The implementation challenges of highly automated driving systems

Functional safety has become established as a routine activity in the development of safety-related electronic systems in the automotive industry, principally through ISO 26262 which builds on existing foundations of systems engineering and reliability analysis techniques - an overview by Dr David Ward, Senior Technical Manager, Functional Safety, HORIBA MIRA Ltd

The approach to functional safety in ISO 26262 is concerned with addressing hazards that result from malfunctioning behaviour. In ISO 26262, safety requirements are developed and allocated to the item or its constituent elements, from a hazard analysis and risk assessment process including the identification of safe states. These safe states typically involve degraded functionality, and ultimately a fail-silent strategy that removes the affected function may be used.

Image of David Ward Activities to develop the second edition of ISO 26262 have acknowledged the need to consider “fail operational” systems for ADAS and autonomous driving although the requirements in ISO 26262 have been driven to some extent by consideration of solutions for availability; further work is needed to define a “top down” approach to hazard analysis of driver assist and full automation systems analysing areas such as “safety of the intended functionality” (under development for a future ISO document or inclusion in ISO 26262), threats from the vehicle environment and fall-back strategies as well as malfunctioning behaviour.

A further aspect that needs to be considered, driven by the connected nature of systems, is the cybersecurity requirements. Emerging practice such as SAE J3061TM also builds on the foundation of systems engineering and adopts a similar reference lifecycle to ISO 26262.

In terms of specific implementation requirements, particular challenges are also emerging in software development such as the tension between the traditional “V” model and approaches such as “Agile”; deterministic systems versus machine learning; and the application of coding guidelines. In the latter respect the new MISRA document “MISRA Compliance” will bring benefits in setting out a robust framework for claiming compliance with coding rules and structured use of deviations.

View David’s presentation.

Dr David Ward is Senior Technical Manager, Functional Safety at HORIBA MIRA. In this role, he provides leadership in development and independent assessment of automotive electronic system safety, reliability and cybersecurity. Since joining HORIBA MIRA in the 1990s, Dr Ward has been instrumental in industry activities to develop standards and guidance for automotive functional safety, beginning with the pioneering MISRA “Guidelines for Development of Vehicle Based Software” in 1994 and more recently as the UK Principal Expert to ISO/TC22/SC32/WG8 “Road Vehicles – Functional Safety”, which develops ISO 26262. Dr Ward is an active contributor to the automotive industry’s first standard for cybersecurity SAE J3061