and Risk AssessmentCombinations of Severity,Exposure andControllability result in theapplicable ASIL.If S0 or E0 or C0 is set, noASIL is required QMAE3QMABE4ABCE1QMQMAE2QMABE3ABCE4BCDS1The ASIL’s influence thedevelopment process ofthe items.QM Quality ManagementNo specific ISO 26262requirement has to beobservedC1S2S3 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 35 of 69
Hazard Analysis and Risk AssessmentSafety Goals Top-level safety requirements as a result of the hazard analysisand risk assessment Assigned to each identified hazard rated with an ASIL A-D Lead to item characteristics needed to avert hazards or toreduce risks associated with the hazards to an acceptable levelExample for safety goals: Park Brake SystemIDSafety GoalG1Avoidance of unintended maximum brake force build up at one or Dseveral wheels during drive and in all environmental conditionsG2Guarantee the specified parking brake function in use casesituation "parking on slope" in all environmental conditionsAG3Avoidance of unintended release of the parking brake in use casesituation "parking on slope" in all environmental conditionsC 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeASILSlide 36 of 69
Contents Who is Method Park? Why do we need Safety Standards? Process and Safety demands in Automotive Hazard Analysis and Risk Assessment Functional and Technical Development Software Process in detail Tool Qualification Summary 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 37 of 69
Functional Safety ConceptSafety Goals and Functional Safety Requirements 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 38 of 69
ASIL DASIL DalternativedecompositionsASIL DASIL D ASIL A(D)ASIL B(D) ASIL B(D)ASIL D(D) QM(D)ASIL CASIL C ASIL A(C)ASIL C(C)alternativedecompositionsASILBASILB QM(C)ASIL BASIL Brequirementsin 5.4.11ASIL A(B) n 5.4.11requirementsin 5.4.11ASIL B(C)beforedecompositionrequirementsin 5.4.11alternativedecompositionsASIL CASIL CASIL DASIL Drequirementsin 5.4.11and 5.4.12requirementsin 5.4.11ASIL C(D)alternativedecompositionsASIL A(B)ASIL AdecompositionASIL BdecompositionASIL CdecompositionASIL DdecompositionASIL requirementsin 5.4.11ASIL B(B) QM(B)ASIL AASIL in 5.4.11ASIL A(A) QM(A)afterdecompositionSource: ISO/FDIS 26262-9 – BL18 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 39 of 69
ArchitecturesExample: Three channel structure CentralProcessingUnitOutputCircuit 1OutputCircuit 2OutputCircuit 1OutputCircuit 2OutputCircuit 1OutputCircuit 2Actuator 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 40 of 69
Contents Who is Method Park? Why do we need Safety Standards? Process and Safety demands in Automotive Hazard Analysis and Risk Assessment Functional and Technical Development Software Process in detail Tool Qualification Summary 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 41 of 69
Product Development at Hardware &Software Level4-75-6Important part:Hardware-SoftwareInterfaceSpecification (HSI)System DesignSpecification of Hardware SafetyRequirements4-76-6Specification of Software SafetyRequirementsHardware-Software InterfaceSpecification (HSI)5-7Hardware Design6-7Software Architecture Design5-8Hardware Architectural Constraints6-8Software Unit Design andImplementation5-9Assessment Criteria for Probabilityof Violation of Safety Goals6-9Software Unit Testing5-10Hardware Integration and Testing6-10Software Integration and Testing6-11Verification of Software SafetyRequirementsSource: ISO/FDIS 26262-4 – BL184-8 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeItem Integration and TestingSlide 42 of 69
Initiation of Product Development at theSoftware LevelTopics to be covered by modeling and coding guidelinesTopicsASILABCD1aEnforcement of low complexity 1bUse of language subsets 1cEnforcement of strong typing 1dUse of defensive implementation techniqueso 1eUse of established design principles 1fUse of unambiguous graphical representation 1gUse of style guides 1hUse of naming conventions Source: ISO/FDIS 26262-6:2011 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 43 of 69
Specification of Software SafetyRequirementsGoals Derive Software SafetyRequirements from andensure consistency with System Design Technical Safety Concept Detail the hardwaresoftware interfacerequirements 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 44 of 69
