基于ISO26262标准开发和实现一种对于电子转向锁的有效的系统安全测试方法

VIP免费
3.0 牛悦 2024-11-19 5 4 3.14MB 105 页 15积分
侵权投诉
摘要
随着汽车产业的不断发展,汽车的安全一直是这个领域的焦点问题。对于汽车的
零配件供应商和汽车制造商而言,任何的车内安全问题都会对公司造成很大的影响
无论是公司的经济利益上还是公司的信誉。而对于消费者来说,这些安全问题则会
其自身的人身安全造成一定的影响。鉴于此,国际 ISO 组织于 2011 11 月颁布了
ISO26262 汽车安全标准,该标准仅适用于汽车相关的领域。
德国大陆集团作为世界前五的汽车零配件供应商之一,一直将客户的产品安全问
题放在最重要的位置。根据之前的汽车安全标准(IEC 61508, 大陆集团开发了适用
于自己公司的名为 EAGLE 的产品开发流程及相应的测试方法手册(CAM 505005。然而,
随着 ISO26262 标准的颁布实施,大陆集团根据此标准更新了自己的产品开发的流程,
即从 ESGLE 更新为 STAGES 4.2.而对于交叉系统功能安全测试方法方面,大陆集团暂时
还没有根据新标准做出相应的更新。
在此背景下,本论文的目的是基于 ISO26262 标准开发和实现一种对于电子转向锁
的有效的交叉系统安全测试方法,以此来对现有测试方法的更新。本论文通过介绍了
ISO26262 标准关于系统测试方面的内容以及通过与之前的安全标准(IEC 61508)之
间的对比以找出彼此的不同点。然后,通过分析不同层次的产品系统的要求及其文
结构,提出了一种有效的方法来复审和派生出测试案例。
根据所提出的方法,本论文基于约束基础测试的测试技术设计了一种针对于电子转
向锁系统的测试策略和测试概念。为了将这种测试的策略和概念应用于实践,该论文
CANoe®的开发环境下面,开发了一个专门用于实现上述提出的测试策略和概念的
CANoe 应用程序。改程序包含一个用户界面和多个数据窗口。并利用 Matlab® 中的
Simulink/Stateflow®,开发设计了一个模块以辅助实现已开发的 CANoe 应用程序内的
一些功能。论文的最后介绍了将已开发设计的测试方法应用于大陆集团交叉系统测
部门内的测试平台上的实验结果,并对此做了相应的分析。
同时,本论文还介绍了大陆集团 I BS 部门的产品开发流程,测试方法,测试工具
及测试的策略。
关键词 电子转向锁、ISO 26262约束基础测试CANoe 产品的要求、
交叉功能系统测试
Abstract
With the development of automotive industry, vehicle safety is always a hot topic in this area.
For the auto manufactures, any safety issue within the vehicle would cause a huge influence
to the company not only the economic benefits, but also the reputation of the company. Based
on that, the ISO organization released a new standard called ISO 26262 which specific applies
for the road vehicles.
Continental AG as one of the top 5 automotive suppliers in the world always put the safety of
products for customers into very high consideration. According to the safety standard IEC
61508, Continental AG developed its own process of product developments called EAGLE
and the test method called CAM 505005. While with the rapidly development of automotive
industry, a new standard called ISO 26262 was released in 2011, which pushes the automotive
suppliers and OEMs to update their current process and testing methods to fulfill the
requirements of ISO 26262. In this situation, Continental AG has already updated the product
development process from EAGLE to STAGES 4.2 but the testing method in accordance with
ISO 26262 is still waiting to be updated.
The purpose of this master thesis is to develop and implement an efficient ISO 26262
automotive safety conform system test concept for an Electronic Steering Column Lock
(ESCL). The thesis will introduce the ISO 26262 standard and make a comparison with
former standard to dig out the difference between them in terms of system test.
There are several types of requirements, and the original one comes from Customer. By
analyzing the requirements documentation structure and the requirements on different levels,
this thesis proposes an efficient way to review and derive the essential test cases.
According to the proposed way, a new test strategy and system test concept for ESCL is
designed based on Constraint Based Testing (CBT). In this thesis a check model developed
within the CANoe® development environment together with Simulink/Stateflow® was used
to implement the proposed system test concept for ESCL. This check model has one user
interface and several windows. Experimental results with respect to applying this check model
into real ESCL system are displayed.
Meanwhile, the development process in I BS at Continental, several testing methods, testing
tools and test strategy are also presented in this thesis.
Key Words: ESCL, ISO26262, CBT, CANoe, Simulink/Stateflow, System Test,
Requirements
Contents
1. Introduction ................................................................................................................................... 1
1.1. Motivation .............................................................................................................................. 1
1.2. Functional Safety ................................................................................................................... 3
1.2.1. Introduction ................................................................................................................... 3
1.2.2. Functional Safety Standards ........................................................................................ 3
2. System test relevant aspects of ISO 26262 Standard ................................................................. 6
2.1. Development of ISO 26262 ................................................................................................... 6
2.2. ISO 26262 and Maturity Models .......................................................................................... 7
2.3. Safety lifecycle of ISO 26262 .............................................................................................. 13
2.4. ASIL of ISO 26262 .............................................................................................................. 15
2.4.1. The determination of ASIL ......................................................................................... 15
