Demo page details
Page source code: analysis.rst
1{% set page="analysis.rst" %}
2{% include "demo_page_header.rst" with context %}
3
4📊 Safety Traceability Analysis
5================================
6
7This page provides comprehensive visualization and analysis of the complete safety
8artifact traceability chain from hazards through safety goals and functional safety
9requirements to system requirements.
10
11Complete Safety Traceability
12-----------------------------
13
14This diagram shows the complete traceability from the top-level hazard through all
1520 safety goals, 30+ functional safety requirements, to 18 system requirements.
16
17.. needflow::
18 :tags: safety_example
19 :types: hazard,safety_goal,fsr,sysreq
20 :show_link_names:
21 :link_types: mitigates,derives_from,implements
22 :scale: 80
23
24Safety Artifacts Overview
25--------------------------
26
27Complete list of all safety artifacts with key metadata.
28
29.. needtable::
30 :filter: docname is not None and "safety_example" in docname
31 :columns: id, type_name, title, asil, status
32 :style: table
33 :sort: type
34
35ASIL Distribution Analysis
36---------------------------
37
38Distribution of Safety Artifacts by Type
39~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
40
41.. needpie:: Safety Artifacts by Type
42 :labels: Hazards, Safety Goals, FSRs, SYSREQs
43
44 type == "hazard" and docname is not None and "safety_example" in docname
45 type == "safety_goal" and docname is not None and "safety_example" in docname
46 type == "fsr" and docname is not None and "safety_example" in docname
47 type == "sysreq" and docname is not None and "safety_example" in docname
48
49Safety Goals by Subsystem
50~~~~~~~~~~~~~~~~~~~~~~~~~~
51
52.. needpie:: Safety Goals by Subsystem
53 :labels: VDC, WRDC, Drive, Brake, Steering
54
55 type == "safety_goal" and docname is not None and "safety_example" in docname and (id == "SG_01" or id == "SG_02" or id == "SG_03" or id == "SG_04")
56 type == "safety_goal" and docname is not None and "safety_example" in docname and (id == "SG_05" or id == "SG_06" or id == "SG_07" or id == "SG_08" or id == "SG_09" or id == "SG_10" or id == "SG_11" or id == "SG_12")
57 type == "safety_goal" and docname is not None and "safety_example" in docname and (id == "SG_13" or id == "SG_14")
58 type == "safety_goal" and docname is not None and "safety_example" in docname and (id == "SG_15" or id == "SG_16")
59 type == "safety_goal" and docname is not None and "safety_example" in docname and (id == "SG_17" or id == "SG_18" or id == "SG_19" or id == "SG_20")
60
61FSRs by Subsystem
62~~~~~~~~~~~~~~~~~
63
64.. needpie:: FSRs by Subsystem
65 :labels: Steering, Brake, Drive, WRDC, VDC, Sensors, Power, Process
66
67 type == "fsr" and docname is not None and "safety_example" in docname and id.startswith("FSR_STEER")
68 type == "fsr" and docname is not None and "safety_example" in docname and id.startswith("FSR_BRAKE")
69 type == "fsr" and docname is not None and "safety_example" in docname and id.startswith("FSR_DRIVE")
70 type == "fsr" and docname is not None and "safety_example" in docname and id.startswith("FSR_WRDC")
71 type == "fsr" and docname is not None and "safety_example" in docname and id.startswith("FSR_VDC")
72 type == "fsr" and docname is not None and "safety_example" in docname and (id.startswith("FSR_VEHICLE_SENS") or id.startswith("FSR_WHEEL_SENS"))
73 type == "fsr" and docname is not None and "safety_example" in docname and id.startswith("FSR_POWER")
74 type == "fsr" and docname is not None and "safety_example" in docname and id.startswith("FSR_PROC")
75
76Critical Path Analysis
77-----------------------
78
79Vehicle Dynamics Controller Critical Path
80~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
81
82Traceability from hazard through VDC safety goals to VDC FSRs.
83
84.. needflow::
85 :filter: (id == "HAZ_TRAJ_DEV") or (type == "safety_goal" and (id == "SG_01" or id == "SG_02" or id == "SG_03" or id == "SG_04")) or (type == "fsr" and id.startswith("FSR_VDC"))
86 :show_link_names:
87 :link_types: mitigates,derives_from
88 :scale: 90
89
90Wheel Rotational Dynamics Controller Critical Path
91~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92
93Traceability from hazard through WRDC safety goals to WRDC FSRs.
94
95.. needflow::
96 :filter: (id == "HAZ_TRAJ_DEV") or (type == "safety_goal" and (id == "SG_05" or id == "SG_06" or id == "SG_07" or id == "SG_08" or id == "SG_09" or id == "SG_10" or id == "SG_11" or id == "SG_12")) or (type == "fsr" and id.startswith("FSR_WRDC"))
97 :show_link_names:
98 :link_types: mitigates,derives_from
99 :scale: 90
100
101Steering System Critical Path
102~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
103
104Traceability from hazard through steering safety goals to steering FSRs.
105
106.. needflow::
107 :filter: (id == "HAZ_TRAJ_DEV") or (type == "safety_goal" and (id == "SG_17" or id == "SG_18" or id == "SG_19" or id == "SG_20")) or (type == "fsr" and id.startswith("FSR_STEER"))
108 :show_link_names:
109 :link_types: mitigates,derives_from
110 :scale: 90
111
112Brake System Critical Path
113~~~~~~~~~~~~~~~~~~~~~~~~~~~
114
115Traceability from hazard through brake safety goals to brake FSRs.
116
117.. needflow::
118 :filter: (id == "HAZ_TRAJ_DEV") or (type == "safety_goal" and (id == "SG_15" or id == "SG_16")) or (type == "fsr" and id.startswith("FSR_BRAKE"))
119 :show_link_names:
120 :link_types: mitigates,derives_from
121 :scale: 90
122
123Drive System Critical Path
124~~~~~~~~~~~~~~~~~~~~~~~~~~~
125
126Traceability from hazard through drive safety goals to drive FSRs.
127
128.. needflow::
129 :filter: (id == "HAZ_TRAJ_DEV") or (type == "safety_goal" and (id == "SG_13" or id == "SG_14")) or (type == "fsr" and id.startswith("FSR_DRIVE"))
130 :show_link_names:
131 :link_types: mitigates,derives_from
132 :scale: 90
133
134Safety Goal Coverage
135---------------------
136
137Coverage of Safety Goals by FSRs
138~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
139
140This table shows which FSRs derive from each safety goal, providing visibility
141into requirement decomposition completeness.
