Considerations in automotive embedded development Global Automotive Director Kiyo Uemura
Agenda 1. IAR Systems Introduction 2. Background & ISO 26262 3. Software Development at the software level 4. Supporting Processes & Software tools 5. Summary
Future-proof software tools and services for embedded development, enabling companies worldwide to create the products of today and the innovations of tomorrow. Dedicated team of support, sales and service worldwide Large and loyal base of 46,000 customers 32% of revenue invested in R&D 2016 Sales 34M Operating profit 10M Net cash 10M Listed on NASDAQ Stockholm 34 years in the industry Uppsala Munich Paris Tokyo Seoul Shanghai Dallas Boston Los Angeles San Francisco + Distributor representation in 40+ countries
Background Complexity of Automotive Application Increasing Software Engineers at Automotive Industry are expected to follow ISO 26262. ISO 26262 is an automotive-specific international standard for functional safety of designing and testing products.
Overview of ISO 26262
Overview of ISO 26262 Product Development at the software level Supporting processes
ISO 26262 Part 6 Product Development at the software level
ISO 26262 Part 6 Product Development at the software level 6.6 Specification of Safety Software Requirement 6.11 Verification of software safety requirements 6.7 Software architectural design 6.10 Software integration and testing 6.8 Software unit design and implementation 6.9 Software Unit Design testing
6-7 Software Architectural design 6.6 Specification of Safety Software Requirement 6.11 Verification of software safety requirements 6.7 Software architectural design 6.10 Software integration and testing 6.8 Software unit design and implementation 6.9 Software Unit Design testing
6-7 Software Architectural design methods recemmended by ISO 26262-6, Table 6 (requirment 7.4.18) Method ASIL A B C D 1a Design walk-through ++ + o o 1b Design inspection + ++ ++ ++ 1c Simulation of Dynamic parts of design + + + ++ 1d Prototype generation o o + ++ 1e Formal verification o o + + 1f Control flow Analysis + + ++ ++ 1g Data flow Analysis + + ++ ++ ASIL : Automotive Safety Integrity Level = A risk classification scheme ++ The method is highly recommended for this ASIL + The method is recommended for this ASIL o The method has no recommendation for or against usage for this ASIL Without using a tool not easy to ensure the quality of your Software Architectural design method
6-7 Software Architectural design methods recemmended by ISO 26262-6, Table 6 (requirment 7.4.18) Method ASIL A B C D Visual State 1a Design walk-through ++ + o o Yes 1b Design inspection + ++ ++ ++ Yes 1c Simulation of Dynamic parts of design + + + ++ Yes 1d Prototype generation o o + ++ - 1e Formal verification o o + + - 1f Control flow Analysis + + ++ ++ Yes 1g Data flow Analysis + + ++ ++ - ASIL : Automotive Safety Integrity Level ++ The method is highly recommended for this ASIL + The method is recommended for this ASIL o The method has no recommendation for or against usage for this ASIL Without using a tool not easy to ensure the quality of your Software Architectural design method
Solutions from IAR Systems State Machine Development Tool
IAR Visual State Set of tools for designing, testing and implementing embedded applications based on state machines. Build your design from a high level, structure complex applications, and step by step add functionality at a detailed level. Based on Unified Modeling Language (UML) state machine subset Generates very compact C/C++ code, 100% consistent with your design Advanced verification and validation tools
6-8 Software Unit design and implementation 6.6 Specification of Safety Software Requirement 6.11 Verification of software safety requirements 6.7 Software architectural design 6.10 Software integration and testing 6.8 Software unit design and implementation 6.9 Software Unit Design testing
6-8 Software Unit design and implementation : Coding Guide Topics to be covered by modeling and coding guidelines offered by ISO26262 Part6 ASIL A B C D Enforcement of low complexity ++ ++ ++ ++ Use of language subsets ++ ++ ++ ++ Enforcement of strong typing ++ ++ ++ ++ Use of defensive implementation techniques o + ++ ++ Use of established design principles + + + ++ Use of unambiguous graphical representation + ++ ++ ++ Use of style guides + ++ ++ ++ Use of naming conventions ++ ++ ++ ++ Manual Review is no longer a perfect solution to ensure the quality of your code ASIL : Automotive Safety Integrity Level ++ The method is highly recommended for this ASIL + The method is recommended for this ASIL o The method has no recommendation for or against usage for this ASIL