2.4.2. The decomposition of ASIL ........................................................................................ 17
2.5. The differences between ISO 26262 and IEC 61508 in terms of testing ........................ 19
2.5.1. Structures of them ....................................................................................................... 19
2.5.2. Hardware faults determination ................................................................................. 21
2.5.3. Safety levels .................................................................................................................. 23
2.5.4. Other differences ......................................................................................................... 24
3. System testing based on I BS process, methods and tools ........................................................ 25
3.1. I BS Process .......................................................................................................................... 25
3.1.1. I BS development process for projects ...................................................................... 25
3.1.2. I BS System Engineering Process ............................................................................... 26
3.1.3. I BS Functional Safety Management Process ........................................................... 30
3.2. Testing Method .................................................................................................................... 31
3.2.1. Test Phases ................................................................................................................... 31
3.2.2. Test Techniques ........................................................................................................... 32
3.2.3. Test Strategy ................................................................................................................ 36
3.3. Testing Tools ........................................................................................................................ 38
3.3.1. DOORS ......................................................................................................................... 38
3.3.2. CANoe ........................................................................................................................... 40
3.3.3. CAN caseXL ................................................................................................................. 43
4. Analyzing the Requirements of ESCL ....................................................................................... 44
4.1. Requirements documentation structure in DOORS ........................................................ 44
4.2. Functional and Nonfunctional requirements .................................................................... 46
4.2.1. Functional requirements ............................................................................................. 46
4.2.2. Nonfunctional requirements ....................................................................................... 46
4.2.3. How to deal with Functional and Nonfunctional Requirements ............................. 46
4.3. A specific requirements of ESCL ....................................................................................... 49
4.3.1. One specific example ................................................................................................... 49
4.3.2. The current status ....................................................................................................... 51
4.3.3. Proposed a new way to derive the test cases ............................................................. 52
4.4. Proposed Test Strategy ....................................................................................................... 54
4.5. How to review requirements as system test engineer ....................................................... 55
5. Development of a System Test Concept for ESCL .................................................................. 57
5.1. ESCL System ....................................................................................................................... 57
5.2. A new System Test Concept for ESCL .............................................................................. 58
5.2.1. The current system test method for ESCL ................................................................ 58
5.2.2. The principle of the new system test concept ............................................................ 59
5.2.3. Proposed Constraint Based Test (CBT) for ESCL ................................................... 60
5.2.4. Comparison between CBT and Current testing method ......................................... 61
5.3. Design of the test cases ........................................................................................................ 62
5.3.1. Deriving the signals from requirements .................................................................... 62