142
143.. needtable::
144 :filter: type == "safety_goal" and docname is not None and "safety_example" in docname
145 :columns: id, title, derives_from_back
146 :style: table
147 :colwidths: 15, 45, 40
148
149FSR Completeness Analysis
150--------------------------
151
152FSRs by Category
153~~~~~~~~~~~~~~~~
154
155Controller FSRs
156^^^^^^^^^^^^^^^
157
158.. needtable::
159 :filter: type == "fsr" and docname is not None and "safety_example" in docname and "Controller" in title
160 :columns: id, title, asil, status
161 :style: table
162
163Sensor FSRs
164^^^^^^^^^^^
165
166.. needtable::
167 :filter: type == "fsr" and docname is not None and "safety_example" in docname and "Sensor" in title
168 :columns: id, title, asil, status
169 :style: table
170
171Process FSRs
172^^^^^^^^^^^^
173
174.. needtable::
175 :filter: type == "fsr" and docname is not None and "safety_example" in docname and ("Process" in title or "Component" in title)
176 :columns: id, title, asil, status
177 :style: table
178
179Power Supply FSRs
180^^^^^^^^^^^^^^^^^
181
182.. needtable::
183 :filter: type == "fsr" and docname is not None and "safety_example" in docname and "Power" in title
184 :columns: id, title, asil, status
185 :style: table
186
187FSR Implementation Coverage
188----------------------------
189
190This table shows which System Requirements implement each FSR, providing visibility
191into the decomposition from functional safety requirements to concrete system specifications.
192
193.. needtable::
194 :filter: type == "fsr" and docname is not None and "safety_example" in docname
195 :columns: id, title, implements_back
196 :style: table
197 :colwidths: 15, 45, 40
198
199System Requirements Analysis
200-----------------------------
201
202SYSREQs by Subsystem
203~~~~~~~~~~~~~~~~~~~~
204
205.. needpie:: System Requirements by Subsystem
206 :labels: VDC, WRDC, Steering, Brake, Drive
207
208 type == "sysreq" and docname is not None and "safety_example" in docname and "VDC" in id
209 type == "sysreq" and docname is not None and "safety_example" in docname and "WRDC" in id
210 type == "sysreq" and docname is not None and "safety_example" in docname and "STEER" in id
211 type == "sysreq" and docname is not None and "safety_example" in docname and "BRAKE" in id
212 type == "sysreq" and docname is not None and "safety_example" in docname and "DRIVE" in id
213
214VDC System Requirements
215^^^^^^^^^^^^^^^^^^^^^^^
216
217.. needtable::
218 :filter: type == "sysreq" and docname is not None and "safety_example" in docname and "VDC" in id
219 :columns: id, title, asil, status
220 :style: table
221
222WRDC System Requirements
223^^^^^^^^^^^^^^^^^^^^^^^^
224
225.. needtable::
226 :filter: type == "sysreq" and docname is not None and "safety_example" in docname and "WRDC" in id
227 :columns: id, title, asil, status
228 :style: table
229
230Steering System Requirements
231^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
232
233.. needtable::
234 :filter: type == "sysreq" and docname is not None and "safety_example" in docname and "STEER" in id
235 :columns: id, title, asil, status
236 :style: table
237
238Brake System Requirements
239^^^^^^^^^^^^^^^^^^^^^^^^^^
240
241.. needtable::
242 :filter: type == "sysreq" and docname is not None and "safety_example" in docname and "BRAKE" in id
243 :columns: id, title, asil, status
244 :style: table
245
246Drive System Requirements
247^^^^^^^^^^^^^^^^^^^^^^^^^^
248
249.. needtable::
250 :filter: type == "sysreq" and docname is not None and "safety_example" in docname and "DRIVE" in id
251 :columns: id, title, asil, status
252 :style: table
253
254ASIL D Requirements Summary
255----------------------------
256
257All safety artifacts in this example are assigned ASIL D, the highest automotive
258safety integrity level. This demonstrates the safety-critical nature of vehicle
259actuation systems in automated driving.
260
261**Total Safety Artifacts:**
262
263- **1** Hazard (HAZ_TRAJ_DEV)
264- **20** Safety Goals (SG_01 to SG_20)
265- **30+** Functional Safety Requirements
266- **18** System Requirements
267
268**ISO 26262 Compliance:**
269
270- All hazards have ASIL assignment with rationale
271- All safety goals mitigate identified hazards
272- All FSRs derive from safety goals
273- All SYSREQs implement FSRs with concrete specifications
274- Complete traceability chain maintained (HAZ → SG → FSR → SYSREQ)
275- Schema validation ensures compliance
276
277**STPA-Based Derivation:**
278
279This example demonstrates the STPA (System-Theoretic Process Analysis) methodology
280applied to vehicle actuation systems:
281
2821. **Control Structure Analysis**: Hierarchical control from trajectory input through
283 VDC/WRDC to individual actuators
2842. **Unsafe Control Actions**: Systematic identification of "when required" and
285 "only when required" conditions
2863. **Causal Factor Analysis**: Control loop components (sensors, processes, controllers,
287 actuators) analyzed for failure modes
2884. **Requirement Derivation**: Safety goals and FSRs derived from causal factors
289
290Verification and Validation
291----------------------------
292
293The safety artifacts in this example would typically be verified through:
294
295- **Requirements Review**: Completeness, consistency, correctness
296- **Design Review**: Architectural safety mechanisms, fault tolerance
297- **FMEA/FTA**: Failure modes and fault trees analysis
298- **Hardware-in-the-Loop Testing**: Controller validation with real actuators
299- **Vehicle Testing**: Full system validation on test track
300- **ISO 26262 Audit**: Independent safety assessment
301
302.. seealso::
303
304 **ISO 26262-3:2018** - Concept phase (HARA, safety goals)
305
306 **ISO 26262-4:2018** - Product development at system level (FSRs, system architecture)
307
308 **ISO 26262-6:2018** - Product development at software level
309
310 Research paper: Stolte, Bagschik, Maurer, "Safety Goals and Functional Safety
311 Requirements for Actuation Systems of Automated Vehicles," IEEE ITSC 2016
📊 Safety Traceability Analysis¶
This page provides comprehensive visualization and analysis of the complete safety artifact traceability chain from hazards through safety goals and functional safety requirements to system requirements.
