Driven by the will to excellence in safety and efficiency HFM developed a toolchain based on the System Weaver database that accelerates system design and software development, code generation and unit testing according to ISO26262 for full traceability from the definition of functional items down to the relevant lines of code. HFM offers tools for fast, assisted HARAs, function-based Code Development and integrated SIL testing as well as general consulting services for System Weaver.
Functional Safety Development
Apart from the technical implementation there are two main issues to face when one wants to bring a new vehicle into operation on public roads, being it a conventional vehicle or an automated one. The first issue is to comply with the extensive catalogue of homologation requirements of the road administration for road type approval. It includes basic requirements for vehicle safety, equipment and performance that depend on the desired vehicle class which in turn is determined by the vehicle application. People transport vehicles might have more homologation requirements than cargo vehicles. The second issue is of juridical nature. Every vehicle manufactured is required to develop their product in accordance with the state of art in science and technology. For the automotive industry this standard is the ISO26262 which describes development processes to guarantee the safety of all critical vehicle functions during operation to a maximal degree. Being driven by quick success and the drive to be the first to the autonomous mobility market, companies today often skip this lengthy process and design their vehicles with "common sense". By doing so they not only make themselves highly vulnerable to lawsuits in case of fatal accidents but more importantly they put a risk to passengers and traffic participants in the environment.
HFM neither is willing to accept any unhandled risk for health and life of persons nor does it believe that quick-tailored solutions will bring any sustainable products. From the beginning HFM therefore incorporates the highest standards of automotive development and aims at full street-legal vehicles that are always in accordance with state of art in science and technology.
Relieve process pain points
Especially the processes described in ISO26262 can be quite lengthy and characterized by team-driven sessions for safety analyses of individual system functions, stretching across sub-systems. The steps required are often repetitive yet very detail-oriented. The documentation of process results without a proper framework can be clumsy and the traceability of decisions throughout the project difficult to manage. Theoretically large parts of the standardized development could be handled with simple office documents. However those documents grow quickly in size and number, which consumes a lot of time with administrative and maintaining work, leaving less time or less manpower for the actual content creation. When time and personal resources are plentiful a company might be willing to invest those in order to follow the procedures. As a small company striving for highest safety, HFM chose another way and decided to improve the overall development efficiency by analyzing the pain points and find solutions to relieve them by letting the framework do the busy work of managing (meta) data and finding or re-arranging information. The philosophy is that all work steps that can be automated, shall be automated in order to leave only those tasks to the functional safety engineers where their expertise is actually needed. The solutions manifest in form of tools that extend the already well-rounded System Weaver database by integrating ECU code development with deep requirement traceability, SIL test integration and database-assisted hazard analyses.
The code editor Codee replaces file-based programming of embedded vehicle control units with a function-based approach. The software architecture is translated into a hierarchical tree structure in System Weaver where all logical elements are represented by versioned items. The actual device code is automatically generated from the tree structure itself as well as item properties, such as function body implementations. This allows for a seamless integration with ISO-relevant documents such as functional and technical safety concepts, consistent deep requirement tracking, version handling for smallest code elements, integration with hardware pinning configuration, code variant tracking and much more. Currently available for Windows and supporting C and C++.
The code can be deployed on a virtual VCU for SIL testing with SimLab. The device is running against flexible tests that trace back to the technical safety concept. Test scripts are written in C#. The team is currently working on an integration into a complete vehicle dynamic and environment simulation.
The assistant tool Wizz provides a user-friendly interface for an accelerated Hazard and Risk Assessment (HARA) leveraging previous decisions as well as apriori knowledge for automatically processing the relevant situations and hazards to intelligently sort scenarios for the functional safety team to assess. This way the time spent on the HARA can be reduced without impacting the safety goals or ASIL classification.