Demo page details
Page source code: safety_goals.rst
1{% set page="safety_goals.rst" %}
2{% include "demo_page_header.rst" with context %}
3
4π― Safety Goals
5===============
6
7Safety goals are top-level safety requirements derived from the HARA to reduce
8risks to tolerable levels. Each safety goal:
9
10- Mitigates the identified hazard (HAZ_TRAJ_DEV)
11- Inherits ASIL D from the mitigated hazard
12- Defines required system behavior in technology-agnostic terms
13- Forms the basis for functional safety requirement derivation
14
15These 20 safety goals were systematically derived using STPA analysis of unsafe
16control actions for vehicle actuation systems.
17
18Safety Goals Overview
19---------------------
20
21.. needtable::
22 :filter: type == "safety_goal" and docname is not None and "safety_example" in docname
23 :columns: id, title, asil
24 :style: table
25
26Vehicle Dynamics Controller Safety Goals
27-----------------------------------------
28
29.. safety_goal:: VDC Must Set Target Wheel Torque When Required
30 :id: SG_01
31 :asil: D
32 :mitigates: HAZ_TRAJ_DEV
33 :status: open
34 :safe_state: Maintain current vehicle state with controlled deceleration
35
36 The Vehicle Dynamics Controller must set a new target wheel torque when
37 required for safe trajectory following. Failure to provide necessary torque
38 commands can result in trajectory deviation.
39
40.. safety_goal:: VDC Must Set Target Wheel Torque Only When Required
41 :id: SG_02
42 :asil: D
43 :mitigates: HAZ_TRAJ_DEV
44 :status: open
45 :safe_state: Reject unintended torque commands
46
47 The Vehicle Dynamics Controller must set a new target wheel torque only when
48 required. Unintended torque changes can cause unexpected vehicle behavior.
49
50.. safety_goal:: VDC Must Set Target Steering Angle When Required
51 :id: SG_03
52 :asil: D
53 :mitigates: HAZ_TRAJ_DEV
54 :status: open
55 :safe_state: Maintain current steering angle with gradual return to center
56
57 The Vehicle Dynamics Controller must set a new target steering angle when
58 required for trajectory execution. Missing steering commands prevent proper
59 path following.
60
61.. safety_goal:: VDC Must Set Target Steering Angle Only When Required
62 :id: SG_04
63 :asil: D
64 :mitigates: HAZ_TRAJ_DEV
65 :status: open
66 :safe_state: Maintain intended steering angle, reject spurious commands
67
68 The Vehicle Dynamics Controller must set a new target steering angle only when
69 required. Unintended steering changes are hazardous to vehicle control.
70
71Wheel Rotational Dynamics Controller Safety Goals
72--------------------------------------------------
73
74.. safety_goal:: WRDC Must Change Target Brake Torque When Required
75 :id: SG_05
76 :asil: D
77 :mitigates: HAZ_TRAJ_DEV
78 :status: open
79 :safe_state: Maintain safe deceleration capability
80
81 The Wheel Rotational Dynamics Controller must change target brake torque when
82 required for proper vehicle speed control along the trajectory.
83
84.. safety_goal:: WRDC Must Change Target Brake Torque Only When Required
85 :id: SG_06
86 :asil: D
87 :mitigates: HAZ_TRAJ_DEV
88 :status: open
89 :safe_state: Prevent unintended braking events
90
91 The Wheel Rotational Dynamics Controller must change target brake torque only
92 when required. Unintended braking can cause trajectory deviation or collision.
93
94.. safety_goal:: WRDC Must Change Target Drive Torque When Required
95 :id: SG_07
96 :asil: D
97 :mitigates: HAZ_TRAJ_DEV
98 :status: open
99 :safe_state: Maintain current speed with controlled adjustment
100
101 The Wheel Rotational Dynamics Controller must change target drive torque when
102 required for maintaining the planned velocity profile.
103
104.. safety_goal:: WRDC Must Change Target Drive Torque Only When Required
105 :id: SG_08
106 :asil: D
107 :mitigates: HAZ_TRAJ_DEV
108 :status: open
109 :safe_state: Prevent unintended acceleration
110
111 The Wheel Rotational Dynamics Controller must change target drive torque only
112 when required to prevent unintended acceleration or deceleration.
