Application Research on FMEA of Automotive Embedded Software

Application Research on FMEA of Automotive Embedded Software

Software Failure Mode and Effects Analysis (SFMEA) is a systematic engineering technique and a patterned way of thinking. It is based on failure modes and focuses on failure effects or consequences, conducting analysis based on levels of analysis and causal reasoning to identify weak points in software development and suggest improvement measures. Currently, software FMEA is commonly used in the requirement analysis phase during development, the high-level design phase, and the detailed design phase, as well as reliability and safety analysis after product finalization.

With the increasing demands for reliability and safety of automotive embedded software from users, as well as the increase in software function and complexity, applying FMEA methods for reliability and safety analysis of software products is of great significance. This article will analyze the FMEA method and implementation process of software and provide examples and summaries for automotive embedded software.

Software FMEA is a reliability and safety design and analysis technique for software. It is an inductive analysis method.

The lifecycle model of automotive embedded software—the V-model—illustrates the relationship between implementing software FMEA and the development process.

Based on model-driven design and development processes, simulations using MIL (Model in Loop) and SIL (Software in the Loop) can conduct corresponding tests and validations of software components and system designs in the early stages of the V-model.

The process of software FMEA is similar to that of hardware design FMEA and includes:

1. Defining software system structure and agreed levels

2. Establishing functional networks

3. Establishing failure networks

4. Analyzing software failure modes and causes

5. Analyzing the severity of software failure mode effects

6. Suggestions for improvements

1. Definition of software system structure and agreed levels: The software agreed levels are divided into initial agreed levels, agreed levels, and minimum agreed levels.

2. Establishing functional networks: The software functional network consists of subsystems, components, or function blocks, and uses logical symbols or connection lines to represent interactions and relationships between these components.

3. Establishing failure networks: The failure network illustrates the relationship between failure modes, causes, and effects. The lowest-level functions in the functional network correspond to failure descriptions as failure modes, the second-lowest level functions correspond to failure descriptions as failure causes, and the second-lowest level functions correspond to failure definitions as failure effects.

4. Analyzing software failure modes and causes:

Software failure causes are triggered by software defects during runtime. Software FMEA identifies critical software defects along its key general calling paths.

5. Analyzing the severity of software failure modes:

The severity levels of software failures are divided into five levels:

5 – Fails to meet safety and regulatory requirements

4 – Loss or degradation of basic functions

3 – Loss or degradation of minor functions

2 – Other functional failures

1 – No impact

6. Suggestions for improvements:

After analysis, potential failure modes and impacts are identified. Based on the causes of each failure mode and their effects on the system, corresponding improvement measures are suggested to form a complete FMEA table.

The transmission is a key assembly component of the automotive power transmission system and is one of the core links affecting vehicle safety. The reliability of its control software is particularly crucial. This software is developed using Matlab and Simulink tools, with RTW completing the automatic conversion from model to C code. A top-down structured design method is adopted, divided into several subsystems including system scheduling, shifting rules, coordination management, engine control, clutch control, transmission control, input/output processing, offline testing, CAN communication analysis, fault management, self-learning, and low-level drivers, with each subsystem further divided into several components.

Functional block diagram of the clutch control:

Analysis of typical failure modes corresponding to the functions of the clutch separation module forms the failure network:

Analyzing software failure modes, causes, and severity to form the SFMEA worksheet

The causes of failures analyzed by software FMEA can be summarized as follows: coding errors, data errors, logical errors, calculation anomalies, and hardware-software interface reliability issues. Considering the severity of failure impacts, the probability of failure occurrence, and the cost of measures taken, corresponding software reliability enhancement measures have been implemented in the project development.

For example:

1. Cause of failure: Coding error

Type of failure: Input variable data undefined, incorrect storage type, inconsistent interface variable declaration, etc.

Improvement measures: Write a “Model Design Specification Document,” develop a variable type checking component, and implement “one-click” automatic variable type detection.

2. Cause of failure: Hardware-software interface error

Type of failure: Failure to prevent known hardware failure modes

Improvement measures: Software periodically monitors the status of the driving motor and solenoid valve, designs a fault-safe handling mechanism, and uses model diagnosis to reduce the impact of sensor input signal deviations on certain functions or performance indicators.