<!--
Copyright (c) 2025 Milin Patel
Hochschule Kempten - University of Applied Sciences

Autonomous Driving: AI Safety and Security Workshop
This project is licensed under the MIT License.
See LICENSE file in the root directory for full license text.
-->

*Copyright © 2025 Milin Patel. All Rights Reserved.*

# ISO 26262: Functional Safety for Road Vehicles

[![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com/github/milinpatel07/Autonomous-Driving_AI-Safety-and-Security/blob/master/03_Functional_Safety/notebooks/01_iso_26262_fundamentals.ipynb)


## Learning Objectives
- Understand ISO 26262 structure and key concepts
- Learn the V-Model development process
- Master ASIL classification methodology
- Perform Hazard Analysis and Risk Assessment (HARA)
- Apply functional safety concepts to autonomous driving perception systems

---

In [None]:
# Setup: Install and import required libraries
import sys

# Install packages if in Colab
if 'google.colab' in sys.modules:
    !pip install -q matplotlib pandas numpy seaborn

import numpy as np
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns
from typing import List, Tuple, Dict
import warnings
warnings.filterwarnings('ignore')

# Set style
plt.style.use('seaborn-v0_8-darkgrid')
sns.set_palette("husl")

print("✓ Setup complete!")

## 1. ISO 26262 Overview

ISO 26262 is the international standard for functional safety of electrical and electronic (E/E) systems in road vehicles.

### Standard Structure (12 Parts)

1. **Part 1**: Vocabulary
2. **Part 2**: Management of functional safety
3. **Part 3**: Concept phase
4. **Part 4**: Product development at the system level
5. **Part 5**: Product development at the hardware level
6. **Part 6**: Product development at the software level
7. **Part 7**: Production, operation, service, and decommissioning
8. **Part 8**: Supporting processes
9. **Part 9**: Automotive Safety Integrity Level (ASIL)-oriented and safety-oriented analyses
10. **Part 10**: Guideline on ISO 26262
11. **Part 11**: Guidelines on application of ISO 26262 to semiconductors
12. **Part 12**: Adaptation of ISO 26262 for motorcycles

### Key Principles
- **Risk-based approach**: Safety measures based on risk analysis
- **Lifecycle coverage**: From concept to decommissioning
- **ASIL grading**: Four levels of safety requirements (A, B, C, D)
- **Systematic capability**: Process quality and organizational competence

## 2. V-Model Development Process

The V-Model is the cornerstone of ISO 26262 development process, linking design phases (left) with testing/verification phases (right).

In [None]:
def visualize_v_model():
    """
    Visualize the V-Model development process for ISO 26262
    """
    fig, ax = plt.subplots(figsize=(14, 8))
    
    # Left side (Design)
    left_x = [1, 2, 3, 4, 5]
    left_y = [5, 4, 3, 2, 1]
    left_labels = [
        'Item Definition\n& HARA',
        'Functional Safety\nConcept',
        'Technical Safety\nConcept',
        'System Design\n(HW/SW)',
        'Implementation'
    ]
    
    # Right side (Verification)
    right_x = [6, 7, 8, 9, 10]
    right_y = [1, 2, 3, 4, 5]
    right_labels = [
        'Unit Testing\n& Review',
        'Integration\nTesting',
        'System\nTesting',
        'Vehicle\nIntegration',
        'Validation\n& Release'
    ]
    
    # Plot V shape
    ax.plot(left_x, left_y, 'o-', linewidth=3, markersize=12, color='#2E86AB', label='Design Phase')
    ax.plot(right_x, right_y, 'o-', linewidth=3, markersize=12, color='#A23B72', label='Verification Phase')
    
    # Add connecting lines (traceability)
    for i in range(5):
        ax.plot([left_x[i], right_x[4-i]], [left_y[i], right_y[4-i]], 
                '--', linewidth=1.5, color='gray', alpha=0.5)
    
