How to leverage automotive software development standards to mitigate risk

This article discusses some of the issues contributing to automotive software complexity, as well as the risks associated with automotive software development. We’ll also discuss how implementing known development best practices, such as ISO 26262, helps organizations mitigate those risks.


By Arthur Hicken, Parasoft           Download PDF version of this article


When average non-engineer consumers think of electronic systems in automobiles, they likely think of integrated GPS, infotainment systems, and probably some vague notion that there is a computer somewhere in the car controlling some of the safety features. Of course, the reality is that modern cars are significantly more complex with software playing an increasingly larger role in all facets of functionality, including many safety-critical functions. In fact, cars have been leveraging electronic systems for critical functionality for decades, and market changes, such as the push toward an Internet of Things, have nudged automakers towards embedding a greater number of complex computer systems that run the gamut of criticality.

The business structures and supply chains associated with system development further adds to the complexity. It’s rare, if it happens at all, that a manufacturer engineers and builds every component and subsystem in their cars from the ground up, leading to potential integration issues. A transmission is taken from this model, a good braking system from that one. While they may have worked well in their previous environment, in a totally new complex system they may well have unintended and unexpected results. As a result, automotive software is often a complex hodgepodge of systems that may or may not have been sufficiently tested. Implementing components in an ad-hoc manner without proper testing, especially in safety-critical applications, can be extremely costly.

The upside, though, is that there are known practices for helping automakers mitigate the risk of failure by building software quality into their development processes. According to some estimates, a standard mid-range car can have well over a hundred electronic control units (ECU) processing millions of lines of code - and this number is increasing. It’s not uncommon for a manufacturer to have several models of cars with over one hundred million lines of code. There is a perception that the more expensive the car, the more software is embedded - and that most of the software is dedicated to high-end infotainment components. While it’s true that these systems become increasing complex as you move up the model line, even introductory lines of cars use software to control steering, brake systems, electrical power distribution, and so on. And even seemingly minor shifts in features, such as Bluetooth, climate control, cruise control, etc, lead to exponential growth of code.

We can assume that more code translates to more complexity - and therefore risk, but the impact may not necessarily be significant. A larger contributor to business risk associated with automotive software is the integration of code developed from a variety of sources across multiple tiers. Most components, including ECU-based components, are subcontracted to second-tier providers who subcontract to third-tier providers and so on. Each preceding tier has specific requirements associated with the component they’re developing. Organizations often (but not always) have practices in place for analyzing incoming code to ensure that the components function as expected.

But this assumes that every component along the supply chain is a  new development. In reality, downstream tiers are branching off code written for a specific make, model, and year. The mutation and reuse of code takes place throughout the supply chain, which leads to a testing problem. How does the manufacturer implement end-to-end testing in such a chaotic ecosystem of software development? When the ECU in the steering wheel was originally developed for one vehicle and the ECU in the dashboard was developed for another vehicle, and neither ECU was designed for the vehicle they are currently embedded in, what’s the impact? How can you ensure that the complete system functions as expected? It is entirely possible for both systems to pass testing as functional but be unable to communicate properly in all situations. What is the risk associated with this gap?

When organizations attempt to measure the cost of software development, they tend to look at general metrics: development time for the engineers; testing time for QA; building materials in the form of acquiring tool licenses, compilers, and other infrastructure components. These are important metrics, but often overlooked are the costs of failure. If the software in the braking system fails, what will it cost the business in terms of rework, recalls, audits, litigation, and loss of stock value? What if there is a loss of life? We argue that the cost of quality is the cost of developing and testing the software, including all the normal metrics we identified plus the very tangible costs associated with a failure in the field.

Figure 1. The amount of software defects has doubled in the last years, and NHTSA estimates that recalls and fixes cost automakers $3 billion per year.

 

Defects cost automakers a lot of money. The NHTSA estimates that recalls and fixes across the industry cost automakers $3 billion annually. When it comes to the cost of software-related issues, a 2005 estimate from IEEE put the cost to manufacturers at $350 per car. When you consider the low profit margins across a line of vehicles, it’s conceivable that a serious enough software defect can severely hurt the business. The bottom line is important, but even more important is that people can become seriously injured or even die as a result of a software defect. And it doesn’t matter how far down the supply chain the defect may originate, defects and all their associated consequences become the responsibility of the automaker. As such, any cost analysis around software development needs to take the potential costs of failure into consideration.

