In the world of automotive software development, the move towards more rigorous process standards raises concerns around increased development time and cost. This situation is compounded by a dramatic increase in the amount of code in today’s automobiles, the advent of ADAS and autonomous driving, and the cybersecurity concerns associated with connectivity. Even without a catastrophic event, no developer wants to be identified as the cause of an expensive vehicle recall due to a software error.
For almost half a century, LDRA has been supporting critical software development including those deployed in automotive applications. Our expertise has helped to shape the standards that establish best practices and helps companies to adhere to them. Our tools simplify compliance challenges by automating industry best practices, and our consultancy services underpin the efforts of both newcomers to the sector, and those looking to streamline their activities
The automotive industry relies heavily on software to power various aspects of modern vehicles, ranging from engine control and safety systems to entertainment and connectivity features. The proliferation of automotive software standards can be attributed to the need to:
It would be neither practical nor desirable to address all these issues in a single document – but it does mean that in order to achieve several of these attributes in the same system, developers are required to adhere to multiple standards concurrently.
Safety standards for automotive software applications are crucial to ensure the reliability and security of the software components in vehicles. Some standards are generic, and others apply to particular types of vehicles.
Here are some of the key process standards that specifically address safety in automotive software applications:
ISO 26262 is a comprehensive framework for achieving functional safety in electrical and electronic systems within road vehicles. It covers the entire product development lifecycle and is widely used in the automotive industry to address the safety of software-intensive systems.
ISO/PAS 21448 addresses the safety of the intended functionality (SOTIF) of automotive systems. It focuses on the safety considerations related to the proper functioning of a system, specifically focusing on scenarios where the system operates as intended but might still lead to hazardous situations.
Automotive SPICE (colloquially known as ASPICE) is a framework for the assessment and improvement of software development and maintenance processes within the automotive industry. ASPICE was originally based on the ISO/IEC 15504 series of standards, which has now been superseded by the ISO/IEC 330XX series. ASPICE remains conformant with ISO/IEC 330XX.
ISO 25119 is an example of a functional safety standard that is tuned to deal with a particular type of specialist vehicle – in this case, dealing with software-related safety considerations in agricultural and forestry vehicles.
Functional safety as addressed by ISO 26262 deals with the safety of a system or component in the presence of faults or failures. It primarily focuses on preventing or mitigating the impact of systematic and random failures.
Safety of the Intended Function (SOTIF) as addressed by ISO/PAS 21448 considers potential hazards associated with the system when it works as intended, rather than when it fails.
ISO/SAE 21434 focuses on the cybersecurity aspects of road vehicles, including the software components. It provides high-level guidance on identifying and managing cybersecurity risks throughout the software development and maintenance processes but stops short on suggesting how that guidance might be implemented in practice.
The new UNECE WP.29 regulation R155 for CSMS (Cyber Security Management System) has been adopted by UNECE’s World Forum for Harmonization of Vehicle Regulations, making compliance obligatory for vehicle type approval from June 2022. ISO/SAE 21434 is cited in R155 as an appropriate reference for appropriate cybersecurity skills.
ISO/SAE 21434 superseded the guidance document SAE J3061 which provided guidance and best practices for managing cybersecurity throughout the lifecycle of automotive systems. It placed particular emphasis on addressing the growing concerns related to the security of connected and autonomous vehicles.
The lack of detailed advice offered by the ISO/SAE 21434 prompted a proposal for a new project ISO/SAE PWI 8477 “Road vehicles – Cybersecurity verification and validation”, which was submitted in Jun 2021 with a view to addressing this issue.
AUTOSAR defines standardized automotive software architectures that aim to facilitate the development, integration, and maintenance of software for automotive ECUs (Electronic Control Units).
AUTOSAR does not define safety or cybersecurity requirements, but it does provide frameworks that allow for the integration of safety and security mechanisms and hence aligns with safety standards like ISO 26262, and cybersecurity standards like ISO/SAE 21434.
