Safety programming and distributed development required by ISO 26262 (Part 2)
By Takao Futagami, TOYO Corporation
Part 2: Can You Control?
As discussed in Part 1, from TOYO’s experience providing measuring instruments and systems to the Japanese automotive industry we fully understand that automobiles can be mass-produced only through an uncountable number of safety designs, measurements, and verification, and for this reason, we can assert that automobiles basically are what have been developed with functional safety.
However, human creations can never be perfect. When a safety system fails, to what extent can the driver avoid accidents with his own driving techniques? Measuring this control capability means to have guidelines for the controllability evaluation specified in Part 3 Hazard Analysis of ISO-26262. What has to be measured here is not the car performance but the distribution of human abilities, which is not an easy task. Professional test drivers can measure the car performance, but we cannot expect their control capability from ordinary people.
If you want to estimate the socially acceptable risks shown in ISO-26262, you are required to gather data on various drivers (e.g. Good record holders who have never caused accidents or broken any road traffic laws, Sunday drivers, the young who have just got their license, those who are almost old enough to be obligated to wear eyeglasses when driving, those who are thinking of quitting driving due to their old ages). In the past automobile control system development, the methods which are superior from the engineering standpoint such as HILS (Hardware in the Loop Simulation) was prevalent. But, what is required for validating the controllability is statistical basic information on the driver, the car, and the road conditions taken when various drivers actually enter control loops – maybe we can call this ‘Driver in the Loop Measurement’.
In Japan, research and investigations are being conducted on the human modeling targeting embedded system users, and so it may become possible to take driver characteristics into simulators in near future. We have great expectations for it, but it will be still a way off. Given the current situation and measurement demand, we are presently developing REINA-11, a measurement front end for acquiring functional safety basic data.
We are developing a trajectory measurement frontend, REINA-11, which has Rx610 (Renesus’ latest medium- scale embedded processor) in the core. The measurement control is done with the ZigBee protocol, and a massive amount of measured data is stored in the high speed SD card.
Can we ignore the safety of the test subjects in developing an instrument for measuring the drivability of ordinary people? The answer is no, of course. The safety design is required for the entire experimentation including the measurement instruments. We are fully aware that, when developing embedded software for measurement instruments, we have to rank it equal to in-car ECUs.
To be continued
Takao Futagami specializes in risk analysis at TOYO Corporation, Polarion Software’s country partner for Japan