CRITICAL Software's Blog

​Driving Change: Why Software Safety Matters in the Automotive Industry

Posted by David Gil on 24/09/14 10:30

It is fair to say that the automotive industry has been very successful in integrating software systems for many decades. In fact, systems like traction control, ESP and ABS have dramatically improved the performance and safety of vehicles over many years. However, recently, on quite a few occasions, safety issues in the software of road vehicles have made the news headlines resulting in vehicle recalls that have damaged the industry’s reputation and cost it millions of pounds.

This trend is not entirely unpredictable. The automotive industry is extremely competitive and automotive manufacturers operate in a state of exacerbated competition. Innovative products are often sped to market in order to compete aggressively with competitors who are also driving the next big thing.

The automotive industry has been very successful in driving innovation for many years. However, unlike previous software systems, today’s entertainment systems, Head-Up Displays, hybrid propulsion systems, parking aids, driver inputs and actuators are complex and integrated. These and many other new automotive systems present entirely new safety issues.

Further complexity is added when we consider that vehicles are operated on streets, driven by ordinary people and repaired in everyday high-street garages. While this sounds obvious, it presents a rather uncontrolled environment when compared to the systems used in the aerospace industry, where aircraft operate over controlled airspace, flown by trained pilots and maintained by trained engineers, adhering to highly-controlled maintenance and operation procedures.

Software complexity is also growing exponentially, with an increase in the number of lines of code often correlating with an increasing number of software problems. The average luxury car now has about 100 million lines of code, while the rigorously tested Boeing 787, one of the most modern aircraft in the world, has only 7 million lines of code. On average, before software testing activities, 100,000 bugs will exist per million lines of code.

For the automotive industry, all of these factors present systems engineering challenges, the outcome of which is complex software with different fail safe paths and increased logic in Failure Detection, Isolation and Recovery algorithms (FDIR). Despite the fact that systems engineering and software standards in the automotive industry are on a par with those in the aerospace industry, road vehicles have been much more prone to prominent software issues than western aircraft systems. The painful lessons from integrating complex software systems badly is a lesson that the aerospace industry learned long ago, adopting a stringent safety-critical approach to the development of their software, systems, equipment and operational procedures.

Driving Change

As with other industries, when dealing with automotive software systems that are safety-critical, independent testing should be prescribed to verify operational safety. The goal of such testing is to improve a system’s reliability, availability and safety performance, which is one of the reasons it is important that it is undertaken by an independent entity not involved in the original development activities.

The process of independent testing identifies suitable design assurance levels across a process to achieve compliance with a chosen functional safety standard. Such testing ensures the system’s requirements are fit for purpose by determining whether they fulfil key performance and safety obligations. Testing also ensures that the system’s design is faithful to these requirements, and that the software artefacts are faithful to the overall system design.

To date, however, within the automotive industry, software testing activities are often awarded to specialised departments within the company or the group producing the system in the first place, removing independence. Although this conforms with written standards requirements, this can create a conflict of interest, as the testing department is often sensitive to the same competitive financial constraints as the automotive manufacturer.

By contrast, common practice in the aerospace industry dictates that testing activities are awarded to companies with no technical, financial or shareholder links with the system manufacturer. As an indication of where the automotive industry may be heading, these standards were enforced on the aerospace industry by governments, through certification authorities and prime contractors who feared their latest assets were too unreliable, expensive and dangerous. At the time, other industries with critical systems and assets overlooked the approach, deeming it ‘unnecessary’, ‘uncompetitive’, ‘slow-moving’, ‘not applicable’ and ‘too expensive’. Those industries have since paid for that approach, with significant embarrassment, economic loss and, most regrettably, human lives.

With more and more industries relying on independent testing to sustain confidence and assurance in their mission, safety and business-critical processes, it surely wont be long before the automotive industry joins them.

See Also

Functional Safety Planning According to ISO 26262 - White Paper

Download white paper

Before completely driverless cars can be released into our complex human environment, these machines need to achieve exceptional levels of safety. Discover the best-practice for applying the ISO 26262 standard in this latest document from our experts.

Topics: Safety-Critical Validation, Automotive