I will be speaking at the Automotive System Safety Europe conference in Berlin at November 29th, 2016. In my talk I will give some insides about how freedom from interference can be achieved in automotive systems. I will also discuss best practices on how to deal with mixed ASIL architectures and how freedom from interference can be achieved in legacy systems.
The date of the 1st International Conference Automotive Embedded Systems has been changed to March 17-19, 2014!
I’m looking forward to meet you there and discuss the current and emerging trends in automotive software engineering.
I’m happy to announce that I will chair the 1st International Conference Automotive Embedded Systems. The Automotive Embedded Systems conference focuses on the challenges of nowadays automotive software and systems development.
The conference will be held from 25 – 27 February 2014 at the Lindner Hotel Airport, Düsseldorf, Germany.
We will discuss emerging trends in automotive software and systems engineering such as:
- model-based engineering,
- agile development,
- autonomous driving,
- safety and security,
- and many more
I’m looking forward to meet you at the conference!
I have updated my list of literature on functional safety with the book of Marco Bozzano et al..
The book is a very well written introduction into the topic of safety assessment and functional safety and I can recommend it for readers on beginner levels as well as for functional safety experts that want learn more about formal methods and model checking in the context of safety assements.
Design and Safety Assessment of Critical Systems (recommended)
|by Marco Bozzano and Adolfo Villafiorita
Short Description (source: amazon.com):
I gave a talk on causality checking for complex system models at the VMCAI 2013 conference in Rome, Italy.
With the increasing growth of the size and complexity of modern safety-critical systems, the demand for model based engineering methods that both help in architecting such systems and to asses their safety and correctness becomes increasingly obvious. Causality checking is an automated method for formal causality analysis of system models and system execution traces. In this paper we report on work in progress towards an on-the-fly approach for causality checking of system models. We also sketch how this approach can be applied in model-based system analysis when assessing the system’s functional correctness.
A collection of books discussing functional safety according to IEC61508 and ISO26262.
Design and Safety Assessment of Critical Systems (recommended)
|by Marco Bozzano and Adolfo VillafioritaShort Description (source: amazon.com):
Safety-critical systems, by definition those systems whose failure can cause catastrophic results for people, the environment, and the economy, are becoming increasingly complex both in their functionality and their interactions with the environment. Unfortunately, safety assessments are still largely done manually, a time-consuming and error-prone process. The growing complexity of these systems requires an increase in the skill and efficacy of safety engineers and encourages the adoption of formal and standardized techniques. An introduction to the area of design and verification of safety-critical systems, Design and Safety Assessment of Critical Systems focuses on safety assessment using formal methods. Beginning with an introduction to the fundamental concepts of safety and reliability, it illustrates the pivotal issues of design, development, and safety assessment of critical systems. The core of the book covers traditional notations, techniques, and procedures, including Fault Tree Analysis, FMECA, HAZOP, and Event Tree Analysis, and explains in detail how formal methods can be used to realize such procedures. It looks at the development process of safety-critical systems, and highlights influential management and organizational aspects. Finally, it describes verification and validation techniques and new trends in formal methods for safety and concludes with some widely adopted standards for the certification of safety-critical systems. Providing an in-depth and hands-on view of the application of formal techniques to advanced and critical safety assessments in a variety of industrial sectors, such as transportation, avionics and aerospace, and nuclear power, Design and Safety Assessment of Critical Systems allows anyone with a basic background in mathematics or computer science to move confidently into this advanced arena of safety assessment.
|currently not available|
|Short Description (source: amazon.com):
Electrical, electronic and programmable electronic systems increasingly carry out safety functions to guard workers and the public against injury or death and the environment against pollution. The international functional safety standard IEC 61508 was revised in 2010, and this is the first comprehensive guide available to the revised standard. As functional safety is applicable to many industries, this book will have a wide readership beyond the chemical and process sector, including oil and gas, power generation, nuclear, aircraft, and automotive industries, plus project, instrumentation, design, and control engineers. * The only comprehensive guide to IEC 61508, updated to cover the 2010 amendments, that will ensure engineers are compliant with the latest process safety systems design and operation standards* Helps readers understand the process required to apply safety critical systems standards*
Please note that this is an incomplete literature list of books on functional safety / automotive safety according to ISO 26262 and IEC 61508.
Bitte beachten Sie, dass dies eine unvolständige Literaturliste zum Thema Funktionale Sicherheit bzw. Automotive Safety nach den Normen IEC 61508 / ISO 26262 ist.
The last few months I had not much time to blog, but today I want to write about a current research project
I’m involved in.
The QuantUM Approach
When developing a safety-critical system it is essential to obtain an assessment of different design alternatives. In particular, an early safety assessment of the architectural design of a system is desirable. In spite of the plethora of available formal quantitative analysis methods it is still difficult for software and system architects to integrate these techniques into their every day work. This is mainly due to the lack of methods that can be directly applied to architecture level models, for instance given as UML diagrams. Also, it is necessary that the description methods used do not require a profound knowledge of formal methods. Our approach bridges this gap and improves the integration of quantitative safety analysis methods into the development process. All inputs of the analysis are specified at the level of a UML model. This model is then automatically translated into the analysis model, and the results of the analysis are consequently represented on the level of the UML model. Thus the analysis model and the formal methods used during the analysis are hidden from the user.
Our approach depicted in the Figure above can be summarized by identifying the following steps:
- Our UML extension is used to annotate the UML model with all information that is needed to perform a dependability analysis.
- The annotated UML model is then exported in the XML Metadata Interchange (XMI) format which is the standard format for exchanging UML models.
- Subsequently, our QuantUM Tool parses the generated XMI file and generates the analysis model in the input language of the probabilistic model checker PRISM as well the properties to be verified.
- For the analysis we use the probabilistic model checker PRISM together with DiPro in order to compute probabilistic counterexamples representing paths leading to a hazard state.
- The resulting counterexamples can then be transformed into a fault tree that can be interpreted at the level of the UML model. Alternatively, they can be mapped onto a UML sequence diagram which can be displayed in the UML modeling tool containing the original UML model.
Key Features of QuantUM
- QuantUM Profile for UML and SysML
Extension of the UML and SysML with stereotypes. Specification of safety requirements, dependability characteristics (failure modes, …), failure propagation, component dependencies, safety mechanisms (repair management, redundancy structures) directly in the architectural model with your existing UML / SysML CASE tool.
- Probabilistic Analsysis / pFMEA
The annotated UML Model is automatically translated into the input language of a probabilistic model checker, which computes the probability of safety requirements of hazards. In addition a probabilistic FMEA can be performed automatically.
- Automated Fault Tree Generation
(Quantitative) Fault Trees identifying the events causing the violation of a safety requirement or a hazard are automatically generated the analysis.
- Result Representation in UML / SysML
System executions violating safety requirements or causing a hazard can be displayed as UML sequence diagrams.
The QuantUM approach was applied in several industrial case studies and can be used with all major UML / SysML case tools (e.g. IBM Rational Rhapsody, IBM Rational Software Architect, Sparxsystem Enterprise Architect, …)
More Information on the theory and methods behind QuantUM can be found on the publications site. As soon as the first prototype is available
it will be announced here! Stay tuned!