Inquiries received from SCN-SG at the OC Shinagawa/Nagoya conferences held last year (2016) were collected by the secretariat and steering committee and published here as a reference.
1) I would like to hear about the appeal to foreign countries of Safety Concept Notation Study Group (SCN-SG) activities.
Answer
Regarding appeal to foreign countries, we have lectured at SAE WXC in 2015 and performed introduced at an exhibition booth, presented at VDA in 2016 and exhibited a SCN-SG booth.
Moving forward, we intend to continue activities. Regarding these activities, with the steering committee at the center, we are considering so that activities will become more open.
2) Please consider tool chain implementation.
Answer
Regarding tool chains, tool vendors participating in the SG are moving forward with tool chains based on the company’s plans.
We are promoting metamodel maintenance in subworking activities to facilitate easy tool creation.
Besides tool vendors, consulting and engineering service vendors are actively at work.
3) In what ISO 26262 phase should the safety concept be created with SCDL? What timing in design should the SCDL be used from?
Additional info
Is it used in the functional safety concept/technical safety concept? Is it also usable for SSR, HSR?
Answer
The safety concept can be described using the unified safety notion (SCDL) starting from the functional safety concept, which is the top of the safety concept, to the technical safety concept, and SSR, HSR. In this way, a consistent explanation becomes possible, which is a great merit of the SCDL.
4) Is there anything that must be prepared in order to begin using SCDL? (as a prerequisite)
Answer
It is a good idea to agree to use the same notation for upstream/downstream designers.
5) Is it OK if a requirement whose allocation is undecided is left alone until the end?
Additional info
It is a necessary function (requirement), but I cannot imagine the output.
(It can be done if you go to the lower level) But, when doing safety analysis against output, there is no output.
Answer
If the “output can not be imagined”, risk assessment activities become difficult.
Therefore, regarding “It can be done if you go the the lower level”, if the person in charge of the lower level or the interactions between levels can “imagine the output”, we recommend discussing it with those persons and assume the “output”.
In the concept phase, it is important to decide “function requirements” together with “performance requirements”. We believe that safety analysis is possible by assuming behavior that the output gives to the target from functional requirements and performance requirements.
6) Regarding single point failure notation
Additional info
As a result of the safety analysis, for example, I would like to emphasize elements that violate safety goals with a single point failure, is there any good idea to do this?
Answer
While taking into account which method is best, we are considering methods such as notation additions or distinction by line type or color.
7) To what level should TSC be detailed?
Additional info
I think that it is up to the function block level, but ECU supplier thinks that it is easier to design a safety mechanism by describing hardware parts such as microcomputer and IC inside the ECU.
Which level is best depending on the company…
Answer
Circuit blocks such as microcomputer and IC may also appear. As a way of thinking, we recommend that you describe the interface to where you can divide hardware and software.
8) Is there a notation for connections from higher requirements?
Additional info
When system to hardware, system to software, or decomposition is executed, the connection between the initial safety requirement and the requirement after decomposition.
Answer
We are considering a “notation method for connections from higher requirements”.
9) We understand that it is aimed at international standards, but what will happen if it is not realized?
Additional info
I have begun using it now, if SCDL is no longer used a few years later, I am concerned that the contents I have used until now will be lost.
Answer
As with other deliverables, deliverables (safety concepts) created by each company according to the SCDL specifications will not go to waste. If you can understand the merit of using SCDL, I think that you can use it without worrying about the future.
10) When drawing large and multi-level diagrams, it is likely to make things of the same level difficult to understand. Are there any techniques to easily describe for explanation?
Answer
It is a good idea to make use of the functions provided by the tool and to devise how to make it look.
Do not forget the modular design principle. In SCDL specifications, there is a degree of freedom with respect to line type and color, so there are companies (organizations) that are devising how to make it easy to see such as by coloring.
11) In SCDL, requirements that cross element are prohibited, but should we not describe expressions where requirements satisfy two elements?
Answer
Do not cross the elements, write on each element separately.
Then group by requirement group.
12) Is it possible to link models written in SCDL with models created with MBD tools such as MATLAB?
Answer
We are attempting to connect the safety concept diagram created by SCDL to SysML.
13) What is the penetration rate in the automotive field at present?
Answer
There is no concrete numerical value of the penetration rate, but the SCDL notation is already used by multiple OEMs and business partners. According to the company’s circumstance, as well as conventions and design culture up till now, it may be difficult to shift to SCDL immediately, but once you use it I think that you can realize the merit of SCDL.
14) To what level is SCDL realistically expected to be applied?
Additional info
I think that application itself is possible not only at the system level, but also at the software level. But due to the constraint of making just one output, many elements must be created and I think it no longer is a simple and easy to see figure when applied to the software level.
Answer
As you pointed out, although it is possible to describe the SSR, since it consists of many elements, in terms of “viewability” it is best to devise how to make it look utilizing the functions provided by the tool.
15) Is there a way to comprehensively represent interactions that are input to many elements?
Additional info
For example, if you write all the interactions that might be involved in many elements, such as the power supply voltage, the figure becomes very difficult to see.
Answer
A method for comprehensively representing interactions common to many elements is under consideration.
16) How is SCDL different from other notations? If the purpose is to focus on safety architecture, examples can be proposed using descriptions in SysML’s subset or SysML, but what is the primary need to define a new notation? Many people say in general that the figure notation is “intuitive” or “easy to understand”, but on what basis do you think SCDL is easy to understand?
Additional info
Example: Please let me know your thoughts such as the syntax number, the number of figure symbols, low abstraction (concreteness), direct correspondence between the two.
Answer
At the time the SCDL specification Ver1.2 was issued, “In this version we added the necessity of SCDL and the use case in order to achieve a better understanding.
