Text
How to write AV scenarios (and some notes about Pegasus)
How to write AV scenarios (and some notes about Pegasus)
Interesting topic. How to cover all possible cases for autonomous driving ?
View On WordPress
0 notes
Text
Systematic and Random Failure
Systematic and Random Failure
View On WordPress
0 notes
Text
Tool Qualification - what’s difference between ASIL-D qualified SW tool and ASIL-A Qualified SW tool?
Tool Qualification – what’s difference between ASIL-D qualified SW tool and ASIL-A Qualified SW tool?
ISO26262 concerns just only random hardware faults and systematic fault. SW tool development does not cover hardware, so it means that random hardware faults can be neglected.
In this case, I’d like to ask some questions. What’s difference between ASIL A qualified vs ASIL D qualified? You may answer that more technical methods are required in ASIL D. Right. And what else?
If there is no…
View On WordPress
0 notes
Text
after ISO 26262 - does safety improved ?
after ISO 26262 – does safety improved ?
Most of all persons who involved in a production related FuSa project in the automotive will know and, their opinion for this question might be same.
An author of a paper – “Effective management of functional safety for ISO 26262 standard” gives us an insight why they are hard to execute FuSa in the Automotive Domain.
I rather recommend you to read this paper regarding this topic. It is…
View On WordPress
0 notes
Text
(GRVA-06-02r4e) Uniform provisions Concerning the Approval of ALKS
(GRVA-06-02r4e) Uniform provisions Concerning the Approval of ALKS
Regulations on the Automated Lane Keeping Systems (ALKS) feature appear to be under discussion. There seems to be some difference from the regulation so far. In this document, evaluation by third-party organizations seems to be considered through the type certification procedure. There are statements in the Clause 7 of Annex D that Audit or Assessments are required by Auditor or Assessor with…
View On WordPress
0 notes
Text
(paper comment) Analysis of Safety of The Intended Use(SOTIF)
(paper comment) Analysis of Safety of The Intended Use(SOTIF)
This paper was published at the time of ISO/PAS 21448. I have never seen anything about ISO/PAS 21448. It is only known that the ongoing ISO 21448 will replace it. Looking at this paper, it seems that the earliest SOTIF focused on vehicle level safety. The ongoing ISO 21448 seems to cover not only the vehicle level, but also the entire lifecycle of FuSa’s systems, hw and sw. (That’s because the…
View On WordPress
0 notes
Text
Considering Safety Requirements
I understand that SOTIF came out to make up for the deficiencies of FuSa. I hope that there is no overlap or contradiction or omission between the two and they are used to achieve overall safety.
Recently I read such a similar meanings in the FuSa and SOTIF, that is the purpose of FuSa is to cover random hardware faults and systematic faults and SOTIF is to cover limitation of performance that…
View On WordPress
0 notes
Text
Differences in scope to be covered by FuSa and SOTIF standards
Differences in scope to be covered by FuSa and SOTIF standards
While a scope of FuSa is Item, a scope of SOTIF is Vehicle.
It means that Focusing on FuSa is narrower and SOTIF is wider.
When developing a vehicle, the first step specifies the vehicle requirements, and the next step is to design the vehicle architecture to allocate the vehicle functions to the vehicle architecture. The building block that allocates is the item. Divide a single item into…
View On WordPress
0 notes
Text
How I used Medini in the FuSa project
How I used Medini in the FuSa project
Today I had a chance to introduce Medini tool for FuSa. During my presentation, I thought that it would be a good to post Medini in this blog.
Medini is a very good tool that guide safety engineers/managers to follow functional safety methodology that the tool supports.
When I execute FuSa process, I tried to set up a few principles for FuSa Execution based on FuSa standard. These are as follows;
View On WordPress
0 notes
Text
Why is SOTIF in progress?
Why is SOTIF in progress?
Recently, I’m learning about SOTIF and I have many questions. So I thought that it would be a good if I ask a question to me and answer the question by myself. So the title is my 1st question. Why do we need SOTIF?
I guess many functional safety experts got lessons that ISO26262 is not enough to achieve functional safety. ISO26262 is a good standard to focus on E/E systems with safety…
View On WordPress
0 notes
Text
Thinking about FMEA for Neural Networks
Thinking about FMEA for Neural Networks
I’m reading an interesting paper related to Fault tolerance in Neural Networks(Title is Fault and Error Tolerance in Neural Networks: A Review). I don’t have any deep knowledge about neural networks, but it attracts me to read it.
But I have a question. In my experience about FMEA, definition of failure mode was so important. Before it starts, I should prepare a fault model that represents how…
View On WordPress
0 notes
Text
SW Development Process using Artificial neural networks
SW Development Process using Artificial neural networks
This posting refers a paper whose title is “A software development process model for artificial neural networks in critical applications(1999)”.
It is very interesting paper and it will help readers can understand what SW development processes using AI are even though they don’t have deep knowledge about AI.
It is an old paper, and I’d like to search a new one. but it can be a good starting point…
View On WordPress
0 notes
Text
(paper comment) Concrete Problems in AI Safety
(paper comment) Concrete Problems in AI Safety
I can only think of this paper as great. It explains the current unsolved problems of AI, and by looking at it, I thought about how God made humans. And people usually think that robots have no emotions, but I thought that it can be made! Looking at the paper, it overlaps with the memories that trained my dog’s bowel training, and I thought that it may be related to not only the education of…
View On WordPress
0 notes
Text
System vs System of systems; what are different?
System vs System of systems; what are different?
When I was thinking about V2I or V2X, the motivation that led me to the concept of system of systems was just vaguely the system of systems (SoS), Something like that term came up tremendously and made a huge system. However, looking at this paper, my prejudice was completely shattered.
In fact it was a little shocking. This paper appeared a long time ago. Nevertheless, I couldn’t grasp the…
View On WordPress
0 notes
Text
Fault injection test vs safety analysis
Fault injection test vs safety analysis
What do you think the purpose of the fault injection test is? Why do safety analysis?
Why do I talk these two together? Of course they are related.
In conclusion, the list or type of faults required in the fault injection test and the location and timing of the fault injection should be based on the results obtained during the safety analysis.
Suppose we have identified a list of faults that…
View On WordPress
0 notes
Text
TMR(triple module redundancy) for fail operation
TMR(triple module redundancy) for fail operation
That’s when I was appointed as a jury for the UAV project. The project planned to design by TMR. At that time, I was thinking. ‘why does he design TMR? Is TMR a practically widely used design?’. At that time, I was going to ask you why there was a basis for that part, but unfortunately I missed that opportunity. And since that day, I kept on asking myself questions about this part, and I thought…
View On WordPress
0 notes
Text
Failure Mode Avoidance

It is a framework for developing systematic system modeling, safety analysis and safety mechanisms. If you search the data, you will find several papers. Interested in the overall content of this framework, detailed data were not available, so that the whole was not understood.
For a complete picture, see the data at https://www.through-life-engineering-services.org/downloads/campean.pdf.
If you…
View On WordPress
0 notes