How to Conduct FMEA for Automotive Embedded Software?

Introduction

Currently, software FMEA is commonly used in the requirements analysis during the development phase, as well as in the overview design phase and detailed design phase, and for reliability and safety analysis after product finalization.

With the increasing demands from users for the reliability and safety of automotive embedded software, and the growing complexity and functionality of software, applying FMEA methods for software product reliability and safety analysis is of significant importance. This article will analyze the FMEA method and implementation process for automotive embedded software, providing examples and summaries.

Software FMEA is a reliability and safety design and analysis technique for software. It is an inductive analysis method.

The lifespan model of automotive embedded software—the V-model—illustrates the relationship between the implementation of software FMEA and the development process.

The model-based design development process, through MIL (Model in Loop) simulation and SIL (Software in the Loop) simulation, can perform corresponding testing and verification of software components and system design in the early stages of the V-model.

The process of software FMEA is similar to that of hardware design FMEA and includes:

1. Definition of software system structure and hierarchical agreements

2. Establishing a functional network

3. Establishing a failure network

4. Analyzing software failure modes and causes

5. Analyzing the severity of software failure modes’ impacts

6. Suggestions for improvement measures

1. Definition of Software System Structure and Hierarchical Agreements: The software agreement hierarchy is divided into initial agreement level, agreement level, and minimum agreement level.

2. Establishing a Functional Network: The software functional network consists of subsystems, components, or function blocks, and uses logical symbols or connection lines to represent the interactions and relationships between these components.

3. Establishing a Failure Network: The failure network explains the relationship between failure modes, causes, and impacts. The lowest-level functions in the functional network correspond to failure descriptions as failure modes, the next lowest-level functions correspond to failure descriptions as failure causes, and the next higher-level functions correspond to failure definitions as failure impacts.

4. Analyzing Software Failure Modes and Causes:

Software failure causes are triggered by software defects during runtime. Software FMEA identifies critical software defects along key common calling paths.

5. Analyzing the Severity of Software Failure Modes’ Impacts

The severity levels of software failure are divided into 5 levels

5 – Fails to meet safety and regulatory requirements

4 – Loss or degradation of basic functions

3 – Loss or degradation of minor functions

2 – Other functional issues

1 – No impact

6. Suggestions for Improvement Measures

After analysis, potential failure modes and impacts are obtained. Based on the causes of each failure mode and the impact degree on the system, corresponding improvement measures are proposed, forming a complete FMEA table.

The transmission is a key assembly component of the automotive power transmission system and is one of the core links affecting vehicle safety. The reliability of its control software is particularly critical. This software is modeled using Matlab and Simulink tools, utilizing RTW for automatic conversion of models to C code.

A top-down structured design approach is adopted, divided into several subsystems such as system scheduling, shifting rules, coordination management, engine control, clutch control, transmission control, input/output processing, offline testing, CAN communication parsing, fault management, self-learning, and low-level drivers, each of which is further divided into several components.

Block Diagram of the Clutch Control Function:

Analysis of Typical Failure Modes Corresponding to the Separation Clutch Module Function Items:

Analysis of Software Failure Modes and Causes, Severity, Forming the SFMEA Worksheet

The causes of failures analyzed by software FMEA can be summarized as follows: coding errors, data errors, logical errors, computational anomalies, and hardware-software interface reliability issues. Comprehensive assessment of the severity of failure impacts, the probability of failure occurrence, the cost of measures taken, etc., has led to corresponding software reliability enhancement measures being implemented in project development.

Examples:

1. Cause of Failure: Coding Error

Type of Failure: Undefined input variable data, incorrect storage types, inconsistent interface variable declarations, etc.

Improvement Measures: Create a “Model Design Specification Document”, develop a variable type checking component, and implement “one-click” automatic variable type detection.

2. Cause of Failure: Hardware-Software Interface Error

Type of Failure: Failure to prevent known hardware failure modes

Improvement Measures: Periodic software monitoring of the status of drive motors and solenoid valves, designing fault-safe handling mechanisms. Utilize model diagnostic methods to reduce the impact of sensor input signal deviations on certain functions or performance indicators.

As a leading quality education institution in China,QualityIn Quality Academy has been deeply involved in the FMEA field for many years, sharing QualityIn’s years of methodology and skills through the 【New Version PFMEA】 and 【New Version DFMEA】 video courses, recorded by Teacher Jia Ziqiang, adhering to the high-quality production standards of courses.

▲ Listen to the sample of the “New Version DFMEA” video course, Course duration: 3 hours and 53 minutes,

Personal special offer 169 yuan, PLUS exclusive 84.5 yuan

Scan the QR code to purchase the “New Version DFMEA”