113
114Anti-lock and Anti-spin Control Safety Goals
115---------------------------------------------
116
117.. safety_goal:: Anti-lock Control Must Be Performed Only When Required
118 :id: SG_09
119 :asil: D
120 :mitigates: HAZ_TRAJ_DEV
121 :status: open
122 :safe_state: Normal braking without ABS intervention
123
124 Anti-lock control must be performed only when wheel lock is imminent. Unnecessary
125 ABS activation can reduce braking efficiency and affect trajectory control.
126
127.. safety_goal:: Anti-lock Control Must Be Performed When Required
128 :id: SG_10
129 :asil: D
130 :mitigates: HAZ_TRAJ_DEV
131 :status: open
132 :safe_state: Activate ABS to prevent wheel lock and maintain steerability
133
134 Anti-lock control must be performed when required to prevent wheel lock during
135 braking, maintaining vehicle controllability.
136
137.. safety_goal:: Anti-spin Control Must Be Performed Only When Required
138 :id: SG_11
139 :asil: D
140 :mitigates: HAZ_TRAJ_DEV
141 :status: open
142 :safe_state: Normal traction without ASR intervention
143
144 Anti-spin control must be performed only when wheel spin is detected. Unnecessary
145 intervention can affect acceleration performance and trajectory execution.
146
147.. safety_goal:: Anti-spin Control Must Be Performed When Required
148 :id: SG_12
149 :asil: D
150 :mitigates: HAZ_TRAJ_DEV
151 :status: open
152 :safe_state: Activate ASR to prevent wheel spin and maintain traction
153
154 Anti-spin control must be performed when required to prevent excessive wheel spin
155 during acceleration, ensuring stable trajectory following.
156
157Drive Controller Safety Goals
158------------------------------
159
160.. safety_goal:: Drive Controller Must Apply Drive Torque When Required
161 :id: SG_13
162 :asil: D
163 :mitigates: HAZ_TRAJ_DEV
164 :status: open
165 :safe_state: Maintain minimum safe speed or controlled stop
166
167 The Drive Controller must apply drive torque when required to execute the
168 commanded velocity profile along the trajectory.
169
170.. safety_goal:: Drive Controller Must Apply Drive Torque Only When Required
171 :id: SG_14
172 :asil: D
173 :mitigates: HAZ_TRAJ_DEV
174 :status: open
175 :safe_state: Zero torque or engine braking only
176
177 The Drive Controller must apply drive torque only when required. Unintended
178 drive torque can cause dangerous acceleration.
179
180Brake Controller Safety Goals
181------------------------------
182
183.. safety_goal:: Brake Controller Must Engage Brake When Required
184 :id: SG_15
185 :asil: D
186 :mitigates: HAZ_TRAJ_DEV
187 :status: open
188 :safe_state: Emergency braking capability available
189
190 The Brake Controller must engage brake when required for deceleration or
191 emergency stopping to prevent collision.
192
193.. safety_goal:: Brake Controller Must Engage Brake Only When Required
194 :id: SG_16
195 :asil: D
196 :mitigates: HAZ_TRAJ_DEV
197 :status: open
198 :safe_state: Brake released when not commanded
199
200 The Brake Controller must engage brake only when required. Unintended braking
201 can cause loss of vehicle control or rear-end collisions.
202
203Steering Controller Safety Goals
204---------------------------------
205
206.. safety_goal:: SC Must Change Steering Angle When Required
207 :id: SG_17
208 :asil: D
209 :mitigates: HAZ_TRAJ_DEV
210 :status: open
211 :safe_state: Gradual return to neutral steering position
212
213 The Steering Controller must change steering angle when required to follow
214 the commanded path. Failure prevents proper trajectory execution.
215
216.. safety_goal:: SC Must Change Steering Angle Only When Required
217 :id: SG_18
218 :asil: D
219 :mitigates: HAZ_TRAJ_DEV
220 :status: open
221 :safe_state: Maintain current safe steering angle
222
223 The Steering Controller must change steering angle only when required.
224 Unintended steering changes are extremely hazardous.
225
226.. safety_goal:: SC Must Hold Steering Angle When Required
227 :id: SG_19
228 :asil: D
229 :mitigates: HAZ_TRAJ_DEV
230 :status: open
231 :safe_state: Maintain stable steering position
232
233 The Steering Controller must hold steering angle when required to maintain
234 straight-line travel or constant-radius turns.
235
236.. safety_goal:: SC Must Hold Steering Angle Only When Required
237 :id: SG_20
238 :asil: D
239 :mitigates: HAZ_TRAJ_DEV
240 :status: open
241 :safe_state: Allow necessary steering adjustments
242
243 The Steering Controller must hold steering angle only when required. Locked
244 steering prevents necessary corrections and causes trajectory deviation.
245
246Next Steps
247----------
248
249Each of these 20 safety goals is decomposed into Functional Safety Requirements
250(FSRs) that specify concrete system behaviors. See :doc:`fsr` for the detailed
251requirements.
