David Gil, a senior engineer at Critical Software, addresses the importance of independent software testing in ensuring the software of future vehicles is failsafe, and touches on the some of the lessons to be learned from industries like aerospace.
Recently, vehicle software safety issues resulting in vehicle recalls have made news headlines, damaging the industry’s reputation and costing it millions of dollars. Today’s entertainment systems such as head-up displays, hybrid propulsion systems, parking aids, driver inputs and actuators are complex and integrated and they, as well as many other new automotive systems, present entirely new safety concerns.
Further complexity is added when you consider that vehicles are operated on streets, driven by ordinary people and repaired in everyday high-street garages. This presents a rather uncontrolled environment when compared with systems used in the aerospace industry, where aircraft operate over controlled airspace, are flown by trained pilots, and maintained by trained engineers adhering to highly controlled maintenance and operation procedures.
Software complexity is also growing exponentially with an increase in the number of lines of code often correlating with an increasing number of software problems. The average luxury car now has about 100 million lines of code, while the rigorously tested Boeing 787, one of the most modern aircraft in the world, has only 7 million lines of code. On average, before software testing is undertaken, 100,000 bugs will exist per million lines of code.
For the automotive industry, all of these factors present system engineering challenges, the outcome of which is complex software with different failsafe paths and increased logic in failure detection, isolation and recovery algorithms (FDIR). Despite the fact that system engineering and software standards in the automotive industry are on a par with those in the aerospace industry, road vehicles have been much more prone to prominent software issues than Western aircraft systems. The painful issues the arise from integrating complex software systems badly is a lesson that the aerospace industry learned long ago, adopting a stringent safety-critical approach to the development of its software, systems, equipment and operational procedures.
As with other industries, when dealing with automotive software systems that are safety-critical, independent testing should be prescribed to verify operational safety. The goal of such testing is to improve a system’s reliability, availability and safety performance, which is one of the reasons it is important that it is undertaken by an independent entity not involved in the original development.
The process of independent testing identifies suitable design assurance levels across a process to achieve compliance with a chosen functional safety standard. Such testing ensures the system’s requirements are fit for purpose by determining whether they fulfill key performance and safety obligations. Testing also ensures that the system’s design is faithful to these requirements, and that the software artefacts are faithful to the overall system design.
To date, however, within the automotive industry, software testing is often awarded to specialized departments within the company or the group producing the system in the first place, removing independence.
Although this conforms with written standards requirements, it can create a conflict of interest as the testing department is often sensitive to the same competitive financial constraints as the automotive manufacturer. By contrast, common practice in the aerospace industry dictates that testing activities are awarded to companies with no technical, financial or shareholder links with the system manufacturer.
As an indication of where the automotive industry may be heading, these standards were enforced on the aerospace industry by governments, through certification authorities and prime contractors who feared their latest assets were too unreliable, expensive and dangerous. At the time, other industries with critical systems and assets overlooked the approach, deeming it ‘unnecessary’, ‘uncompetitive’, ‘slow-moving’, ‘not applicable’ and ‘too expensive’. Those industries have since paid for that approach with significant embarrassment, economic loss and, most regrettably, human lives.
With more and more industries relying on independent testing to sustain confidence and assurance in their mission, safety and business-critical processes, it surely wont be long before the automotive industry joins them.
March 3, 2016