Complete Safety Traceability¶
This diagram shows the complete traceability from the top-level hazard through all 20 safety goals, 30+ functional safety requirements, to 18 system requirements.
No needs passed the filters
Safety Artifacts Overview¶
Complete list of all safety artifacts with key metadata.
ID |
Type Name |
Title |
Asil |
Status |
|---|---|---|---|---|
Functional Safety Requirement |
Steering Controller Robust Control Algorithm |
D |
open |
|
Functional Safety Requirement |
Steering Controller Validated Dynamics Model |
D |
open |
|
Functional Safety Requirement |
Steering Controller Fail-Operational Design |
D |
open |
|
Functional Safety Requirement |
Steering Controller Timing Requirements |
D |
open |
|
Functional Safety Requirement |
Steering Sensor Feedback Compensation |
D |
open |
|
Functional Safety Requirement |
Steering Sensor Power Supply |
D |
open |
|
Functional Safety Requirement |
Steering Sensor Measurement Accuracy |
D |
open |
|
Functional Safety Requirement |
Steering Mechanical Design |
D |
open |
|
Functional Safety Requirement |
Steering Component Monitoring |
D |
open |
|
Functional Safety Requirement |
Brake Controller Robust Algorithm |
D |
open |
|
Functional Safety Requirement |
Brake Controller Fail-Operational Design |
D |
open |
|
Functional Safety Requirement |
Brake Controller Operational Monitoring |
D |
open |
|
Functional Safety Requirement |
Brake System Design Limits |
D |
open |
|
Functional Safety Requirement |
Brake Component Health Monitoring |
D |
open |
|
Functional Safety Requirement |
Drive Controller Robust Algorithm |
D |
open |
|
Functional Safety Requirement |
Drive Controller Validated Model |
D |
open |
|
Functional Safety Requirement |
Drive Controller Fail-Operational Design |
D |
open |
|
Functional Safety Requirement |
Drive Component Monitoring |
D |
open |
|
Functional Safety Requirement |
Drive System Design Limits |
D |
open |
|
Functional Safety Requirement |
WRDC Fault-Tolerant Algorithm |
D |
open |
|
Functional Safety Requirement |
WRDC Fail-Operational Design |
D |
open |
|
Functional Safety Requirement |
WRDC Precise Dynamics Model |
D |
open |
|
Functional Safety Requirement |
WRDC Timing Requirements |
D |
open |
|
Functional Safety Requirement |
VDC Robust Control Algorithm |
D |
open |
|
Functional Safety Requirement |
VDC Validated Dynamics Model |
D |
open |
|
Functional Safety Requirement |
VDC Fail-Operational Design |
D |
open |
|
Functional Safety Requirement |
VDC Fault-Tolerant Algorithm |
D |
open |
|
Functional Safety Requirement |
Vehicle Motion Sensor Feedback |
D |
open |
|
Functional Safety Requirement |
Vehicle Motion Sensor Accuracy |
D |
open |
|
Functional Safety Requirement |
Vehicle Motion Sensor Timing |
D |
open |
|
Functional Safety Requirement |
Wheel Motion Sensor Compensation |
D |
open |
|
Functional Safety Requirement |
Wheel Motion Sensor Power |
D |
open |
|
Functional Safety Requirement |
Vehicle Dynamics Control Action Consistency |
D |
open |
|
Functional Safety Requirement |
Wheel Dynamics Brake-Drive Conflict Prevention |
D |
open |
|
Functional Safety Requirement |
Actuator Power Supply Continuity |
D |
open |
|
Functional Safety Requirement |
Controller Power Supply Continuity |
D |
open |
|
Hazard |
Vehicle Not Following Intended Trajectory |
D |
open |
|
Safety Goal |
VDC Must Set Target Wheel Torque When Required |
D |
open |
|
Safety Goal |
VDC Must Set Target Wheel Torque Only When Required |
D |
open |
|
Safety Goal |
VDC Must Set Target Steering Angle When Required |
D |
open |
|
Safety Goal |
VDC Must Set Target Steering Angle Only When Required |
D |
open |
|
Safety Goal |
WRDC Must Change Target Brake Torque When Required |
D |
open |
|
Safety Goal |
WRDC Must Change Target Brake Torque Only When Required |
D |
open |
|
Safety Goal |
WRDC Must Change Target Drive Torque When Required |
D |
open |
|
Safety Goal |
WRDC Must Change Target Drive Torque Only When Required |
D |
open |
|
Safety Goal |
Anti-lock Control Must Be Performed Only When Required |
D |
open |
|
Safety Goal |
Anti-lock Control Must Be Performed When Required |
D |
open |
|
Safety Goal |
Anti-spin Control Must Be Performed Only When Required |
D |
open |
|
Safety Goal |
Anti-spin Control Must Be Performed When Required |
D |
open |
|
Safety Goal |
Drive Controller Must Apply Drive Torque When Required |
D |
open |
|
Safety Goal |
Drive Controller Must Apply Drive Torque Only When Required |
D |
open |
|
Safety Goal |
Brake Controller Must Engage Brake When Required |
D |
open |
|
Safety Goal |
Brake Controller Must Engage Brake Only When Required |
D |
open |
|
Safety Goal |
SC Must Change Steering Angle When Required |
D |
open |
|
Safety Goal |
SC Must Change Steering Angle Only When Required |
D |
open |
|
Safety Goal |
SC Must Hold Steering Angle When Required |
D |
open |
|
Safety Goal |
SC Must Hold Steering Angle Only When Required |
D |
open |
|
System Requirement |
VDC Trajectory Tracking Accuracy |
D |
open |
|
System Requirement |
VDC Dual-Redundant Processing Architecture |
D |
open |
|
System Requirement |
VDC Multi-Sensor Fusion System |
D |
open |
|
System Requirement |
VDC Graceful Degradation Controller |
D |
open |
|
System Requirement |
WRDC Single Wheel Fault Tolerance |
D |
open |
|
System Requirement |
WRDC Tire Friction Estimation System |
D |
open |
|
System Requirement |
WRDC ABS/ASR Coordination Logic |
D |
open |
|
System Requirement |
WRDC High-Frequency Control Loop |
D |
open |
|
System Requirement |
Steering Robust Control Algorithm |
D |
open |
|
System Requirement |
Steering Validated Dynamics Model |
D |
open |
|
System Requirement |
Steering Redundant Execution Architecture |
D |
open |
|
System Requirement |
Steering High-Resolution Feedback System |
D |
open |
|
System Requirement |
Brake Dual-Circuit Hydraulic Architecture |
D |
open |
|
System Requirement |
Brake Surface Friction Adaptation |
D |
open |
|
System Requirement |
Brake Component Monitoring System |
D |
open |
|
System Requirement |
Drive Torque Control System |
D |
open |
|
System Requirement |
Drive Limp-Home Mode Architecture |
D |
open |
|
System Requirement |
Drive Electrical and Thermal Protection |
D |
open |
ASIL Distribution Analysis¶
Distribution of Safety Artifacts by Type¶
Safety Goals by Subsystem¶
FSRs by Subsystem¶
Critical Path Analysis¶
Vehicle Dynamics Controller Critical Path¶
Traceability from hazard through VDC safety goals to VDC FSRs.
