Automated Functional Safety Analysis of Automated Driving Systems

  • Martin KölblEmail author
  • Stefan LeueEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11119)


In this paper, we present a method to assess functional safety of architectures for Automated Driving Systems (ADS). The ISO 26262 standard defines requirements and processes in support of achieving functional safety of passenger vehicles, but does not address in particular autonomous driving functions. Autonomous driving will bring with it a number of fundamental changes affecting functional safety. First, there will no longer be a driver capable of controlling the vehicle in case of a failure of the ADS. Second, the hardware and software architectures will become more complex and flexible than those used for conventional vehicles. We present an automated method to assert functional safety of ADS systems in the spirit of ISO 26262 in light of these changes. The approach is model-based and implemented in the QuantUM analysis tool. We illustrate its use in functional safety analysis using a proposed practical ADS architecture and address, in particular, architectural variant analysis.



We wish to thank Stephan Heidinger, Matthias Kuntz and Majdi Ghadhab for discussions at the early stages of this work.


  1. 1.
    Adler, R., Feth, P., Schneider, D.: Safety engineering for autonomous vehicles. In: DSN Workshops, pp. 200–205. IEEE Computer Society (2016)Google Scholar
  2. 2.
    Bahig, G.M., El-Kadi, A.: Formal verification of automotive design in compliance with ISO 26262 design verification guidelines. IEEE Access 5, 4505–4516 (2017)CrossRefGoogle Scholar
  3. 3.
    Baier, C., Haverkort, B., Hermanns, H., Katoen, J.P.: Model-checking algorithms for continuous-time Markov chains. IEEE Trans. Softw. Eng. 29(6), 524–541 (2003)CrossRefGoogle Scholar
  4. 4.
    Baier, C., Katoen, J.: Principles of Model Checking. MIT Press, Cambridge (2008)zbMATHGoogle Scholar
  5. 5.
    Behere, S., Törngren, M.: A functional reference architecture for autonomous driving. Inf. Softw. Technol. 73, 136–150 (2016)CrossRefGoogle Scholar
  6. 6.
    Cuenot, P., Ainhauser, C., Adler, N., Otten, S., Meurville, F.: Applying model based techniques for early safety evaluation of an automotive architecture in compliance with the ISO 26262 standard. In: Proceedings of the 7th European Congress on Embedded Real Time Software and Systems (ERTS\(^2\)) (2014)Google Scholar
  7. 7.
    Ghadhab, M., Junges, S., Katoen, J.-P., Kuntz, M., Volk, M.: Model-based safety analysis for vehicle guidance systems. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10488, pp. 3–19. Springer, Cham (2017). Scholar
  8. 8.
    ISO: Road vehicles - functional safety. ISO 26262, International Organization for Standardization, Geneva, Switzerland (2011)Google Scholar
  9. 9.
    ISO: Draft international standard, road vehicles - functional safety. Technical report ISO/DIS 26262, International Organization for Standardization, Geneva, Switzerland (2016)Google Scholar
  10. 10.
    ISO: Road vehicles - safety of the intended functionality. Technical report ISO/WD PAS 21448, International Organization for Standardization, Geneva, Switzerland (2017)Google Scholar
  11. 11.
    Koopman P., Wagner, M.: Challenges in autonomous vehicle testing and validation (2016). Preprint
  12. 12.
    Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585–591. Springer, Heidelberg (2011). Scholar
  13. 13.
    Leitner, A., Ochs, T., Bulwahn, L., Watzenig, D.: Open dependable power computing platform for automated driving. In: Watzenig, D., Horn, M. (eds.) Automated Driving, pp. 353–367. Springer, Cham (2017). Scholar
  14. 14.
    Leitner-Fischer, F.: Causality checking of safety-critical software and systems. Ph.D. thesis, University of Konstanz, Germany (2015)Google Scholar
  15. 15.
    Leitner-Fischer, F., Leue, S.: QuantUM: quantitative safety analysis of UML models. In: QAPL. EPTCS, vol. 57, pp. 16–30 (2011)Google Scholar
  16. 16.
    Leitner-Fischer, F., Leue, S.: Causality checking for complex system models. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds.) VMCAI 2013. LNCS, vol. 7737, pp. 248–267. Springer, Heidelberg (2013). Scholar
  17. 17.
    Leitner-Fischer, F., Leue, S.: Probabilistic fault tree synthesis using causality computation. IJCCBS 4(2), 119–143 (2013)CrossRefGoogle Scholar
  18. 18.
    Martin, H., Tschabuschnig, K., Bridal, O., Watzenig, D.: Functional safety of automated driving systems: does ISO 26262 meet the challenges? In: Watzenig, D., Horn, M. (eds.) Automated Driving, pp. 387–416. Springer, Cham (2017). Scholar
  19. 19.
    OMG: Systems Modeling Language (SysML), Version 1.5. Technical report, OMG (2017)Google Scholar
  20. 20.
    SAE: J3016\(\_\)201609: Taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles, September 2016.
  21. 21.
    Schroeder, B., Pinheiro, E., Weber, W.: DRAM errors in the wild: a large-scale field study. Commun. ACM 54(2), 100–107 (2011)CrossRefGoogle Scholar
  22. 22.
    ter Beek, M.H., Gnesi, S., Koch, N., Mazzanti, F.: Formal verification of an automotive scenario in service-oriented computing. In: ICSE, pp. 613–622. ACM (2008)Google Scholar
  23. 23.
    Watzenig, D., Horn, M.: Introduction to automated driving. In: Watzenig, D., Horn, M. (eds.) Automated Driving, pp. 3–16. Springer, Cham (2017). Scholar
  24. 24.
    Weiss, G., Schleiss, P., Drabek, C., Ruiz, A., Radermacher, A.: Safe adaptation for reliable and energy-efficient E/E architectures. In: Watzenig, D., Brandstätter, B. (eds.) Comprehensive Energy Management - Safe Adaptation, Predictive Control and Thermal Management. SAST, pp. 1–18. Springer, Cham (2018). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.University of KonstanzKonstanzGermany

Personalised recommendations