Functional safety software: coding for the unexpectedby Rares Dumitrache
When the Ariane 5 rocket exploded mid air in June 1996, only 36 seconds after its test launch, the software aboard the spaceship was working within official specifications. Still, it was a software error that had caused the disaster: an attempt to convert a large 64-bit floating point number (representing the horizontal velocity) into a 16-bit integer. The ensuing integer overflow led to a sequence of errors that caused the vehicle to lose direction and crash. An investigation concluded that the software had done its job. The problem was actually rooted in software design and incomplete testing specifications.
The 1996 accident is a favourite example used by programmers when discussing functional safety software. It shows why code needs to also be tested for what it is NOT expected to do. In the case of Ariane, the software had worked perfectly on a previous version of the rocket – but a slower one. The 16-bit integer had been more than enough for that case. But the different trajectory of the new space vehicle caused the integer variable to overflow and the error was not properly handled, with dire consequences. It was against a key principle of functional safety programming: making sure that errors do not propagate into uncontrollable chains of events.
Industries such as the aerospace, nuclear, military, or the automotive sector now have solid functional safety requirements in place. The automotive industry, for which Tremend delivers a variety of software solutions, relies on the ISO 26262 standard for software failure control and risk mitigation. That is highly beneficial, since the role of automotive software starts to shift from driving support to automated driving. As a result, development of functional safety software follows strict guidelines on both functional behavior of the application and on process related aspects, addressing each part of the automotive development V-cycle.
How functional safety software works
- It takes into account all possible and probable combinations that can occur in the operating environment
- In contains safety mechanisms that detect hardware failures or environment scenarios that might lead to accidents
- It contains reaction mechanisms to failures and real life situations for ensuring the application remains always under control
- It includes defensive programming techniques to circumvent possible unexpected running scenarios that might show up in extremely rare use-cases.
How is the ISO 26262 process different
Functional safety is not limited to code functioning. ISO 26262 covers activities that include requirements specification, design, implementation, integration, verification and validation.
- Target modular software architectures based on object oriented principles.
- Ensure high functional confidence by deploying traceability from requirements through architectural design and coding till verification.
- Extensive testing for ensuring that all functional requirements are covered.
- “No dead code” confidence by targeting close to 100% code coverage and MC/DC coverage
- Validate safety mechanisms efficiency by simulating failing scenarios through fault injection
At Tremend we are involved in developing functional-safety software for automated driving solutions. Our engineers are implementing certified functional safety procedures in developing specific C++ code libraries. Following the ASIL D ISO 26262 process related requirements and based on MISRA coding guidelines for C++, Tremend developers re-architect and rewrite C++ standard libraries for reaching the functional safety compliance required in autonomous driving applications.
Implementation cases include the mitigation of safety related issues incurred by dynamic memory management and by the handling of errors through exceptions. Providing such libraries as functional safety compliant reduces the development effort at application level. It also increases efficiency by helping developers to focus on functional aspects of their application.
Tremend delivers full solutions ranging from mobile applications, online stores or complex banking software to embedded software for the automotive sector. For over 11 years we have developed Internet of Things solutions, e-commerce platforms, enterprise solutions, embedded software, CRM, CMS, ERP integration and custom software. Over two million users benefit from solutions developed by our team of software engineers.
Contact us at firstname.lastname@example.org for support in developing your own software projects.