![@startuml
' Nodes definition
node "<size:12>Functional Safety Requirement</size>\n**VDC Robust**\n**Control**\n**Algorithm**\n<size:10>FSR_VDC_CTRL_01</size>" as FSR_VDC_CTRL_01 [[../safety_example/fsr.html#FSR_VDC_CTRL_01]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**VDC Validated**\n**Dynamics Model**\n<size:10>FSR_VDC_CTRL_02</size>" as FSR_VDC_CTRL_02 [[../safety_example/fsr.html#FSR_VDC_CTRL_02]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**VDC Fail-**\n**Operational**\n**Design**\n<size:10>FSR_VDC_CTRL_03</size>" as FSR_VDC_CTRL_03 [[../safety_example/fsr.html#FSR_VDC_CTRL_03]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**VDC Fault-**\n**Tolerant**\n**Algorithm**\n<size:10>FSR_VDC_CTRL_04</size>" as FSR_VDC_CTRL_04 [[../safety_example/fsr.html#FSR_VDC_CTRL_04]] #FFD700
node "<size:12>Hazard</size>\n**Vehicle Not**\n**Following**\n**Intended**\n**Trajectory**\n<size:10>HAZ_TRAJ_DEV</size>" as HAZ_TRAJ_DEV [[../safety_example/hara.html#HAZ_TRAJ_DEV]] #DC143C
node "<size:12>Safety Goal</size>\n**VDC Must Set**\n**Target Wheel**\n**Torque When**\n**Required**\n<size:10>SG_01</size>" as SG_01 [[../safety_example/safety_goals.html#SG_01]] #FF8C00
node "<size:12>Safety Goal</size>\n**VDC Must Set**\n**Target Wheel**\n**Torque Only**\n**When Required**\n<size:10>SG_02</size>" as SG_02 [[../safety_example/safety_goals.html#SG_02]] #FF8C00
node "<size:12>Safety Goal</size>\n**VDC Must Set**\n**Target Steering**\n**Angle When**\n**Required**\n<size:10>SG_03</size>" as SG_03 [[../safety_example/safety_goals.html#SG_03]] #FF8C00
node "<size:12>Safety Goal</size>\n**VDC Must Set**\n**Target Steering**\n**Angle Only When**\n**Required**\n<size:10>SG_04</size>" as SG_04 [[../safety_example/safety_goals.html#SG_04]] #FF8C00
' Connection definition
FSR_VDC_CTRL_01 --> SG_01: derives from\n
FSR_VDC_CTRL_01 --> SG_02: derives from\n
FSR_VDC_CTRL_01 --> SG_03: derives from\n
FSR_VDC_CTRL_01 --> SG_04: derives from\n
FSR_VDC_CTRL_02 --> SG_01: derives from\n
FSR_VDC_CTRL_02 --> SG_02: derives from\n
FSR_VDC_CTRL_02 --> SG_03: derives from\n
FSR_VDC_CTRL_02 --> SG_04: derives from\n
FSR_VDC_CTRL_03 --> SG_01: derives from\n
FSR_VDC_CTRL_03 --> SG_02: derives from\n
FSR_VDC_CTRL_03 --> SG_03: derives from\n
FSR_VDC_CTRL_03 --> SG_04: derives from\n
FSR_VDC_CTRL_04 --> SG_01: derives from\n
FSR_VDC_CTRL_04 --> SG_02: derives from\n
FSR_VDC_CTRL_04 --> SG_03: derives from\n
FSR_VDC_CTRL_04 --> SG_04: derives from\n
SG_01 --> HAZ_TRAJ_DEV: mitigates\n
SG_02 --> HAZ_TRAJ_DEV: mitigates\n
SG_03 --> HAZ_TRAJ_DEV: mitigates\n
SG_04 --> HAZ_TRAJ_DEV: mitigates\n
@enduml](../_images/plantuml-fe14e655f9c65c0ce7a8a8e11688676065b3b694.svg)
Wheel Rotational Dynamics Controller Critical Path¶
Traceability from hazard through WRDC safety goals to WRDC FSRs.