5.3.2. Specify the equivalence classes for each signal ......................................................... 66
5.3.3. Design the test cases..................................................................................................... 68
5.4. Development and implementation of Check Model ......................................................... 69
5.4.1. Development of the new CANoe application ............................................................ 69
5.4.2. Implement the CANoe application with CAPL and Matlab ................................... 72
6. The experimental results of the proposed system test concept ................................................ 80
6.1. The Manual Test Bench ...................................................................................................... 80
6.2. The experiment steps ........................................................................................................... 81
6.3. The experimental results ..................................................................................................... 81
6.4. Create a DLL file and integrate it in CANoe .................................................................... 85
7. Conclusions .................................................................................................................................. 87
Appendix A: General user guide for DOORS ....................................................................................... 90
1. Access to DOORS .................................................................................................................... 90
2. Select the functional related documents of ESCL in DOORS ............................................. 91
3. How to review the requirements in DOORs ........................................................................ 92
Appendix B: CAPL source codes of RS232 .......................................................................................... 95
List of Abbreviations: ............................................................................................................................ 97
Reference: .............................................................................................................................................. 99
Paper and Research ............................................................................................................................. 101
Acknowledgement ............................................................................................................................. 102
Chapter 1 Introduction
1
1. Introduction
1.1. Motivation
With the development of automotive industry, vehicle safety is always a hot topic in this area.
For the auto manufactures, any safety issue within the vehicle would cause a huge influence
to the company not only the economic benefits, but also the reputation of the company. The
announcement made by Toyota in 2010 for the recall of their defective vehicles only serves to
highlight how costly defects can be not only for the company’s balance sheet but also costly
in terms of eroded consumers’ confidence. [1]
What is the most concerned with the automotive safety is the life safety when vehicle crashes
happen. In United States, motor vehicle crashes killed more than 33,000 people and injured
over 2.2 million others in 2009. In addition to the terrible personal tall, these crashes make a
huge economic loss with an estimated annual cost of $230 billion, an average of $750 for
every person in the United States. [2]
As such, in order to minimize the possibility of car crashes which caused by the safety issue
of the vehicle itself, many tests must be taken for each component of the car before it is
released from the automotive suppliers and OEMs.
Standards
IEC 61508 (2002) ISO26262 (2011)
CAM505005
Method update
?
Test Method
Process
STAGES 4.2
EAGLE
Figure 1: The motivation from Continental
Development and implementation of an efficient ISO26262 automotive safety conform system test concept
for an electronic steering column lock
2
Continental AG as one of the top 5 automotive suppliers in the world [3] always put the safety
of products for customers into very high consideration. According to the safety standard IEC
61508, Continental AG developed its own process of product developments called EAGLE
and the test method called CAM 505005. While with the rapidly development of automotive
industry, a new standard called ISO 26262 was released in 2011, which pushes the automotive
suppliers and OEMs to update their current process and testing methods to fulfill the
requirements of ISO 26262. In this situation, Continental AG has already updated the product
development process from EAGLE to STAGES 4.2 but the testing method in accordance with
ISO 26262 is still waiting to be updated. As shown in Figure 1, X-axis stands for the
development of standards; Y-axis is the corresponding development of process at Continental
