^

Industries

Industries

Automotive

In the world of automotive software development, the move towards more rigorous process standards raises concerns around increased development time and cost. This situation is compounded by a dramatic increase in the amount of code in today’s automobiles, the advent of ADAS and autonomous driving, and the cybersecurity concerns associated with connectivity. Even without a catastrophic event, no developer wants to be identified as the cause of an expensive vehicle recall due to a software error.

For almost half a century, LDRA has been supporting critical software development including those deployed in automotive applications. Our expertise has helped to shape the standards that establish best practices and helps companies to adhere to them. Our tools simplify compliance challenges by automating industry best practices, and our consultancy services underpin the efforts of both newcomers to the sector, and those looking to streamline their activities

AUTOMOTIVE | ISO 26262 | ISO/PAS 21448 SOTIF | ASPICE | MISRATM | HIS | AUTOSAR | ISO/SAE 21434

“MISRA”, “MISRA C” and “MISRA C++” are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved. 

Why are there so many automotive software standards?

The automotive industry relies heavily on software to power various aspects of modern vehicles, ranging from engine control and safety systems to entertainment and connectivity features. The proliferation of automotive software standards can be attributed to the need to:  

  • achieve safety and reliability, 
  • ensure interoperability, 
  • meet international regulations, 
  • address the challenges posed by new technologies, 
  • aid collaboration, and 
  • optimize cybersecurity. 

It would be neither practical nor desirable to address all these issues in a single document – but it does mean that in order to achieve several of these attributes in the same system, developers are required to adhere to multiple standards concurrently. 

Which process standards address safety in automotive software?

Safety standards for automotive software applications are crucial to ensure the reliability and security of the software components in vehicles. Some standards are generic, and others apply to particular types of vehicles.

Here are some of the key process standards that specifically address safety in automotive software applications:

ISO 26262 – Road vehicles – Functional safety

ISO 26262 is a comprehensive framework for achieving functional safety in electrical and electronic systems within road vehicles. It covers the entire product development lifecycle and is widely used in the automotive industry to address the safety of software-intensive systems.

ISO/PAS 21448 Road vehicles — Safety of the intended functionality

ISO/PAS 21448 addresses the safety of the intended functionality (SOTIF) of automotive systems. It focuses on the safety considerations related to the proper functioning of a system, specifically focusing on scenarios where the system operates as intended but might still lead to hazardous situations.

Automotive SPICE (Software Process Improvement and Capability Determination)

Automotive SPICE (colloquially known as ASPICE) is a framework for the assessment and improvement of software development and maintenance processes within the automotive industry. ASPICE was originally based on the ISO/IEC 15504 series of standards, which has now been superseded by the ISO/IEC 330XX series. ASPICE remains conformant with ISO/IEC 330XX.

ISO 25119 – Tractors and machinery for agriculture and forestry – Safety-related parts of control systems

ISO 25119 is an example of a functional safety standard that is tuned to deal with a particular type of specialist vehicle – in this case, dealing with software-related safety considerations in agricultural and forestry vehicles.

What is the difference between Functional Safety and Safety Of The Intended Function (SOTIF)?

Functional safety as addressed by ISO 26262 deals with the safety of a system or component in the presence of faults or failures. It primarily focuses on preventing or mitigating the impact of systematic and random failures.

Safety of the Intended Function (SOTIF) as addressed by ISO/PAS 21448 considers potential hazards associated with the system when it works as intended, rather than when it fails.

Which process standards address cybersecurity in automotive software?

ISO/SAE 21434 – Road vehicles – Cybersecurity engineering

ISO/SAE 21434 focuses on the cybersecurity aspects of road vehicles, including the software components. It provides high-level guidance on identifying and managing cybersecurity risks throughout the software development and maintenance processes but stops short on suggesting how that guidance might be implemented in practice.

UNECE WP.29 regulation R155 for CSMS (Cyber Security Management System)

The new UNECE WP.29 regulation R155 for CSMS (Cyber Security Management System) has been adopted by UNECE’s World Forum for Harmonization of Vehicle Regulations, making compliance obligatory for vehicle type approval from June 2022. ISO/SAE 21434 is cited in R155 as an appropriate reference for appropriate cybersecurity skills.

SAE J3061 – Cybersecurity Guidebook for Cyber-Physical Vehicle Systems

ISO/SAE 21434 superseded the guidance document SAE J3061 which provided guidance and best practices for managing cybersecurity throughout the lifecycle of automotive systems. It placed particular emphasis on addressing the growing concerns related to the security of connected and autonomous vehicles.

ISO/SAE PWI 8477 – Road vehicles – Cybersecurity verification and validation

The lack of detailed advice offered by the ISO/SAE 21434 prompted a proposal for a new project ISO/SAE PWI 8477 “Road vehicles – Cybersecurity verification and validation”, which was submitted in Jun 2021 with a view to addressing this issue.

