000004100

Functional Safety and Automotive SW - Engineering
Introduction ISO 26262 @ Daimler
Dr. Juergen Schwarz

Senior Manager
Functional Safety & E/E - Processes
WOCS 2012
September 27, 2012, Tokyo, Japan
Overview
Importance of Software in Automotive Engineering
Automotive Safety
Introduction of the functional safety standard ISO 26262
Conclusion
Dr. Jrgen Schwarz | RD/ESF | 27.09.2012
Meaning of Software in Automotive Engineering
70 - 90% of all innovations

in vehicle development is
nowadays based on
embedded systems.
20% of the price of a modern

vehicle is caused by embedded
electronics. Until 2015 it will rise
up to 35 - 40%.
50 - 70% of the overall development

cost of electronic control units is
attributed to software
development.
Approximately 80% of electronics

functionality in modern
vehicles is based on software.
Increasing Share of Software and E/E

More than
65 ECUs
More than
6000 signals
More than
30 million
lines of code
More than
20 bus systems
Conclusion:
Electric/Electronics and software
are decisive core competence
areas for vehicle development
Overview
Automotive Safety
Conclusion
Safety is an essential part of the brand Mercedes-Benz
Exemplary
Safety
is an important
brand value
10
Some Key Daimler Safety Innovations

2010 Active Lane Keeping Assist and Active Blind Spot Assist, Night View
Assist PLUS, LED-High- Performance headlamps for passenger cars
2006 PRE-SAFE Brake for passenger cars: autonomous partial braking;
Active Brake Assist for Mercedes-Benz trucks
2000 First Lane Keeping Assist system for trucks
1995 First Electronic Stability Program (ESP); all Mercedes passenger cars have
been equipped with ESP as standard since 1999
1981 Airbag and belt tensioner available for a
standard production passenger car for the first time
1978 World premiere of anti-block braking system (ABS) for passenger cars; Daimler
launched the first ABS for commercial vehicles in 1981
11
Innovation by means of E/E and Software

Daimlers Vision of Accident-free Driving
Further improvement of
vehicle safety by means of
connectivity of systems
Enhancement of senses:
from feeling to seeing
vehicles which communicate
with their environment
feel
see
communicate
adapt
12
Innovation by means of E/E and Software

Accidents caused when turning or crossing
Nearly every third severe accident happens when turning or crossing
Future technologies support the driver in unclear traffic situations
Combination of stereo-vision and anticipating movement analysis
Risk of accidents through crossing vehicles, cyclists or pedestrians can be detected

early
13
Safety Needs (Video with a 5 Tonne Truck unloaded)
14
Safety Innovation by means of E/E and Software

Active Brake Assist
15
Connection of Vehicle with External World

Car-to-Car Communication
Example: Slippery road surface or fog
Vehicles send danger warnings automatically
Nearby drivers can react immediately and thereby avoid accidents
16
Building Blocks for a Safety Culture

Exemplary Safety being an important brand
value & the Vision for accident-free driving
are the building blocks for establishing a safety
culture within the Daimler company
17
Overview
Automotive Safety
Conclusion
18
The automotive industry introduced a new standard ISO 26262 on functional

safety in November 2011
Daimler having introduced already many safety innovations without such a

standard, what is the benefit?
19
Increasing Requirements with respect to System Safety
Safety relevance
Electronic
passenger
Assistance
Lateral Control-
Crashbrake
Adaptive Cruise Control
(Distronic)
ABS, ESP
Obligation to prove
System Safety within
Type Approval
General Inspection
Product Liability
Driven by
- Complexity/Integration
- Competence of the systems
Time
20
The new quality of automotive safety systems
Former safety systems could focus mostly on a single signal, e.g. the Crash
signal for Airbag systems or the yaw rate signal of the ESP.
For the organization that means, that the responsibility for the safety
relevant development could also be very clearly addressed
The next generation of safety systems will be based on the network of

different systems that will have to collaborate for establishing new safety
functionalities
For the organization that means, that there will be a distributed

responsibility for the safety issues.
The organization shall create, foster, and sustain a safety culture that
supports and encourages the effective achievement of functional safety.
How to introduce this new way of development?
21
The standard ISO 26262 comprises a complete lifecycle
22
System Development
Safety-oriented development modules
System definition
FS
Safety case
Initial sample inspection report
Release for production
Hazard analysis and risk assessment

FS
Quantitativesafety analyses
for ASIL C, D
System FMEA
Tech. safety concept for HW
QM
QM
Integration and test module,

component, system
Tech. safety concept for SW

QM
QM
Validation
Functional safety concept

QM
FS
QM
Verification
Component-FMEA
FS
FS
FTA/FMEDA
Implementation
Legend:
= development phase
FS
= functional safety-specific activity
QM
= standard development
23
ASIL-classification determines requirements to the development

