ISO 26262 Freedom from interference :
There are four essential measures in the development of safety-critical systems.
Particularly in the design of safe systems, the principle of Freedom from interference is a powerful measure. What’s this? The following blog provides an answer to this question. Read more
In my daily projects in the automotive and industrial automation industry I’m continually confronted with the following question: How many levels of software requirements have to be written? That’s an interesting question, especially if we take the aerospace industry also into account. Software requirement level are a key topic if you want to improve your requirement engineering process. Therefore, I want to highlight in this blog post this topic a bit closer. I will compare the specifications of functional safety standards IEC 61508, ISO 26262 and DO-178B / C. In the final conclusion I will provide project best practices based on my more than 15 years of experience.
In my view, a good software specification is divided into two major parts: architecture / design and textual requirements.
The architecture describes, most predominantly in graphical form, the structure and design of the software. In particular, the data and control flows are shown. The focus of textual requirements is on the description of the functionality, and the time demands on the system.
The initial question of this blog refers to the number of levels of textual requirements. Not included is the level of system requirements, which must always be present. Read more
ISO 26262 calibrateable Systems are discussed in part 6 Annex C. This blog summarizes important requirements of the standard and shows practice-oriented challenges of software-configurable embedded systems.
The use of calibration data in configurable systems offers a lot of advantages. The functional behavior of the entire system can be adjusted by simple and rapid changes in the calibration data without having to change the source code itself. This enables the multiple re-use of source code. If it is well done, even the unit tests should be reusable, included the measurement of the structural Source Coverage. These are quite important advantages.
Read more
Fault Injection Test: The ISO 26262 defines the fault injection test as a test method for the system integration and unit test level (ISO 26262-4 [System] Tables 5, 8, 10, 13, 15, 18; ISO 26262-5 [Hardware] Table 11; ISO 26262-6 [software] tables 10, 13).
This method has certainly a large part in the implementation of a possible error-free and therefore safe system. My focus in this blog is on an efficient implementation of this test method in practice. I will compare practices in the aerospace with those in the automotive industry.
Read more
Reuse Secenarios in ISO 26262 part 1 demonstrated the diversity of reuse scenarios. Now I want to concentrate on concrete measures, which are used to make the reuse of software successfully. Read more
Why is the reuse of software, hardware, or complete electronic control units a central theme? Two essential aspects are to be considered: the development costs can be reduced significantly, i.e. reuse of components is very attractive in economic terms.
But also for security reasons, the reuse of components can offer significant benefits. A control unit, which is used already for years in the field and shows no safety relevant failure can be used with significantly reduced risk in comparison to a new development.
To be able use these benefits really, you must be aware of the various reuse scenarios. In a second step, you must identify the features of the discussed reuse scenario and take appropriate action. Read more
