Agile development and ISO 26262
Agility and safety Agile development & ISO26262 State-of-Practice in Automotive Stockholm, 25-March-2015 Horst Hientz, Dr. Erwin Petry www.kuglermaag.com © KUGLER MAAG CIE GmbH Page 1 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Agenda • Brief introduction • Agile Automotive Framework / Survey • ISO 26262 development principles • Agile & ISO 26262 Page 2 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Kugler Maag Cie We are an independent consulting company supporting our customers world-wide particularly in the field of lasting performance improvements. Our Focus Analyze, assess, and improve our customers' products and services value creation processes. We take operative responsibility and provide systematic and sustainable know-how transfer. Customers’ expectations Market expectations Management Products & Services LifeCycle Support Customers’ satisfaction Market position Our customer Our Mission Support our customers in mastering risks associated with developing, acquiring or delivering software, systems, and services while maintaining the speed of innovation. “besser mit uns” DAIMLER Automotive extract Page 3 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Agile Automotive Framework based on input from [1] ©©KUGLER MAAG CIE GmbH KUGLER MAAG CIE GmbH [1] „Agile in Automotive – State-of-Practice 2014“, Kugler Maag Cie, 03/2014: www.kuglermaag.de/agile2014 Page 4 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Automotive goes Agile The Survey is initiated and conducted by Kugler Maag Cie. The study is performed in the context of the major European research project SCALARE. This ITEA project supports the automotive industry in developing and expanding their ability to scale. SCALARE assumes that software will continue to be the key to bring about innovations and be able to provide holistic services. http://scalare.org/about-scalare/ Page 5 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Rapid survey among participants • • • • • • Page 6 Institutionalization of Agile in Automotive Agile methods Safety-related projects Application types Process areas supported by agile elements Tools used Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Which phase of the Agile implementation is your organization currently in? Please indicate which phase the most mature agile project of your organization is in. A pilot is a small-scale attempt in order to evaluate the applicability of Agile; roll-out means an official launch of Agile (on a bigger scale). Stabilization is achieved when agile roles, ceremonies and artefacts are in place and Agile has become part of the culture. 4 11 3 3 Page 7 No agile projects Piloting agile Roll-out Stabilization Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Which Agile methods and practices do you use in your organization? In Scrumban, Scrum and Kanban are used in parallel. Here, Scrum is used for plannable development, while Kanban is covering the event-driven topics. Extreme Programming is an agile method that emphasizes business results first and takes an incremental, get-something-started approach to building the product. Feature Driven Development is a short-iteration development process that delivers features in logical incremental intervals. Test Driven Development is an agile practice in which a test is written before writing the code. Continuous Integration is the process of building your application on every new source code check-in. 17 4 1 0 2 1 10 0 Page 8 Scrum Kanban Scrumban Extreme Programming (XP) Feature Driven Development (FDD) Test Driven Development (TDD) Continuous Integration (CI) Others Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Do you apply agile methods and practices in safety-related projects? Multiple answers possible if projects with agile methods and practices have different ASILs. If you do apply another safety standard try to vote for the most appropriate ASIL. 4 6 6 3 0 Page 9 Agile methods and practices only (!) in non safety-related projects ASIL A ASIL B ASIL C ASIL D Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Which ECU/Application Types are covered in your Agile projects? Please indicate all ECU/Application Types that are covered in your agile projects. If several teams or projects cover different ECU/Application Types, please check every type that is covered. 3 Multimedia Applications Location-based Services Applications, Telematics, Radio Navigation 2 Body Electronics Body Controller, Sensors (Light, Battery, …), Instrument Cluster 4 Powertrain and Chassis Control Braking Systems, Engine Management 3 Integrated Systems/Services Intelligent Mirror, Active Safety, Driving Assistance/Automatic Driving Page 10 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Which processes are covered within one sprint/cadence? Please indicate all the processes that are covered within one sprint/cadence. 