Figure 2. In modern cars, numerous complex computer systems are installed, with well over a hundred ECUs processing millions of lines of code.

 

We’ve argued that the complexity of the tiered supply chain for automotive software contributes to the overall risk associated with safety-critical systems. We’ve also reiterated the potential costs to automotive businesses. But there’s another dimension to this issue that reside in the cultural difference between engineering and software development. Software development is almost never engineering. That is, certain concepts from engineering principles, such as repeatability, well-exercised best practices, and reliance on building standards have yet to become firmly established in software development. Additionally, training for software developers can be inconsistent - even non-existent - and organizations would have to go through great lengths to verify that their developers possess adequate knowledge to build safety-critical software.

This is in contrast to engineering in which the attitudes, mindsets, and history of the discipline enforce a process that is less prone to defects when compared to software development. That is not to say that engineers know what they’re doing and software developers don’t. Rather, it’s to say that automotive engineering as a field is twice as mature as software development, and that the intangible, temporal nature of software perpetuates a cavalier attitude in which if it works, then it’s done.

The emphasis in software development is around faster delivery and functional requirements - how quickly can we have this functionality? There is little incentive from management to implement sound engineering practices into the software development lifecycle. Achieving functional safety in software requires operationalizing certain engineering principles: functional safety must be proactive, processes must be controlled, measured, and repeatable, defects should be prevented through the implementation of standards, testing must be effective, deterministic, and should be done for complex memory problems.

The good news is that the attitudes around software development have been evolving. ISO 26262, MISRA, and other standards seek to normalize software development for automotive applications by providing a foundation for implementing engineering concepts in software development processes. Some organizations view compliance with ISO 26262 and other standards as an overhead-boosting burden without any direct value, but the truth is that the cost of failure associated with software defects is much, much greater than the cost of ensuring quality. As in electrical standards that specify a specific gauge of wire to carry a known voltage, coding standards can provide the guidelines that help avoid disaster.


Related


Give Your Product a Voice with Alexa

Join us for a deep dive into the system architecture for voice-enabled products with Alexa Built-In. Device makers can use the Alexa Voice Service (AVS) to add conversational AI to a variety of produc...

The two big traps of code coverage

Code coverage is important, and improving coverage is a worthy goal. But simply chasing the percentage is not nearly so valuable as writing stable, maintainable, meaningful tests. By Arthur Hick...

Securing the smart and connected home

With the Internet of Things and Smart Home technologies, more and more devices are becoming connected and therefore can potentially become entry points for attackers to break into the system to steal,...

Accurate and fast power integrity measurements

Increasing demands on power distribution networks have resulted in smaller DC rails, as well as a proliferation of rails that ensure clean power reaches the pins of integrated circuits. Measuring r...

 

Perfect Motion Control For the Networked World

We live in a physical world where everything is connected. Trinamic transforms digital information into physical motion with accessible, flexible, and easy to use toolkits putting the world’s be...


New High-Performance Serial NAND: A Better High-Density Storage Option for Automotive Display

The automotive requirements: speed, reliability and compatibility. Winbond's high-performance serial NAND Flash technology offers both cost and performance advantages over the SPI NOR Flash typica...


President Tung-Yi talks about Winbond

Winbond is a leading specialty memory solution provider with a wide rage of product portfolio. Owned technology and innovation are our assets for our industry and our customers. Winbond we are high qu...


New Memory and Security Technologies for Designers of IoT Devices

Internet of Things (IoT) edge nodes are battery-powered, often portable, and are connected to an internet gateway or access point wirelessly. This means that the most important constraints on new I...


Winbond TrustMe Secure Flash - A Robust and Certifiable Secure Storage Solution

Winbond has introduced the TrustMe secure flash products to address the challenge of combining security with advanced process nodes and remove the barriers for adding secure non-volatile storage to pr...


Ultra-Low-Power DRAM: A “Green” Memory in IoT Devices

Winbond is offering a new way to extend the power savings available from Partial Array Self-Refresh (PASR), which was already specified in the JEDEC standard by implementing a new Deep Self-Refresh (D...


