Safety of the intended Functionality for ADAS

1 Safety of the intended Functionality for adas Nicolas Becker, PSA Peugeot-Citro n iso26262 :2011 addresses the Safety risks that arise from malfunctions of the E/E system in vehicles. The first part of the iso26262 includes the Hazard Analysis and Risk Assessment, which evaluates the potential risks due to malfunctions in the item to define top-level Safety requirements : the Safety goals. The subsequent parts of iso26262 provide requirements and guidance to avoid and control the random hardware and systematic faults that could violate the Safety goal. However, for some systems that rely on environment sensors, there can be Safety violations with a system free from faults if the sensor or the processing algorithm takes a hazardous decision about the environment.

2 There is a need to provide guidance to manage these violations. Depending on the functional concept, several aspects of the intended Functionality may be Safety -related, for example : The ability of the function to correctly comprehend the situation and behave safely The robustness of the function sufficient with regard to signal noise The presentation will aim at giving a status of the ongoing work on this topic within WG16, and provide some axis for the further reflections : -What kind of guidance on the concept/design phases -What guidance or the verification and validation phases