Application Research on Automotive Embedded Software FMEA

Application Research on Automotive Embedded Software FMEA

Software Failure Mode and Effects Analysis (SFMEA) is a systematic engineering technique and a patterned way of thinking. It is based on failure modes and focuses on the impacts or consequences of failures. By reasoning through analysis levels and causal relationships, it identifies weaknesses in software development and suggests improvement measures. Currently, software FMEA is commonly used during the requirements analysis phase, the preliminary design phase, and the detailed design phase, as well as for reliability and safety analysis after product finalization.

As user demands for the reliability and safety of automotive embedded software increase, coupled with the rising complexity and functionality of software, applying the FMEA method for software product reliability and safety analysis becomes significantly important. This article will analyze the FMEA method and implementation process for software, providing examples and summaries related to automotive embedded software.

Software FMEA is a design and analysis technology for software reliability and safety, and it is an inductive analysis method.

The V-model of the lifecycle of automotive embedded software illustrates the relationship between implementing software FMEA and the development process.

The model-based design and development process can conduct corresponding testing and validation of software components and system designs at the early stages of the V-model through MIL (Model in Loop) simulation and SIL (Software in the Loop) simulation.

The software FMEA process is similar to that of hardware design FMEA and includes:

1. Defining the software system structure and agreed levels

2. Establishing a functional network

3. Establishing a failure network

4. Analyzing software failure modes and causes

5. Analyzing the severity of software failure modes’ impacts

6. Suggesting improvement measures

1. Software System Structure and Agreed Levels Definition: The software agreed levels are divided into initial agreed levels, agreed levels, and minimum agreed levels.

2. Establishing a Functional Network: The software functional network consists of subsystems, components, or function blocks, and uses logical symbols or connection lines to represent the interactions and relationships between these components.

3. Establishing a Failure Network: The failure network illustrates the relationship between failure modes, causes, and impacts. The lowest level functions in the functional network correspond to failure descriptions as failure modes, while the next lowest level functions correspond to failure descriptions as failure causes, and the next higher level functions correspond to failure definitions as failure impacts.

4. Analyzing Software Failure Modes and Causes:

Software failure causes are triggered by software defects during runtime. Software FMEA identifies critical software defects along the key common call paths.

5. Analyzing the Severity of Software Failure Modes’ Impacts

Software failure severity levels are divided into 5 levels:

5 – Failure to meet safety and regulatory requirements

4 – Loss or degradation of essential functions

3 – Loss or degradation of minor functions

2 – Other functional issues

1 – No impact

6. Suggesting Improvement Measures

Based on the analysis of potential failure modes and impacts, corresponding improvement measures are proposed according to the causes of each failure mode and the extent of their impacts on the system, resulting in a complete FMEA table.

The transmission is a key assembly component of the automotive power transmission system and is one of the core links affecting vehicle safety. The reliability of its control software is particularly crucial. This software is developed using Matlab and Simulink tools, with RTW completing the automatic conversion from model to C code. A top-down structured design approach is adopted, divided into several subsystems such as system scheduling, shifting rules, coordination management, engine control, clutch control, transmission control, input/output processing, offline testing, CAN communication analysis, fault management, self-learning, and low-level driving. Each subsystem is further divided into several components.

Separation Clutch Control Function Block Diagram:

Analyzing the typical failure modes of the separation clutch module corresponding to the fault network:

Analyzing software failure modes and causes, severity, forming the SFMEA worksheet

Software FMEA analyzes failure causes which can be summarized as: coding errors, data errors, logical errors, calculation anomalies, and reliability issues at the software-hardware interface. By weighing the severity of failure impacts, the probability of failure occurrence, and the costs of measures taken, corresponding software reliability enhancement measures have been implemented during project development.

Examples:

1. Failure Cause: Coding Errors

Failure Type: Undefined input variable data, incorrect storage types, inconsistent interface variable declarations, etc.

Improvement Measures: Write “Model Design Specification Document”, develop a variable type check component, “one-click” automatic detection of variable types.

2. Failure Cause: Hardware-Software Interface Errors

Failure Type: Failure to prevent known hardware failure modes

Improvement Measures: Software periodically monitors the status of driving motors and solenoids, designs a fault-safe handling mechanism. Utilize model diagnostics to reduce the impact of sensor input signal deviations on certain functions or performance indicators.