+ All Categories
Home > Documents > Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation...

Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation...

Date post: 04-Oct-2020
Category:
Upload: others
View: 4 times
Download: 2 times
Share this document with a friend
28
1 © 2016 Tata Elxsi | Confidential | Functional Safety in Automotive Grade Linux Renjith G | Shilu S L July 13, 2016, AGL Summit, Tokyo, Japan
Transcript
Page 1: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

1© 2016 Tata Elxsi | Confidential |

Functional Safety in

Automotive Grade Linux

Renjith G | Shilu S L July 13, 2016, AGL Summit, Tokyo, Japan

Page 2: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

2© 2016 Tata Elxsi | Confidential |

General - AGL

Agenda

Functional Safety - AGL

Roadmap – AGL

Functional Safety Analysis - AGL

About Case Study

Page 3: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

3© 2016 Tata Elxsi | Confidential |

Audience, Takeaways

Areas / Intended AudienceFunctional safety – ISO26262IC,HUD use casesSoftware Development - AutomotiveGNU/Linux Subsystem

TakeawaysBasics of FS feasibility in AGLBasics of FS process for AGLFS specific Design strategies for IC & HUD SW

ConsolidationQnAFurther interests

Page 4: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

4© 2016 Tata Elxsi | Confidential |

Background / Key Motivation / Interest

Background / Key motivation/Interest

Quoting from “https://www.automotivelinux.org/about”

“Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications. Although the initial target for AGL is In-Vehicle-Infotainment (IVI) systems,

additional use cases such as “instrument clusters” and

telematics systems will eventually be supported.”

This case study checks the feasibility of implementing Instrument cluster + Head up displayuse cases in AGL where functional safety is a requirement.

Page 5: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

5© 2016 Tata Elxsi | Confidential |

Architecture Approaches – Safety Perspective

Hardware Platform

Hypervisor (ASIL B)

RTOS

(ASIL B)OS

(Non ASIL)

ASIL B IC

Features

Non ASIL

IC

Features

Hardware Platform

Safety

PartitionNon Safe

Partition

ASIL B IC

Features

Non ASIL

IC

Features

Opensource ASIL B Hypervisors?

Opensource ASIL B RTOS?

Performance?

Complexity?

Cost?

Page 6: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

6© 2016 Tata Elxsi | Confidential |

Roadmap – in AGL

Page 7: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

7© 2016 Tata Elxsi | Confidential |

General – from AGL

BSP and SOC Renesas R-Car

Version Agile Albacore

Kernel 3.10.31 LTSi

Page 8: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

8© 2016 Tata Elxsi | Confidential |

Functional Safety – Analysis in AGL

Functional Safety : Absence of unacceptable risk due to hazards caused by malfunction behavior of systems

Risk = Exposure * Effect * Probability

High Risk Low Risk

Page 9: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

9© 2016 Tata Elxsi | Confidential |

Current Software Architecture - AGL

Source: AGL Specification 1.0

Page 10: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

10© 2016 Tata Elxsi | Confidential |

Derived - Software Architecture with Safety Stack – in AGL

Page 11: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

11© 2016 Tata Elxsi | Confidential |

Way To Functional Safety Compliance – in AGL Arch

Identify existing components in AGL for

IC,HUD use cases

Other components for IC,HUD (to be

developed)

Safety V/S Non-safety Partitioning Freedom From

Interference(FFI)

Safety Lifecycle

Page 12: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

12© 2016 Tata Elxsi | Confidential |

Existing components and Tools used – in AGL

Kernel (v3.10)

Task management

Memory Management

Protection

Other Tools used

gcc for arm Compiler (v4.9.1)

DOORS/Microsoft Office Excel for SRS.

Enterprise Architect 12.0 for SAD

Enterprise Architect 12.0 for SUD

Source code editor (Vim)

Static analyzing tool (QAC 8.1)

Unit testing tool(TESSY 2.3)

Version control tool (SVN) Libraries

GLIBC (v2.20)

POSIX

ALSA (v1.0.28)

DRM (v2.4)

KMS (v1.4.0)

Device Drivers

Page 13: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

13© 2016 Tata Elxsi | Confidential |

Other components for IC,HUD use cases – in AGL

Instrument Cluster Middleware

HUD Middleware

Interface Layer

Safety draw

Safety sound

Safety critical applications

ASIL Compliant HMI Tool (Third party – Option 2)

Page 14: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

14© 2016 Tata Elxsi | Confidential |

Derived - Software Architecture with Safety Stack – in AGLASIL B Highlighted – Option 1

Page 15: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

15© 2016 Tata Elxsi | Confidential |

Derived - Software Architecture with Safety Stack – in AGLASIL B Highlighted – Option 2

Page 16: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

16© 2016 Tata Elxsi | Confidential |

Safety Software Architecture(Partitioning) – in AGL

Hardware Platform

Safety

WorldNormal

World

Safe

ApplicationNormal

Application

FFI

Page 17: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

17© 2016 Tata Elxsi | Confidential |

Safety Software Architecture – Freedom From Interference

Shared Hardware resources

(CPU, Memory, Peripherals etc)

Shared Software resources(Kernel, drivers, libraries etc )

FFI Analysis

Limited interaction

Static allocation

Duplication

Grouping

Protection

Monitoring

Minimization of code etc..

