How to ensure safety and security of automotive vehicles with qualified ISO 26262 tools.
New advancements in technology, standards and regulations are driving increased challenges for automotive functional safety and cybersecurity requirements. Reaching these standards can be a daunting task, and even then, how do you know when you have tested enough?
Automotive systems are more complex than they’ve ever been (Figure 1), a necessity driven by the demand for innovations like Advanced Driver Assistance Systems (ADAS), autonomous driving (AD) modes, and new electric vehicles (EV). This is also because organizations increasingly face a challenging landscape of tools and technologies, and both regulatory and compliance pressures to ensure not only the reliability of the software but also that it performs as intended and free from safety vulnerabilities.
To account for this, providers need to efficiently comply with increasingly stringent standards to meet functional safety certifications starting at the source code of the application.
TrustInSoft Analyzer provides a solution that simplifies the ISO 26262 certification process with its independent qualification from TÜV SÜD.
A simplified path to certification awaits you with time-saving features such as exhaustive static analysis, fuzzing, and advanced memory mapping.
The international standard, ISO 26262 is crucial in defining safe and secure development practices for automotive systems. It helps guide developers and testers through safety integrations throughout the software development cycle to identify and mitigate potential threats and hazards caused by software through best testing practices and documentation.
In part six, the standard addresses the software development process focusing on verification and validation methods. It additionally outlines recommendations such as the following:
This post is Part 1 of a 2-part series derived from TrustInSoft’s new white paper, “SIMPLIFYING ISO 26262 CERTIFICATION WITH TRUSTINSOFT ANALYZER- How automotive software teams reduce compliance challenges by eliminating 100% of undefined behaviors”
To get your FREE copy, CLICK HERE.
Ultimately, the independent authority must conclude that the development process and outputs were planned and implemented in a manner that ensures all functional safety goals were met. This is exceedingly challenging given the complexity and scale of automotive software, leading many teams to turn to qualified development tools like TrustInSoft Analyzer to support ISO 26262 compliance.
Undefined behaviors (UBs) occur when the considered C language standard imposes no requirement on the behavior of a given program construct. This means that anything can happen: the program may fail to compile, execute incorrectly at runtime, crash, or output incorrect results. UBs are typically associated with illegal operations that lead to crashes, such as divisions by zero.
ISO 26262 recognizes the influence of such UBs by defining software “robustness” as the prevention of “implausible values, execution errors, division by zero, and errors in data flow and control flow” (ISO 26262-6:8.4.4).
The simplified code sample below illustrates the potential safety
impact of UBs:
void changeCarDirection(void) { bool bDirection; if (bDirection) { turnSteeringWheelLeft(); } else { turnSteeringWheelRight(); } }
The uninitialized bDirection variable causes an undefined behavior, where the car may turn randomly left or right, or go straight. Worse, anything could happen, such as the calling of another function that may lead to arbitrary code execution.
As an ISO 26262 qualified tool, TrustInSoft Analyzer can mathematically guarantee the absence of undefined behaviors using formal verification.
Rather than implement sets of pre-established rules like most static analysis tools, TrustInSoft Analyzer uses mathematical formal methods to prove unequivocally that code is free from coding errors and UBs that can lead to issues. Known as “exhaustive static analysis,” these methods were initially developed for the formal verification of safety-critical systems over two decades ago, now highly refined and optimized for today’s automotive software applications.
Note that the ISO 26262 standard refers to methods operating on code as “semi-formal methods” and classifies “formal methods” as acting on description techniques that have both syntax and semantics completely defined, such as UML and similar model-based frameworks.
TrustInSoft Analyzer uses a set of exhaustive static analysis methods based on “abstract interpretation.” These methods simulate a whole set of a given program’s executions simultaneously, as opposed to traditional tests that can only individually simulate a given execution. This approach enables developers to go beyond traditional testing methods that may miss UBs for an individual test value and guarantees that testing results are valid for any compiler, any chosen set of compiler options, and any memory layout.
Additionally, this approach can be applied to analyze wide ranges of input values at the same time – eliminating the need to run tests using the sequential and iterative application of different sets of input values and significantly reducing verification time.
For flexibility in choosing the appropriate analysis scope, TrustInSoft Analyzer provides two levels of analysis:
Reducing the effort and manhours needed to comply with ISO 26262 can be simplified with TrustInSoft Analyzer for robust and guaranteed results. With benefits such as hardware awareness and memory mapping and powerful formal methods analysis, developers can have peace of mind that they have obtained functional proof of the absence of all undefined behaviors.
Learn more about the technology and methodology behind simplifying the ISO 26262 certification process by downloading the full free white paper here.
In part 2 of this series, we will explore how using an exhaustive static analysis tool can bring unique results to the ISO 26262 process with unique features that give the developers the necessary tools to improve the depth and speed of their verification processes in the ISO 26262 certification process.
If you find this post useful, our new white paper, Simplifying ISO 26262
Certification With TrustInsoft Analyzer, contains a more detailed discussion of all the topics covered in this blog series, and several examples and case studies as well.
To download your FREE copy, CLICK HERE.