Kongress und Messe  /  05. November 2019  -  06. November 2019

safetronic 2019

Funktionale Sicherheit im Automobil

Am 5. und 6. November 2019 trifft sich auf der mittlerweile achtzehnten Fachtagung »safetronic« in Stuttgart wieder die internationale Automotive Fachwelt, um sich über aktuelle Entwicklungen rund um sichere Software und Hardware auszutauschen.

Die Themenschwerpunkte lauten:

  • Funktionale Sicherheit und autonomes Fahren
  • Operational Design Domain
  • Analytische Identifikation funktionaler Unzulänglichkeiten


Auch das Fraunhofer IESE nimmt mit einem Vortrag an dieser Tagung teil.

Systematische Identifikation von funktionalen Unzulänglichkeiten anhand von Komponentenfehlerbäumen, 06.11.2019, 8:30
Dr. Rasmus Adler und Dr. Daniel Schneider, Fraunhofer-Institut für Experimentelles Software Engineering IESE, Kaiserslautern           

Der Vortrag wird simultan gedolmetscht. 

A central component of semi-automated and highly automated driving functions is always the vehicle’s perception of its surroundings. Depending on the specific requirements of the automation function, this perception can often be realized in very different ways using a great variety of different sensor combinations. This requires taking into account that every sensor has inherent strengths and weaknesses in terms of realizing a particular aspect of how it perceives the surroundings. A camera, for instance, is very limited in its ability to detect something when it is dark. These inherent weaknesses result in limits to the perception and thus to the usage area of the (automated) driving function. Beyond this usage area, use of the function is generally unsafe. Creating a safe specification thus requires identification of the safe usage context. For the usage context of automated driving functions, the term Operational Design Domain (ODD) has become the term of choice.

The SOTIF standard ISO/PAS 21448 contributes to the identification and shaping of the ODD as it addresses the identification and treatment of functional insufficiencies. It focuses strongly on simulations and testing, but in Table 4 in Section 9.2, it also mentions “Analysis of functional dependencies” to derive a V&V strategy. Testing and simulations are essential, but they cannot replace systematic analyses at the level of the functional architecture, which also enable focused testing and simulations with regard to identified weaknesses. However, this standard does not describe any concrete approaches for how to perform such an analysis at the functional level.

In our presentation, we will introduce an approach for investigating a functional architecture in order to derive the Operational Design Domain. Correspondingly, the prerequisite is a functional architecture representing the processing of information and the data dependencies in a component composition diagram (UML), an internal block diagram (SysML), or another actor-oriented model. Then an analysis is performed along the functional dependencies using component fault trees to determine why a particular kind of required perception might fail.