    # Add labels
    for i, (x, y, label) in enumerate(zip(left_x, left_y, left_labels)):
        ax.text(x, y + 0.3, label, ha='center', va='bottom', fontsize=10, 
                fontweight='bold', bbox=dict(boxstyle='round', facecolor='lightblue', alpha=0.7))
    
    for i, (x, y, label) in enumerate(zip(right_x, right_y, right_labels)):
        ax.text(x, y + 0.3, label, ha='center', va='bottom', fontsize=10,
                fontweight='bold', bbox=dict(boxstyle='round', facecolor='lightcoral', alpha=0.7))
    
    # Add ASIL determination arrow
    ax.annotate('ASIL Determination', xy=(5.5, 0.5), fontsize=12, ha='center',
                bbox=dict(boxstyle='round', facecolor='yellow', alpha=0.7))
    
    ax.set_xlim(0, 11)
    ax.set_ylim(0, 6)
    ax.axis('off')
    ax.set_title('ISO 26262 V-Model Development Process', fontsize=16, fontweight='bold', pad=20)
    ax.legend(loc='upper left', fontsize=11)
    
    plt.tight_layout()
    plt.show()

visualize_v_model()

## 3. ASIL Classification

**Automotive Safety Integrity Level (ASIL)** represents the level of risk reduction required.

### ASIL Levels
- **QM (Quality Management)**: No safety requirements beyond quality management
- **ASIL A**: Lowest safety requirements
- **ASIL B**: Medium-low safety requirements
- **ASIL C**: Medium-high safety requirements
- **ASIL D**: Highest safety requirements

### ASIL Determination Factors

1. **Severity (S)**: Extent of harm
 - S0: No injuries
 - S1: Light/moderate injuries
 - S2: Severe/life-threatening injuries (survival probable)
 - S3: Life-threatening/fatal injuries (survival uncertain)

2. **Exposure (E)**: Probability of operational situation
 - E0: Incredibly unlikely
 - E1: Very low probability
 - E2: Low probability
 - E3: Medium probability
 - E4: High probability

3. **Controllability (C)**: Ability to avoid harm through driver intervention
 - C0: Controllable in general
 - C1: Simply controllable
 - C2: Normally controllable
 - C3: Difficult to control or uncontrollable

In [None]:
# ASIL Determination Matrix
def create_asil_matrix():
    """
    Create ASIL determination matrix based on S, E, C parameters
    """
    # Simplified ASIL matrix for S1, S2, S3
    asil_data = {
        'S1': {
            'E1': {'C1': 'QM', 'C2': 'QM', 'C3': 'A'},
            'E2': {'C1': 'QM', 'C2': 'A', 'C3': 'B'},
            'E3': {'C1': 'QM', 'C2': 'A', 'C3': 'B'},
            'E4': {'C1': 'A', 'C2': 'B', 'C3': 'C'}
        },
        'S2': {
            'E1': {'C1': 'QM', 'C2': 'A', 'C3': 'B'},
            'E2': {'C1': 'A', 'C2': 'B', 'C3': 'C'},
            'E3': {'C1': 'A', 'C2': 'B', 'C3': 'C'},
            'E4': {'C1': 'B', 'C2': 'C', 'C3': 'D'}
        },
        'S3': {
            'E1': {'C1': 'A', 'C2': 'B', 'C3': 'C'},
            'E2': {'C1': 'B', 'C2': 'C', 'C3': 'D'},
            'E3': {'C1': 'B', 'C2': 'C', 'C3': 'D'},
            'E4': {'C1': 'C', 'C2': 'D', 'C3': 'D'}
        }
    }
    
    return asil_data

def determine_asil(severity: str, exposure: str, controllability: str) -> str:
    """
    Determine ASIL level based on S, E, C parameters
    """
    asil_matrix = create_asil_matrix()
    
    if severity == 'S0':
        return 'QM'
    
    if exposure == 'E0':
        return 'QM'
    
    if controllability == 'C0':
        return 'QM'
    
    try:
        return asil_matrix[severity][exposure][controllability]
    except KeyError:
        return 'QM'

