Integrating State Machine Analysis with STPA

Similar documents
STPA in Automotive Domain Advanced Tutorial

Compatibility of STPA with GM System Safety Engineering Process. Padma Sundaram Dave Hartfelder

Application of STPA to a Shift by Wire System (GM-MIT Research Project)

ENGINEERING FOR HUMANS STPA ANALYSIS OF AN AUTOMATED PARKING SYSTEM

Test Based Optimization and Evaluation of Energy Efficient Driving Behavior for Electric Vehicles

2015 STPA Conference. A s t u d y o n t h e f u s i o n o f S T P A a n d N i s s a n ' s S y s t e m s E n g i n e e r i n g

STPA based Method to Identify and Control Software Feature Interactions. John Thomas Dajiang Suo

Can STPA contribute to identify hazards of different natures and improve safety of automated vehicles?

Drivetrain Simulation and Load Determination using SIMPACK

Development of a Mobile Application for Android to Support Energy-Efficient Driving of Electric Vehicles

CASCAD. (Causal Analysis using STAMP for Connected and Automated Driving) Stephanie Alvarez, Yves Page & Franck Guarnieri

Charging Electric Vehicles in the Hanover Region: Toolbased Scenario Analyses. Bachelorarbeit

Thema der Arbeit. Discussion of IT-infrastructure for electric mobility. Bachelorarbeit. vorgelegt von. Patrick-Oliver Groß

Analyzing Feature Interactions in Automobiles. John Thomas, Ph.D. Seth Placke

Systems-Theoretic Process Analysis: AUTOMOBILE FEATURES FOR LANE MANAGEMENT

Legal Aspects of Active Safety Systems. Tom Gasser, Bundesanstalt für Straßenwesen (BASt) interactive Final Event

Optimization of Electric Car Sharing Stations: Profit Maximization with Partial Demand Satisfaction

The TIMMO Methodology

Higher, Faster, Further. damping control for turntable ladders. dspace Magazine 2/2009 dspace GmbH, Paderborn, Germany

How Multibody-System Simulation Models can Support the Design of Wind Turbines

Kopernikus-Project ENSURE

SAFERIDER Project FP SAFERIDER Andrea Borin November 5th, 2010 Final Event & Demonstration Leicester, UK

GM Presentation for Introducing

Momentu. Brake-by-Wire Gathers. HIL Test System for Developing a 12-V Brake-by-Wire System BRAKE-BY-WIRE SYSTEMS

ACTIVE SAFETY 3.0. Prof. Kompaß, VP Fahrzeugsicherheit, 14. April 2016

Propeller Blade Bearings for Aircraft Open Rotor Engine

Dynamic co-simulation of start stop starter motor solenoid using Matlab & Edyson

UTILIZATION OF PNEUMATIC ACTUATOR

Hybrid Architectures for Automated Transmission Systems

Graduate Symposium. Group D

Electrical 48-V Main Coolant Pump to Reduce CO 2 Emissions

Control Design of an Automated Highway System (Roberto Horowitz and Pravin Varaiya) Presentation: Erik Wernholt

Smart Testing of Smart Charging

ELECTRICAL 48 V MAIN COOLANT PUMP TO REDUCE CO 2 EMISSIONS

Control as a Service (CaaS)

Applying STPA to Automo0ve Adap0ve Cruise Control System. Dr. Qi Van Eikema Hommes April 18, 2012

we drive future Profile of the Institute The Institute of Vehicle Concepts Institute brochure

An approach based on Engineering a Safer World Systems Thinking Applied to Safety Leveson (2011)

Participation Motives - A Qualitative Study

IMIEV3 Service and repair non-live electric and hybrid vehicle systems

Manufacturing Informatics and Humanin-the-loop: A case study on Friction Stir Welding

First experiences with the introduction of a new PTI directive in Germany

Future mechatronical platform for easy application of assistant systems - EU-project

Highly dynamic control of a test bench for highspeed train pantographs

Chalmers in ViP, education and research plans. Bengt Jacobson, Vehicle Dynamics, Chalmers

MULTI-PARAMETER OPTIMIZATION OF BRAKE OF PISTON

Combining Optimisation with Dymola to Calibrate a 2-zone Predictive Combustion Model.

