Model-Based Safety Engineering of Interdependent Functions in Automotive Vehicles Using EAST-ADL2

For systems where functions are distributed but share support for computation, communication, environment sensing and actuation, it is essential to understand how such functions can affect each other. Preliminary Hazard Analysis (PHA) is the task through which safety requirements are established. This is usually a document-based process where each system function is analyzed alone, making it difficult to reason about the commonalities of related functional concepts and the distribution of safety mechanisms across a systemof-systems. This paper presents a model-based approach to PHA with the EAST-ADL2 language and in accordance with the ISO/DIS 26262 standard. The language explicitly supports the definition and handling of requirements, functions and technical solutions, and their various relations and constraints as a coherent whole with multiple views. We show in particular the engineering needs for a systematic approach to PHA and the related language features for precise modeling of requirements, user functionalities, system operation contexts, and the derived safety mechanisms.