Functional Safety (FuSa) standards, including ISO 26262, leveraged in Ansys Medini Analyze, play a crucial role in enhancing the reliability of electronic components in modern vehicles by ensuring consistent system performance and minimizing critical failures. With the advent of advanced driver-assistance systems (ADAS) and the increasing complexity of autonomous driving technologies, addressing safety and reliability challenges has become more critical than ever. Sensors and other automotive components, even when functioning as designed, may underperform in dynamic real-time environments, leading to potential safety hazards. To tackle these challenges effectively, the Safety of the Intended Functionality (SOTIF) standard, defined by ISO 21448, has been introduced. SOTIF focuses on identifying performance limitations that occur despite the absence of system faults, raising the bar for component functionality and system design integrity. Implementing ISO 21448 within the Ansys Medini Analyze platform empowers autonomous vehicle development teams with comprehensive safety analysis and engineering simulation tools, facilitating the integration of FuSa and SOTIF requirements from early design phases. This enables thorough validation of system performance to ensure automotive safety and compliance before vehicle deployment
SOTIF is abbreviated Safety of The Intended Functionality and, in short for ISO/ PAS 21448, applies to functionalities that need a proper awareness of the situation to be safe. This standard concerns how to ensure the safety of the functionality even in the absence of a fault/failure. This is quite in contrast with the traditional Functional Safety (FuSa), which is majorly concerned with the risk associated with system failure.
ISO 26262 covers the functional safety of the system in the event of failures and has no coverage of safety hazards that result in the absence of system failures. That is the reason ISO 21448 is
mandatory in analyzing the situations where ensuring safety without system failure is so complex and complicated.
In today’s world, vehicle electronics provides features like comfort, communication, and navigation assistance, mission-critical functionality such as steering and braking & more. The global automotive standard helps engineering teams to uncover and address FuSa hazards such as software bugs and hardware failures. Safety stakes have grown even higher, and if a crucial component, let’s say the sensor is not fulfilling its needed functionality or it fails to deliver the performance needed to handle a situation – for example, failing to recognize a pedestrian in the road ahead; the application of ISO 21448 helps us to ensure that the perception algorithm systems (a combination of sensors and software algorithms) will recognize pedestrians in all situations that are part of the Operational Design Domain (ODD). This enables the systems to trigger a safe response in consideration of performance under various ODDs. SOTIF ensures robust design against any disturbances and hazards due to flawed Human-Machine Interactions.
To successfully conduct autonomous vehicle development in compliance with both ISO 21448 and ISO 26262 there is a unique model that combines a linear process, V-shaped progression with feedback loops of evaluation and improvement to incorporate the learning and as well as comply with the standard. This model-integrated safety workbench offers all required analysis options for
Functional Safety (FuSa), Safety of The Intended Functionality (SOTIF).
Ansys Medini Analyze is a software tool, which has been recognized by a different industrial standard for analyzing varied aspects of functional safety, technical safety, and compliance with the standards. Performing SOTIF analysis individually, as a stand-alone activity, will empower the product operational safety analysis and make use of architecture models, vehicle-level malfunctioning behavior analysis, and hazardous event assessments. This can eliminate redundancies and ensure consistency among all the results.
Ansys Medini Analyze has enhanced the model-integrated safety approach with new modeling elements for limitations, weaknesses, and triggering conditions, as specified in ISO 21448.
The integrated FuSa and SOTIF workflow start with an initial hazard analysis and an investigation for potential hazards – caused by failures or limitations of the nominal performance – across the system architecture. For example, fog, snow, rain, and other weather conditions can confuse the sensor’s perception capabilities into “viewing” a physical object where there is none. It can trigger risky behavior such as strong braking, which results in a rear collision with another vehicle. Even more disastrous, a sensor might interpret an actual physical object on the road as an illusion, which results in the crash of a vehicle with the physical object. Medini Analyze focus at every identified hazard and utilizes key parameters like “incident severity” to classify the risk level. Additionally, it distinguishes critical safety hazards and addresses them accordingly.
Ansys Medini Analyze can also address causal analysis, looking at the example, “Why is this critical performance flaw occurring?” This analysis is similar to the functional safety analysis that automotive engineering teams have been conducting for a decade and includes well-known techniques from functional safety analysis, such as fault trees and guideword analysis.
Ansys Medini Analyze also allows traceability linkage between safety analysis and complete system architecture. It automates the allocation of the malfunctioning behavior to a specific functional block or multiple blocks. Whatever the cause, whether it is performance shortfall or a software bug, or a sensor performance limitation – Medini Analyze defines the areas where sensors functionality is not delivered. Because Medini Analyze model limitations and triggering conditions can be used in causal nets or fault tree analysis. Over this period, engineers can accumulate knowledge and lessons learned. Integrating all these findings with the previous validation activities, simulations, or virtual road tests could trigger conditions that may express in one or two words, like “sun glare” or “snow.” Others are much more complex, such as “metal object on the pavement causing a reflection from the headlights in night-time conditions” or “driving out of a tunnel at high speed.” These more complex triggering conditions can be modeled by Medini Analyze as scenarios. These scenarios are modeled in Medini using SysML diagrams, where scenes and events are represented through pictograms.
Triggering conditions and scenarios will also be exported from Medini Analyze into different formats, and then it can be imported into scenario generators for simulation. Scenarios that have been identified as potential triggers for risky behavior provide valuable inputs to product developers, simulation experts, and physical testing team members. It will enable them to investigate and address every causal effect and provides the outcomes to safety analysts, and determine parameters (e.g., critical position, speed, and distance, weather conditions).
The new SOTIF standard will also cover Human-Machine Interaction (HMI) and hazards arising from misunderstandings and even intentional misuse of the HMIs. Medini Analyze can also address these concerns, general cybersecurity issues that fall outside the scope of ISO 21448 but may still be important in the horizon of autonomous vehicle development.
The work of safety engineers from the past has been very much isolated and non-collaborative and used manual analysis and reporting techniques to communicate the findings in a significant amount of time with cost under consideration. But the race to commercialize Autonomous Vehicle designs and standards to regularize those where increasing, the delays and inefficiencies are no longer acceptable. Unifying the development and verification and a shared platform to introduce the upcoming SOTIF standard can guarantee the functionality of every component to the real-time driving challenges. It enables all functions involved in Autonomous vehicle development to share data and work to collaborate. From Electrical Engineers designing Perception Modules to Software Engineers developing Critical Software to safety, experts should come together to deliver complete FuSa and SOTIF compliance in the Ansys Medini Analyze.