Multi-ECU HiL-Systems for Virtual Characteristic Rating of Vehicle Dynamics Control Systems

Design and Analysis of Electromagnetic Tubular Linear Actuator for Higher Performance of Active Accelerate Pedal

AST3-CT HeliSafe TA. Helicopter Occupant Safety Technology Application. Publishable Final Activity Report

CRUSADER. A full vehicle integration facility. Crossfunctional unique systemtest approach driven by entire relationships

MULTIBODY ANALYSIS OF THE M-346 PILOTS INCEPTORS MECHANICAL CIRCUITS INTRODUCTION

IMPROVED EMERGENCY BRAKING PERFORMANCE FOR HGVS

Unit level 4 Credit value 15. Introduction. Learning Outcomes

Method for the estimation of the deformation frequency of passenger cars with the German In-Depth Accident Study (GIDAS)

Developing a Methodology for Certifying Heavy Duty Hybrids based on HILS

Modeling a Phlegmatized Diesel-Engine in a Hybrid Electric Vehicle Using a Transient Predictive Model Michael Auerbach, October 25th, 2010, Frankfurt

Traffic Effects of Driver Assistance Systems The Approach within INVENT

Alternative Wind Turbine Drive Train with Power Split and High-speed Generators

IMILV08 Diagnose and rectify light vehicle chassis system faults

ecomove EfficientDynamics Approach to Sustainable CO2 Reduction

An Integrated Framework for Conceptual Design Stage Structural Optimisation of RoRo & RoPax Vessels. Master Thesis EMSHIP WEEK 2018, La Spezia

SIP-adus Workshop A Traffic-based Method for Safety Impact Assessment of Road Vehicle Automation. Tokyo, 14 th November 2018

Communications requirements in lowvoltage. Environmental concerns

AUTOMATIC SELF-CLEANING TOILET SEAT

The impact of shared autonomous vehicles on urban mobility

DIAGNOSTIC REPORT. Vehicle Components. Vehicle Key Data Points

ADAC accident research accident analysis based simulation of the most dangerous scenarios

Engine Encapsulation for Increased Fuel Efficiency of Road Vehicles

Accident Reconstruction & Vehicle Data Recovery Systems and Uses

Experience the Hybrid Drive

UIC brake pad certification

54 rd Meeting Informal Group on Child Restraint Systems Booster Seat Width Development. 27 th October2015

Performing a More Realistic and Complete Safety Analysis by Means of the Six-Variable Model. Nelufar Ulfat-Bunyadi, Denis Hatebur, Maritta Heisel

Assessment of driver fitness: An alcohol calibration study in a high-fidelity simulation 26 April 2013

Vehicle Systems and Technology

Vinayak R.Tayade 1, Prof. A. V. Patil 2. Abstract

NZQA Expiring unit standard 960 version 5 Page 1 of 5. Diagnose and rectify brake system faults on light vehicles

SAFETY AND RELIABILITY ANALYSIS OF ELECTRIC POWER STEERING SYSTEM USED IN AUTOMOBILES

Control of Mobile Robots

Applying STAMP/STPA to Human Safety System for Four Wheel Drive Power-train

Objectives / Expected Results

Adaptive Cruise Control System Overview

An Innovative Approach

Vehicle Diagnostics and Service Concepts Success Factors in the After Sales for e-mobility

Vehicles at Volkswagen

Model-based engineering of an automotive Adaptive Exterior Lighting System Föcker, Felix; Houdek, Frank; Daun, Marian; Weyer, Thorsten

B60W. Definition statement. Relationships with other classification places CPC - B60W

Variable-speed drive solutions: Less current, less noise, less costs.

STRUCTURAL ANALYSIS OF STEERING YOKE OF AN AUTOMOBILE FOR WITHSTANDING TORSION/ SHEAR LOADS

Overview of Current Vehicle Dynamics

State-of-the-Art and Future Trends in Testing of Active Safety Systems

Vehicle simulation with cylinder deactivation

Robust design of active systems an approach to considering disturbances in the selection of sensors

IMAGE PROCESSING ANALYSIS OF MOTORCYCLE ORIENTED MIXED TRAFFIC FLOW IN VIETNAM

Low Carbon Technology Project Workstream 8 Vehicle Dynamics and Traction control for Maximum Energy Recovery

VALIDATION OF A HUMAN-AND-HARDWARE-IN-THE- LOOP CONTROL ALGORITHM

University Of California, Berkeley Department of Mechanical Engineering. ME 131 Vehicle Dynamics & Control (4 units)

