How to Conduct FMEA for Automotive Embedded Software?

Introduction

Currently, software FMEA is commonly used in the requirement analysis phase during development, the outline design phase, detailed design phase, and reliability and safety analysis after the product is finalized.

As user demands for the reliability and safety of automotive embedded software continue to increase, along with the growing complexity and functionality of software, applying the FMEA method for reliability and safety analysis of software products is of significant importance. This article will analyze the FMEA method and implementation process for software, providing examples and summaries for automotive embedded software.

Software FMEA is a design and analysis technique for software reliability and safety, and it is an inductive analysis method.

The lifecycle model of automotive embedded software—the V-model—illustrates the relationship between implementing software FMEA and the development process.

The model-based design and development process, through MIL (Model in Loop) simulation and SIL (Software in the Loop) simulation, allows for corresponding testing and verification of software components and system design at the early stages of the V-model.

The process of software FMEA is similar to that of hardware design FMEA, which includes:

1. Defining the software system structure and agreement levels

2. Establishing a functional network

3. Establishing a failure network

4. Analyzing the failure modes and causes of the software

5. Analyzing the severity of the impacts of the software failure modes

6. Suggestions for improvement measures

1. Definition of Software System Structure and Agreement Levels:The software agreement levels are divided into initial agreement levels, agreement levels, and minimum agreement levels.

2. Establishing a Functional Network:The software functional network is composed of subsystems, components, or function blocks, and uses logical symbols or connecting lines to represent the interactions and relationships between these components.

3. Establishing a Failure Network:The failure network illustrates the relationship between failure modes, causes, and impacts. The lowest-level functions in the functional network correspond to failure descriptions as failure modes, the next lowest-level functions correspond to failure descriptions as failure causes, and the next higher-level functions correspond to failure definitions as failure impacts.

4. Analyzing the Failure Modes and Causes of the Software:

Software failure causes arise from software defects triggered during operation.Software FMEA identifies critical software defects under its key common calling paths.

5. Analyzing the Severity of the Impacts of Software Failure Modes

The severity levels of software failures are divided into 5 levels

5 – Failure to meet safety and regulatory requirements

4 – Loss or degradation of basic functionality

3 – Loss or degradation of secondary functionality

2 – Other functionality issues

1 – No impact

6. Suggestions for Improvement Measures

After analysis, potential failure modes and impacts are identified. Based on the causes of each failure mode and the severity of their impacts on the system, corresponding improvement measures are proposed to form a complete FMEA table.

The transmission is a key assembly component of the automotive power transmission system and is one of the core elements affecting vehicle safety. The reliability of its control software is particularly crucial.This software is modeled using Matlab and Simulink tools, utilizing RTW to complete the automatic conversion from model to C code.

A top-down structured design approach is adopted, divided into several subsystems, including system scheduling, shifting patterns, coordination management, engine control, clutch control, transmission control, input/output processing, offline testing, CAN communication analysis, fault management, self-learning, and low-level drivers, with each subsystem further divided into several components.

Control Function Block Diagram of Clutch Separation:

Analysis of Typical Failure Modes Corresponding to the Separation Clutch Module Functional Items Forming the Failure Network:

Analyzing Software Failure Modes and Causes, Severity, and Forming the SFMEA Worksheet

Software FMEA analysis of failure causes can be summarized as follows: coding errors, data errors, logical errors, computational anomalies, and reliability issues with software-hardware interfaces. A comprehensive consideration of the severity of failure impacts, the probability of failure occurrence, and the cost of measures taken has led to corresponding software reliability enhancement measures being implemented in the project development.

For example:

1. Failure Cause: Coding Error

Failure Type: Undefined input variable data, incorrect storage type, inconsistent interface variable declarations, etc.

Improvement Measures: Draft a “Model Design Specification Document”, develop a variable type check component, and implement a “one-click” automatic variable type detection.

2. Failure Cause: Hardware-Software Interface Error

Failure Type: Failure to prevent known hardware failure modes

Improvement Measures: Periodic software monitoring of the state of the drive motor and electromagnetic valves, designing fault-safe handling mechanisms. Utilize model diagnostic methods to reduce the impact of sensor input signal deviations on certain functionalities or performance indicators.

As a leading quality education institution in China, QualityIn Quality Academy has been deeply engaged in the FMEA field for many years, sharing QualityIn’s methodologies and skills without reservation through the 【New Version PFMEA】 and 【New Version DFMEA】 video courses, recorded by Teacher Jia Ziqiang in a quality production environment.

▲ Preview of the “New Version DFMEA” video course, Course duration: 3 hours and 53 minutes,

Individual special price: 169 yuan, PLUS exclusive: 84.5 yuan

Scan the QR code to purchase the “New Version DFMEA”