π― Safety GoalsΒΆ
Safety goals are top-level safety requirements derived from the HARA to reduce risks to tolerable levels. Each safety goal:
Mitigates the identified hazard (HAZ_TRAJ_DEV)
Inherits ASIL D from the mitigated hazard
Defines required system behavior in technology-agnostic terms
Forms the basis for functional safety requirement derivation
These 20 safety goals were systematically derived using STPA analysis of unsafe control actions for vehicle actuation systems.
Safety Goals OverviewΒΆ
ID |
Title |
Asil |
|---|---|---|
VDC Must Set Target Wheel Torque When Required |
D |
|
VDC Must Set Target Wheel Torque Only When Required |
D |
|
VDC Must Set Target Steering Angle When Required |
D |
|
VDC Must Set Target Steering Angle Only When Required |
D |
|
WRDC Must Change Target Brake Torque When Required |
D |
|
WRDC Must Change Target Brake Torque Only When Required |
D |
|
WRDC Must Change Target Drive Torque When Required |
D |
|
WRDC Must Change Target Drive Torque Only When Required |
D |
|
Anti-lock Control Must Be Performed Only When Required |
D |
|
Anti-lock Control Must Be Performed When Required |
D |
|
Anti-spin Control Must Be Performed Only When Required |
D |
|
Anti-spin Control Must Be Performed When Required |
D |
|
Drive Controller Must Apply Drive Torque When Required |
D |
|
Drive Controller Must Apply Drive Torque Only When Required |
D |
|
Brake Controller Must Engage Brake When Required |
D |
|
Brake Controller Must Engage Brake Only When Required |
D |
|
SC Must Change Steering Angle When Required |
D |
|
SC Must Change Steering Angle Only When Required |
D |
|
SC Must Hold Steering Angle When Required |
D |
|
SC Must Hold Steering Angle Only When Required |
D |
Vehicle Dynamics Controller Safety GoalsΒΆ
The Vehicle Dynamics Controller must set a new target wheel torque when required for safe trajectory following. Failure to provide necessary torque commands can result in trajectory deviation. |
The Vehicle Dynamics Controller must set a new target wheel torque only when required. Unintended torque changes can cause unexpected vehicle behavior. |
The Vehicle Dynamics Controller must set a new target steering angle when required for trajectory execution. Missing steering commands prevent proper path following. |
The Vehicle Dynamics Controller must set a new target steering angle only when required. Unintended steering changes are hazardous to vehicle control. |
Wheel Rotational Dynamics Controller Safety GoalsΒΆ
The Wheel Rotational Dynamics Controller must change target brake torque when required for proper vehicle speed control along the trajectory. |
The Wheel Rotational Dynamics Controller must change target brake torque only when required. Unintended braking can cause trajectory deviation or collision. |
The Wheel Rotational Dynamics Controller must change target drive torque when required for maintaining the planned velocity profile. |
The Wheel Rotational Dynamics Controller must change target drive torque only when required to prevent unintended acceleration or deceleration. |
Anti-lock and Anti-spin Control Safety GoalsΒΆ
Anti-lock control must be performed only when wheel lock is imminent. Unnecessary ABS activation can reduce braking efficiency and affect trajectory control. |
Anti-lock control must be performed when required to prevent wheel lock during braking, maintaining vehicle controllability. |
Anti-spin control must be performed only when wheel spin is detected. Unnecessary intervention can affect acceleration performance and trajectory execution. |
Anti-spin control must be performed when required to prevent excessive wheel spin during acceleration, ensuring stable trajectory following. |
Drive Controller Safety GoalsΒΆ
The Drive Controller must apply drive torque when required to execute the commanded velocity profile along the trajectory. |
The Drive Controller must apply drive torque only when required. Unintended drive torque can cause dangerous acceleration. |
Brake Controller Safety GoalsΒΆ
The Brake Controller must engage brake when required for deceleration or emergency stopping to prevent collision. |
The Brake Controller must engage brake only when required. Unintended braking can cause loss of vehicle control or rear-end collisions. |
Steering Controller Safety GoalsΒΆ
The Steering Controller must change steering angle when required to follow the commanded path. Failure prevents proper trajectory execution. |
The Steering Controller must change steering angle only when required. Unintended steering changes are extremely hazardous. |
The Steering Controller must hold steering angle when required to maintain straight-line travel or constant-radius turns. |
The Steering Controller must hold steering angle only when required. Locked steering prevents necessary corrections and causes trajectory deviation. |
Next StepsΒΆ
Each of these 20 safety goals is decomposed into Functional Safety Requirements (FSRs) that specify concrete system behaviors. See π Functional Safety Requirements (FSR) for the detailed requirements.