# Visualize ASIL matrix for S3 (most severe)
def visualize_asil_matrix():
    fig, axes = plt.subplots(1, 3, figsize=(16, 5))
    
    severities = ['S1', 'S2', 'S3']
    severity_labels = [
        'S1: Light/Moderate Injuries',
        'S2: Severe Injuries',
        'S3: Life-Threatening/Fatal'
    ]
    
    asil_matrix = create_asil_matrix()
    exposures = ['E1', 'E2', 'E3', 'E4']
    controllabilities = ['C1', 'C2', 'C3']
    
    asil_colors = {
        'QM': 0,
        'A': 1,
        'B': 2,
        'C': 3,
        'D': 4
    }
    
    for idx, (sev, label) in enumerate(zip(severities, severity_labels)):
        matrix = np.zeros((len(exposures), len(controllabilities)))
        labels = []
        
        for i, exp in enumerate(exposures):
            row_labels = []
            for j, ctrl in enumerate(controllabilities):
                asil = asil_matrix[sev][exp][ctrl]
                matrix[i, j] = asil_colors[asil]
                row_labels.append(asil)
            labels.append(row_labels)
        
        im = axes[idx].imshow(matrix, cmap='RdYlGn_r', aspect='auto', vmin=0, vmax=4)
        
        # Add text annotations
        for i in range(len(exposures)):
            for j in range(len(controllabilities)):
                text = axes[idx].text(j, i, labels[i][j],
                                    ha="center", va="center", color="black",
                                    fontsize=14, fontweight='bold')
        
        axes[idx].set_xticks(np.arange(len(controllabilities)))
        axes[idx].set_yticks(np.arange(len(exposures)))
        axes[idx].set_xticklabels(['C1\nSimply\nControl', 'C2\nNormally\nControl', 'C3\nDifficult/\nUncontrol'])
        axes[idx].set_yticklabels(['E1\nVery Low', 'E2\nLow', 'E3\nMedium', 'E4\nHigh'])
        axes[idx].set_xlabel('Controllability', fontsize=11, fontweight='bold')
        axes[idx].set_ylabel('Exposure', fontsize=11, fontweight='bold')
        axes[idx].set_title(label, fontsize=12, fontweight='bold')
    
    plt.suptitle('ASIL Determination Matrix (ISO 26262)', fontsize=14, fontweight='bold', y=1.02)
    plt.tight_layout()
    plt.show()

visualize_asil_matrix()

# Example ASIL determination
print("\n" + "="*60)
print("ASIL Determination Examples")
print("="*60)

examples = [
    ('S3', 'E4', 'C3', 'Pedestrian detection failure at high speed'),
    ('S2', 'E3', 'C2', 'Lane keeping assist malfunction'),
    ('S1', 'E2', 'C1', 'Parking sensor false positive'),
    ('S3', 'E4', 'C2', 'AEB system failure in urban traffic')
]

for s, e, c, scenario in examples:
    asil = determine_asil(s, e, c)
    print(f"\nScenario: {scenario}")
    print(f"  Severity={s}, Exposure={e}, Controllability={c}")
    print(f"  → ASIL: {asil}")

## 4. Hazard Analysis and Risk Assessment (HARA)

HARA is the systematic process to identify and categorize hazardous events and specify safety goals.

### HARA Process Steps

1. **Item Definition**: Define the system/function under analysis
2. **Situation Analysis**: Identify operational situations and operating modes
3. **Hazard Identification**: Identify potential malfunctions and hazards
4. **Hazard Classification**: Determine S, E, C for each hazard
5. **ASIL Determination**: Calculate ASIL based on S, E, C
6. **Safety Goal Definition**: Define high-level safety requirements

In [None]:
# Example: HARA for Pedestrian Detection System

class HARAAnalysis:
    """
    Hazard Analysis and Risk Assessment for autonomous driving systems
    """
    
    def __init__(self, item_name: str):
        self.item_name = item_name
        self.hazards = []
    
    def add_hazard(self, hazard_id: str, description: str, 
                   operational_situation: str, malfunction: str,
                   severity: str, exposure: str, controllability: str):
        """
        Add a hazard to the HARA analysis
        """
        asil = determine_asil(severity, exposure, controllability)
        
        hazard = {
            'id': hazard_id,
            'description': description,
            'operational_situation': operational_situation,
            'malfunction': malfunction,
            'severity': severity,
            'exposure': exposure,
            'controllability': controllability,
            'asil': asil
        }
        
        self.hazards.append(hazard)
    
