Research project VirtuOS
From this context emerged VirtuOS, a research project in Berlin. In this project, the Technical University of Berlin, the Fraunhofer Institute FIRST, and OpenSynergy found that avionics safety standards (e.g. DO-178B) are fundamentally comparable to the safety standards for the development of automotive software (e.g. ISO 26262). This comparability is what allows avionics software to be applied, and provides assurance that a certified avionics component can be used in the automotive industry. The final report of the project will be published in April 2012. Its key message:
The DO-178B standard for the certification of software systems in aircraft describes the targets for processes, results, and interaction with the certification authority necessary to develop flawless software for use in aircraft. The ISO 26262 norm also details standards for developing safety-critical systems for vehicles to ensure functional safety.
Both DO-178B and ISO 26262 assume that functional safety can be ensured by taking appropriate error prevention steps. As a first step, similarities and differences can be examined in the following areas:
• Processes and lifecycles:
What is the projected lifecycle, and what processes will be accomplished during this lifecycle? What requirements must these processes meet?
• Work results:
As part of these processes, work results, i.e. documents and the final software product, are generated. In general, these form the basis for confirmation measures and product release in accordance with the standards. To what extent are the work results contents required the same or similar?
• Confirmation measures in ISO 26262:
Who conducts the confirmation measures, and to what extent does the standard require autonomy of the inspecting authority? What types of confirmation measures are designated?
The results of the comparison lead to the conclusion that the development processes for aircraft technology and the automotive industry are fundamentally identical.
Avionics provides benefits for automotive software
Despite a few differences, for example that ISO 26262 demands measures for field operation, and that there are no certification authorities for ISO 26262, it is still possible to represent the assumed software lifecycle and most of the work results so that previous certification in accordance with avionics standards is beneficial for automotive software development in accordance with ISO 26262.
So there is no fundamental obstacle to the comparability of safety standards. On the contrary: studies conducted in the context of VirtuOS show that nearly all artifacts from DO-178B can be re-used for development in accordance with ISO 26262.
Establishing the comparability of safety standards opens the door for components from one of the industries to be used in the other. The findings from this research project show that two worlds that seemed so far apart can actually converge. The VirtuOS research results can thus lead to greater synergy between the aviation and automotive industries.
One example of that is COQOS, the standards-based software platform already mentioned. With it, OpenSynergy has made the microkernel technology used in avionics available for use in the automotive industry.
OpenSynergy's approach of integrating a microkernel from aircraft technology into an automotive software platform is completely new. COQOS is thus both an example and a trailblazer for the transfer of avionics components into software systems for cars. This re-usability saves carmakers considerable development costs, improves functional safety, and makes safe vehicle technology available at a reasonable price.
The left part of Image 3
shows the typical system design that can be generated by using COQOS. It shows clearly that several very different functions can be integrated through one µOS. The µOS is based on a microkernel. That insures the safe separation of the various functions.
The right side of the image shows that the architectures for IMA-based systems are based on the same principle.