Software Architectural DesignGoals Develop an Architecture thatimplements the SoftwareSafety Requirements Static and dynamic interfaces Safety-related and non safetyrelated requirements Verify the Software Architecture Compliance with the requirements Compatibility with hardware Respect of design principles and standards 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 45 of 69
Software Architectural DesignPrinciples for software architectural designASILMethodsABCD1aHierarchical structure of software components 1bRestricted size of software components 1cRestricted size of interfaces 1dHigh cohesion within each software component 1eRestricted coupling between software components 1fAppropriate scheduling properties 1gRestricted use of interrupts Source: ISO/FDIS 26262-6:2011 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 46 of 69
Software Architectural DesignBased on the results of the safety analysis the mechanisms forerror detection and error handling shall be appliedASILASILMethodsMethodsA1a1bRange checks ofinput and outputdataPlausibility check B C D Detection of dataerrors 1dExternalmonitoring facilityo 1eControl flowmonitoringo 1fDiverse softwaredesignoo BCD1aStatic recoverymechanism 1bGracefuldegradation 1cIndependentparallelredundancyoo 1dCorrecting codesfor data 1cAError handlingError detection 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSource: ISO/FDIS 26262-6:2011Slide 47 of 69
Software Architectural DesignMethods for the verification of the software architectural designASILMethodsABCD oo1aWalk-through of the design1bInspection of the design 1cSimulation of dynamic parts of the design 1dPrototype generationoo 1eFormal verificationoo 1fControl flow analysis 1gData flow analysis Source: ISO/FDIS 26262-6:2011 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 48 of 69
Software Unit Design and ImplementationGoals Specify SW Units based on: SW Architecture SW Safety Requirements Implement the SW Units Verify SW Units Code reviews / inspections 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 49 of 69
Software Unit Design and ImplementationDesign principles for software unit design and implementationASILMethodsABCD1aOne entry and one exit point in subprograms and functions 1bNo dynamic objects or variables, or else online test duringtheir creation 1cInitialization of variables 1dNo multiple use of variable names 1eAvoid global variables or else justify their usage 1fLimited use of pointerso 1gNo implicit type conversions 1hNo hidden data flow or control flow 1iNo unconditional jumps 1jNo recursions Source: ISO/FDIS 26262-6:2011 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 50 of 69
Software Unit Design and ImplementationExample: MISRA C Programming standard developed by Motor Industry SoftwareReliability Association Avoidance of runtime errors due to unsafe C constructs The respect of MISRA C shall be demonstrated static codeanalysisInfos: www.misra.org 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 51 of 69
Software Unit TestingGoals Demonstrate that thesoftware units fulfil theSoftware Unit Specifications Verify absence of undesiredfunctionalities 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 52 of 69
Software Unit TestingThe software unit testing methodsshall be applied to demonstratethat the software units achieve: Compliance with the softwareunit design specification Compliance with thespecification of the hardwaresoftware interface Correct implementation of thefunctionalityASILMethodsABCD1aRequirementsbased test 1bInterface test 1cFault injectiontest 1dResource usagetest 1eBack-to-backcomparison testbetween modeland code, ifapplicable Absence of unintendedfunctionalitySource: ISO/FDIS 26262-6:2011 Robustness Sufficiency of the resources tosupport the functionality 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 53 of 69
Software Unit TestingMethods for deriving test cases for software unit testingASILMethodsABCD 1aAnalysis of requirements1bGeneration and analysis of equivalenceclasses 1cAnalysis of boundary values 1dError guessing Source: ISO/FDIS 26262-6:2011 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 54 of 69