    def generate_safety_goals(self):
        """
        Generate safety goals from identified hazards
        """
        safety_goals = []
        
        for hazard in self.hazards:
            if hazard['asil'] != 'QM':
                goal = {
                    'hazard_id': hazard['id'],
                    'safety_goal': f"Prevent {hazard['description']}",
                    'asil': hazard['asil'],
                    'safe_state': 'System degrades gracefully with warning'
                }
                safety_goals.append(goal)
        
        return safety_goals
    
    def to_dataframe(self):
        """
        Convert HARA to pandas DataFrame
        """
        return pd.DataFrame(self.hazards)

# Example: Pedestrian Detection System HARA
hara = HARAAnalysis("Pedestrian Detection and AEB System")

# Add hazards
hara.add_hazard(
    hazard_id='H-001',
    description='False negative: Pedestrian not detected',
    operational_situation='Urban driving, 50 km/h, crosswalk',
    malfunction='Camera occlusion or algorithm failure',
    severity='S3',
    exposure='E4',
    controllability='C3'
)

hara.add_hazard(
    hazard_id='H-002',
    description='Late detection of pedestrian',
    operational_situation='Highway exit, 80 km/h',
    malfunction='Processing delay or sensor degradation',
    severity='S3',
    exposure='E3',
    controllability='C3'
)

hara.add_hazard(
    hazard_id='H-003',
    description='False positive: Phantom braking',
    operational_situation='Highway, 120 km/h, following traffic',
    malfunction='False detection (shadow, plastic bag)',
    severity='S2',
    exposure='E3',
    controllability='C2'
)

hara.add_hazard(
    hazard_id='H-004',
    description='Misclassification: Pedestrian as static object',
    operational_situation='Urban, 40 km/h, pedestrian stepping out',
    malfunction='Classification error in ML model',
    severity='S3',
    exposure='E4',
    controllability='C3'
)

hara.add_hazard(
    hazard_id='H-005',
    description='Degraded performance in adverse weather',
    operational_situation='Rain/fog, 60 km/h, school zone',
    malfunction='Sensor performance limitation',
    severity='S3',
    exposure='E3',
    controllability='C2'
)

# Display HARA table
df_hara = hara.to_dataframe()
print("\n" + "="*80)
print("HARA: Pedestrian Detection and AEB System")
print("="*80)
display(df_hara[['id', 'description', 'severity', 'exposure', 'controllability', 'asil']])

# Generate safety goals
safety_goals = hara.generate_safety_goals()
df_goals = pd.DataFrame(safety_goals)

print("\n" + "="*80)
print("Safety Goals Derived from HARA")
print("="*80)
display(df_goals)

## 5. Functional Safety Requirements

From safety goals, we derive **Functional Safety Requirements (FSR)** at different levels:

### Safety Goal Example
**SG-001**: Prevent collision with pedestrians due to non-detection [ASIL D]

### Functional Safety Concept (Top-level)
- **FSR-001.1**: System shall detect pedestrians in the vehicle path within 50m [ASIL D]
- **FSR-001.2**: System shall classify detected objects as pedestrian/non-pedestrian with >99.9% accuracy [ASIL D]
- **FSR-001.3**: System shall activate emergency braking within 200ms of detection [ASIL D]
- **FSR-001.4**: System shall monitor sensor health and report degradation [ASIL D]

### Technical Safety Concept (Detailed)
- **TSR-001.1.1**: Camera subsystem shall provide 1920x1080 resolution at 30 fps [ASIL D]
- **TSR-001.1.2**: LIDAR subsystem shall provide point cloud with 0.1m resolution [ASIL D]
- **TSR-001.1.3**: Sensor fusion algorithm shall combine camera + LIDAR data [ASIL D]
- **TSR-001.2.1**: CNN model shall achieve >99.9% true positive rate on validation set [ASIL D]
- **TSR-001.2.2**: System shall implement redundant detection path (camera + radar) [ASIL D]

In [None]:
# Visualize safety requirements hierarchy
def visualize_safety_requirements():
    fig, ax = plt.subplots(figsize=(14, 8))
    
