SW partitioning is seems to be a very useful approach to decompose ASIL in SW. I understand that if it is implemented, some SW parts can be excluded in the FuSa scope. But I have a different point of view. My question is that is it really give us benefit to reduce our resources?
Regarding to applying SW partitioning, its motivation is to reduce resource. It was my involved project’s interest. If some SW components are excluded as QM, then we have reduced scope for FuSa, and it is benefit to us. When I heard its trials, it sounds good, but I realized that its result would not be good. I’ll tell you what should be considered additionally.
Let’s assume that we should apply a watchdog. It requires many technical consideration and it does not mean just add watchdog in a circuit. Even if watchdog is added, main purposes cannot be achieved if it is not implemented smartly. (reference; proper watchdog timer use in Korean)
Similarly if we implement SW partitioning, design should be verified. At least, task scheduling plan should be specified in a SW design, its design should be reviewed, and its effectiveness should be tested during or after SW integration.
if critical faults occur in a QM side, it shall be ensured that OS catches such exceptions and manages as we intended. it is one side of SW partitioning.
The other consideration is a space partition. A SW component in one partition can try to access memory region or resources that are allocated to other partition. In this case, it shall be ensured that such trials are not succeed. And such trials are invalid, exceptions or any error events should be triggered. Then exception handling should be considered. How will you do if such exceptions are occured? SW reset? Are you sure?
For now, I don’t think that SW partitioning will save our resource. It is a safety design concept, not a method to save our resources. But I may change my mind if I will experience more, but this idea is my latest idea for SW partitioning.