Formal Verification of a Fail-Operational Automotive Driving System

A fail-operational system for highly automated driving must complete the driving task even in the presence of a failure. This requires redundant architectures and a mechanism to reconfigure the system in case of a failure. Therefore, an arbitration logic is used. For functional safety, the switch-over to a fall-back level must be conducted in the presence of any electric and electronic failure. To provide evidence for a safety argumentation in compliance with ISO 26262, verification of the arbitration logic is necessary. The verification process provides confirmation of the correct failure reactions and that no unintended system states are attainable. Conventional safety analyses, such as the failure mode and effect analysis, have its limits in this regard. We present an analytical approach based on formal verification, in particular model checking, to verify the fail-operational behaviour of a driving system. For that reason, we model the system behaviour and the relevant architecture and formally specify the safety requirements. The scope of the analysis is defined according to the requirements of ISO 26262. We verify a fail-operational arbitration logic for highly automated driving in compliance with the industry standard. Our results show that formal methods for safety evaluation in automotive fail-operational driving systems can be successfully applied. We were able to detect failures, which would have been overlooked by other analyses and thus contribute to the development of safety critical functions.

[1]  Bernhard Schätz,et al.  Formal analysis of feature degradation in fault-tolerant automotive systems , 2018, Sci. Comput. Program..

[2]  Dennis Niedballa,et al.  Concepts of functional safety in E/E-architectures of highly automated and autonomous vehicles , 2020 .

[3]  Stefan Wagner,et al.  Experiences from Large-Scale Model Checking: Verifying a Vehicle Control System with NuSMV , 2020, 2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST).

[4]  Amr El-Kadi,et al.  Formal Verification of Automotive Design in Compliance With ISO 26262 Design Verification Guidelines , 2017, IEEE Access.

[5]  Walter Binder,et al.  Leveraging Applications of Formal Methods, Verification and Validation. Industrial Practice: 8th International Symposium, ISoLA 2018, Limassol, Cyprus, November 5-9, 2018, Proceedings, Part IV , 2018, ISoLA.

[6]  Florian Leitner-Fischer,et al.  The QuantUM approach in the context of the ISO Standard 26262 for automotive systems , 2011 .

[7]  Rolf Isermann Fehlertoleranz bei mechatronischen Systemen , 2016 .

[8]  Andreas Herkersdorf,et al.  Fail-operational in safety-related automotive multi-core systems , 2015, 10th IEEE International Symposium on Industrial Embedded Systems (SIES).

[9]  Tiziana Margaria,et al.  Leveraging Applications of Formal Methods, Verification, and Validation , 2012, Communications in Computer and Information Science.

[10]  Thomas A. Henzinger,et al.  Handbook of Model Checking , 2018, Springer International Publishing.

[11]  Alexander Kron,et al.  Motion control solutions for automated driving systems at BMW , 2019 .

[12]  Hermann Winner,et al.  Handbuch Fahrerassistenzsysteme, Grundlagen, Komponenten und Systeme für aktive Sicherheit und Komfort , 2009 .

[13]  Markus Maurer,et al.  Safety goals and functional safety requirements for actuation systems of automated vehicles , 2016, 2016 IEEE 19th International Conference on Intelligent Transportation Systems (ITSC).

[14]  Monika Singh,et al.  Why Formal Methods Are Considered for Safety Critical Systems , 2015 .

[15]  Stefan Wagner,et al.  Integrated Safety Analysis Using Systems-Theoretic Process Analysis and Software Model Checking , 2015, SAFECOMP.

[16]  Said Hamdioui,et al.  Combining Fault Analysis Technologies for ISO26262 Functional Safety Verification , 2019, 2019 IEEE 28th Asian Test Symposium (ATS).

[17]  Adam Schnellbach Fail-Operational Automotive Systems , 2018 .

[18]  Bülent Sari Fail-operational safety architecture for ADAS/AD systems and a model-driven approach for dependent failure analysis , 2020 .

[19]  Andreas Rausch,et al.  Automated generation of requirements-based test cases for an adaptive cruise control system , 2018, 2018 IEEE Workshop on Validation, Analysis and Evolution of Software Tests (VST).

[20]  Stefan Leue,et al.  Automated Functional Safety Analysis of Automated Driving Systems , 2018, FMICS.

[21]  Yannick Moy,et al.  Testing or Formal Verification: DO-178C Alternatives and Industrial Experience , 2013, IEEE Software.

[22]  Dilian Gurov,et al.  Formal Verification in Automotive Industry: Enablers and Obstacles , 2018, ISoLA.

[23]  Vassil Todorov,et al.  Formal Verification of Automotive Embedded Software , 2018, 2018 IEEE/ACM 6th International FME Workshop on Formal Methods in Software Engineering (FormaliSE).