Safety-critical development of software-intensive auto systems
10/24/2011 9:09 PM EDT
Innovation in nearly every area of the automotive industry has been driven by an exponential increase in the use of software. One result is overwhelming complexity in the interaction and integration of mechanical, electrical/electronic and software systems, introducing a significant risk of systematic and random failure and the potential for human harm.
Safer development processes—such as those that focus on and provide guidance for the prevention of systematic and random failures—result in safer products. ISO 26262, developed as an automotive-domain-specific standard for functional safety of passenger cars, focuses on product development processes.
ISO 26262 takes a broad development life cycle approach that unifies engineering processes. It also supports model-based development (MBD), which has proved effective in addressing automotive system complexity. The full benefits are realized when MBD is integrated with a solution for managing the safety life cycle.
Consistent and complete trace information is a basic requirement for the development and change management of complex embedded systems in vehicles. ISO 26262 asserts that manufacturers of safety-related systems must provide evidence that all reasonable safety goals have been satisfied. It also recommends the reuse of proven architectures and components.
With software playing a more significant role in automotive components, organizations should move aggressively toward support for better software reuse frameworks. The use of software product lines or variants is one approach that lets organizations reuse system- and software-level artifacts. Advanced implementations allow for trace relationships to be propagated automatically, as requirements, design, test and code artifacts are branched for reuse in a new product variant.
The development of complex embedded systems can require dozens of supporting tools. In working with hundreds of customers, we have found that maximum efficiency is best achieved with a coherent tool landscape. This can be achieved using artifact repositories and tool hubs.
An architecture that utilizes a low number of repositories (ideally one central repository for all artifacts), managing output artifacts and other relevant information, provides a single source of truth to which all upstream and downstream development activities can reference and be traced.
Tool hubs are more flexible and robust than tool chains. Considering the complexity and level of detail of the trace information in functional safety development, integrating all tools with point-to-point integrations would lead to a complex and almost unmanageable tool landscape. If one link in the tool chain became incompatible after a version upgrade, the entire tool chain would fail.
Solutions that offer an integrated tool environment with traceable visibility into upstream and downstream development activity let organizations increase the quality of their products while reducing the time and effort needed to deliver those products. The framework and guiding principles in ISO 26262 let organizations address embedded system development complexity while ensuring acceptable safety.
About the author
Christoph Braeuchle is customer requirements manager responsible for PTC’s Integrity business unit focused on the automotive vertical market. Braeuchle led the initiative to have Tüv Süd Automotive certify Integrity for achieving ISO 26262 compliance.