![@startuml
' Nodes definition
node "<size:12>Functional Safety Requirement</size>\n**WRDC Fault-**\n**Tolerant**\n**Algorithm**\n<size:10>FSR_WRDC_CTRL_01</size>" as FSR_WRDC_CTRL_01 [[../safety_example/fsr.html#FSR_WRDC_CTRL_01]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**WRDC Fail-**\n**Operational**\n**Design**\n<size:10>FSR_WRDC_CTRL_02</size>" as FSR_WRDC_CTRL_02 [[../safety_example/fsr.html#FSR_WRDC_CTRL_02]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**WRDC Precise**\n**Dynamics Model**\n<size:10>FSR_WRDC_CTRL_03</size>" as FSR_WRDC_CTRL_03 [[../safety_example/fsr.html#FSR_WRDC_CTRL_03]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**WRDC Timing**\n**Requirements**\n<size:10>FSR_WRDC_CTRL_04</size>" as FSR_WRDC_CTRL_04 [[../safety_example/fsr.html#FSR_WRDC_CTRL_04]] #FFD700
node "<size:12>Hazard</size>\n**Vehicle Not**\n**Following**\n**Intended**\n**Trajectory**\n<size:10>HAZ_TRAJ_DEV</size>" as HAZ_TRAJ_DEV [[../safety_example/hara.html#HAZ_TRAJ_DEV]] #DC143C
node "<size:12>Safety Goal</size>\n**WRDC Must**\n**Change Target**\n**Brake Torque**\n**When Required**\n<size:10>SG_05</size>" as SG_05 [[../safety_example/safety_goals.html#SG_05]] #FF8C00
node "<size:12>Safety Goal</size>\n**WRDC Must**\n**Change Target**\n**Brake Torque**\n**Only When**\n**Required**\n<size:10>SG_06</size>" as SG_06 [[../safety_example/safety_goals.html#SG_06]] #FF8C00
node "<size:12>Safety Goal</size>\n**WRDC Must**\n**Change Target**\n**Drive Torque**\n**When Required**\n<size:10>SG_07</size>" as SG_07 [[../safety_example/safety_goals.html#SG_07]] #FF8C00
node "<size:12>Safety Goal</size>\n**WRDC Must**\n**Change Target**\n**Drive Torque**\n**Only When**\n**Required**\n<size:10>SG_08</size>" as SG_08 [[../safety_example/safety_goals.html#SG_08]] #FF8C00
node "<size:12>Safety Goal</size>\n**Anti-lock**\n**Control Must Be**\n**Performed Only**\n**When Required**\n<size:10>SG_09</size>" as SG_09 [[../safety_example/safety_goals.html#SG_09]] #FF8C00
node "<size:12>Safety Goal</size>\n**Anti-lock**\n**Control Must Be**\n**Performed When**\n**Required**\n<size:10>SG_10</size>" as SG_10 [[../safety_example/safety_goals.html#SG_10]] #FF8C00
node "<size:12>Safety Goal</size>\n**Anti-spin**\n**Control Must Be**\n**Performed Only**\n**When Required**\n<size:10>SG_11</size>" as SG_11 [[../safety_example/safety_goals.html#SG_11]] #FF8C00
node "<size:12>Safety Goal</size>\n**Anti-spin**\n**Control Must Be**\n**Performed When**\n**Required**\n<size:10>SG_12</size>" as SG_12 [[../safety_example/safety_goals.html#SG_12]] #FF8C00
' Connection definition
FSR_WRDC_CTRL_01 --> SG_05: derives from\n
FSR_WRDC_CTRL_01 --> SG_06: derives from\n
FSR_WRDC_CTRL_01 --> SG_07: derives from\n
FSR_WRDC_CTRL_01 --> SG_08: derives from\n
FSR_WRDC_CTRL_01 --> SG_09: derives from\n
FSR_WRDC_CTRL_01 --> SG_10: derives from\n
FSR_WRDC_CTRL_01 --> SG_11: derives from\n
FSR_WRDC_CTRL_01 --> SG_12: derives from\n
FSR_WRDC_CTRL_02 --> SG_05: derives from\n
FSR_WRDC_CTRL_02 --> SG_06: derives from\n
FSR_WRDC_CTRL_02 --> SG_07: derives from\n
FSR_WRDC_CTRL_02 --> SG_08: derives from\n
FSR_WRDC_CTRL_02 --> SG_09: derives from\n
FSR_WRDC_CTRL_02 --> SG_10: derives from\n
FSR_WRDC_CTRL_02 --> SG_11: derives from\n
FSR_WRDC_CTRL_02 --> SG_12: derives from\n
FSR_WRDC_CTRL_03 --> SG_05: derives from\n
FSR_WRDC_CTRL_03 --> SG_06: derives from\n
FSR_WRDC_CTRL_03 --> SG_07: derives from\n
FSR_WRDC_CTRL_03 --> SG_08: derives from\n
FSR_WRDC_CTRL_03 --> SG_09: derives from\n
FSR_WRDC_CTRL_03 --> SG_10: derives from\n
FSR_WRDC_CTRL_03 --> SG_11: derives from\n
FSR_WRDC_CTRL_03 --> SG_12: derives from\n
FSR_WRDC_CTRL_04 --> SG_05: derives from\n
FSR_WRDC_CTRL_04 --> SG_06: derives from\n
FSR_WRDC_CTRL_04 --> SG_07: derives from\n
FSR_WRDC_CTRL_04 --> SG_08: derives from\n
FSR_WRDC_CTRL_04 --> SG_09: derives from\n
FSR_WRDC_CTRL_04 --> SG_10: derives from\n
FSR_WRDC_CTRL_04 --> SG_11: derives from\n
FSR_WRDC_CTRL_04 --> SG_12: derives from\n
SG_05 --> HAZ_TRAJ_DEV: mitigates\n
SG_06 --> HAZ_TRAJ_DEV: mitigates\n
SG_07 --> HAZ_TRAJ_DEV: mitigates\n
SG_08 --> HAZ_TRAJ_DEV: mitigates\n
SG_09 --> HAZ_TRAJ_DEV: mitigates\n
SG_10 --> HAZ_TRAJ_DEV: mitigates\n
SG_11 --> HAZ_TRAJ_DEV: mitigates\n
SG_12 --> HAZ_TRAJ_DEV: mitigates\n
@enduml](../_images/plantuml-0f299f3d179239b73f9c0153fb1937c0aacd970f.svg)
Steering System Critical Path¶
Traceability from hazard through steering safety goals to steering FSRs.
