What is the purpose of Failure Mode and Effect Analysis ?

Status
Not open for further replies.
J

jani12

Member
Our embedded controller is Advanced Drive Assist Systems(ADAS). It basically has Two software layers. Application software and low-level software.

Our controller has many low-level functions such as different communications protocols, different types of memory, Digital outputs, PWM Outputs, and so much more.

What might be the benefit of performing Failure Mode and Effect Analysis(FMEA) on these low-level functions? Is the purpose of this exercise to catch low-level software design problems? Also, would this analysis help in debugging?

How to perform thorough FMEA on low-level software for a typical Automotive ADAS Controller?
For example, one Failure mode may be Loss of I2C communication or intermittent I2C communication. How to come up with all possible potential effects of this failure? How to come up with all possible Potential Causes of Failure?

How to identify all possible Failure Modes?
 
To be sure the car doesn’t go careening off the road into a tree to avoid a squirrel?
 
ClydeCrashKop said:
To be sure the car doesn’t go careening off the road into a tree to avoid a squirrel?
Click to expand...
I worked in Detroit for a while on auto R&D. It was pigeons. Those dam birds sat around the test track and waited for us.

We built a power stirring controller that no engineer would drive. It worked well but we would not drive the car. In the lab, early on, it sometimes would spin the steering wheel hard left or right then blow smoke out of the transistors. It is one thing for the car to drive into the ditch at speed, but this thing wanted to brake your arm first.

My experience with Failure Analysis is: if the man that built the thing also test it there will be no failures. But give it to his wife and ......
 

for I2c for example, you could have two registers filled with dummy values and then let your Micro query those registers on a regular basis to make sure the transmitted values match the values expected in the two registers. Also, at start up, all registers should be checked to make sure they are the expected value and change one value to check if the system algorithm makes appropriate adjustments.

During startup, you could feed the ADAS a Fake lidar reading that an object is approaching the vehicle and check if the brake pressure increases to prepare for impact.

I've sat in a lot of scenario development for FMEA in chemical processing environments and developed a series of remedy actions incase a reaction starts to get out of control with a process like (cool, if that doesn't work, vent pressure, if that doesn't work, dilute with solvent, if that doesn't work,..., several more ideas,.... if all those ideas don't work, turn off the control room ventilation system and move behind the 6' thick concrete wall until the all-clear siren sounds).

the FMEA would be an action and a verifiable proof of action to execute each item on the list. Add a small amount of CO, make sure the CO sensor shows a noticeable response. Add a fake high CO sensor signal to the logic board, make sure it increases nitrogen purge and valves open And so on.
 
Status
Not open for further replies.

Similar threads

  • Question
What is the best way to communicate between two PICs to drive multiple LCDs
Replies
13
Views
6K
Pommie
P
S
  • Question
Choosing the Right Protection for Digital and ADC Inputs
Replies
5
Views
3K
danadak
P
XC8 warning - what is wrong?
Replies
7
Views
5K
tumbleweed
T
P
What is a windowed WDT?
Replies
9
Views
2K
ZipZapOuch
F
  • Question
Recommendation as for DC-DC and LDO for ARM and digital ICs.
Replies
0
Views
946
Fahrenheit
F
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…