    # Define hierarchy levels
    levels = [
        {'name': 'Hazard', 'y': 5, 'color': '#FF6B6B', 'text': 'H-001: Pedestrian not detected'},
        {'name': 'Safety Goal', 'y': 4, 'color': '#FFA500', 'text': 'SG-001: Prevent collision [ASIL D]'},
        {'name': 'Functional Safety\nRequirements', 'y': 3, 'color': '#4ECDC4', 
         'items': ['FSR-001.1:\nDetect pedestrians', 'FSR-001.2:\nClassify objects', 'FSR-001.3:\nActivate braking']},
        {'name': 'Technical Safety\nRequirements', 'y': 2, 'color': '#95E1D3',
         'items': ['TSR-001.1.1:\nCamera specs', 'TSR-001.2.1:\nCNN accuracy', 'TSR-001.3.1:\nBraking latency']},
        {'name': 'Implementation &\nVerification', 'y': 1, 'color': '#C7CEEA',
         'items': ['HW/SW\nDesign', 'Unit/Integration\nTesting', 'System\nValidation']}
    ]
    
    # Draw top levels
    for i, level in enumerate(levels[:2]):
        rect = plt.Rectangle((2, level['y']-0.3), 10, 0.6, 
                            facecolor=level['color'], edgecolor='black', linewidth=2)
        ax.add_patch(rect)
        ax.text(7, level['y'], level['text'], ha='center', va='center', 
               fontsize=11, fontweight='bold')
        
        if i < len(levels) - 1:
            ax.arrow(7, level['y']-0.35, 0, -0.25, head_width=0.3, head_length=0.1, 
                    fc='black', ec='black')
    
    # Draw decomposed levels
    for level in levels[2:]:
        items = level['items']
        x_positions = np.linspace(3, 11, len(items))
        
        for x, item in zip(x_positions, items):
            rect = plt.Rectangle((x-1, level['y']-0.3), 2, 0.6,
                                facecolor=level['color'], edgecolor='black', linewidth=2)
            ax.add_patch(rect)
            ax.text(x, level['y'], item, ha='center', va='center',
                   fontsize=9, fontweight='bold')
            
            # Draw arrow from previous level
            if level['y'] < 3:
                ax.arrow(7, levels[2]['y']-0.35, x-7, level['y']-levels[2]['y']+0.65,
                        head_width=0.15, head_length=0.1, fc='gray', ec='gray', alpha=0.5)
    
    ax.set_xlim(0, 14)
    ax.set_ylim(0, 6)
    ax.axis('off')
    ax.set_title('ISO 26262: From Hazard to Implementation', fontsize=16, fontweight='bold', pad=20)
    
    plt.tight_layout()
    plt.show()

visualize_safety_requirements()

## 6. Verification and Validation Strategies

### Verification ("Are we building the product right?")
- Review of requirements and design
- Static code analysis
- Unit testing, integration testing
- Fault injection testing
- Hardware-software integration testing

### Validation ("Are we building the right product?")
- System-level testing
- Field testing
- Scenario-based testing
- Performance testing in operational environment

### ASIL-Dependent Testing Requirements

| Test Type | ASIL A | ASIL B | ASIL C | ASIL D |
|-----------|--------|--------|--------|--------|
| Requirements-based test | + | + | ++ | ++ |
| Fault injection test | + | ++ | ++ | ++ |
| Back-to-back comparison | o | + | + | ++ |
| Resource usage testing | + | + | ++ | ++ |
| Interface testing | ++ | ++ | ++ | ++ |

+ = Recommended, ++ = Highly Recommended, o = Optional

In [None]:
# Verification and validation coverage analysis
def analyze_vv_coverage():
    """
    Analyze verification and validation coverage for different ASIL levels
    """
    vv_requirements = {
        'ASIL A': {'Requirements-based': 90, 'Fault Injection': 70, 'Back-to-back': 50, 'Resource': 80, 'Interface': 95},
        'ASIL B': {'Requirements-based': 95, 'Fault Injection': 85, 'Back-to-back': 75, 'Resource': 90, 'Interface': 98},
        'ASIL C': {'Requirements-based': 98, 'Fault Injection': 90, 'Back-to-back': 85, 'Resource': 95, 'Interface': 99},
        'ASIL D': {'Requirements-based': 99.9, 'Fault Injection': 95, 'Back-to-back': 95, 'Resource': 98, 'Interface': 99.9}
    }
    
    df_vv = pd.DataFrame(vv_requirements).T
    
    fig, (ax1, ax2) = plt.subplots(1, 2, figsize=(16, 6))
    