6-8 Software Unit design and implementation : Coding Guide Topics to be covered by modeling and coding guidelines offered by ISO26262 Part6 ASIL A B C D C-STAT Enforcement of low complexity ++ ++ ++ ++ - Use of language subsets ++ ++ ++ ++ Yes Enforcement of strong typing ++ ++ ++ ++ Yes Use of defensive implementation techniques o + ++ ++ Yes, partly Use of established design principles + + + ++ - Use of unambiguous graphical representation + ++ ++ ++ - Use of style guides + ++ ++ ++ - Use of naming conventions ++ ++ ++ ++ - Manual Review is no longer a perfect solution to ensure the quality of your code ASIL : Automotive Safety Integrity Level ++ The method is highly recommended for this ASIL + The method is recommended for this ASIL o The method has no recommendation for or against usage for this ASIL
Solutions from IAR Systems Static Analysis: C-STAT
Static Analysis: C-STAT Checks compliance with MISRA C:2012 MISRA C++:2008 MISRA C:2004 CWE and CERT C/C++ (Includes ~250 checks mapping to 100 of issues) Extensive and detailed documentation Fully integrated with IAR Embedded Workbench
6-9 Software Unit testing, 6-10 Software integration and testing 6.6 Specification of Safety Software Requirement 6.11 Verification of software safety requirements 6.7 Software architectual design 6.10 Software integration and testing 6.8 Software unit design and implementation 6.9 Software Unit Design testing
6-9 Software Unit testing, 6-10 Software integration and testing Requirement The ISO 26262 standard requires software integration testing in a realistic target environment. Verifying embedded software according to ISO 26262 requires testing in a target environment while ensuring a high level of controllability and observability in the software. Need to have a tool which does not cause code overhead and speed penalty..
6-9 Software Unit testing, 6-10 Software integration and testing Requirement The ISO 26262 standard requires software integration testing in a realistic target environment. Verifying embedded software according to ISO 26262 requires testing in a target environment while ensuring a high level of controllability and observability in the software. C-RUN Yes Yes Need to have a tool which does not cause code overhead and speed penalty..
Solution from IAR Systems Dynamic Analysis: C-RUN
Dynamic Analysis: C-RUN C-RUN can perform following errors check; Heap and memory leaks checking Bounds checking Integer conversion failure Shift overflow Division by zero Minimized test code overhead and speed penalty Full Integration with IAR Embedded Workbench
8-11 Confidence in the use of software tools Supporting processes
8-11 Confidence in the use of software tools Requirement & Consideration ISO 26262 standards requires all tools used for the development process to be qualified Good to have a tool to be prequalified The amount of work for qualification of tools can be high, if the tools are not pre-qualified
8-11 Confidence in the use of software tools Requirement & Consideration ISO 26262 standards requires all tools used for the development process to be qualified IAR Embedded Workbench Functional Safety Version Qualified Good to have a tool to be prequalified The amount of work for qualification of tools can be high, if the tools are not pre-qualified Qualified
Solution from IAR Systems Functional Safety version of IAR Embedded Workbench
ISO 26262 certified tools A special functional safety version of IAR Embedded Workbench for ARM V7.40.6 IAR Embedded Workbench for RL78 V1.40.7 Certified for each ASIL (Automotive Safety Integrity Level) A-D of ISO 26262 without further tool qualification Guaranteed support through the product life cycle Prioritized support Validated service packs Regular reports of known problems The certification validates the quality of IAR Systems entire development processes, as well as the delivered software.
Summary of solutions from IAR Systems
Future proof your applications! Code Quality is the key success factor of your Automotive project. IAR Systems will support you to secure the code quality.
Want to learn more? Get scanned and get this presentation as PDF Get a demo of our latest news Thank you for your attention!
Thank you for your attention! www.iar.com/automotive