Page 18: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

18© 2016 Tata Elxsi | Confidential |

Safety Lifecycle - SEooC – Safety Element Out Of Context

Assumptions

Assume

Requirements

Assumptions on

design external to

SEooC

SEooC

RequirementsSEooC Design

Page 19: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

19© 2016 Tata Elxsi | Confidential |

SEooC – S/W Development

Assumptions on

System level

6.Product Development (Software Level)

InitiationSW Safety

Requirements

Unit Design &

ImplementationUnit Testing

Integration &

Testing

Verification of SW Safety

Requirements

Software Arch

Design

4.Product Development

Specification of

Technical Safety

Requirements

System DesignItem Integration &

Testing

Item DevelopmentSoftware SEooC component development

Establish Validity

of Assumptions

8.Change

management

8.Change

management

3.Concept Phase

4. Product

Development

(System Level)

6. Product

Development

(Software Level)

Page 20: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

20© 2016 Tata Elxsi | Confidential |

SEooC - Component Integration

SEooC

Component

Development

New Context

Validate

Assumptions

Impact

Analysis

Integrated

Component

SEooC

Component

Change

Management

Fail

Success

Page 21: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

21© 2016 Tata Elxsi | Confidential |

SEooC – The Process (V Model)

Software Unit Design

& Implementation

Software Unit

Testing

Software

Architectural Design

Specification of S/W

Safety Requirements

Initiation

Software Integration

and Functional

testing

Verification of S/W

Safety Requirements

Acceptance

Kick off, Safety

Plan , Plan

Documents ,Tool

Evaluation and

Qualification

Reports

Software Safety

Requirements, Safety

Req Analysis

Design, DFA,FMEA

Review Reports

Software code, Static

Analysis Reports

Test Report,

Coverage Reports,

Review Reports

Integration Report,

Review Report

S/W Verification

Report

Item

Developmen

t, Updated

Work

Products,

QA Report

Page 22: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

22© 2016 Tata Elxsi | Confidential |

SEooC - PART-6 OutComes

Assumptions System Level

Assumption Document

Initiation of Product Development

S/W Verification

Plan

SafetyPlan *

Design & Coding

Guidelines

Tool Application Guidelines

S/W Safety Requirements

S/W Safety Req. Spec

S/W Verification

Plan*

S/W Verification

Report

HSI Specification*

S/W Architectural Design

S/W Arch Design

Spec

S/W Safety Req. Spec*

Safety Analysis Report

DFA Repor

t

SafetyPlan *

S/W Verification

Report*

Unit Design & Implementation

S/W Unit Design Spec

S/W Unit Implementation

S/W Verification

Report*

Unit Testing

S/W Verification specification

S/W Verification Plan

S/W Verification

Report*

Integration & Testing

Embedded S/W

S/W Verification

report*

S/W Verification

Plan *

S/W Verification

Spec *

Verification of S/W Safety Requirements

S/W Verification

Plan *

S/W Verification Spec *

S/W Verification

Report *

NOTE: For detailed information about process, Refer ISO26262 Part6

Page 23: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

23© 2016 Tata Elxsi | Confidential |

SEooC – Tool Classification

Identify Tool Use cases

Identify relevant failure modes

Determine Tool Impact

TI 1 TI 2

No

qualification

required

Determine Tool

error detection

TD 1 TD 2 TD 3

ImpactNo Impact

High Confidence in tool Med Confidence in tool No/Low Confidence in tool

Tool Error Detection

TD1 TD2 TD3

Tool

Impact

TI 1 TCL 1 TCL 1 TCL 1

TI 2 TCL 1 TCL 2 TCL 3

Page 24: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

24© 2016 Tata Elxsi | Confidential |

SEooC – Tool Qualification

Method TCL 1 TCL 2 TCL 3

No

Qualificat

ion

method

Required

ASIL ASIL

A B C D A B C D

Increased

confidence from

use

++++

++ + ++ ++ + +

Evaluation of the

development

process

++ ++ ++ + ++ ++ + +

Validation of the

software tool + + + ++ + + ++ ++

Development in

compliance with a

safety standard+ + + ++ + + ++ ++

Page 25: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

25© 2016 Tata Elxsi | Confidential |

Conclusion - Feasibility

Risk Dependencies

Effort

TimelineThe Team

Hardware

New Releases

Development

Testing

Review

Certification

Safety Life

cycle Process

Technically

Page 26: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

26© 2016 Tata Elxsi | Confidential |

1. https://www.automotivelinux.org2. http://man7.org/linux/man-pages/3. ISO26262:2011 Standard

References

Page 27: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

27© 2016 Tata Elxsi | Confidential |

Questions and Answers

Page 28: Functional Safety in Automotive Grade Linux · ^Automotive Grade Linux (AGL) is a Linux Foundation Workgroup dedicated to creating open source software solutions for automotive applications.

28© 2016 Tata Elxsi | Confidential |

ITPB Road Whitefield

Bangalore 560048 India

Tel +91 80 2297 9123 | Fax +91 80 2841 1474

e-mail [email protected]

www.tataelxsi.com

Thank You

Renjith G | Shilu SL

[email protected] | [email protected]

+91 471 666 1138 | +91 471 666 1333


Recommended