![@startuml
' Nodes definition
node "<size:12>Functional Safety Requirement</size>\n**Steering**\n**Controller**\n**Robust Control**\n**Algorithm**\n<size:10>FSR_STEER_CTRL_01</size>" as FSR_STEER_CTRL_01 [[../safety_example/fsr.html#FSR_STEER_CTRL_01]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Steering**\n**Controller**\n**Validated**\n**Dynamics Model**\n<size:10>FSR_STEER_CTRL_02</size>" as FSR_STEER_CTRL_02 [[../safety_example/fsr.html#FSR_STEER_CTRL_02]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Steering**\n**Controller**\n**Fail-**\n**Operational**\n**Design**\n<size:10>FSR_STEER_CTRL_03</size>" as FSR_STEER_CTRL_03 [[../safety_example/fsr.html#FSR_STEER_CTRL_03]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Steering**\n**Controller**\n**Timing**\n**Requirements**\n<size:10>FSR_STEER_CTRL_04</size>" as FSR_STEER_CTRL_04 [[../safety_example/fsr.html#FSR_STEER_CTRL_04]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Steering Sensor**\n**Feedback**\n**Compensation**\n<size:10>FSR_STEER_SENS_01</size>" as FSR_STEER_SENS_01 [[../safety_example/fsr.html#FSR_STEER_SENS_01]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Steering Sensor**\n**Power Supply**\n<size:10>FSR_STEER_SENS_02</size>" as FSR_STEER_SENS_02 [[../safety_example/fsr.html#FSR_STEER_SENS_02]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Steering Sensor**\n**Measurement**\n**Accuracy**\n<size:10>FSR_STEER_SENS_03</size>" as FSR_STEER_SENS_03 [[../safety_example/fsr.html#FSR_STEER_SENS_03]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Steering**\n**Mechanical**\n**Design**\n<size:10>FSR_STEER_PROC_01</size>" as FSR_STEER_PROC_01 [[../safety_example/fsr.html#FSR_STEER_PROC_01]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Steering**\n**Component**\n**Monitoring**\n<size:10>FSR_STEER_PROC_02</size>" as FSR_STEER_PROC_02 [[../safety_example/fsr.html#FSR_STEER_PROC_02]] #FFD700
node "<size:12>Hazard</size>\n**Vehicle Not**\n**Following**\n**Intended**\n**Trajectory**\n<size:10>HAZ_TRAJ_DEV</size>" as HAZ_TRAJ_DEV [[../safety_example/hara.html#HAZ_TRAJ_DEV]] #DC143C
node "<size:12>Safety Goal</size>\n**SC Must Change**\n**Steering Angle**\n**When Required**\n<size:10>SG_17</size>" as SG_17 [[../safety_example/safety_goals.html#SG_17]] #FF8C00
node "<size:12>Safety Goal</size>\n**SC Must Change**\n**Steering Angle**\n**Only When**\n**Required**\n<size:10>SG_18</size>" as SG_18 [[../safety_example/safety_goals.html#SG_18]] #FF8C00
node "<size:12>Safety Goal</size>\n**SC Must Hold**\n**Steering Angle**\n**When Required**\n<size:10>SG_19</size>" as SG_19 [[../safety_example/safety_goals.html#SG_19]] #FF8C00
node "<size:12>Safety Goal</size>\n**SC Must Hold**\n**Steering Angle**\n**Only When**\n**Required**\n<size:10>SG_20</size>" as SG_20 [[../safety_example/safety_goals.html#SG_20]] #FF8C00
' Connection definition
FSR_STEER_CTRL_01 --> SG_17: derives from\n
FSR_STEER_CTRL_01 --> SG_18: derives from\n
FSR_STEER_CTRL_01 --> SG_19: derives from\n
FSR_STEER_CTRL_01 --> SG_20: derives from\n
FSR_STEER_CTRL_02 --> SG_17: derives from\n
FSR_STEER_CTRL_02 --> SG_18: derives from\n
FSR_STEER_CTRL_02 --> SG_19: derives from\n
FSR_STEER_CTRL_02 --> SG_20: derives from\n
FSR_STEER_CTRL_03 --> SG_17: derives from\n
FSR_STEER_CTRL_03 --> SG_18: derives from\n
FSR_STEER_CTRL_03 --> SG_19: derives from\n
FSR_STEER_CTRL_03 --> SG_20: derives from\n
FSR_STEER_CTRL_04 --> SG_17: derives from\n
FSR_STEER_CTRL_04 --> SG_18: derives from\n
FSR_STEER_CTRL_04 --> SG_19: derives from\n
FSR_STEER_CTRL_04 --> SG_20: derives from\n
FSR_STEER_SENS_01 --> SG_17: derives from\n
FSR_STEER_SENS_01 --> SG_18: derives from\n
FSR_STEER_SENS_01 --> SG_19: derives from\n
FSR_STEER_SENS_01 --> SG_20: derives from\n
FSR_STEER_SENS_02 --> SG_17: derives from\n
FSR_STEER_SENS_02 --> SG_18: derives from\n
FSR_STEER_SENS_02 --> SG_19: derives from\n
FSR_STEER_SENS_02 --> SG_20: derives from\n
FSR_STEER_SENS_03 --> SG_17: derives from\n
FSR_STEER_SENS_03 --> SG_18: derives from\n
FSR_STEER_SENS_03 --> SG_19: derives from\n
FSR_STEER_SENS_03 --> SG_20: derives from\n
FSR_STEER_PROC_01 --> SG_17: derives from\n
FSR_STEER_PROC_01 --> SG_18: derives from\n
FSR_STEER_PROC_01 --> SG_19: derives from\n
FSR_STEER_PROC_01 --> SG_20: derives from\n
FSR_STEER_PROC_02 --> SG_17: derives from\n
FSR_STEER_PROC_02 --> SG_18: derives from\n
FSR_STEER_PROC_02 --> SG_19: derives from\n
FSR_STEER_PROC_02 --> SG_20: derives from\n
SG_17 --> HAZ_TRAJ_DEV: mitigates\n
SG_18 --> HAZ_TRAJ_DEV: mitigates\n
SG_19 --> HAZ_TRAJ_DEV: mitigates\n
SG_20 --> HAZ_TRAJ_DEV: mitigates\n
@enduml](../_images/plantuml-563ffddca6e9920c3faf449ec4b649e20ab7e29f.svg)
Brake System Critical Path¶
Traceability from hazard through brake safety goals to brake FSRs.