(ASIL = Automotive Safety Integrity Level)
Examples
Example : Low beam

Hazard : Failure of low beam during
driving at night
S-Goal : Provide low beam
Example: Window lifter
Hazard : Pinching extremities
S-Goal : Avoid unintended closing
Example : ESP
Hazard : Faulty activation of brakes
S-Goal : avoid unintended braking
Example: Radio
Hazard: unintended increase of
loudness
S-Goal : -
Example : el. Steering column lock

Hazard : Faulty lock during driving
S-Goal:
avoid unintended locking
24
Additional Scopes for the Implementation of ISO 26262 (extract)

QM
ASIL A
ASIL B
ASIL C
ASIL D
Verification of safety concept

Handling of single point faults (metrics)
Handling of latent faults (metrics)
Carrying out of FMEA
Carrying out of safety assessment
Carrying out of safety audit
Creation of FTA / FMEDA
Creation of common cause analysis
Qualification of tools
Creation of a safety case
25
General roll-out scenario

2008
ISO Milestones
CD
2009
2010
Consideration of
ISO 26262
requirements
for new systems
Goal:
Demonstrate changes due to the ISO 26262
Feedback to ISO working group
2012
2013
2014
2015
IS
DIS
Pilot
projects
Complete development process

with respect to ISO 26262
(applicable for all projects with release of
requirements specification after April 2011)
Goal:
Early implementation of the standard
Incremental implementation of the ISO 26262.
Goal
Legend:
2011
CD=
Committee Draft;
DIS =
Draft International Standard;
IS
= International Standard
26
Functional Safety within Daimler AG

Responsibility and Tasks
GR&AE
DT
MBC
Evobus
GR&AE
VAN
Functional Safety Contacts

Responsible persons on department level are assigned to control the
operative implementation of the functional safety requirements
Representation of Daimler interests in the

different committees
Harmonization between the BUs
Development of functional safety
methods/processes
Independent review entity
Installation of organizational structures
Expertise and organizational structure

within BUs
Review entity for BUs
Coordination between the projects
Process instructions
Operational coaching of projects

Further development of functional safety
expertise
Generation of feedback for the standard
Adaptation of standard for specific
projects
27
Functional Safety within Mercedes-Benz

Organization / Management
Functional safety contacts:
Execution of hazard analysis and risk assessment

results in ASIL
Creation of safety plan
Development of functional safety concept
Development of technical safety concept
Central Functional Safety Team
Conducting reviews
Independent review in order to verify and confirm the

safety cases
Steering committee ISO 26262:
Management decisions
Level 2: Confirmation of determined ASILs A+B
Level 1: Confirmation of determined ASILs C+D
28
What does the Organization have to provide?
Clear distribution of the tasks addressing Functional safety management and functional
safety engineering
Realization of a 4-eyes-principle for safety tasks
As safety has often massive influence to the product, the management has to be
involved right from the beginning
Involvement of the management on a regular basis
During the introduction phase even a higher frequency of management meetings

have to be provided to get management decisions quickly
Within Introduction phase necessary management meetings have to be

planned
29
Four abstraction levels for the description of functional safety

methods and processes
Methodenhandbuch fr prventives E/E - und
Software-Entwicklungs-Qualittsmanagement
Methodenhandbuch fr prventives E/E- und

Teil 1: Konzepte und Terminologie
Version 3.1

23.04.2008
Teil 2 : QS-Elemente fr Baureihenprojekte
Version 3.1
23.04.2008

Teil 3: Lastenheft E/E - und SoftwareSoftware-Entwicklungs-Qualittsmanagement
Entwicklungspr ozesse
Version 3.1
Methodenhandbuch fr prventives E/E- und 23.04.2008

Teil 4: QS-Elemente
fr die
System-/Komponenten -/Software -Entwicklung
Mercedes -Benz
DaimlerChrysler AG Schutzvermerk DIN ISO 16016 beachten!

protection
/ Refer
noticetoDIN ISO
16016!
Keine Aenderung ohne Zustimmung der federfuehrenden Konstruktion /
Any alterations are subject to the approval of the design department
E/E- und SW-EntwicklungsQualittsmanagement

Handbuch, Teil 1
(V3.1, Working DRAFT)
A 000 001 18 99
Bearb./auth.: Jrg Zimmer

Abt./dep.: EP/EKA
Datum/date: 07-09-07
ZGS / CAD: 002 / G
Auftr.-Nr./order no.: YAP2343804
Seite/page: 1 von 28
Version 3.1
Teil 4: QS-Elemente 23.04.2008

fr die
System-/Komponenten -/Software -Entwicklung
Mercedes -Benz
DaimlerChrysler AG Schutzvermerk DIN ISOn!

