[:en][vc_row][vc_column][vc_column_text]Both IEC 61508 and ISO 26262 highly recommend a modular approach to software development. One question that comes up regularly asks if there are quantitative targets for determining whether sufficient progress has been achieved by software engineers.

IEC 61508-3 Table B.9 Modular approach

ISO 26262-6 Table 1 Topics to be covered by modelling and coding guidelines

When writing a coding guideline for an organization of software engineers sometimes it’s useful to give specific guidance. Especially new developers like to have targets to gauge how well their safety related code matches up with more mature code that has the benefit of longer maintenance.

Manufacture Initiative (Herstellerinitiative Software)

Hersteller German for Manufacturer or possibly OEM is the name of a project group consisting of German automobile manufacturers that got together to establish among other things guidelines for software code metrics. The sort of information that is useful for a coding guideline.

The group consisted of Audi, BMW, Daimler, Porsche and Volkswagen. With over 15 million vehicles sold by German manufacturers in 2017¹ and suppliers that provide similar parts to many of the rest of world-wide vehicle production it’s hard ignore their recommendations or argue that the targets are anything other than feasible, appropriate, valid, cost effective.

HIS Source Code Metrics version 1.3.1 01.04.2008

Although the original website² no longer exists and now redirects to an Autosar³ site if you google this section heading or the file “HIS-sc-metriken.1.3.1_e.pdf” you’ll find your own copy to download. There is no copyright asserted and I understand the intention of the work was to benefit software development and standardization of target setting across at least the German Automotive OEMs.

It’s worth noting that your existing static analysis tools may already measure and report these metrics. One example is QAC from PRQA⁴.

Section 3.1 Metrics with limits

Further reading

If you want to study this topic some more and the references like MISRA then visit these links:

• “MISRA, The Motor Industry Software Reliability Association, is a collaboration between vehicle manufacturers, component suppliers and engineering consultancies which seeks to promote best practice in developing safety-related electronic systems in road vehicles.”
• High Integrity C++ Coding Standard Version 4.0
• HIC++ V4.0 An overview by the authors

¹ Source: https://focus2move.com/world-car-group-ranking/

² www.automotive-HIS.de/

³ www.autosar.org

⁴ www.prqa.com/press-releases/2014/prqa-releases-qac-v3-2-boosting-c11-coverage-simplifying-the-adoption-of-secure-coding-best-practices-and-more/

[/vc_column_text][/vc_column][/vc_row][:zh][vc_row][vc_column][vc_column_text]No! They are not Inherently Safe!

A collaborative robot is intended to work “collaboratively” with a person. i.e. share a common workspace. It is force and speed limited by design to minimize any potential hazard. Collaborative robots fit the application where the task cannot be easily or cost effectively automated. They are easy to deploy, program and repurpose. Collaborative robots are new to everyone including the standards agencies.

A hazard and risk assessment is required that assesses the robot and the environment that it is deployed in. Just as any other robot, things such as collisions, speed, type of end effector and worksite need to be evaluated. Collaborative robots have their own sorts of collisions and hazards. They may not be as severe, but they still exist.

This all comes down to risk and the amount of risk that you are willing to accept! The diagram below shows the high-level steps for doing a Hazard and Risk Assessment. When following the steps, if you assess the risk and find it to be acceptable (your companies acceptable risk norms) then you are done. No need to add any risk reduction.

The next best approach is to determine if protective measures other than a Safety Function can reduce the risk to an acceptable level. If not, then you must assign a SIL and implement a safety function that will provide the required risk reduction.

exida can effectively train your team to perform machine hazard and risk assessments to identify all possible hazards and estimate the risk for each hazard. Specifically, exida coaches you through the process of evaluating the risk, developing and implementing risk reduction options. exida can also educate your team in multiple approaches to SIL target selection. These are just some of the things exida does to ensure you are on the right path![/vc_column_text][/vc_column][/vc_row] [:]