Inmy last blog article, I talked about the three software design approaches asshown in the following picture. Among them, the Mixed ASIL Design is widelyused for the safety-related automotive E/E system. For this kind of software inthe ECU, ISO 26262 treats them as coexistence of elements.
The famous standard for safety-related automotive software, Standardized E-GasMonitoring Concept for Gasoline and Diesel Engine Control Units》which is known as the 3level monitoring concept,isa typical example for application of the coexistence of elements or mixed ASILdesign. For the software design as the E-gas monitoring concept, the software elements are splitinto three levels among which the L1 is QM and L2 & L3 are safety-related with given ASIL ratings.
However,according to the requirements of ISO 26262,when using such mixed ASIL design approach orcoexistence of elements, the software elements with higher ASIL level shall befree from the interference of software elements with lower ASIL level/QM. Today, I will talk about how to achieve freedom from interference.
1- Why Do We Need To Achieve Freedom From Interference?
Freedom from interference means that a software element isunable to make another software element fail through erroneous behavior. An example for the interference between software elements aregiven below:
As shown in the picture above, Element A with lower ASILrating is interfacing to Element B with higher ASIL rating. Failures of theinterface have the potential to violate the safety requirements on Element Bdue to the interface don’t have sufficient integrity as the Element B. If noadditional safety mechanism or measures are used to avoid this kind ofinterference, the ASIL rating of Element B cannot be achieved.
2- The Kinds of Interference
In Annex D of ISO 26262 Part 6, it defines three kinds ofinterference:
Time and execution which refers to blocking ofexecution, deadlocks, and livelocks or the incorrect allocation of executiontime in general.
The memory which includes the RAM as well as the CPU registers.
Exchange of information summarizing all possibleerrors that could occur in the communication between software elements bothwithin the ECU and across ECU boundaries. 
Due to time limits, I will stop this article here. Maybe next time, I will try to prepare another article to share the commonly used safety mechanisms to achieve freedom from interference for the coexistence of elments.
[1] ISO 26262-6:2018,Road vehicles - Functional safety - Part6 : Product development at the software level [2] standardized e-gas monitoring concenpt for gasoline diesel engine control units v6.0
[3] Software for Safety-Related Automotive Systems [4] Presentation by EB:Autosar&Functional safety 功能安全沙龙 is used as an Wechart Public Account for the technical sharing platform on following topics :
- Cyber-security/J3061 or ISO-21434
- Powertrain Control of PHEV and EV
- ADAS or ADS or AD vehicles
|
