Use Case: Leading Autonomous Driving Platform Supplier
Ensuring security, safety & reliability of autonomous driving vehicles software
Context
To achieve satisfactory validation for ADAS and autonomous vehicles, it is impossible to test all the possible test cases and positions. In some instances, it’s too dangerous to do it in the field itself. Additionally, simulations are not sufficient to detect all safety and security issues. Failure of automotive software can result in dramatic consequences.
As a result, this Leading Autonomous Driving Platform Provider needed a way, beyond traditional testing processes and methods, to ensure software safety, reliability, and security of their autonomous driving software platform.
The goal was to verify that the ADAS software platform’s reaction to the position of the vehicle and all its surrounding objects (or “living beings”) would not cause any undefined behavior that would pose risks to the user’s safety or security.
To achieve this goal, the client turned to exhaustive source code analysis.
Thanks to the power of mathematical methods, it’s possible to generalize test inputs and exhaustively detect all undefined behaviors (such as buffer overflows, non-initialized variables, division by zeros, etc.) The analysis was run on a key library, a C++ embedded software stack for vehicle Maps and Positioning that contains over 300,000 LoC. This is a collection of C++ classes that stores a map and associated objects in the autonomous car software framework.
Implementation
If this analysis had been done using traditional methods, analyzing this stack would cover only a limited number of vehicle positions on the map. Even a test framework or a fuzzing tool would be far from covering all possible cases. Covering all possible cases with traditional tests is impossible to achieve.
Powerful mathematical techniques known as formal methods were used to extend the reach of traditional tests.
TrustInSoft Analyzer was able to test all possible positions of the vehicle and surrounding objects in a given area and verify that there would be no software runtime errors that could jeopardize user safety or security.
Positions were managed as a pair of double precision floating point values.
The verification was split in square areas of reasonable size (a few tens of meters) around the vehicle.
This allowed TrustInSoft Analyzer to test all positions in the space of the vehicle and its environment.
This represented the equivalent of = 85153688762380776778026315019425153025 possible positions and tests.
Results Achieved
After detection, correction of a number of bugs, and reanalyzing the software, it was possible to achieve a mathematical guarantee of the absence of undefined behavior in the Maps and Positioning class for all possible positions of the vehicle and objects in its environment.
Impact
TrustInSoft Analyzer allowed this Autonomous Driving Platform Provider to go beyond traditional testing methods and obtain a mathematical guarantee of software security, safety, and reliability on a key library of their autonomous driving platform.
The code quality increased due to TrustInSoft Analyzer’s ability to find all critical bugs such as buffer overflows and all runtime errors. This provided an extra layer of protection to the automotive software.
TrustInSoft Analyzer allowed this Autonomous Driving Platform Provider to go beyond traditional testing methods and obtain a mathematical guarantee of software quality by ensuring:
- All critical bugs were corrected
- A mathematical guarantee of the absence of undefined behaviors in their software stack
Learn more about TrustInSoft Analyzer
Learn more about the tool that this Leading Autonomous Driving Platform Provider used to secure their code!
Discover our product