Functional safety software: coding for the unexpected

4 min read >

Functional safety software: coding for the unexpected

Embedded & Engineering Insights

When the Ariane 5 rocket exploded mid-air in June 1996, only 36 seconds after its test launch, the software aboard the spaceship was working within official specifications. Still, it was a software error that had caused the disaster: an attempt to convert a large 64-bit floating-point number (representing the horizontal velocity) into a 16-bit integer. The ensuing integer overflow led to a sequence of errors that caused the vehicle to lose direction and crash. An investigation concluded that the software had done its job. The problem was actually rooted in software design and incomplete testing specifications.

The 1996 accident is a favorite example used by programmers when discussing functional safety software. It shows why code needs to also be tested for what it is NOT expected to do. In the case of Ariane, the software had worked perfectly on a previous version of the rocket – but a slower one. The 16-bit integer had been more than enough for that case. But the different trajectory of the new space vehicle caused the integer variable to overflow and the error was not properly handled, with dire consequences. It was against a key principle of functional safety programming: making sure that errors do not propagate into uncontrollable chains of events.

Industries such as the aerospace, nuclear, military, and automotive sector now have solid functional safety requirements in place. The automotive industry, for which Tremend delivers a variety of software solutions, relies on the ISO 26262 standard for software failure control and risk mitigation. That is highly beneficial since the role of automotive software starts to shift from driving support to automated driving. As a result, the development of functional safety software follows strict guidelines on both functional behavior of the application and on process-related aspects, addressing each part of the automotive development V-cycle.

How functional safety software works

  • It takes into account all possible and probable combinations that can occur in the operating environment
  • In contains safety mechanisms that detect hardware failures or environmental scenarios that might lead to accidents
  • It contains reaction mechanisms to failures and real-life situations for ensuring the application remains always under control
  • It includes defensive programming techniques to circumvent possible unexpected running scenarios that might show up in extremely rare use-cases.

How is the ISO 26262 process different

Functional safety is not limited to code functioning. ISO 26262 covers activities that include requirements specification, design, implementation, integration, verification, and validation.

  • Target modular software architectures based on object-oriented principles.
  • Ensure high functional confidence by deploying traceability from requirements through architectural design and coding till verification.
  • Extensive testing for ensuring that all functional requirements are covered.
  • “No dead code” confidence by targeting close to 100% code coverage and MC/DC coverage
  • Validate safety mechanisms’ efficiency by simulating failing scenarios through fault injection

At Tremend we are involved in developing functional-safety software for automated driving solutions. Our engineers are implementing certified functional safety procedures in developing specific C++ code libraries. Following the ASIL D ISO 26262 process-related requirements and based on MISRA coding guidelines for C++, Tremend developers re-architect and rewrite C++ standard libraries for reaching the functional safety compliance required in autonomous driving applications.

Implementation cases include the mitigation of safety-related issues incurred by dynamic memory management and by the handling of errors through exceptions. Providing such libraries as functional safety compliant reduces the development effort at the application level. It also increases efficiency by helping developers to focus on the functional aspects of their application.

Tremend delivers full solutions ranging from mobile applications, online stores, or complex banking software to embedded software for the automotive sector. For over 11 years we have developed Internet of Things solutions, e-commerce platforms, enterprise solutions, embedded software, CRM, CMS, ERP integration, and custom software. Over two million users benefit from solutions developed by our team of software engineers.

Contact us for support in developing your own software projects.