本文章目前仅提供英文版本。
Safety of the Intended Functionality (SOTIF) is paramount for ensuring the reliability of complex systems in safety-critical domains, such as automotive and aerospace. Unlike functional safety, SOTIF acknowledges that unforeseen risks can emerge even when a system functions correctly. This is particularly relevant to autonomous vehicles (AVs), where not all potential hazards can be predicted in advance. Mitigating these "unknown unknowns" is a crucial task for all development teams.
This article explores why and how modeling guidelines for software models - as widely used - in the development process can effectively support and align with SOTIF principles.
Linking SOTIF and Modeling Guidelines: A Foundation for Safe Autonomous Driving
SOTIF and Functional Safety Work Together
While ISO 21448 does not directly prescribe development processes, it emphasizes their importance in achieving safety. It highlights existing standards like IATF 16949 and ISO 26262 as crucial contributors. Essentially, functional safety and relevant industry standards form the foundation of SOTIF.
The Role of Software Modeling in SOTIF for Autonomous Driving
Modeling in general - the creation of a representation for a complex system - plays a vital role in achieving SOTIF for AVs, since it allows for simulation and scenario-based testing early on. It is particularly important to model the software parts to allow for early phase verification and validation and for automated code generation.
Safety of the Intended Functionality (SOTIF) for Automotive Professionals
In this training class, we will compare and contrast functional safety and safety of the intended functionality, review the conceptual SOTIF framework and fundamental terminology, and provide an overview of activities and methods to achieve SOTIF. The theoretical knowledge is supplemented by means of practical examples.
Benefits of Modeling Guidelines for SOTIF
Firstly, modeling guidelines foster clear and consistent software models representation, from individual functional units to the system level. Consistent look and feel, coherent data flow, and an easy to maintain architecture ensure safety and facilitate collaboration. Moreover, a modeling guided streamlining minimizes flaws in data management and architecture, making it easier to identify potential hazards already during early stage of the development. This applies both for individual developers and more commonly for large development teams.
Secondly, the application of modeling guidelines ensures the compliance with industry-proven standards like MAB, MISRA, and ISO 26262. These standards add an additional layer of safety by applying established best practices throughout the development of the crucial software model.
Thirdly, modeling guidelines are essential for a safe automated code generation. Complex software systems (like AV systems) often rely on tools like TargetLink and Embedded Coder (trademarks) to generate the extremely complex code automatically with little human interference. The quality and safety of the generated code depends heavily upon the quality and coherence of the underlying software model and their proper configuration. Fitting modeling guidelines ensure this by automatically promoting well-defined and safe modeling patterns.
Conclusion
Modeling guidelines play a significant role in supporting core SOTIF principles like the safeguarding of the functional performance in the development process and provide a link from SOTIF to Functional Safety. By promoting data consistency, a clear and easily maintainable architecture, a consistent look and feel, and minimizing the potential for errors in software models, guidelines ensure a safety-first approach throughout the development lifecycle. This facilitates the creation of robust and reliable software units for AV systems that operate as intended, thus minimizing risks and hazards - which is clearly one of the main principles both of SOTIF and traditional functional safety.
This article was originally published on LinkedIn.