0 0 8 11 19 10 10 0 0 0 0 Page 11 System Requirements Analysis System Design Software Requirements Analysis Software Design Software Implementation Software Integration and Integration Test Software Test System Integration and Integration Test System Test Hardware Development Mechanical Engineering Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Which tools do you use in your agile projects? (1) Please indicate tools you use in your organization. If you use other tools than those listed below, please leave a comment with the tool group and tool name. Project/CR/PR/Task Management 0 IBM Tool Suite (RTC) 6 Jira Agile (former Greenhopper) 0 MS Project 0 PTC Integrity 1 Redmine 1 Serena Dimensions 0 VersionOne 1 Others TFS Page 12 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Which tools do you use in your agile projects? (2) Configuration Management Clear Case 0 2 Git 0 IBM Synergy 0 Mercurial 0 PTC Integrity 1 Serena Dimensions 5 Subversion 1 Others TFS Page 13 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Which tools do you use in your agile projects? (3) Build Ant 1 Bitbake (Montavista, Mentor Graphics) 2 Cmake 1 Gmake 3 Jenkins 0 Maven 4 Visual Studio 0 Others Continuous Integration 0 Bamboo 0 Hudson 3 Jenkins 0 Others 0 Page 14 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Which tools do you use in your agile projects? (4) Test/Test automation 0 Google Test Framework 2 Jenkins 0 PTC Integrity TM 0 Quality Center 0 Xunit 3 Others TFS Page 15 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Agile Automotive Framework Kugler Maag Cie – 2015-02 Product R&D Organization Agile Engineering Adaptive Planning Agile Evolution Agile Benefits Product Development Process Page 16 Development Tool Chain Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Agile Transformation Agile Evolution is a team-centric choreography Level 4 – Agile Enterprise Level 3 – Agile R&D Level 2 – Agile Project Level 1 – Agile Team What • Agile Methods (Test first/TDD, Continuous integration, Continuous delivery, Architecture refactoring) Bootstrap – Initial Core • Agile Roles (Feature Owner*, Scrum Master, Kanban Coach, Agile T-Shape Team) • Agile Ceremony (Daily stand-ups, Retrospectives, Sprint/Cadence ) • Agile Artifacts (Task-Boards, Feature/ Team-Backlog, Definition-of-Done/ Definition-of-Ready) Page 18 Where Whole Sub-Project / Project Where Any Engineering Discipline! (SW, HW, EM, Mech.,…) Benefits • Quality artifacts (code,…) • No technical debt build-up • Self-organizing teams • Work-in-Progress/ Bottleneck transparency • Fast-feedback loops What • Agile Roles (Product Owner , Quality PO, Safety PO, + FO*, SE Team) • Agile Ceremony (Release Planning & Review, Release Retrospectives) • Agile Artifacts (Project Backlog) Benefits • Responsiveness to customer • Continuous delivery • Better integrated & tested products • Higher First-Pass-Yield Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Where Whole R&D Organization What • Agile Roles (Servant Leader) • Agile Methods (Theory of Constraints, High Resolution Management,…) Benefits • Shorter time to market • More innovations Where Whole Enterprise What • Agile Roles (Enterprise Transition Community, HR, Sales, Marketing, Infrastructure) Benefits • Change Responsiveness (Adaptiveness) • Learning Organization • Antifragility Product R&D Organization, e.g. Tier-1 Customer (OEM) new EU CEE APAC NAFTA Customer / Application Projects Project Management CR Software Systems Engineering Mechanics Hardware Roles Product Owner, Feature Owner, SE Team, Sys Architect/Int/Test, Quality Product Owner, Safety Product Owner Platform Projects Project Management CR Software Systems Engineering Mechanics Hardware Product Owner, Feature Owner, SE Team, Sys Architect/Int/Test Software Page 21 HMI ECU Hardware Housing OS Display CR NAND Technology Domains ME Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Feature Owner, Scrum Master, Kanban Coach, Agile T-Shape Team Platform/ Application Product Development Process, e.g. Tier-1 System 1. - RA & AD 2. - RA & AD Continuous Integration / Continuous Delivery SW 1.1- RA & AD 1.2 - RA & AD 1.1 - IT & ST Team HMI OS NAND Techn. Domain HW ME 1. Sample 2.2 - RA & AD 2.1 - RA & AD 1.2 - IT & ST 2. Sample 1.3 - IT & ST 1.3 - Sprint 2.3 - RA & AD 2.1 - IT & ST 2.1 - Sprint 3.1 - RA & AD 2.2 - IT & ST 1.1 - Sprint 1.2 - Sprint 2.2 - Sprint 2.3 - Sprint Common Common Common Common Common Common Repository Repository Repository Repository Repository Repository 1.1 - Sprint 1.2 - Sprint 1.3 - Sprint 2.1 - Sprint 2.2 - Sprint 2.3 - Sprint 1.1 - Sprint 1.2 - Sprint 1.3 - Sprint 2.1 - Sprint 2.2 - Sprint 2.3 - Sprint 1.1 - Cadence 1.2 - Cadence 2.1 - Cadence 2.2 - Cadence ECU 1.1 - Cadence 1.2 - Cadence 2.1 - Cadence 2.2 - Cadence Display 1.1 - Cadence 1.2 - Cadence 2.1 - Cadence 2.2 - Cadence Housing 1.1 - Cadence 1.2 - Cadence 2.1 - Cadence 2.2 - Cadence 1.1 - Cadence 1.2 - Cadence 2.1 - Cadence 2.2 - Cadence Techn. Domain Page 22 1.3 - RA & AD 3. - RA & AD Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Agile Engineering, e.g. SW Development Process Requirement Requirement analysis criteria verifies