    # Stacked bar chart
    df_vv.plot(kind='bar', ax=ax1, width=0.8)
    ax1.set_title('V&V Coverage Requirements by ASIL Level', fontsize=14, fontweight='bold')
    ax1.set_xlabel('ASIL Level', fontsize=12, fontweight='bold')
    ax1.set_ylabel('Required Coverage (%)', fontsize=12, fontweight='bold')
    ax1.set_ylim(0, 105)
    ax1.legend(title='Test Type', bbox_to_anchor=(1.05, 1), loc='upper left')
    ax1.grid(axis='y', alpha=0.3)
    ax1.set_xticklabels(ax1.get_xticklabels(), rotation=0)
    
    # Heatmap
    sns.heatmap(df_vv.T, annot=True, fmt='.1f', cmap='RdYlGn', vmin=50, vmax=100,
                cbar_kws={'label': 'Coverage (%)'}, ax=ax2, linewidths=0.5)
    ax2.set_title('V&V Coverage Heatmap', fontsize=14, fontweight='bold')
    ax2.set_xlabel('ASIL Level', fontsize=12, fontweight='bold')
    ax2.set_ylabel('Test Type', fontsize=12, fontweight='bold')
    
    plt.tight_layout()
    plt.show()
    
    return df_vv

df_coverage = analyze_vv_coverage()
print("\nV&V Coverage Requirements (%)")
print("="*60)
display(df_coverage)

## 7. Hardware-Software Interface for AI Systems

### Special Considerations for AI/ML in ISO 26262

1. **Data Quality and Representativeness**
 - Training data must cover operational design domain (ODD)
 - Data labeling accuracy requirements
 - Dataset versioning and traceability

2. **Model Validation and Verification**
 - White-box vs. black-box testing challenges
 - Corner case identification
 - Robustness testing (adversarial examples)

3. **Runtime Monitoring**
 - Confidence scoring
 - Out-of-distribution detection
 - Sensor fusion for redundancy

4. **Fail-Operational and Fail-Safe Strategies**
 - Graceful degradation
 - Human takeover mechanisms
 - Minimal risk maneuvers

5. **Update and Retraining Management**
 - OTA update safety
 - Regression testing requirements
 - Model versioning

In [None]:
# Example: AI/ML safety monitoring dashboard
def simulate_ml_safety_monitoring():
    """
    Simulate real-time safety monitoring for ML perception system
    """
    np.random.seed(42)
    
    # Simulate time series data
    time_steps = 100
    time = np.arange(time_steps)
    
    # Detection confidence
    confidence = 0.95 + 0.05 * np.random.randn(time_steps)
    confidence = np.clip(confidence, 0.7, 1.0)
    
    # Simulate degradation event at t=60
    confidence[60:70] = 0.75 + 0.05 * np.random.randn(10)
    
    # Processing latency (ms)
    latency = 50 + 10 * np.random.randn(time_steps)
    latency = np.clip(latency, 30, 100)
    latency[60:70] = 80 + 15 * np.random.randn(10)
    
    # Sensor health
    sensor_health = np.ones(time_steps)
    sensor_health[60:70] = 0.8
    
    # Plot monitoring dashboard
    fig, axes = plt.subplots(3, 1, figsize=(14, 10))
    
    # Confidence monitoring
    axes[0].plot(time, confidence, linewidth=2, label='Detection Confidence')
    axes[0].axhline(y=0.95, color='g', linestyle='--', label='Nominal Threshold')
    axes[0].axhline(y=0.85, color='orange', linestyle='--', label='Warning Threshold')
    axes[0].axhline(y=0.75, color='r', linestyle='--', label='Critical Threshold')
    axes[0].fill_between(time, 0.95, 1.0, alpha=0.2, color='green')
    axes[0].fill_between(time, 0.85, 0.95, alpha=0.2, color='yellow')
    axes[0].fill_between(time, 0.75, 0.85, alpha=0.2, color='orange')
    axes[0].fill_between(time, 0, 0.75, alpha=0.2, color='red')
    axes[0].set_ylabel('Confidence Score', fontsize=11, fontweight='bold')
    axes[0].set_title('ML Model Safety Monitoring Dashboard [ASIL D]', fontsize=14, fontweight='bold')
    axes[0].legend(loc='lower left')
    axes[0].grid(alpha=0.3)
    axes[0].set_ylim(0.7, 1.0)
    
