Failure mode and effects analysis (FMEA),whichis a bottom-up analysis approach, is one of the most widely used analysis techniquein automotive engineering, especially in the safety engineering. The purpose of FMEA is to identify possible failure modes of the system components or functions, and to find their effects on the overall system. This process is a systematic and documented analysis of the credible ways in which a system or subsystem can fail and the effects of each failure.
SW-FMEA (Software FMEA) is used to analyze the failure modes of the given software system and the possible aftereffects that these failures might cause. For the practice of ISO-26262 compliance development , SW- FMEA could be used to perform safety analysis in software architecture design.
1- Why Do We Perform SW- FMEA ?Does software fail like the random hardware fault? I do not think so. We tend to believe that well written, well tested,safety critical software never fails. However, experience proves that the software does fail. The well-known scandal caused by software failure is the Toyota Accelerator Sandal in 2009.
It is obvious that the software does not fail like the same way hardware does, and the various failure behaviors we are accustomed to from the world of hardware are often not applicable to software. However, software does fail, and when it does, it can be just as catastrophic as hardware failures. In order to identify or confirm the safety-related parts of the software, and to support the specification and verify the effectiveness ofthe safety measures, SW-FMEA, as one kind of inductive safety analysis approach,could be carried out at the software architecture level to meet the requirement described in 7.4.10 of ISO 26262-6:2018.
2- Software Failure ModesSoftware, especially in automotive critical systems, tends to fail where least expected. The root causes of the software failure are mainly systematic faults. They can happen during the development phase, production phase and maintain phase. Sometimes, software failure could also be caused by abuse of users. The typical root causes are listed in the table below.
It is better to identify and to define the failure modes in a systematic way by combination of the guidewords and the failure mode classes or functions. Each combination need to be reviewed and accessed. If a combination is not feasible, a rationale shall be given to explain why this combination is excluded. An example is demonstrated in the table below to show the combinationand the assessment(Demonstration only).
3- How To Perform SW- FMEA ?To do SW-FMEA, I would suggest carrying out it in a systematic way following the AIAF-VDA FMEA handbook with the new edition released June 2019.
In the handbook, the FMEA process is represented in 7-steps:
Step 1- Scope Definition Step 2- Structure Analysis Step 3- Function Analysis Step 4- Failure Analysis Step 5- Risk Analysis Step 6- Optimization Step 7- Results Documentation
As shown in the picture above, these seven steps are organized into three phases: Next time we could discuss how to carry out the SW- FMEA at the software architecture level for ISO 26262 compliance in detail. Keep tuned   !!! [1] ISO 26262: 2018, Part 6: Product development at the software level [2] Update on the AIAG-VDA FMEA Harmonization Project, September 19, 2017 [3] https:///key-changes-aiag-vda-fmea/ 5- About 功能安全沙龙 功能安全沙龙 is used as an Wechart Public Account for the technical sharing platform on following topics :
- Cyber-security/J3061 or ISO-21434
- Powertrain Control of PHEV and EV
- ADAS or ADS or AD vehicles
|
