Automation is becoming prevalent in more and more industrial domains due to the potential benefits in cost reduction as well as the new approaches/solutions they enable. When machines are automated and utilized in system-of-systems, a thorough analysis of potential critical scenarios is necessary to derive appropriate design solutions that are safe as well. Hazard analysis methods like PHA, FTA or FMEA help to identify and follow up potential risks for the machine operators or bystanders and are well-established in the development process for safety critical machinery. However, safety certified individual machines can no way guarantee safety in the context of system-of-systems since their integration and interactions could bring forth newer hazards. Hence it is paramount to understand the application sce- narios of the system-of-systems and to apply a structured method to identify all potential hazards. In this paper, we 1) provide an overview of proposed hazard analysis methods for system-of- systems, 2) describe a case from construction equipment domain, and 3) apply the well-known System-Theoretic Process Analysis (STPA)f to our case. Our experiences during the case study and the analysis of results clearly point out certain inadequacies of STPA in the context of system-of-systems and underlines the need for the development of improved techniques for safety analysis of system-of-systems.

—Automating a quarry site as developed within the electric site research project at Volvo Construction Equipment is an example of a directed system-of-systems (SoS). In our case automated machines and connected smart systems are utilized to improve the work-flow at the site. We currently work on conducting hazard and safety analyses on the SoS level. Performing a hazard analysis on a SoS has been a challenge in terms of complexity and work effort. We elaborate on the suitability of methods, discuss requirements on a feasible method, and propose a tailoring of the STPA method to leverage complexity.

Methods for analyzing hazards related to individual systems are well studied and established in industry today. When system-of-systems are set up to achieve new emergent behavior, hazards specifically caused by malfunctioning behavior of the complex interactions between the involved systems may not be revealed by just analyzing single system hazards. A structured process is required to reduce the complexity to enable identification of hazards when designing system-of-systems. In this paper we first present how hazards are identified and analyzed using hazard and risk assessment (HARA) methodology by the industry in the context of single systems. We describe systems-of-systems and provide a quarry site automation example from the construction equipment domain. We propose a new structured process for identifying potential hazards in systems-of-systems (HISoS), exemplified in the context of the provided example. Our approach helps to streamline the hazard analysis process in an efficient manner thus helping faster certification of system-of-systems.

Autonomous and intelligent construction equipment is an emergent area of research, which shares many characteristics with on-road autonomous vehicles, but also have fundamental differences. Construction vehicles usually perform repetitive tasks in confined sites, such as quarries, and cooperate with other vehicles to complete common missions. A quarry can be viewed as a system-of-systems and the vehicles are individual systems within the site system. Therefore it is important to analyze the site system, i.e. included vehicles, surrounding systems, and system context, before the introduction of autonomous vehicles. It is necessary to map the needed infrastructure, and the needed input information from on-board sensors and off-board information suppliers, before designing the vehicle electronics system. This paper describes how we identified sensory and input signal needs for an autonomous articulated hauler in a scenario at a quarry site. Different architectural alternatives are evaluated and a set-up for a quarry site is suggested.

Software product line engineering is a widely used approach to plan and manage reuse of software. When safety critical products are developed, achieving functional safety standard compliance must be shown. The requirements stated in the functional safety standards also apply when safety critical products are developed in product lines. Managing functional safety in industrial product lines is challenging and work around solutions are applied in practice. The objective of this research is to collect and review reported research publications focusing on achieving safety in product lines and to identify gaps in todays research. We conduct a systematic mapping study of research publications reported until January 2016.We identify 39 research articles to be included in a list of primary studies and analyze how product lines are documented, which safety-related topics are covered and which evaluation method the studies apply. Generally, we find that the area of how to achieve functional safety in product lines needs more attention. Our study provides an overview on which topics have been discussed until now and which safety-related topics need more attention.

It has been suggested in the literature to organize software in autonomous vehicles as hierarchical layers where each layer makes its own decisions based on its own world model. This paper presents two alternative designs for autonomous construction vehicles based on the layered framework 4D/RCS. As a first step, the typical use cases for these vehicles were defined. Then one use case for a hauler was traversed through the two alternatives to see how they supported safety, flexibility and the use of a product platform. We found that the coordination between bucket control and motion control must be done at a low level in the hierarchy and that the relationship between the vehicle actuators and the built-in autonomous system is important for how the software is organized. 

Today's industrial product lines in the automotive and construction equipment domain face the challenge to show functional safety standard compliance and argue for the absence of failures for all derived product variants. The product line approaches are not su cient to support practitioners to trace safety-related characteristics through development. We aim to provide aid in creating a safety case for a certain con guration in a product line such that overall less e ort is necessary for each con guration. In this paper we 1) discuss the impact of functional safety on product line development, 2) propose a model-based approach to capture safety-related characteristics during concept phase for product lines and 3) analyze the usefulness of our proposal.

Engineering system architectures for complex systems involves the tasks of analyzing architectural drivers, identifying architectural concerns, identifying valid architecture candidates, and evaluation of alternatives. One problem to overcome when architecting a system is the identification of valid of architectural candidates. We have developed a step-wise method for performing system architecture analysis and tested it on a sub-system in a project developing a drive system for heavy automotive applications. In this paper we present the complete method of nine steps for engineering an architecture and we elaborate in detail on the procedure to identify architectural candidates based on previously identified architectural drivers. We present a diagram depicting the proposed information model, its concepts and their relationships. In addition, the expectations on such a method as expressed by practitioners have been elicited, and we elaborate on the validity by examining how well the method indicate fulfillment. Our conclusion is that the proposed method does not fail to deliver on any of the needs and this gives an indication of usefulness. When identifying architectural candidates it is important to use proper criteria in the process. Our conclusion is that the practitioners should focus on candidates that affect the system at hand (within system boundaries), and on the candidates that address the architecturally significant system use. This is reflected in our method where we prescribe evaluation of the design candidates by validating that they solve only the right problem and by ensuring that they address the system at hand.

Developing safety critical products demands a clear safety argumentation for each product in spite of whether it has been derived from a product line or not. The functional safety standards do not explain how to develop safety critical products in product lines, and the product line concept is lacking specific approaches to develop safety critical products. Nonetheless, product lines are well-established concepts even in companies developing safety critical products. In this paper we present the results of an exploratory study interviewing 15 practitioners from 6 different companies. We identify typical challenges and approaches from industry and discuss their suitability. The challenges and approaches brought out by this study help us to identify and enhance applicable methods from the product line engineering domain that can meet the challenges in the safety critical domain as well.