Safety assurance at GM and using model management to support it

通用汽车的安全保证并使用模型管理来支持它

• 批准号: 515486-2017
• 负责人: Lawford, Mark
• 金额: $ 24.54万
• 依托单位: McMaster University
• 依托单位国家: 加拿大
• 项目类别: Collaborative Research and Development Grants
• 财政年份: 2019
• 资助国家: 加拿大
• 起止时间: 2019-01-01 至 2020-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=694831
• 关键词: Safety; assurance; GM; using; model

When a vehicle is designed, the car maker - the Original Equipment Manufacturer (OEM) - makes every effortto ensure that the vehicle will be safe and reliable. As vehicles have increased in complexity with the additionof software-enabled hybrid powertrains and Advanced Driver Assistance Systems, the system design and safetyprocesses have had a corresponding increase in required effort and difficulty. Recently, seemingly minorincremental changes in the vehicle's software and/or physical design have resulted in safety recalls because ofunforeseen subsystem interactions that have reduced vehicle safety and/or reliability to unacceptable levels. Tohelp address these issues, OEMs and their suppliers collaborated to produce the standard ISO 26262 RoadVehicles - Functional Safety, which prescribes processes and their outputs that should be produced as part ofthe system, software and safety processes for vehicle features that require different Automotive Safety IntegrityLevels. As OEMs and suppliers strive to be consistent with ISO 26262, an increasingly important questionarises: when can design and safety assurance artefacts be safely reused and when do the processes and theresulting work products have to be redone? Automotive companies must address this key question if they wantto remain competitive and be able to deliver ever safer vehicles at a purchase cost that the public is willing topay. To help the Canadian automotive industry address this issue, this project will model the design and safetyartefacts and their relationships with explicit safety assurance arguments known as a (safety) assurance case.We will provide model management processes and tools to analyze the models and determine the impact of adesign change on the assurance case. This will help engineers determine which parts of the assurance case canbe safely reused and where it requires further engineering effort to demonstrate that the new system isacceptably safe. The work will be extended to manage models of safety assurance for entire product lines tohelp OEMs deal with the reality of manufacturing for global product development.

在设计车辆时，汽车制造商-原始设备制造商(OEM)-会尽一切努力确保车辆将是安全可靠的。随着软件驱动的混合动力系统和高级驾驶员辅助系统的增加，车辆的复杂性增加，系统设计和安全流程相应增加了所需的工作量和难度。最近，车辆的软件和/或物理设计似乎发生了微小或增量的变化，导致安全召回，原因是无法预见的子系统相互作用已将车辆的安全性和/或可靠性降低到不可接受的水平。为了帮助解决这些问题，OEM及其供应商合作生产了标准的ISO 26262道路车辆-功能安全，该标准规定了应作为系统、软件和安全流程的一部分产生的流程及其输出，用于需要不同汽车安全完整性级别的车辆功能。随着原始设备制造商和供应商努力与国际标准化组织26262保持一致，一个日益重要的问题出现了：设计和安全保证制品何时可以安全地重复使用，工艺和产生的工作产品何时必须重做？汽车公司如果想要保持竞争力，并能够以公众愿意支付的购买成本交付越来越安全的汽车，就必须解决这个关键问题。为了帮助加拿大汽车业解决这一问题，该项目将使用称为(安全)保证案例的明确的安全保证论点来模拟设计和安全产品及其关系。我们将提供模型管理流程和工具来分析模型并确定设计变更对保证案例的影响。这将帮助工程师确定保险案例的哪些部分可以安全地重复使用，以及哪些部分需要进一步的工程工作来证明新系统是可接受的安全的。这项工作将扩展到管理整个产品线的安全保证模型，以帮助OEM应对全球产品开发的制造现实。