Mechatronics Systems

Knowledge of diagnosis and rectification of light vehicle engine faults

Transcription:

www.uni-stuttgart.de Integrating State Machine Analysis with STPA Asim Abdulkhaleq, Ph.D. Student Institute of Software Technology University of Stuttgart, Germany Joint work with: Prof. Dr. Stefan Wagner STAMP Workshop 2013 Cambridge, MIT, USA 28. March 2013 2013 UNIVERSITÄT Stuttgart FAKULTÄT FÜR INFORMATIK, ELEKTROTECHNIK und INFORMATIONSTECHNIK INSTITUT FÜR SOFTWARETECHNOLOGIE 1/10

Integrating State Machine Analysis with STPA Problem Statement: There is no systematic way to let the safety analyst know how to evaluate each control actions. Moreover, STPA does not represent system states, which have an effect on the safety of control action. I have no knowledge and experience about the system. Research Objectives: Fill this gap and find ways for including and better analysing the dynamic behaviour of systems during STPA hazard analysis. We plan to investigate various modeling and analysis techniques. 2/10

Proposed Methodology Assess each control actions based on system states. Consider the system states and its effect on the control actions Proposed methodology aims to: Use STPA to identify the potential for inadequate scenarios. Use Finite State Machine (FSM) to model the dynamic behaviour of the system. Assess each control action with FSM based on all the possible system states. 2013 UNIVERSITÄT Stuttgart FAKULTÄT FÜR INFORMATIK, ELEKTROTECHNIK und INFORMATIONSTECHNIK INSTITUT FÜR SOFTWARETECHNOLOGIE 3/10

Study Object: Anti-Lock Braking System (ABS) Anti-Lock Braking System is a safety system on motor vehicles which prevents the wheels from locking while braking. The ABS Architecture: Source http://www.pakwheels.com 4/10

Unsafe Control Actions (UCAs) Unsafe Control Action: Brake event applied but not received by ABS Legend: Components in control Structure Commands or data flow Braking Signal Human Operator Brake Pedal Command Controller Electronic Control Unit (ECU) ABS Warnings Other Inputs: Deceleration Rate Rotational Speed of Wheels Actuator Hydraulic Control Unit (HCU) Sensors Wheel Speed Sensors Pressure control Valves Controlled Process Friction Vehicle Wheel Speed 5/10

6/10 Unsafe Control Actions (UCAs) Examples of potentially inadequate control actions of ABS system: Control Actions Action required but not provided Unsafe action provided Incorrect Timing/Order Stopped too soon Brake Pedal Command Brake event applied but not received by ABS [H.1] Brake event is too short Brake event provided too late Brake event stopped too soon I must evaluate each row to determine whether it is a hazardous state, but how? You can assess them based on timing information, but what about other factors such as the states of the system?

FSM Construction In ABS example: ECU controller has four operating modes: Inactive, handlelock, applybrakepedal and reducepressure. Valve component has three modes: open, block and release. HCU actutor has three modes: Inactive, stoppump and openpump. How to evaluate the control action whether it leads to hazard or not by considering all potential combinations of relevant states? FSM can be used to determine the system states that affect the safety of the control action 2013 UNIVERSITÄT Stuttgart FAKULTÄT FÜR INFORMATIK, ELEKTROTECHNIK und INFORMATIONSTECHNIK INSTITUT FÜR SOFTWARETECHNOLOGIE 7/10

FSM Construction of Controller (ECU) Construct FSM for each controller and combine the relevant states for evaluating control actions. Where: S0 = inactive (brake not pressed), S1=handlelock, S2= applybreakpedal, S3= pressurereduction, S4= MonitorDeceleration and WL= WheelLocked. 8/10

9/10 The Extend Control Actions Table of UCA 1. The control action table for the brake pedal command based on the potential combination of system states. Control Actions Wheel Status Wheel Speed Valve Status Hazardous? Brake Pedal Command Locked slow open Yes Brake Pedal Command Locked fast open Yes Brake Pedal Command Locked slow close No E.g. Unsafe Control Action: If we consider the brake pedal command that can be a hazardous control action, it consists of the values of the following process model state variables: The brake pedal is pressed. Valve is open. Wheel is locked. The wheel speed exceeded a preset maximum level. E.g. Refine Safety Constraints: When brake pedal is pressed, the status of wheel lock should be false, the status of valve should be closed and the wheel speed should not exceed a preset maximum level.

The End Thank You! Human-oriented Environment-oriented Safety analysis for complex system Components-oriented Software Interaction

2024 © autodocbox.com Privacy Policy | Terms of Service | Feedback