Polytronics Thermal Conductive Board (TCB) at Electronica 2018

This video introduce the basic product structure, advantage, and application of Polytronics thermal conductive board (TCB). Polytronics exhibit wide range of circuit protection products and thermal ma...


Arrow and Analog Devices strategic partnership and collaborative approach to provide solutions for our customers.

Mike Britchfield (VP for EMEA Sales) talks about why Analog Devices have a collaborative approach with Arrow Arrow’s design resources are key, from regional FAEs in the field to online des...


WE MAKE IT YOURS! Garz & Fricke to present the latest HMIs and SBCs at Electronica 2018

Sascha Ulrich, Head of Sales at Garz & Fricke, gives you a quick overview about the latest SBC, HMI and Panel-PC Highlights at electronica 2018. Learn more about the SANTOKA 15.6 Outdoor HMI, the ...


Macronix Innovations at electronica 2018

Macronix exhibited at electronica 2018 to showcase its latest innovations: 3D NAND, ArmorFlash secure memory, Ultra Low Vcc memory, and the NVM solutions with supreme quality mainly focusing on Automo...


ams CEO talks about their sensor solutions that define the mega trends of the future

In this video Alexander Everke, ams’ CEO, talks to Alix Paultre of EETimes about their optical, imaging and audio sensor solutions in fast-growing markets – from smartphones, mobile device...


Intel accelerated IoT Solutions by Arrow

Arrow is showing Intel’s Market Ready Solutions in a Retailer shop with complete eco environment. From sensors via gateways into the cloud, combined with data analytics, the full range of Intel ...


CSTAR - Manufacturers of cable assembly from Taiwan

CSTAR was founded in 2010 in Taipei, Taiwan. Through years of experience, we are experts in automotive products, LCD displays, LCD TVs, POS, computers, projectors, laptops, digital cameras, medical ca...


NXP Announces LPC5500 MCU Series

Check this video to discover the new NXP microcontroller LPC5500, the target application and focus area. Links to more information: LPC5500 Series: World’s First Arm® Cortex® -M...


Molex Meets Solutions at Electronica

These are exciting times in the electronics world as Molex migrates from a pure connectors company to an innovate solutions provider. Solutions often start at the component level, such as the connecto...


Alix Paultre investigates Bulgin's new optical fiber rugged connector range at Electronica 2018

Alix Paultre interviews Bulgin's Engineering Team Leader Christian Taylor to find out more about the company's new range of optical fiber connectors for harsh environments. As the smallest rug...


Cypress MCU and Connectivity are the best choice for real-world IoT solutions.

Cypress’ VP of Applications, Alan Hawse, explains why people should use Cypress for their IoT connectivity and MCU needs. Cypress wireless connectivity and MCU solutions work robustly and sea...


Chant Sincere unveils their latest High Speed/High Frequency connection solutions at Electronica 2018

Chant Sincere has been creating various of product families to provide comprehensive connection solutions to customers. USB Series Fakra Series QSFP Series Metric Connector Series Fibro ...


Addressing the energy challenge of IoT to unleash billions of devices

ON Semiconductor introduces various IoT use cases targeted towards smart homes/buildings, smart cities, industrial automation and medical applications on node-to-cloud platforms featuring ultra-low po...


ITECH, world leading manufacturer of power test instruments, shinned on electronica 2018

ITECH, as the leading power electronic instruments manufacturer, attended this show and brought abundant test solutions, such as automotive electronics, battery test, solar array simulator, and electr...


ITECH new series give users a fantastic user experience

ITECH latest series products have a first look at the electronics 2018, such as IT6000B regenerative power system, IT6000C bi-directional programmable DC power supply, IT6000D high power programmable ...


SOTB™ Process Technology - Energy Harvesting in Embedded Systems is Now a Reality

Exclusive SOTB technology from Renesas breaks the previous trade-off between achieving either low active current or low standby current consumption – previously you could only choose one. With S...


Power Integrations unveils their new motor control solution

In this video friend of the show Andy Smith of Power Integrations talks to Alix Paultre from Aspencore Media about their new BridgeSwitch ICs, which feature high- and low-side advanced FREDFETs (Fast ...


Panasonic talks about their automotive technology demonstrator

In this video Marco from Panasonic walks Alix Paultre of Aspencore Media through their automotive technology demonstrator at electronica 2018. The demonstrator highlights various vehicle subsystems an...