Application Research of FMEA in Automotive Embedded Software

Application Research of FMEA in Automotive Embedded Software

Software Failure Mode and Effects Analysis (SFMEA) is a systematic engineering technique and a patterned way of thinking. It is based on failure modes, centered on failure effects or consequences, and conducts analysis through inductive reasoning based on analysis levels and causal relationships to identify weak points in software development and propose improvement measures. Currently, software FMEA is commonly used in the requirement analysis phase during development, the outline design phase, and the detailed design phase, as well as reliability and safety analysis after product finalization.

With the increasing demands of users for the reliability and safety of automotive embedded software, as well as the increase in software functionality and complexity, applying the FMEA method for software product reliability and safety analysis is of great significance. This article will provide examples and summaries of automotive embedded software based on the analysis of the FMEA method and implementation process.

Software FMEA is a software reliability and safety design and analysis technique, which is an inductive analysis method.

The lifecycle model of automotive embedded software – the V-model, illustrates the relationship between the implementation of software FMEA and the development process.

The model-based design and development process can perform corresponding testing and verification of software components and system design in the early stages of the V-model through MIL (Model in Loop) simulation and SIL (Software in the Loop) simulation.

The process of software FMEA is similar to that of hardware design FMEA, including:

1. Definition of software system structure and agreement levels

2. Establishing functional network

3. Establishing failure network

4. Analyzing software failure modes and causes

5. Analyzing the severity of software failure modes’ effects

6. Proposing improvement measures

1. Definition of software system structure and agreement levels: The software agreement levels are divided into initial agreement level, agreement level, and minimum agreement level.

2. Establishing functional network: The software functional network consists of subsystems, components, or function blocks, and uses logical symbols or connection lines to represent the interactions and relationships between these components.

3. Establishing failure network: The failure network illustrates the relationship between failure modes, causes, and effects. The lowest level functions in the functional network correspond to failure descriptions as failure modes, the next lowest level functions correspond to failure descriptions as failure causes, and the next higher level functions correspond to failure definitions as failure effects.

4. Analyzing software failure modes and causes:

Software failure causes are triggered by software defects during runtime. Software FMEA aims to identify critical software defects along its key common calling paths.

5. Analyzing the severity of software failure modes’ effects

The severity of software failures is divided into 5 levels:

5 – Fails to meet safety and regulatory requirements

4 – Loss or degradation of essential functions

3 – Loss or degradation of minor functions

2 – Other functional issues

1 – No impact

6. Proposing improvement measures

After analysis, potential failure modes and impacts are identified, and corresponding improvement measures are proposed based on the causes of each failure mode and their impact on the system, forming a complete FMEA table.

The transmission is a key component of the automotive power transmission system, which significantly affects vehicle safety. The reliability of its control software is particularly critical. This software is developed using Matlab and Simulink tools, with the model being automatically converted to C code using RTW. A top-down structured design method is employed, divided into several subsystems including system scheduling, shifting rules, coordination management, engine control, clutch control, transmission control, input/output processing, offline testing, CAN communication parsing, fault management, self-learning, and low-level drivers, with each subsystem further divided into several components.

Separation Clutch Control Function Block Diagram:

Analyzing the typical failure modes corresponding to the separation clutch module functions forms the failure network:

Analyzing software failure modes and causes, severity, and forming the SFMEA worksheet

The causes of failures identified through software FMEA can be summarized as follows: coding errors, data errors, logical errors, calculation anomalies, and reliability issues with hardware-software interfaces. By weighing the severity of failure impacts, the probability of failure occurrence, and the costs of measures taken, corresponding software reliability enhancement measures have been implemented in the project development.

Examples:

1. Failure cause: coding errors

Fault type: input variable data undefined, incorrect storage type, inconsistent interface variable declarations, etc.

Improvement measures: writing a “Model Design Specification Document”, developing a variable type check component, “one-click” automatic variable type detection.

2. Failure cause: hardware-software interface errors

Fault type: failure to prevent known hardware failure modes

Improvement measures: software periodically monitors the status of electric motors and solenoid valves, designs fault-safe handling mechanisms. Using model diagnosis methods, reduce the impact of sensor input signal deviations on certain functions or performance indicators.