AG; in between is the development of the testing method in accordance with the processes
and standards.
Given the motivations above, the object of this thesis is to develop and implement an efficient
ISO 26262 automotive safety conform system test concept for a Electronic Steering Column
Lock so as to update the current testing method in accordance with ISO 26262.
Chapter 1 Introduction
3
1.2. Functional Safety
1.2.1. Introduction
Safety is defined as the freedom from unacceptable risk of physical injury or of damage to the
health of people, either directly or indirectly as a result of damage to property or to the
environment [4].
Functional safety is the part of the overall safety of a system or piece of equipment that
depends on the system or equipment operating correctly in response to its inputs, including
the safe management of likely operator errors, hardware failures and environmental
changes [5].
In the automotive industry, usually speaking, functional safety is aroused by using electrical,
electronic or programmable electronic systems (E/E/PE). As these systems are complex
especially the integration of different E/E/PE systems or components, which makes it
impossible to fully determine every failure mode or to test all possible behavior in practice. In
this situation, although it is impossible, testing is still a best solution to detect the failures. But
the challenge is to design a testing method as to prevent the dangerous failures or to reduce
the risks of them to a tolerable level
1.2.2. Functional Safety Standards
The responsibility of safety standards is to ensure the safety of processes and to help prevent
accidents from happening on the industrial. Normally, these standards provide a formalized
method to determine the risk associated with industrial machinery and guideline to prevent the
unsafe conditions and components. As the importance of these standards, there is a need to
know where they come from. Nowadays, there are two organizations, IEC (International
Electrotechnical Commission) and ISO (International Standards Organization), who govern
the international safety standards for machinery. IEC usually develops the standards for the
fields of electronic, electrical, and related technologies, while ISO covers other technical
fields.
Development and implementation of an efficient ISO26262 automotive safety conform system test concept
for an electronic steering column lock
4
As showed in figure 2[6] [7], we can see that there are many standards related with safety. Such
as VDE 0801 for computers in safety-related systems [8], ISO 15408 for the security
techniques for information technology [9], ECSS-E-40A is a software engineering standard
and applicable to all the elements of a space system [10], RTCA DO -178B for aerospace
SW [6], SAE APR 7461 for aerospace HW [6], and IEC 60880 for the SW in Nuclear Power
Plants [6].
When comes to functional safety related standards, IEC 61508 is the highlight of this part.
IEC 61508 can be recognized as the “Father Standard”, as it is not only a stand-alone standard,
but also can be used as the basis for other standards.
IEC 61508
VDE 0801
ISO 15408
General
Purpose
Def Stan 00-55
RTCA DO-178B
Military
SAE APR 7461
Aerospace
ECSS-E-40A
EU,
Space
Nuclear
Power Plant
Automotive
ISO 26262
ISO TR 15497
Figure 2 Safety related Standards
Chapter 1 Introduction
5
As shown in figure 3[5] [6] [7] [24], the ANSI/ISA-84.00.01 -1996 was developed by the ISA
SP84 committee to address the need to increase safety by systematically reducing process risk
and the most recent version of it was released in 2004[11]. IEC 61508 is a Meta-Standard based
on the ANSI/ISA-84 and applies to all industries. As the needs arise from different industrial
fields, different tailored standards, which derivate from IEC 61508, have been published as
IEC 61511 for the process industry, IEC 62061 for the Machinery; IEC 61513 for nuclear,
EN50126 for Railway industry, IEC 60601 1-4 for Medical, IEC 50156 for Furnace, IEC
60335 for Household Appliances, and ISO 26262 for the Functional safety of Road Vehicles.
IEC 61508 (Meta-Standard)
All Industries
“ Umbrella Standard “
EN 50126 , EN
50128 (Railway)
IEC 60601 1-
4(Medical)
IEC 61513 (Nuclear)
IEC 62061 and EN ISO
13849(Machinery)
IEC 61511 (Process
Industry)
ISO 26262 (Road
Vehicle)
IEC 60335 Household
Appliances
IEC 50156
Furnaces
Figure 3 : Functional Safety Related Standards
ANSI/ISA-84.00.01-1996
摘要:

摘要随着汽车产业的不断发展,汽车的安全一直是这个领域的焦点问题。对于汽车的零配件供应商和汽车制造商而言,任何的车内安全问题都会对公司造成很大的影响,无论是公司的经济利益上还是公司的信誉。而对于消费者来说,这些安全问题则会对其自身的人身安全造成一定的影响。鉴于此,国际ISO组织于2011年11月颁布了ISO26262汽车安全标准,该标准仅适用于汽车相关的领域。德国大陆集团作为世界前五的汽车零配件供应商之一,其一直将客户的产品安全问题放在最重要的位置。根据之前的汽车安全标准(IEC61508),大陆集团开发了适用于自己公司的名为EAGLE的产品开发流程及相应的测试方法手册(CAM505005)。然...

展开>> 收起<<
基于ISO26262标准开发和实现一种对于电子转向锁的有效的系统安全测试方法.pdf

共105页,预览10页

还剩页未读, 继续阅读

相关推荐

更多
立即下载
作者:牛悦 分类:高等教育资料 价格:15积分 属性:105 页 大小:3.14MB 格式:PDF 时间:2024-11-19

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

推荐作者

热门标签

/ 105
评分 收藏
分享
立即下载 VIP免费下载
客服
关注