AUTOSAR and Functional Safety - Automotive （AUTOSAR和功能安全,汽车）.pdf

AUTOSAR and Functional Safety Robert Leibinger, Dr. Alexander Mattausch, Jochen Olig November 2013 AUTOSAR and Functional Safety „Mixed ASIL Systems“ as typical use case Software mix in typical ECUs: • QM Functions • Safety Functions (ASIL) • Safety Integrity Functions (ASIL) • Basic Software, reused standard Software • Black Box Software or Software from 3rd party The majority of functions on an ECU is not safety related and thus QM classified Only a minority of function is „Safety Software“ (ASIL classified) ASIL QM © Elektrobit (EB), 2013 2 AUTOSAR and Functional Safety How to mix QM and ASIL Software? ASIL ASIL ASIL QM Develop complete SW in conformance Use independent mechanisms to to highest ASIL of any function within realize “Freedom from Interference” the ECU (“ASIL Lift-up Effect”) high development effort independent standard safety additional safety measures in mechanisms application necessary reduced complexity and effort increased complexity avoids or detects propagation of failure detection only failures © Elektrobit (EB), 2013 3 AUTOSAR and Functional Safety Interference with Operating System Safety OS is basis of program execution has to ensure freedom from interference ASIL Software 2 QM Software has to be independant from all other SW parts uses HW MPU Micro controls the execution of Tasks, Interrupts a