Please see the SCDL specification Ver1.2 and if you have any questions, please contact the secretariat.”Please see the SCDL specification Ver1.2 and if you have any questions, please contact the secretariat.”
17) I want to know the relation with GSN in detail. I would like to know the concept of the function classification.
Answer
At the time the SCDL specification Ver1.2 was issued, “In this version we added the necessity of SCDL and the use case in order to achieve a better understanding.
Please see the SCDL specification Ver1.2 and if you have any questions, please contact the secretariat.”Please see the SCDL specification Ver1.2 and if you have any questions, please contact the secretariat.”
18) Does the department in charge of the previous process from the software requirement definition have opportunities to utilize SCDL?
Additional info
I thought that it might be used as supplementary material for software architecture.
Answer
There are opportunities to utilize SCDL. One method is that it can be utilized for parts related to safety related architecture in software. A use case related to software will also be released in the future.
19) I would like a drawing and description language frequently used template pattern feature. Are there any plans at SCN-SG to consider such a feature?
– Are you considering such a use case?
Answer
SM design patterns are not in the scope, rather than ISO 26262 as the main, we would like to discuss/provide in a sub-working of how to use SCDL.
20) To what level can requirements be written in SCDL?
Additional info
The FSC, TSC, HW, SW levels exist, but when going to the HW or SW level it becomes extremely detailed. At such a detailed level will the possibilities not decrease?
Should we also connect requirements such as supplying power with a relationship line?
2nd SM, how to express 1st SM that detects failure of function itself in SCDL?
Answer
All can all be written.
We will resolve issues through each use case in the future.
SW is the software sub-working, HW is the second part of the use case sub-working. It is also supposed that only the necessary parts may be cut out and written during classification and structuring.
21) Is compatibility with UML/SysML or mutual conversion possible?
Additional info
There are many people who are allergic to “new things”, and use may progress as long as you can effectively use existing resources or compare them.
Answer
Out of the four aspects of SysML, SCDL is specialized mainly in requirement and structure. These parts are compatible with SCDL.
Therefore, it is technically possible to mutually convert using tools.
The remaining two aspects (behavior and parametric) are complementary, and synergetic effects can be expected by combining them.
22) For safety proof of SW, is SCDL suitable for writing SW architecture? Can SCDL be used for architecture of any structure?
Answer
It can be used for the static architecture upon safety division of roles for software elements.
23) Do you have activities for international standardization? Are OEM and supplier reactions overseas positive or negative for SCDL usage?
Answer
Activities for international standardization are in the scope. We plan to survey and announce overseas reaction in the future.
24) I would like you to list many examples expressing architecture in notation. Since there are not so many safety mechanisms, I think that it will correspond to one of the examples.
Answer
SM design patterns are not in the scope, rather than ISO 26262 as the main, we would like to discuss/provide in a sub-working of how to use SCDL. Please obtain the information from other deliverables within the industry, or through the study of ISO 26262 itself.
25) When looking at SCDL as a tool vendor, are there any issues when linking to SysML or other languages?
Answer
There is no issue when connecting with SysML etc. by individual rule. But when considering common specifications among multiple users, the inherent concept handled by SCDL, for example, the standard expression for decomposition is not defined on SysML, can be an issue.
26) How to describe the deconposition and coexistence of elements?
I thought that it would be easier to write in unidirectional, bidirectional as written in aviation related partitioning.
Answer
In the future, we would also like to refer to notation methods/way of thinking in other fields.
27) How can SM2 (fault detection of SM1) be expressed by SCDL?
Answer
As one solution, we would like to consider the notation that can express the loose coupling interaction between requirements.
28) Do you only associate elements for safetly requirements with SCDL, when expressing all requirements in a SysML requirement diagram as a result of analysis? I am concerned about how to use it properly.
Answer
If you can show the relationship between SCDL and the system design requirement diagram, it can be used for items other than the safety concept.
29) How should we proceed to actually use it side-by-side among other companies? Even though the structure and the tool becomes common knowledge, I think that whether it is actually used is another problem.
Answer
We believe that efforts such as standardization, publicizing, and dissemination of the tool are necessary.
30) Since the goal (objective) is different in safety and security, I believe there is a possibility that the goal will be blurred or missing when integrated. Do you need the thought of detailing safety and security, classifying the goal and integrating similar goal items? When placing the process model in the lifecycle, can safety and security models be placed in the same placement well?
Additional info
For example, consider the case where security may be 3 processes, but safety needs to be 10 times as many. In this case, will the processes for security be useless?
Answer
We are considering the establishment of a security sub-working in the future so please participate.
31) What are the advantage over UML, SysML, etc.? I would like to know the strengths that can not be expressed by existing semi-formal methods.
Answer
The advantage of being able to provide safety analysis and ease of review by representing SysML requirement diagrams and block definition diagrams in one view.
32) I want to know about the extension of the target of SCDL.
Additional info
Describe security, functions and requirements of other technologies as with E/E systems.
Answer
We will also consider the possibility of supporting notation of security and other technologies.
33) I would like to know about linking with failure rate calculation tools (database, DC). (Preliminary Architecture Level PMHF)
Answer
We will also consider the notation of failure rate and DC.
34) Regarding the integration of functional safety and security, we are currently discussing various processes, etc. about the integration of these 2 items, but we are interested in how SCDL and its tool will eventually be integrated and linked.
Answer
We are considering the establishment of a security sub-working in the future so please participate.
35) Is the relation between requirements in EAST-ADL etc. and the relation (interaction) between requirements in SCDL different? (I was connected in the explanation of the specification, but…)
Answer
How to express the relationship between vertical traces (between Snapshots) is regarded as a future task.
36) I would like SCDL interactions to be ports and connectors and explain their relationship in detail.
Answer
As a notation for this purpose, interface symbols can be used.