Architecture development Req. test development Common Repository Design development Integration test development Implementation verifies Page 26 Continuous Deployment Unit test development Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm criteria ISO 26262 development principles ©©KUGLER MAAG CIE GmbH KUGLER MAAG CIE GmbH Page 28 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Work Products, specific for Functional Safety 1. Vocabulary Functional Functional Software 2. Management of functional safety Safety 2-6 Safety management during theSafety concept Plan phase Safety Tool Confirmatio 2-5 Overall safety management Manageme and the product development Engineering Support n Reports nt Procedure Procedure Procedure 4. Product development at the system level Safety 2-7 Safety management after the item’s release for Case production 3. Concept phase 3-5 Item definition 3-6 Initiation of the safety Hazard lifecycle Analysis and Riskanalysis and risk 3-7 Hazard Assessmen assessment t 3-8 Functional safety concept Functional Safety Concept 4-5 Initiation of product development Technical at the system level Technical Safety 4-6 Specification of the Safety Requireme technical safety requirements Concept nts 4-7 System design 5. Product development at the Hardware hardware level Safetyof product 5-5 Initiation Requireme development at the hardware level nts 5-6 Specification of hardware safety requirements 7. Production and operation Functional 4-11 Release for production Safety 4-10 Functional safety assessment Assessmen Validation t Report 4-9 Safety validation Report 4-8 Item integration and testing 7-5 Production 7-6 Operation, service (maintenance and repair), and decommissioning 6. Product development at the Software software level Safety 6-5 Initiation of product development at the software levelRequireme nts 6-6 Spec. of SW safety requirem. 6-7 Software architectural design 5-7 Hardware design 6-8 SW unit design & implementation 5-8 Evaluation of the hardware architectural metrics FMEDAs 5-9 Evaluation of safety goal violations due to random HW failures 5-10 Hardware integration & testing List of Work Products not complete 6-9 Software unit testing 6-10 Software integration & testing 6-11 Verification of software safety requirements 8. Supporting processes 8-5 Interfaces within distributed developments 8-7 Configuration management 8-8 Change management 8-6 Specification and management of safety requirements 8-9 Verification 8-10 Documentation Software 8-11Tool Confidence in the use of software tools Qualificatio n Report 9. ASIL-oriented and safety-oriented analyses 9-5 Requirements decomposition with respect to ASIL tailoring 9-6 Criteria for coexistence of elements 8-13 Qualification of HW components 8-14 Proven in use argument FTA, FMEA,9-8 …Safety analyses 9-7 Analysis of dependent failures 10. Guideline on ISO 26262 (informative) Page 29 8-12 Qualification of SW components Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Some other important Work Products 1. Vocabulary 2. Management of functional safety Project 2-5 Overall safety management Item Definition Production 2-7 Safety management after the item’s release for Audit production Operation, Reports service, decommissi 4. Product development at the system level 7. Production and operation oning 4-5 Initiation of product 4-11 Release for production System at the system level Hardwaredevelopment 7-5 Production Requireme Software4-10 Functional safety assessment System 4-6 Specification of the nts Interface 7-6 Operation, service Design technical safety requirements 4-9 Safety validation Specificatio Specificatio (maintenance and repair), and decommissioning 4-7 System design 4-8 Item integration and testing n ns Developme nt Process 3. Concept phase 3-5 Item definition 3-6 Initiation of the safety lifecycle 3-7 Hazard analysis and risk assessment 3-8 Functional safety concept Verification Reports for many documents 2-6 Safety management during the concept Planphase and the product development 5. Product development at the hardware level 5-5 Initiation of product Hardware development at the hardware level Hardware Requireme Designs 5-6 Specification of hardware safety nts requirements 5-7 Hardware design 8-6 Specification and management of safety requirements Software Designs 6-6Requireme Spec. of SW safety requirem. nts 6-8 SW unit design & implementation 5-8 Evaluation of the hardware architectural metrics 5-10 Hardware integration & testing 8-5 Interfaces within distributed developments 6-5 Initiation of product development at the software level Software 6-7 Software architectural design 5-9 Evaluation of safety goal violations due to random HW failures DIAs 6. Product development at the software level 6-9 Software unit testing 6-10 Software integration & testing 6-11 Verification of software safety requirements Configurati 8. Supporting processes on 8-7 Configuration management 8-10 Documentation Manageme Change nt8-8 Plan Change management Requests 8-11 Confidence in the use of software