Page 22

EETE APRIL 2013

AUTOMOTIVE SAFETY Automotive safety: a new perspective By Bruno Boury Safety has been a key aspect in the automotive industry even from its earliest stages, but the importance with which it is regarded has become far greater in recent times. Currently the biggest compound annual growth rate (CAGR) in automotive electronics revenue can be attributed to safety applications. Increasingly car manufacturers are making safety a key selling point with which to differentiate themselves from their competition. But with a growing amount of electronics content making up a car’s bill of materials, there is now a necessity to switch from the long established best practices approach to well-defined universal guidelines. As a result, industry protagonists have joined forces to develop a standard with far-reaching implications. The word ‘safety’ is subject to various different interpretations. However, when applied to modern automobile Fig. 1: Translation from functional safety goals to hardware design, with associated validation & verification. design it can generally be categorized using the following structure: Passive safety: assuming that an accident is effectively inevitable, the aim of passive safety mechanisms is to minimize the severity of that accident. The passive safety elements found within a vehicle include seatbelts, crumple zones, etc. Active safety: the systems that are concerned with active safety (based on the knowledge of the current state of the vehicle) will aim to avoid accidents altogether in addition to the minimization of its effects if an accident occurs. Seatbelt pretensioning, airbag deployment, predictive emergency braking, anti-lock braking systems and traction control are all examples of this. Functional safety: this focusses on ensuring that all of the electrical and electronic systems (such as power supplies, sensors, communication networks, actuators, etc), including (but not limited to) all active safety related systems, function correctly. Functional safety is dealt with by the ISO-26262 standard (published in November 2011). It is important to state from the beginning that functional safety does not mean that there is no risk of a malfunction taking place - instead, functional safety implies the absence of unacceptable risk due to hazards caused by malfunctioning behaviour of electrical and electronic systems. Origins of ISO-26262 The basis of the ISO-26262 standard resides in the more generic IEC- 61508, which has a broad field of application (industrial process, control and automation, as well as oil/gas, nuclear, etc). ISO-26262 has been built on the IEC-61508, but is totally dedicated to the automotive sector - more precisely its application is limited to safety-related electrical and electronic systems installed in series production passenger cars with a maximum gross weight of 3.500 kg. The first draft release surfaced in 2009, resulting in considerable commotion within the automotive sector. The widespread perception was that this would be another set of rules imposed on the industry, leading to longer development cycles and lots more paperwork. However, once the standard was in place, stakeholders quickly saw the benefits of such harmonization. Benefits of ISO-26262 ISO-26262 allows car manufacturers to indemnify themselves from liability in case a malfunction remains undetected when following the standard, because the latter is treated by the judicial systems as ‘the reference for development’. At the process level it allows the following of a clear guidance on the development and validation of electrical and electronic systems, avoiding errors in implementation (which could otherwise induce expensive recall activity and damage the brand name). Benefits to customers, though no always recognized, are also present – the standard can give each of them confidence in their purchased automobile. ASILs When it comes to functional safety, the overriding goal is to minimize the susceptibility to random hardware failures by taking the necessary design measures, defining the functional requirements, applying systematic analysis methods and avoiding systematic failures through applied rigor in procedures within the development process. The automotive safety integrity level (ASIL) is a key to ensuring ISO-26262 compliance is upheld. Determined at the start of the development process, through this the functions of the automotive system in question can be analysed and thorough risk assessment carried out. In reality semiconductor suppliers cannot bring integrated circuits (ICs) to market which are ‘ASIL-x certified’ – as an ASIL is assigned to an application or function, rather than to an isolated hardware component or ‘element’. Any supplier claiming anything to the contrary simply isn’t taking the standard seriously and lacks a genuine understanding the complexities of ISO-26262. Functional safety in hardware design The foundation of the functional safety concept is the creation of functional safety goals. These goals are defined for a given system, or ‘item’ as it is referred to in the ISO-26262 standard. For each item, a hazard and risk analysis (HARA) is performed, Bruno Boury is Product Line Manager for Magnetic Sensing at Melexis – www.melexis.com 22 Electronic Engineering Times Europe April 2013 www.electronics-eetimes.com


EETE APRIL 2013
To see the actual publication please follow the link above