Employing early model-based safety evaluation to iteratively derive E/E architecture design

ISO 26262 addresses development of safe in-vehicle functions by specifying methods potentially used in the design and development lifecycle. It does not indicate what is sufficient and leaves room for interpretation. Yet the architects of electric/electronic systems need design boundaries to make decisions during architecture evolutionary design without adding a risk of late changes. Correct selection of safety mechanisms from alternatives at early design stages is vital for time-to-market of critical systems. In this paper we present and discuss an iterative architecture design and refinement process that is centered around ISO 26262 requirements and model-based analysis of safety-related metrics. This process simplifies identification of the most sensitive parts of the architecture, selection of the best suitable safety mechanisms to reduce thereby failure rate on the system level and improve the metrics defined by the standard. To support the defined process we present the metamodels that can be integrated with existing DSL (domain-specific language) frameworks to extend them with information supporting further extraction of fault propagation behavior. We provide a framework for architecture model analysis and selection of safety mechanisms. We provide details on the model-based toolset that has been developed to support the proposed analysis and synthesis methods, and demonstrate its application to analysis of a steer-by-wire system model and selection of safety mechanisms for it.