There are numerous coding standards associated with automotive software development, each with its own merits. Popular coding standards associated with the C and C++ programming languages include:
Originally developed by and for the automotive industry, MISRA C & MISRA C++ are now used across the critical software sectors. MISRA guidelines aim to reduce the likelihood of programming errors and improve code consistency, with resulting improvements in safety, security, and reliability.
Developed by the CERT Division at the Software Engineering Institute (SEI), CERT C & CERT C++ focus on security and best practices to avoid vulnerabilities and mitigate security risks.
Developed by Barr Group, BARR C aims to improve the safety and reliability of embedded software. It includes guidelines for both safety and security, covering a broad range of coding practices to enhance code quality, maintainability, and robustness.
HIS is a committee drawn from major German automotive manufacturers. The committee’s focus is to help vehicle manufacturers master the principles and methods of software and quality assurance for microprocessor-based control units.
HIS language subsets have been superseded by MISRA standards, although they are supported by LDRA tools for legacy work. Conversely, HIS source code metrics remain in common use in the automotive industry. These are also supported by LDRA tools.
Strictly speaking, CWE is not a coding standard at all. It is a broader catalogue of security weaknesses applicable to various languages and used to classify and describe these weaknesses. However, the nature of many of the weaknesses it lists is such that tools like the LDRA tool suite can find them in source code. Different types of tools are available that can find listed weaknesses pertinent to operational systems.
Additionally, organizations may choose to define their own standard, adopt multiple of these predefined standards, or tailor them to suit their specific needs.
LDRA’s tools help to alleviate the overhead faced by development teams looking to comply with automotive software standards, and with the traceability of requirements to the design and verification of code.
Requirements traceability. TBmanager supports bidirectional traceability of requirements, development, and verification process and related artefacts throughout the automotive application software development life cycle, facilitating impact analysis and the provision of evidential compliance artefacts.
Traceability to standards. TBmanager also provides for bidirectional traceability to automotive related functional safety and cybersecurity standard objectives, including ISO 26262 and ISO/SAE 21434.
Coding standards compliance. Applicable to in-house, industry standard, or hybrid rule sets, TBvision’s static analysis simplifies the enforcement of the coding standards applicable to embedded systems for automotive applications.
Software quality measures. The code quality review functionality of LDRA tools provide for many of the software quality metrics (aka software quality measures) in common use. HIS source code metrics are popular in the automotive sector and are supported by the TBhis component of the LDRA tool suite.
Unit, system, and integration testing. The TBvision and TBrun components of the LDRA tool suite combine to support host, simulator, and target-based testing in accordance with automotive standards including ISO 26262 and Automotive SPICE.
Structural Coverage Analysis. The LDRA tool suite supports the rigorous coverage analysis requirements demanded by automotive related functional safety and cybersecurity standards.
MC/DC The structural coverage analysis capabilities of the LDRA tool suite includes Modified Condition/Decision Coverage (MC/DC) analysis, as Highly Recommended for ISO 26262 ASIL D compliant applications.
Tool Qualification. The LDRA Tool Qualification Support Packs (TQSPs) provide support for ISO 26262 ASIL D applications, and LDRA tools are underpinned by TÜV certification where that will suffice.
Consultancy services. LDRA Consultancy staff include subject matter experts with detailed knowledge of automotive guidelines and standards including MISRA, ISO 26262, ISO/SAE 21434. They draw on a body of expertise that enables LDRA to contribute many of the standards in common use, both in this and other sectors.
LDRA Automotive Resource Centre
LDRA Secure Software Development Resource Centre
Video: MISRA C:2012 Demonstration with the LDRA tool suite
Video: Software engineering: Being compliant with MISRA C and MISRA C++
Video: Ensuring MISRA compliance through the application of MISRA Compliance:2020
Video: Auto-generating safe and secure code with IBM Rhapsody and the LDRA tool suite
Video: Structural Code Coverage with MATLAB Simulink and the LDRA tool suite
Webinar on-demand: Assured safety-critical model-based development with Rhapsody and LDRA
Email: info@ldra.com
EMEA: +44 (0)151 649 9300
USA: +1 (855) 855 5372
INDIA: +91 80 4080 8707