A Taxonomy to Unify Fault Tolerance Regimes for Automotive Systems: Defining Fail-Operational, Fail-Degraded, and Fail-Safe

TL;DR

This paper introduces a clear taxonomy for fault tolerance regimes in automotive systems, clarifying definitions and distinctions among fail-operational, fail-degraded, and fail-safe regimes to improve safety standards and communication.

Contribution

It provides a unified, well-defined taxonomy based on ISO 26262 and systems engineering criteria, addressing ambiguities in existing automotive fault tolerance terminology.

Findings

Taxonomy clarifies fault tolerance regimes in automotive systems.

Applicable to hierarchical systems of varying complexity.

Supports improved safety standards and communication.

Abstract

This paper presents a taxonomy that allows defining the fault tolerance regimes fail-operational, fail-degraded, and fail-safe in the context of automotive systems. Fault tolerance regimes such as these are widely used in recent publications related to automated driving, yet without definitions. This largely holds true for automotive safety standards, too. We show that fault tolerance regimes defined in scientific publications related to the automotive domain are partially ambiguous as well as taxonomically unrelated. The presented taxonomy is based on terminology stemming from ISO 26262 as well as from systems engineering. It uses four criteria to distinguish fault tolerance regimes. In addition to fail-operational, fail-degraded, and fail-safe, the core terminology consists of operational and fail-unsafe. These terms are supported by definitions of available performance, nominal performance, functionality, and a concise definition of the safe state. For verification, we show by means of two examples from the automotive domain that the taxonomy can be applied to hierarchical systems of different complexity.