Deployment of Model-based Software Development in Safety-related Applications: Challenges and Solutions Scenarios.

Since the mid 1990s, model-based development techniques have been adopted for the development of embedded automotive control software. Nowadays, they are also increasingly being deployed in safety-related applications. In usage scenarios such as these, the requirements of standards and guidelines from the safety area have to be adapted and be mapped onto model-based development. This paper discusses the challenges that appear in the process and sketches possible solutions. 1 Motivation and Introduction Model-based development is becoming the preferred software engineering approach for the development of embedded controls in major vehicle domains, such as powertrain and chassis [CO05]. The basic idea of the model-based approach is that an initial executable graphical model representing the control function to be developed is refined and augmented until is becomes a blueprint for the final implementation from which executable code can be generated automatically. In model-based development, commercial modeling packages such as MATLAB/Simulink/Stateflow [MSS] and code generators based on them such as the RealTime-Workshop/Embedded Coder [RTW-EC] or TargetLink [TL] are applied within the development phases detailed design and coding. One of the main advantages of this paradigm is that the software development time can be reduced between 20-50% through the use of executable modeling and autocoding, see e.g. [UO04]. Additionally, a faster increase in the maturity level of developed functions is achieved. 1 The underlying research was partly conducted within the scope of the BMBF project IMMOS (01ISC31D); also see www.immos-project.de 245 These advantages are to be extended to the area of safety-related applications in the future. In such application contexts, additional requirements of safety standards and guidelines have to be adapted. They also have to be mapped onto the model-based development because they mostly date back to before model-based development was introduced. Building on [DC05] and [CD06], this paper discusses challenges occurring in the process and offers possible solutions based on tangible project experience. Section 2 as a starting point summarizes relevant standards and guidelines. Section 3 describes some of the existing challenges and outlines possible solutions, giving guidance to upcoming research activities. Section 4 concludes the paper. 2 Norms, Standards and Guidelines The norms, standards, and guidelines listed below can serve as sources of information for the deployment of model-based development techniques in safety-related applications. ISO TR 15497:2000 Road vehicles Development guidelines for vehicle-based software: The Development guidelines for vehicle based software were compiled by MISRA in the mid-1990s and then transferred to an ISO technical report. They constitute one of the first attempts at standardization in the automotive domain in regards to software development. A revision and an update are under consideration for the time following the completion of work on ISO 26262. MISRA-C:2004 Guidelines for the use of the C language in critical systems: The Guidelines for the use of the C language in critical systems, also compiled by MISRA, describe a subset of the programming language C, which is applicable for the use in safety-critical applications. SAE J2636 Recommended Practice C Coding Practice (DRAFT): The SAE Embedded Software Task Force currently collects common automotive C Coding Practices. The proposals were developed in order to share lessons learned and best practices for the development of automotive embedded software. They aim to increase the implementation of robust and reliable software and take into account the workshare between automotive OEMs and their suppliers. IEC 61508:1998 Functional safety of electrical/electronic/programmable electronic safety-related systems: IEC 61508 is a generic, application-independent standard for electrical/electronic/ programmable electronic safety-related systems (E/E/PES) that is supposed to ease the development of sector-specific norms for E/E/PES. It is applied transitionally in the development of E/E/PES in those areas for which a domain-specific norm does not yet exist. IEC 61508-3 is concerned with the requirements for software 2 The Motor Industry Software Reliability Association 3 Society of Automotive Engineers 246