    # Latency monitoring
    axes[1].plot(time, latency, linewidth=2, color='purple', label='Processing Latency')
    axes[1].axhline(y=70, color='orange', linestyle='--', label='Warning Threshold (70ms)')
    axes[1].axhline(y=90, color='r', linestyle='--', label='Critical Threshold (90ms)')
    axes[1].fill_between(time, 0, 70, alpha=0.2, color='green')
    axes[1].fill_between(time, 70, 90, alpha=0.2, color='yellow')
    axes[1].fill_between(time, 90, 120, alpha=0.2, color='red')
    axes[1].set_ylabel('Latency (ms)', fontsize=11, fontweight='bold')
    axes[1].legend(loc='upper left')
    axes[1].grid(alpha=0.3)
    axes[1].set_ylim(0, 120)
    
    # Sensor health
    axes[2].plot(time, sensor_health, linewidth=2, color='teal', label='Sensor Health Index')
    axes[2].axhline(y=0.9, color='orange', linestyle='--', label='Degradation Threshold')
    axes[2].fill_between(time, 0.9, 1.0, alpha=0.2, color='green')
    axes[2].fill_between(time, 0, 0.9, alpha=0.2, color='red')
    axes[2].set_xlabel('Time (steps)', fontsize=11, fontweight='bold')
    axes[2].set_ylabel('Health Index', fontsize=11, fontweight='bold')
    axes[2].legend(loc='lower left')
    axes[2].grid(alpha=0.3)
    axes[2].set_ylim(0.7, 1.05)
    
    # Highlight degradation event
    for ax in axes:
        ax.axvspan(60, 70, alpha=0.3, color='red', label='Degradation Event')
    
    plt.tight_layout()
    plt.show()
    
    # Analysis
    print("\n" + "="*60)
    print("Safety Monitoring Analysis")
    print("="*60)
    print(f"Average Confidence: {np.mean(confidence):.3f}")
    print(f"Minimum Confidence: {np.min(confidence):.3f} (occurred at t={np.argmin(confidence)})")
    print(f"Average Latency: {np.mean(latency):.1f} ms")
    print(f"Maximum Latency: {np.max(latency):.1f} ms (occurred at t={np.argmax(latency)})")
    print(f"\nDegradation Event (t=60-70):")
    print(f"  - Confidence dropped to {np.mean(confidence[60:70]):.3f}")
    print(f"  - Latency increased to {np.mean(latency[60:70]):.1f} ms")
    print(f"  - Sensor health degraded to {np.mean(sensor_health[60:70]):.2f}")
    print(f"\n⚠️  SAFETY ACTION: Activate redundant sensor path and warn driver")

simulate_ml_safety_monitoring()

## 8. Interactive HARA Worksheet

Use this interactive tool to perform your own HARA analysis.

In [None]:
# Interactive HARA worksheet
def interactive_hara():
    """
    Interactive HARA analysis tool
    """
    print("="*70)
    print("Interactive HARA Worksheet - ISO 26262")
    print("="*70)
    print("\nEnter your hazard analysis parameters:\n")
    
    # Example scenarios to choose from
    scenarios = {
        '1': {
            'name': 'Lane Keeping Assist failure',
            'severity': 'S2',
            'exposure': 'E4',
            'controllability': 'C2'
        },
        '2': {
            'name': 'Adaptive Cruise Control sudden deceleration',
            'severity': 'S2',
            'exposure': 'E3',
            'controllability': 'C2'
        },
        '3': {
            'name': 'Emergency Braking System non-activation',
            'severity': 'S3',
            'exposure': 'E4',
            'controllability': 'C3'
        },
        '4': {
            'name': 'Blind Spot Detection false negative',
            'severity': 'S2',
            'exposure': 'E3',
            'controllability': 'C2'
        }
    }
    
    print("Select a scenario:")
    for key, scenario in scenarios.items():
        print(f"  {key}. {scenario['name']}")
    print("  5. Custom scenario\n")
    
