Common use of The ASIL Optimisation Process Clause in Contracts

The ASIL Optimisation Process. The inputs to the optimisation are the same as to the standard ASIL allocation/decomposition algorithm: namely, the set of constrained output failures (COFs) and the safety requirements derived (DSRs) from them that apply to the causes of those output failures: • Set of safety constraints, each of which should have an ASIL and a fault tree generated for its constrained output failure. • Set of minimal cut sets (from the fault trees modelling the logical failure behaviour of the system) that cause the constrained output failures. Similarly, the output is also the same – a set of safety requirement assignments (SRAs): • Set of possible ASIL assignments for all basic events in the form of Safety Requirement Assignments. The difference is in how these SRAs are obtained. Whereas the standard algorithm essentially performs a brute force search through the entire optimisation space to find all valid solutions, the optimisation will perform a more randomised search, guided by heuristics, in an attempt to obtain a reasonable set of solutions without having to search through every possible valid solution. The same genetic algorithm technology described in Section 4 is also applied in this case. The principle is that the optimisation follows a process similar to evolution: candidates evaluated to have good fitness (in this case, they meet the DSRs and are not too expensive) will be retained and will pass on its ‘genes’ to the next generation, whereas candidates with poor fitness (e.g. they do not meet the safety requirements, or are very expensive) will be rejected and will die out. There are two main elements to consider when devising a genetic optimisation algorithm in this way: the encoding format and the evaluation heuristics.

The ASIL Optimisation Process. The inputs to the optimisation are the same as to the standard ASIL allocation/decomposition algorithm: namely, the set of constrained output failures (COFs) and the safety requirements derived (DSRs) from them that apply to the causes of those output failures: •  Set of safety constraints, each of which should have an ASIL and a fault tree generated for its constrained output failure. •  Set of minimal cut sets (from the fault trees modelling the logical failure behaviour of the system) that cause the constrained output failures. Similarly, the output is also the same – a set of safety requirement assignments (SRAs): •  Set of possible ASIL assignments for all basic events in the form of Safety Requirement Assignments. The difference is in how these SRAs are obtained. Whereas the standard algorithm essentially performs a brute force search through the entire optimisation space to find all valid solutions, the optimisation will perform a more randomised search, guided by heuristics, in an attempt to obtain a reasonable set of solutions without having to search through every possible valid solution. The same genetic algorithm technology described in Section 4 is also applied in this case. The principle is that the optimisation follows a process similar to evolution: candidates evaluated to have good fitness (in this case, they meet the DSRs and are not too expensive) will be retained and will pass on its ‘genes’ to the next generation, whereas candidates with poor fitness (e.g. they do not meet the safety requirements, or are very expensive) will be rejected and will die out. There are two main elements to consider when devising a genetic optimisation algorithm in this way: the encoding format and the evaluation heuristics.