To succeed long-term, OEMs and suppliers need faster, more efficient verification and compliance solutions. Developers require an integrated toolset that covers the entire development lifecycle including functional safety and security
Automotive software development teams have traditionally used piecemeal and manual verification approaches to ensure that automotive software is compliant with relevant safety and security standards such as ISO 26262 Road vehicles – Functional safety and SAE 21434 Road vehicles – Cybersecurity engineering. Those traditional approaches include spreadsheets, document sharing applications and built-in MISRA or coverage checkers provided by compilers or model-based tools. But with new vehicles’ complex software systems, and with the industry and regulatory environment changing rapidly, developers across OEMs and suppliers must accomplish faster, more efficient verification and compliance demonstration.
Integrated, automated verification tools are specifically designed for fast and intuitive reporting, managing and sharing of verification results across the full development lifecycle and across teams, geographies, and the supply chain. These tools provide one of the most effective solutions to manage the cost, time and risk inherent in product development and verification, and to ensure that the groundwork is laid for fast, efficient certification. These efforts both speed time to market and reduce the risk of field failures and recalls.
Technology trends reshaping automotive software development
Several important trends are shaping new capabilities of road vehicles and are driving the importance of automated, integrated tool suites:
Increasing scrutiny of autonomous systems
Regulations surrounding the development and certification of autonomous vehicles continue to become more stringent, driving up development costs and time to market. Existing safety regulations for smaller autonomous vehicles reflect lower volume, lower risk scenarios than those for larger vehicles, but that is poised to change as the industry scales up.
Companies that employ robust verification and testing tools will be in a better position to quickly navigate these changing regulatory hurdles and retain a competitive edge. Tools that are designed for automotive software development include built-in standards analyzers for all relevant automotive standards. Vendors that provide these tools are also active in standards organizations to ensure that tools are consistently up-to-date as standards evolve.
Cybersecurity threats from increased connectivity
Cybersecurity in road vehicle systems can have serious implications for safety, making it a significant driver of business risk and uncertainty. The recommended strategy to thwart cyberattacks is to design in security so that vulnerabilities are mitigated during development and deployment. Testing of the completed software helps prove the efficacy of that approach before the product is put into the field and provides a strategy to quickly address newly exposed vulnerabilities.
To address security risks as early as possible, many teams are moving to DevSecOps, an approach that includes appropriate security activities throughout the software development and operations lifecycle. This shift enables software development and security teams to work together to reduce costs and risk and improve efficiencies.
Flexible and customizable software verification tools easily adapt to the level of risk and necessary rigor of mitigation, and requirements traceability tools enable a rapid response to compromised vulnerabilities, even for systems that have been in the field for years. Tools help developers understand the impact of requirements changes or required code changes so they can rapidly respond to security vulnerabilities. Bi-directional traceability from requirements to code and corresponding test cases is a critical capability to determine the impact of either requirements changes or identified source code vulnerabilities.
Move to model-based development
Models enable development through different layers of abstraction and perspectives, such as architecture, behavior and connectivity, facilitating algorithm development and simulation. This approach can help developers reduce complexity and errors, enable reusability and speed time to market. While model-based development is a rising trend in automotive software, OEMs cannot rely on models alone to ensure that their code is functionally safe and secure.
Code that may be automatically generated or manually created from models must be analyzed and tested. Automated verification tools help suppliers and OEMs adhere to all relevant standards and test applications based on their requirements. With this approach, Tier 1 and Tier 2 suppliers can ensure that their code fulfills functional requirements and demonstrates compliance with functional safety and security standards.
Complexity of software-defined vehicles
SDVs rely on software for functionality, performance and safety, making rigorous software verification essential. SDVs are inherently more susceptible to cyberthreats due to their connectivity features. As the capabilities of vehicles evolve over time and by different development teams through over-the-air updates and modular software architectures, maintaining compliance with safety standards and ensuring that new features do not introduce vulnerabilities becomes increasingly challenging.
The complexity of SDVs necessitates automated verification tools that are rigorous yet flexible enough to handle not only traditional coding practices but also advanced environments that integrate automation and AI into the delivery of software.
Integrated, automated verification and compliance tools and services address regulatory challenges
Software verification typically requires at least as much time, effort and resources as the entire planning and development processes combined. That makes testing and certification costly activities. The move to integrated, automated and extensible software development and verification tools can have a dramatic impact on these efforts. This can be especially important for remote and geographically dispersed teams who need to aggregate information over the course of development and testing or rework, during which manual processes or disparate tools can introduce inefficiencies and potential errors.
Unlike spreadsheets or standalone document-management systems, an integrated tool suite offers full visibility and change-impact analysis across projects and teams, enabling better design decisions more quickly. It also provides a broad range of capabilities including requirements traceability, change impact analysis, test management, coding standards compliance, code quality review, code coverage analysis, data- and control-flow analysis, unit/integration/system testing (including target testing), along with the automated generation of certification evidence.
A critical component is the ability to automatically aggregate verification results across projects and teams to provide immediate feedback on the progress of verification activities. This capability also highlights trends in the verification process, such as improvements in testing, the reduction of problems in the software, and the completeness of testing.
Trying to achieve compliance with multiple standards sequentially increases time and cost, and can result in unnecessary rework, including a costly cycle of regressions and fixes. The benefits of addressing both safety and security in parallel illustrates why it is important for verification solutions to be extensible for specific needs.
Development teams using an automated verification tool suite accomplish these critical capabilities:
- Prevent defects and vulnerabilities from entering the code in the first place;
- Enable transparency throughout the development process and across teams;
- Enable model-based development paradigm with tools and techniques for independent verification;
- Satisfy the need for a fully qualified tool chain for automotive software development;
- Support tool qualification support packages;
- Accomplish efficient on-target testing;
- Enable software-in-the-loop (SIL) and processor-in-the-loop (PIL) testing and simulation.
Companies aiming for leadership in next-generation automotive technologies must focus on development processes that emphasize safety, security and compliance. A dedicated verification tool suite supports the development and verification of software that needs to achieve all relevant automative standards, including ISO 26262, ISO/SAE 21434 and ISO 21448 Road vehicles – Safety of the intended functionality certification in parallel.
Changing regulatory environment
The rapidly evolving regulatory landscape in automotive safety, functional safety and cybersecurity is a major challenge for OEMs and suppliers. These businesses must collaborate closely with regulators to ensure that vehicles meet standards while staying agile enough to keep up with the rapid pace of regulatory change. Navigating this landscape and maintaining compliance is essential for ensuring vehicle safety, reducing development risks and efficiently bringing vehicles to market. Automotive software standards provide a comprehensive regulatory framework for automotive safety and reliability in the era of software-defined vehicles.
More on data privacy and cybersecurity in the June 2024 issue of ATTI.