16016
/ Refer
beachte
to protection notice DIN ISO
16016!

Handbuch, Teil 2
A 000 001 18 99

Abt./dep.: EP/EKA
ZGS / CAD: 002 / G
Version 3.1
23.04.2008
DaimlerChrysler AG Schutzvermerk DIN ISO

chten!
16016
/ Refer
beato protection notice DIN ISO
16016!
Mercedes -Benz

Handbuch, Teil 3
A 000 001 18 99

Abt./dep.: EP/EKA
ZGS / CAD: 002 / G
DaimlerChrysler AG Schutzvermerk DIN

6 beachten!
ISO 1601/ Refer to protection notice DIN ISO
16016!
Mercedes -Benz

Handbuch, Teil 4
A 000 001 18 99

Abt./dep.: EP/EKA
ZGS / CAD: 002 / G
DaimlerChrysler AG Schutzvermerk DIN

6 beachten!
ISO 1601/ Refer to protection notice DIN ISO
16016!
Mercedes -Benz

Handbuch, Teil 4
A 000 001 18 99

Abt./dep.: EP/EKA
ZGS / CAD: 002 / G
...
30
Qualification Concept
Overview
Competence for the development of safety-related Electronics and Software.
Goal
I. Classical Training
Complete
overview
Module
training
II. Private Study
Training
documents
Supporting
Documents
Contacts /
Support
III. Training on the Job

Qualification
Functional Safety Portal
Competence Centre
31
Portal-framework: User Access 09/2011

Usage within all business units with high numbers of access
Number of registered user
FuSi-Portal (ISO26262)
315
228
different users
24
12
44
Numbers of
Access
32
Overview
Automotive Safety
Conclusion
33
Conclusions
Developing safety culture @ Daimler AG
Exemplary
Safety being an important brand value & the Vision for accidentfree driving are the building blocks for establishing a safety culture within the
Daimler company
Introduction
Precise
Clear
of new functional safety standard affords
planning of the ramp-up scenario
assignment of the responsibilities
Necessity
Maximal
of timely management decisions within introduction phase
standardization central control of all requirements
Usage
of new ways for training / qualification and process-control
The requirements of the functional safety standard ISO 26262 requires a

safety culture but also helps to establish a safety culture
34

000004100

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

000004100

Uploaded by

Copyright:

Available Formats

Functional Safety and Automotive SW - Engineering

Introduction ISO 26262 @ Daimler

Dr. Juergen Schwarz

Importance of Software in Automotive Engineering

Introduction of the functional safety standard ISO 26262

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Meaning of Software in Automotive Engineering

70 - 90% of all innovations

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Meaning of Software in Automotive Engineering

20% of the price of a modern

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Meaning of Software in Automotive Engineering

50 - 70% of the overall development

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Meaning of Software in Automotive Engineering

Approximately 80% of electronics

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Increasing Share of Software and E/E

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Meaning of Software in Automotive Engineering

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Importance of Software in Automotive Engineering

Introduction of the functional safety standard ISO 26262

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Safety is an essential part of the brand Mercedes-Benz

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Some Key Daimler Safety Innovations

Innovation by means of E/E and Software

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Innovation by means of E/E and Software

Nearly every third severe accident happens when turning or crossing

Future technologies support the driver in unclear traffic situations

Combination of stereo-vision and anticipating movement analysis

Risk of accidents through crossing vehicles, cyclists or pedestrians can be detected

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Safety Needs (Video with a 5 Tonne Truck unloaded)

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Safety Innovation by means of E/E and Software

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Connection of Vehicle with External World

Vehicles send danger warnings automatically

Nearby drivers can react immediately and thereby avoid accidents

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Building Blocks for a Safety Culture

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Importance of Software in Automotive Engineering

Introduction of the functional safety standard ISO 26262

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Introduction of the functional safety standard ISO 26262

The automotive industry introduced a new standard ISO 26262 on functional

Daimler having introduced already many safety innovations without such a

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Increasing Requirements with respect to System Safety

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

The new quality of automotive safety systems

The next generation of safety systems will be based on the network of

For the organization that means, that there will be a distributed

How to introduce this new way of development?

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

The standard ISO 26262 comprises a complete lifecycle

Dr. Jrgen Schwarz | RD/ESF | 27.09.2012

Hazard analysis and risk assessment

Integration and test module,