![@startuml
' Nodes definition
node "<size:12>Functional Safety Requirement</size>\n**Brake**\n**Controller**\n**Robust**\n**Algorithm**\n<size:10>FSR_BRAKE_CTRL_01</size>" as FSR_BRAKE_CTRL_01 [[../safety_example/fsr.html#FSR_BRAKE_CTRL_01]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Brake**\n**Controller**\n**Fail-**\n**Operational**\n**Design**\n<size:10>FSR_BRAKE_CTRL_02</size>" as FSR_BRAKE_CTRL_02 [[../safety_example/fsr.html#FSR_BRAKE_CTRL_02]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Brake**\n**Controller**\n**Operational**\n**Monitoring**\n<size:10>FSR_BRAKE_CTRL_03</size>" as FSR_BRAKE_CTRL_03 [[../safety_example/fsr.html#FSR_BRAKE_CTRL_03]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Brake System**\n**Design Limits**\n<size:10>FSR_BRAKE_PROC_01</size>" as FSR_BRAKE_PROC_01 [[../safety_example/fsr.html#FSR_BRAKE_PROC_01]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Brake Component**\n**Health**\n**Monitoring**\n<size:10>FSR_BRAKE_PROC_02</size>" as FSR_BRAKE_PROC_02 [[../safety_example/fsr.html#FSR_BRAKE_PROC_02]] #FFD700
node "<size:12>Hazard</size>\n**Vehicle Not**\n**Following**\n**Intended**\n**Trajectory**\n<size:10>HAZ_TRAJ_DEV</size>" as HAZ_TRAJ_DEV [[../safety_example/hara.html#HAZ_TRAJ_DEV]] #DC143C
node "<size:12>Safety Goal</size>\n**Brake**\n**Controller Must**\n**Engage Brake**\n**When Required**\n<size:10>SG_15</size>" as SG_15 [[../safety_example/safety_goals.html#SG_15]] #FF8C00
node "<size:12>Safety Goal</size>\n**Brake**\n**Controller Must**\n**Engage Brake**\n**Only When**\n**Required**\n<size:10>SG_16</size>" as SG_16 [[../safety_example/safety_goals.html#SG_16]] #FF8C00
' Connection definition
FSR_BRAKE_CTRL_01 --> SG_15: derives from\n
FSR_BRAKE_CTRL_01 --> SG_16: derives from\n
FSR_BRAKE_CTRL_02 --> SG_15: derives from\n
FSR_BRAKE_CTRL_02 --> SG_16: derives from\n
FSR_BRAKE_CTRL_03 --> SG_15: derives from\n
FSR_BRAKE_CTRL_03 --> SG_16: derives from\n
FSR_BRAKE_PROC_01 --> SG_15: derives from\n
FSR_BRAKE_PROC_01 --> SG_16: derives from\n
FSR_BRAKE_PROC_02 --> SG_15: derives from\n
FSR_BRAKE_PROC_02 --> SG_16: derives from\n
SG_15 --> HAZ_TRAJ_DEV: mitigates\n
SG_16 --> HAZ_TRAJ_DEV: mitigates\n
@enduml](../_images/plantuml-e2b5db93fb7acf76c4391d81be9fd2e6bf52628c.svg)
Drive System Critical Path¶
Traceability from hazard through drive safety goals to drive FSRs.
![@startuml
' Nodes definition
node "<size:12>Functional Safety Requirement</size>\n**Drive**\n**Controller**\n**Robust**\n**Algorithm**\n<size:10>FSR_DRIVE_CTRL_01</size>" as FSR_DRIVE_CTRL_01 [[../safety_example/fsr.html#FSR_DRIVE_CTRL_01]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Drive**\n**Controller**\n**Validated Model**\n<size:10>FSR_DRIVE_CTRL_02</size>" as FSR_DRIVE_CTRL_02 [[../safety_example/fsr.html#FSR_DRIVE_CTRL_02]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Drive**\n**Controller**\n**Fail-**\n**Operational**\n**Design**\n<size:10>FSR_DRIVE_CTRL_03</size>" as FSR_DRIVE_CTRL_03 [[../safety_example/fsr.html#FSR_DRIVE_CTRL_03]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Drive Component**\n**Monitoring**\n<size:10>FSR_DRIVE_PROC_01</size>" as FSR_DRIVE_PROC_01 [[../safety_example/fsr.html#FSR_DRIVE_PROC_01]] #FFD700
node "<size:12>Functional Safety Requirement</size>\n**Drive System**\n**Design Limits**\n<size:10>FSR_DRIVE_PROC_02</size>" as FSR_DRIVE_PROC_02 [[../safety_example/fsr.html#FSR_DRIVE_PROC_02]] #FFD700
node "<size:12>Hazard</size>\n**Vehicle Not**\n**Following**\n**Intended**\n**Trajectory**\n<size:10>HAZ_TRAJ_DEV</size>" as HAZ_TRAJ_DEV [[../safety_example/hara.html#HAZ_TRAJ_DEV]] #DC143C
node "<size:12>Safety Goal</size>\n**Drive**\n**Controller Must**\n**Apply Drive**\n**Torque When**\n**Required**\n<size:10>SG_13</size>" as SG_13 [[../safety_example/safety_goals.html#SG_13]] #FF8C00
node "<size:12>Safety Goal</size>\n**Drive**\n**Controller Must**\n**Apply Drive**\n**Torque Only**\n**When Required**\n<size:10>SG_14</size>" as SG_14 [[../safety_example/safety_goals.html#SG_14]] #FF8C00
' Connection definition
FSR_DRIVE_CTRL_01 --> SG_13: derives from\n
FSR_DRIVE_CTRL_01 --> SG_14: derives from\n
FSR_DRIVE_CTRL_02 --> SG_13: derives from\n
FSR_DRIVE_CTRL_02 --> SG_14: derives from\n
FSR_DRIVE_CTRL_03 --> SG_13: derives from\n
FSR_DRIVE_CTRL_03 --> SG_14: derives from\n
FSR_DRIVE_PROC_01 --> SG_13: derives from\n
FSR_DRIVE_PROC_01 --> SG_14: derives from\n
FSR_DRIVE_PROC_02 --> SG_13: derives from\n
FSR_DRIVE_PROC_02 --> SG_14: derives from\n
SG_13 --> HAZ_TRAJ_DEV: mitigates\n
SG_14 --> HAZ_TRAJ_DEV: mitigates\n
@enduml](../_images/plantuml-452d91ad8beaf79bed608efef59ab31b8348d1b1.svg)
Safety Goal Coverage¶
Coverage of Safety Goals by FSRs¶
This table shows which FSRs derive from each safety goal, providing visibility into requirement decomposition completeness.