Which standards address interoperability in automotive software?

AUTOSAR (AUTomotive Open System ARchitecture)

AUTOSAR defines standardized automotive software architectures that aim to facilitate the development, integration, and maintenance of software for automotive ECUs (Electronic Control Units).

AUTOSAR does not define safety or cybersecurity requirements, but it does provide frameworks that allow for the integration of safety and security mechanisms and hence aligns with safety standards like ISO 26262, and cybersecurity standards like ISO/SAE 21434.

Which coding standards are commonly used in automotive software?

There are numerous coding standards associated with automotive software development, each with its own merits. Popular coding standards associated with the C and C++ programming languages include:

MISRA C & MISRA C++

Originally developed by and for the automotive industry, MISRA C & MISRA C++ are now used across the critical software sectors. MISRA guidelines aim to reduce the likelihood of programming errors and improve code consistency, with resulting improvements in safety, security, and reliability.

CERT C & CERT C++

Developed by the CERT Division at the Software Engineering Institute (SEI), CERT C & CERT C++ focus on security and best practices to avoid vulnerabilities and mitigate security risks.

BARR C

Developed by Barr Group, BARR C aims to improve the safety and reliability of embedded software. It includes guidelines for both safety and security, covering a broad range of coding practices to enhance code quality, maintainability, and robustness.

HIS (Hersteller Initiative Software)

HIS is a committee drawn from major German automotive manufacturers. The committee’s focus is to help vehicle manufacturers master the principles and methods of software and quality assurance for microprocessor-based control units.

HIS language subsets have been superseded by MISRA standards, although they are supported by LDRA tools for legacy work. Conversely, HIS source code metrics remain in common use in the automotive industry. These are also supported by LDRA tools.

CWE (Common Weakness Enumeration)

Strictly speaking, CWE is not a coding standard at all. It is a broader catalogue of security weaknesses applicable to various languages and used to classify and describe these weaknesses. However, the nature of many of the weaknesses it lists is such that tools like the LDRA tool suite can find them in source code. Different types of tools are available that can find listed weaknesses pertinent to operational systems.

Additionally, organizations may choose to define their own standard, adopt multiple of these predefined standards, or tailor them to suit their specific needs.

How can LDRA help with the development of automotive applications?

LDRA’s tools help to alleviate the overhead faced by development teams looking to comply with automotive software standards, and with the traceability of requirements to the design and verification of code.

Requirements traceability.  TBmanager supports bidirectional traceability of requirements, development, and verification process and related artefacts throughout the automotive application software development life cycle, facilitating impact analysis and the provision of evidential compliance artefacts.

Traceability to standards. TBmanager also provides for bidirectional traceability to automotive related functional safety and cybersecurity standard objectives, including ISO 26262 and ISO/SAE 21434.

Coding standards compliance. Applicable to in-house, industry standard, or hybrid rule sets, TBvision’s static analysis simplifies the enforcement of the coding standards applicable to embedded systems for automotive applications.

Software quality measures. The code quality review functionality of LDRA tools provide for many of the software quality metrics (aka software quality measures) in common use. HIS source code metrics are popular in the automotive sector and are supported by the TBhis component of the LDRA tool suite.

Unit, system, and integration testing. The TBvision and TBrun components of the LDRA tool suite combine to support host, simulator, and target-based testing in accordance with automotive standards including ISO 26262 and Automotive SPICE.

Structural Coverage Analysis. The LDRA tool suite supports the rigorous coverage analysis requirements demanded by automotive related functional safety and cybersecurity standards.

MC/DC The structural coverage analysis capabilities of the LDRA tool suite includes Modified Condition/Decision Coverage (MC/DC) analysis, as Highly Recommended for ISO 26262 ASIL D compliant applications. 

Tool Qualification. The LDRA Tool Qualification Support Packs (TQSPs) provide support for ISO 26262 ASIL D applications, and LDRA tools are underpinned by TÜV certification where that will suffice.

Consultancy services. LDRA Consultancy staff include subject matter experts with detailed knowledge of automotive guidelines and standards including MISRA, ISO 26262, ISO/SAE 21434. They draw on a body of expertise that enables LDRA to contribute many of the standards in common use, both in this and other sectors.

Additional information

Automotive applications – free PDF downloads ISO 26262 – free PDF downloads

Automotive SPICE – free PDF downloads

ISO/SAE 21434 – free PDF downloads

ISO/SAE J3061 – free PDF downloads

Automotive applications – further information

FREE 30 Day
TRIAL

Email Us

Email: info@ldra.com

Call Us

EMEA: +44 (0)151 649 9300

USA: +1 (855) 855 5372

INDIA: +91 80 4080 8707

Connect with LDRA