tools 8-9 Verification Test Test Specificatio Reports ns 8-12 Qualification of SW components 8-13 Qualification of HW components 8-14 Proven in use argument 9. ASIL-oriented and safety-oriented analyses 9-5 Requirements decomposition with respect to ASIL tailoring 9-6 Criteria for coexistence of elements 9-7 Analysis of dependent failures 10. Guideline on ISO 26262 (informative) Page 30 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm 9-8 Safety analyses Agile & ISO 26262 ©©KUGLER MAAG CIE GmbH KUGLER MAAG CIE GmbH Page 32 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Product Owner – Safety Expert, Coach and Monitor – for the implementation of the requirements, processes and methods needed for functional safety • The Safety Product Owner focuses on functional safety and supports the Product Owner (functional and business aspects) and Quality Product Owner (product and process quality) with functional safety aspects • Supports the interpretation, detailing and prioritisation of the requirements for functional safety in the Product Backlog • Responsible for safety planning and monitoring • Defines and schedules the activities necessary for functional safety (e.g. reviews, audits, safety assessments) • Checks the Definition-of-Done (DoD) and if necessary extends it to include full implementation of the (standard) requirements for functional safety (e.g. application of methodology) Checks that activities related to functional safety and the extended DoD are being implemented Supports the team when presenting and carrying out safety analyses Creates and maintains the safety case Participates in the Sprint Review to accept the deliverables. May participate in the Retrospective in order to provide an external perspective on where there is room for improvement • Represents a key contextual bridge between the team’s local focus and the company’s global view of functional safety • • • • Page 33 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Typical State Machine for Functional Safety Work Products To be implemented through Definition-of-Done mechanism informal verification draft informal verification under revision informally released for limited usage next „cycle“ (SPRINT, cadence, sample, …) formal verification formal verification next „cycle“ (SPRINT, cadence, sample, …) formally released confirmation review confirmed Page 34 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm evidence in final safety case Example: Quality Attributes of the Technical Safety Concept (TSC) informal verification When: A-Sample phase Informally verified (team: Definition-of-Done) TSC • table of contents • scope • collection of key concepts informal verification When: B-Sample phase Informally verified (team: Definition-of-Done) TSC • safety goals stable • ASILs known • functional safety requirements stable • key technical safety requirements stable • key safety mechanisms defined Page 35 formal verification When: C-Sample phase Formally verified (ISO 26262-8, clause 9) TSC • complies with ISO 26262-4, clause 6.4.6, requirements for the work product technical safety requirements specification • complies with ISO 26262-4, clauses 6.5.1 and 7.5.1 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Key Work Products Quality Attributes built-up over development cycles (1) Preparation & planning Item definition Hazard analysis and risk assessment FSC including FSR Safety plan of the 1st tier TSC including TSR (1) (1) (1) 2) Implementation Safety analyses Concept FMEA System FMEA System FTA FMEDA SW-FMEA Design & implementation System level Hardware level Software level incl. unit test development and unit testing Test specification System level Hardware level Software level (2) (2) (2) (2) (2) (2) (2) Test execution System level Hardware level Software level (3) Confirmation Safety audit Safety case Safety assessment Safety validation Page 36 (3) Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm (3) (3) Some Conclusions Complex Automotive projects in a dynamic environment can hardly be implemented with the traditional approach. Agile in Automotive is applying customized methods and practices. No verbatim interpretation of the Agile Manifesto. Compliance with ISO 26262 is achievable. Manage safety requirements in the backlog with high priority Beginning to apply Agile in safety-related projects does not yet need organizational changes. Add a few roles: Product Owner, Scrum Master, Safety Product Owner Page 37 Work on the Definition-ofDone for safety work products. Define iterations for completeness, quality and ISO 26262 compliance The use of appropriate tools is key for Agile and important for the safety case, e.g. Jira Agile, Jenkins, PTC Integrity Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm Thank you! Questions? KUGLER MAAG CIE GmbH Leibnizstr. 11, 70806 Kornwestheim, Germany Phone +49 7154 1796 100 [email protected] www.kuglermaag.com © KUGLER MAAG CIE GmbH Page 38 Agility and Safety, Hientz, Petry, 25-March-2015 SCSSS Stockholm
© Copyright 2024