FSR Completeness Analysis¶
FSRs by Category¶
Controller FSRs¶
ID |
Title |
Asil |
Status |
|---|---|---|---|
Brake Controller Robust Algorithm |
D |
open |
|
Brake Controller Fail-Operational Design |
D |
open |
|
Brake Controller Operational Monitoring |
D |
open |
|
Drive Controller Robust Algorithm |
D |
open |
|
Drive Controller Validated Model |
D |
open |
|
Drive Controller Fail-Operational Design |
D |
open |
|
Controller Power Supply Continuity |
D |
open |
|
Steering Controller Robust Control Algorithm |
D |
open |
|
Steering Controller Validated Dynamics Model |
D |
open |
|
Steering Controller Fail-Operational Design |
D |
open |
|
Steering Controller Timing Requirements |
D |
open |
Sensor FSRs¶
ID |
Title |
Asil |
Status |
|---|---|---|---|
Steering Sensor Feedback Compensation |
D |
open |
|
Steering Sensor Power Supply |
D |
open |
|
Steering Sensor Measurement Accuracy |
D |
open |
|
Vehicle Motion Sensor Feedback |
D |
open |
|
Vehicle Motion Sensor Accuracy |
D |
open |
|
Vehicle Motion Sensor Timing |
D |
open |
|
Wheel Motion Sensor Compensation |
D |
open |
|
Wheel Motion Sensor Power |
D |
open |
Process FSRs¶
ID |
Title |
Asil |
Status |
|---|---|---|---|
Brake Component Health Monitoring |
D |
open |
|
Drive Component Monitoring |
D |
open |
|
Steering Component Monitoring |
D |
open |
Power Supply FSRs¶
ID |
Title |
Asil |
Status |
|---|---|---|---|
Actuator Power Supply Continuity |
D |
open |
|
Controller Power Supply Continuity |
D |
open |
|
Steering Sensor Power Supply |
D |
open |
|
Wheel Motion Sensor Power |
D |
open |
FSR Implementation Coverage¶
This table shows which System Requirements implement each FSR, providing visibility into the decomposition from functional safety requirements to concrete system specifications.
ID |
Title |
Implements Back |
|---|---|---|
Brake Controller Robust Algorithm |
||
Brake Controller Fail-Operational Design |
||
Brake Controller Operational Monitoring |
||
Brake System Design Limits |
||
Brake Component Health Monitoring |
||
Drive Controller Robust Algorithm |
||
Drive Controller Validated Model |
||
Drive Controller Fail-Operational Design |
||
Drive Component Monitoring |
||
Drive System Design Limits |
||
Actuator Power Supply Continuity |
||
Controller Power Supply Continuity |
||
Vehicle Dynamics Control Action Consistency |
||
Wheel Dynamics Brake-Drive Conflict Prevention |
||
Steering Controller Robust Control Algorithm |
||
Steering Controller Validated Dynamics Model |
||
Steering Controller Fail-Operational Design |
||
Steering Controller Timing Requirements |
||
Steering Mechanical Design |
||
Steering Component Monitoring |
||
Steering Sensor Feedback Compensation |
||
Steering Sensor Power Supply |
||
Steering Sensor Measurement Accuracy |
||
VDC Robust Control Algorithm |
||
VDC Validated Dynamics Model |
||
VDC Fail-Operational Design |
||
VDC Fault-Tolerant Algorithm |
||
Vehicle Motion Sensor Feedback |
||
Vehicle Motion Sensor Accuracy |
||
Vehicle Motion Sensor Timing |
||
Wheel Motion Sensor Compensation |
||
Wheel Motion Sensor Power |
||
WRDC Fault-Tolerant Algorithm |
||
WRDC Fail-Operational Design |
||
WRDC Precise Dynamics Model |
||
WRDC Timing Requirements |
System Requirements Analysis¶
SYSREQs by Subsystem¶
VDC System Requirements¶
ID |
Title |
Asil |
Status |
|---|---|---|---|
VDC Trajectory Tracking Accuracy |
D |
open |
|
VDC Dual-Redundant Processing Architecture |
D |
open |
|
VDC Multi-Sensor Fusion System |
D |
open |
|
VDC Graceful Degradation Controller |
D |
open |
WRDC System Requirements¶
ID |
Title |
Asil |
Status |
|---|---|---|---|
WRDC Single Wheel Fault Tolerance |
D |
open |
|
WRDC Tire Friction Estimation System |
D |
open |
|
WRDC ABS/ASR Coordination Logic |
D |
open |
|
WRDC High-Frequency Control Loop |
D |
open |
Steering System Requirements¶
ID |
Title |
Asil |
Status |
|---|---|---|---|
Steering Robust Control Algorithm |
D |
open |
|
Steering Validated Dynamics Model |
D |
open |
|
Steering Redundant Execution Architecture |
D |
open |
|
Steering High-Resolution Feedback System |
D |
open |
Brake System Requirements¶
ID |
Title |
Asil |
Status |
|---|---|---|---|
Brake Dual-Circuit Hydraulic Architecture |
D |
open |
|
Brake Surface Friction Adaptation |
D |
open |
|
Brake Component Monitoring System |
D |
open |
Drive System Requirements¶
ID |
Title |
Asil |
Status |
|---|---|---|---|
Drive Torque Control System |
D |
open |
|
Drive Limp-Home Mode Architecture |
D |
open |
|
Drive Electrical and Thermal Protection |
D |
open |
ASIL D Requirements Summary¶
All safety artifacts in this example are assigned ASIL D, the highest automotive safety integrity level. This demonstrates the safety-critical nature of vehicle actuation systems in automated driving.
Total Safety Artifacts:
1 Hazard (HAZ_TRAJ_DEV)
20 Safety Goals (SG_01 to SG_20)
30+ Functional Safety Requirements
18 System Requirements
ISO 26262 Compliance:
All hazards have ASIL assignment with rationale
All safety goals mitigate identified hazards
All FSRs derive from safety goals
All SYSREQs implement FSRs with concrete specifications
Complete traceability chain maintained (HAZ → SG → FSR → SYSREQ)
Schema validation ensures compliance
STPA-Based Derivation:
This example demonstrates the STPA (System-Theoretic Process Analysis) methodology applied to vehicle actuation systems:
Control Structure Analysis: Hierarchical control from trajectory input through VDC/WRDC to individual actuators
Unsafe Control Actions: Systematic identification of “when required” and “only when required” conditions
Causal Factor Analysis: Control loop components (sensors, processes, controllers, actuators) analyzed for failure modes
Requirement Derivation: Safety goals and FSRs derived from causal factors
Verification and Validation¶
The safety artifacts in this example would typically be verified through:
Requirements Review: Completeness, consistency, correctness
Design Review: Architectural safety mechanisms, fault tolerance
FMEA/FTA: Failure modes and fault trees analysis
Hardware-in-the-Loop Testing: Controller validation with real actuators
Vehicle Testing: Full system validation on test track
ISO 26262 Audit: Independent safety assessment
See also
ISO 26262-3:2018 - Concept phase (HARA, safety goals)
ISO 26262-4:2018 - Product development at system level (FSRs, system architecture)
ISO 26262-6:2018 - Product development at software level
Research paper: Stolte, Bagschik, Maurer, “Safety Goals and Functional Safety Requirements for Actuation Systems of Automated Vehicles,” IEEE ITSC 2016