Interesting and informative talks. Just wondering, how about a "Keep-Alive" like signaling for every processing element in the system that is periodically generated and processed in a narrow time slice (input to output) for making sure the intended processing element/function is operational as a health status pulse and the loading condition it is experiencing (how much time it is taking to process it).
That would certainly be helpful. There are two issues here. One is the readiness of the technology, and while cars can certainly steer themselves today, there are questions about how well they can maneuver through traffic with cars. AI systems are still in their infancy. The second issue is cost. What you're hinting at here is predictive maintenance, which is a complex issue because it requires in-circuit real-time monitoring and testing across all systems. Airplanes do this today, but it takes awhile to check all the major systems on a plane. Imagine if you had to run through all those tests in your car before running an errand. The cost of these systems could be prohibitive with today's technology, and rapid startup would require massive compute power.
Thanks for your quick response. I think it should start with an architecture/system level (micro to macro) implementation to achieve the highest level of reliability and safety of automotive systems.
Big time. SOTIF is meant to address safety issues where system situational awareness is derived from complex sensors combined with even equally complex (and often non-deterministic / non-repeatable) processing algorithms. Unlike ISO 26262, SOTIF deals with the behavior of a system under various scenarios which are not triggered by a system error, fault or failure. I think the biggest issue regarding software and SOTIF is how to deal with neural net algos that perform classification and other functions using multiple sensor inputs, resulting in a system action that is ultimately based on a probabilistic determination of what "reality" is. How do you test a system like this? What percent of "correctness" is "good enough"?
Safety of the intended functionality - din’t know this, thank you..!
Praveen, here's another related one that may be of interest semiengineering.com/3-safety-standards-for-auto-electronics/
Is SOTIF ( ISO 21448 ) required for EDA tool vendors supplying design software to design companies? or ISO26262 is sufficient?
Interesting and informative talks. Just wondering, how about a "Keep-Alive" like signaling for every processing element in the system that is periodically generated and processed in a narrow time slice (input to output) for making sure the intended processing element/function is operational as a health status pulse and the loading condition it is experiencing (how much time it is taking to process it).
That would certainly be helpful. There are two issues here. One is the readiness of the technology, and while cars can certainly steer themselves today, there are questions about how well they can maneuver through traffic with cars. AI systems are still in their infancy. The second issue is cost. What you're hinting at here is predictive maintenance, which is a complex issue because it requires in-circuit real-time monitoring and testing across all systems. Airplanes do this today, but it takes awhile to check all the major systems on a plane. Imagine if you had to run through all those tests in your car before running an errand. The cost of these systems could be prohibitive with today's technology, and rapid startup would require massive compute power.
Thanks for your quick response. I think it should start with an architecture/system level (micro to macro) implementation to achieve the highest level of reliability and safety of automotive systems.
How do you think software analysis and sotif intersect?
Big time. SOTIF is meant to address safety issues where system situational awareness is derived from complex sensors combined with even equally complex (and often non-deterministic / non-repeatable) processing algorithms. Unlike ISO 26262, SOTIF deals with the behavior of a system under various scenarios which are not triggered by a system error, fault or failure. I think the biggest issue regarding software and SOTIF is how to deal with neural net algos that perform classification and other functions using multiple sensor inputs, resulting in a system action that is ultimately based on a probabilistic determination of what "reality" is. How do you test a system like this? What percent of "correctness" is "good enough"?