Three safety critical software trends shaping industry
We live in a world where our safety increasingly depends on software. It has now become so deeply ingrained in many aspects of modern life that, quite literally at times, we can’t live without it. This reflects three broad, converging industry trends: increased software complexity, greater software dependency, and growing demand for fast, accurate, safety critical performance from software.
The question for organizations that produce goods that depend on software is how do you manage these trends in a cost-effective yet responsible way?
1. Software complexity
It is a fact that software is becoming more complex and inter-dependent across every industry sector. This is leading to a rapidly growing number of devices and applications to interact in many and, often surprising, ways. For instance, there are phone apps that measure your heart rate, your body temperature, your blood pressure, and your skin condition. New neural networks can combine these data to analyze skin rashes or lesions and advise whether you should consult a doctor.
This explosion of software complexity is particularly evident in the automotive sector. The Apollo 11 moon-shot used about 145,000 lines of code, yet a modern car now needs of the order of 100 million lines of code just to run. Manufacturers and their suppliers are developing and launching new applications almost every month and many interact and interlock with other systems.
The software in cars is essential for safety features, such as anti-lock braking systems (ABS), collision avoidance sensors and hands-free parking. It also operates seemingly frivolous things, such as voice control of the entertainment or climate control system. What happens though when passengers can use voice activation to, say, alert emergency services to a crash situation – what effect might this have on other voice activated systems?
This brings us to the second trend.
2. Software is increasingly safety-critical
As we embed more software in our systems, so the criticality of that software increases. What wasn’t critical a few years ago is critical now. That increased criticality is often the result of changes to other parts of the system or because the environment in which the software is used has changed.
For example, until a few years ago, many trains had two drivers but now there is often only one and so the software they rely on has become more safety critical.
Similarly, one of our customers produces devices that control several aspects of a motorcycle’s engine. Their devices allow the rider to set certain controls before starting their journey.
One control for the throttle has a ‘rain-mode’ that limits the bike’s acceleration in wet conditions. It also has a ‘race-mode’ that maximizes acceleration in dry conditions. Now manufacturers are developing an app that will allow the rider to set the controls using their mobile phone.
On one level, that makes perfect sense: the control improves safety by giving the rider greater control of their bike’s performance, while the app gives them convenience. However, what happens if someone hacks their phone and changes their settings (from wet to dry)? The phone app has now made the throttle control both safety critical and security critical.
These potential vulnerabilities are often a product of the third trend.
3. An increasing demand for speed
Every business faces commercial pressures to get new software-enabled products to market but that urgency should never override safety considerations. It’s particularly important that manufacturers ensure all their technical component suppliers provide proof that they have used robust software verification tools where appropriate.
In sectors such as the automotive industry, this implies using a verification tool that meets MISRA C/C++ standards and generates compliance reports. Car makers may rely on hundreds of suppliers and many of their components will contain some software. It is in the interests of the manufacturer – and their customers – to ensure that every piece of software is safe to use in all situations.
However, not all verification tools are the same, not all of them produce consistently high quality reports and not all reports are customizable to the manufacturer’s needs. BUGSENG has addressed these three critical points in the development of our ECLAIR verification tool. We’ve done this by:
a) Eliminating all manual configurations where possible
b) Simplifying the remaining configuration requirements as much as possible to ensure the analysis is truly compliant with the MISRA guidelines
c) Enabling customizable report generation to meet the needs of specific manufacturers.
This means component suppliers can use the same verification tool (ECLAIR) but tailor their reports in MS Office for different customers. That eliminates the time consuming and error prone method of copying and pasting data from a graphical user interface (GUI). ECLAIR also generates important forensic evidence that the software it has analyzed is exactly the same as the software embedded in a specific component.
In an ideal world, we feel every car maker should be demanding that their suppliers use ECLAIR to provide exactly the report they need to prove MISRA-compliance of the software in all their components.
If you would like to find out more about how ECLAIR can make your software safer and more reliable, please contact us.
Roberto Bagnara, Ph.D is CTO of BUGSENG, a leading provider of solutions and services for static code analysis. He is also a member of the ISO/IEC JTC1/SC22/WG14 - C Standardization Working Group and the MISRA C Working Group.