    # For demonstration, we'll analyze all scenarios
    results = []
    
    for key, scenario in scenarios.items():
        asil = determine_asil(scenario['severity'], scenario['exposure'], scenario['controllability'])
        results.append({
            'Scenario': scenario['name'],
            'Severity': scenario['severity'],
            'Exposure': scenario['exposure'],
            'Controllability': scenario['controllability'],
            'ASIL': asil
        })
    
    df_results = pd.DataFrame(results)
    
    print("\n" + "="*70)
    print("HARA Analysis Results")
    print("="*70)
    display(df_results)
    
    # Visualize results
    fig, ax = plt.subplots(figsize=(12, 6))
    
    asil_values = {'QM': 0, 'A': 1, 'B': 2, 'C': 3, 'D': 4}
    colors_map = {'QM': 'green', 'A': 'yellow', 'B': 'orange', 'C': 'darkorange', 'D': 'red'}
    
    x = np.arange(len(df_results))
    bars = ax.bar(x, [asil_values[asil] for asil in df_results['ASIL']], 
                  color=[colors_map[asil] for asil in df_results['ASIL']],
                  edgecolor='black', linewidth=2)
    
    # Add ASIL labels on bars
    for i, (bar, asil) in enumerate(zip(bars, df_results['ASIL'])):
        height = bar.get_height()
        ax.text(bar.get_x() + bar.get_width()/2., height,
                f'ASIL {asil}', ha='center', va='bottom', 
                fontsize=12, fontweight='bold')
    
    ax.set_xticks(x)
    ax.set_xticklabels([f"Scenario {i+1}" for i in range(len(df_results))], rotation=0)
    ax.set_ylabel('ASIL Level', fontsize=12, fontweight='bold')
    ax.set_yticks([0, 1, 2, 3, 4])
    ax.set_yticklabels(['QM', 'A', 'B', 'C', 'D'])
    ax.set_title('HARA Results: ASIL Classification by Scenario', fontsize=14, fontweight='bold')
    ax.grid(axis='y', alpha=0.3)
    
    plt.tight_layout()
    plt.show()

interactive_hara()

## 9. Summary and Key Takeaways

### ISO 26262 in a Nutshell

✓ **Risk-based approach**: ASIL drives requirements stringency 
✓ **Systematic process**: V-Model ensures traceability from hazard to verification 
✓ **HARA is foundational**: Proper hazard analysis determines all downstream activities 
✓ **Safety lifecycle**: Covers entire product lifecycle, not just development 
✓ **AI/ML challenges**: Requires adaptation for non-deterministic systems 

### Critical Success Factors

1. **Early hazard identification**: Start HARA in concept phase
2. **Clear traceability**: Link every requirement to hazards and safety goals
3. **Independent verification**: ASIL D requires independent safety assessment
4. **Documentation**: Comprehensive safety case and evidence
5. **Organizational competence**: Trained personnel and mature processes

### Next Steps

- **Notebook 12**: ISO 21448 (SOTIF) - Handling performance limitations
- **Notebook 13**: ISO/IEC 8800 - AI-specific safety considerations
- **Notebook 14**: ISO/SAE 21434 - Cybersecurity integration
- **Exercise 5**: Perform complete HARA for your perception system

---

## References

- ISO 26262:2018 - Road vehicles — Functional safety
- ISO/PAS 21448:2019 - Road vehicles — Safety of the intended functionality
- SAE J3016 - Taxonomy and Definitions for Terms Related to Driving Automation Systems
- "Automotive Functional Safety: ISO 26262" by Krzysztof Czarnecki et al.
- "Safety Assurance for Autonomous Vehicles" - IEC/IEEE standards

---

**End of Notebook 11**

For questions or feedback, refer to the workshop repository.