Software Unit TestingStructural coverage metrics at the software unit levelASILMethodsABCD 1aStatement coverage1bBranch coverage 1cMC/DC (Modified Condition/Decision Coverage) Source: ISO/FDIS 26262-6:2011 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 55 of 69
Software Integration and TestingGoals Integrate SW components Integration sequence Testing of interfacesbetween components/units Verify correct implementationof the SW Architecture 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 56 of 69
Software Integration and TestingThe software integration test methods shall be applied todemonstrate that both the software components and theembedded software achieve: Compliance with thesoftware architecturaldesignCompliance with thespecification of thehardware-software interfaceCorrect implementation ofthe functionalityRobustness and sufficiencyof the resources to supportthe functionalityASILMethodsABCD1aRequirementsbased test 1bInterface test 1cFault injection test 1dResource usagetest 1eBack-to-backcomparison testbetween model andcode, if applicable Source: ISO/FDIS 26262-6:2011 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 57 of 69
Software Integration and TestingStructural coverage metrics at the software architectural levelASILMethodsABCD1aFunction coverage 1bCall coverage Source: ISO/FDIS 26262-6:2011 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 58 of 69
Verification of Software SafetyRequirementsGoals Verify that the embeddedsoftware fulfils the SoftwareSafety Requirements in thetarget environment 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche EchtzeitsystemeSlide 59 of 69
Verification of Software SafetyRequirements Verify that the embedded software fulfils the software safetyrequirements Verification of the software safety requirements shall beexecuted on the target hardware The results of the verification of the software safetyrequirements shall be evaluated in accordance with: Compliance with theexpected results Coverage of the softwaresafety requirementsASILMethodsABCD1aHardware-in-theloop 1bElectronic controlunit networkenvironments 1cVehicles A pass or fail criteriaSource: ISO/FDIS 26262-6:2011 2012 Method Park Software AG / Bernhard Sechser / 30.04.2012 / Verlässliche Echtzeitsyste
SUP.6 Product evaluation A SUP.7 Documentation A H SUP.8 Configuration management A H SUP.9 Problem resolution management A H SUP.10 Change request management Support Process Group (SUP) A H SUP.1 Quality assurance A SUP.2 Verification SUP.3 Validation A SUP.4 Joint review SUP.5 Audit SUP.6 Product evaluation A SUP.7 Documentation
3 www.understandquran.com ‡m wQwb‡q †bq, †K‡o †bq (ف ط خ) rُ sَ _ْ یَ hLbB َ 9 آُ Zviv P‡j, nv‡U (ي ش م) اْ \َ َ hLb .:اذَإِ AÜKvi nq (م ل ظ) َ9َmْ أَ Zviv uvovj اْ ُ Kَ hw ْ َ Pvb (ء ي ش) ءَ Cﺵَ mewKQy ءٍ ْdﺵَ bِّ آُ kw³kvjx, ¶gZvevb ٌ یْ"ِKَ i“Kz- 3
Der Betriebsrat hat hinsichtlich der zeitlichen Lage der Arbeitszeit ein Mitbestim- mungsrecht und damit auch ein Initiativrecht gemäß § 87 Absatz 1 Nr. 3 BetrVG. Grundsätzlich kann der Betriebsrat daher verl
Das musst du können! Mathematik Übungsheft für die 4./5. Klasse Dieses Heft gehört: _ Mathestunde 4 - Übungsaufgaben Klasse 4/5 Das musst du können! Mathematik Übungsheft für die 4. und 5. Klasse ISBN: 978-3-941868-18-2 Autor: Jörg Christmann Verl
2 VERBRUIKERSTUDIES (EC/SEPTEMBER 2016) Kopiereg voorbehou Blaai om asseblief VRAAG 1: KORTVRAE 1.1 1.1.1 D verl
bestätigt, dass es sich lohnt, Mitglied im Fachverband Chinesisch zu sein. Auf der Fachverbandstagung in Zürich wird der diesjährige Friedhelm-Denninghaus-Preis des Fachverbands Frau Thekla Chabbi für ihr Lehrwerk Liao Liao (Hueber Verl
La Chute von Albert Camus (1984) , Martina Yadel, Bonn : Bouvier Verl. : H. Grundmann , 1984 Texte-idéologie dans
Instructional Materials for Das doppelte Lottchen Contributors: Bobbette Leu‐Timmermann Lesson Plan Target Group: High School Level 3 and higher. Topic: Family Life and its Challenges Title: Das Doppelte Lottchen by Erich Kästner, Atrium Verl
ANSI A300 standards are the accepted industry standards for tree care practices. ANSI A300 Standards are divided into multiple parts, each focusing on a specific aspect of woody plant management. Tree Selection and Planting Recommendations Evaluation of the Site The specific planting site should be evaluated closely as it is essential to understand how the chemical, biological and physical .
