We all know that modern vehicles depend heavily on software, not just physical components. Ensuring that software is safe, secure, and of high quality are clearly high priorities. However, the results of a recent survey among automotive design professionals suggest that many find it challenging to address those concerns during the development of that software, including compliance to ISO 26262 requirements (necessary for the majority of those surveyed).
Depending on the vehicle, whether a standard modern passenger car through to a more sophisticated connected one, there might be up to a billion lines of code. The scale and complexity of those codebases will continue to grow as the market for connected and autonomous vehicles accelerates (to upwards of three hundred million lines of code). Of those surveyed, 74% are already working with connected components to a lesser or greater degree. Similarly, 70% are involved in autonomous vehicle design.
Development Challenges
With projects having teams and external contributors from various companies and all over the world, keeping control over software-development projects requires lots of hard work. One survey respondent mentioned that over 30 software vendors are involved in a single vehicle design. On top of that, complex interactions between hardware and software can bring major organizational and process challenges, adding complexity and exacerbating risk.
The good news from the survey results is that there are signs that companies are beginning to adopt methods to deal with these challenges—ultimately to make software safer, more secure, and high quality. Widely available methodologies, standards, and tools support those efforts; more on that later. First, here’s an overview of the survey and the main results.
Survey Results
调查,由Perforceacross 400 automotive design professionals around the world, asked a range of questions concerning software development in modern vehicle design. Respondents included employees from some of the world’s largest tier 1 automotive brands, as well as a variety of other firms involved in vehicle design or component manufacture.
Of those who cited safety as their top concern, 49% said it was difficult and time-consuming to fulfill every requirement for ISO 26262, the functional safety standard that’s widely adopted within the automotive industry. Almost a third said that verifying and validating software was the most time-consuming task, followed by documentation for ISO 26262 purposes (20%). Around 20% admitted that they found it challenging to ensure software safety across the supply chain.
Software quality was the highest concern for 20% of survey respondents and 42% expressed concern that their software testing efforts aren’t exhaustive. And 35% said that they experienced difficulties in enforcing software coding best practices, which can have an impact on final software quality. About 20% also mentioned that the complexity of their codebases hinders software quality control.
只有14%的人说安全是他们最关心的问题,但是在那些人中,他们最大的恐惧是黑客,这是55%的突出显示。这并不奇怪,鉴于有几个引起新闻的连接车辆的备受瞩目的网络攻击。大约20%的受访者提到缺乏打击安全风险的开发人员技能,而相同的百分比表示,安全测试需要太长,因此减慢了开发。
解决这些挑战
Survey respondents indicated they’re taking positive steps to deal with these multiple issues in several ways. For instance, 60% are using artificial intelligence (AI) and/or machine learning (ML) within their software-development processes. While AI and ML are never likely to completely replace manual or human effort, they help automate complex processes, reduce risk, and most importantly, create a “learning” environment of continual improvement.
However, while AL and ML bring improvements, the use of coding standards is as important as ever. They’re already used by 70% of survey respondents and anecdotally, usage is growing across all safety-critical markets. One of the drivers is the growing prevalence of C++, a programming language that gives developers lots of flexibility to be innovative, but also introduces far more room for interpretation and therefore risk. While C is still the top programming language used by survey respondents, C++ follows hot on its heels at almost 50%.
Coding standards can contribute hugely to software quality and compliance, making it easier to comply with ISO 26262 and other standards that require the use of coding standards.
A coding standard is a set of rules and/or guidelines that developers follow to prevent common defects entering code during development. For instance, a common example is when a program is receiving data without any checks in place to ensure that an input buffer can’t overflow. Someone could design an input, or “payload” containing malicious code. A coding standard will include a rule to prevent this, along the lines of “do not form or use out-of-bounds pointers or array subscripts.”
MISRA and AUTOSAR
A collaboration between vehicle manufacturers, component suppliers, and engineering consultancies, MISRA is probably the best known in the automotive industry and has been around since the late 1990s. Oriented toward more modern versions of C++ in connected and autonomous vehicles, AUTOSAR is a partnership of over 180 companies with the common aim to standardize open architectures for automotive software and embedded-systems development. MISRA now plans to merge the AUTOSAR coding standard into the MISRA C++ standard, giving developers the best of both worlds.
Of the automotive survey respondents, MISRA is the most popular coding standard at 53%, closely followed by AUTOSAR at 45 percent. Teams are also using other coding standards, including C++ Core Guidelines, Embedded C (Barr Group), and CERT, and in many cases, employ multiple coding standards. Approximately 60% use static code analyzers to automate adherence to coding standards, thus reducing the additional workload on developers and minimizing the risk of errors.
In tandem, organizations around the world are looking at how software is tested, including greater emphasis on automated and continuous testing. The idea is that the more testing is automated, the “smarter” it can become. Moreover, the earlier and more frequently it happens, the faster it becomes to find and deal with problems.
新方法和过程
调查的受访者还正在重新审视他们正在使用的开发方法和流程,以实现质量,安全性和安全性,同时仍会满足时间和市场压力。虽然传统的瀑布方法仍然不到四分之一,但最受欢迎的是模型驱动的开发,其速度为48%,其次是敏捷,为45%。列出列表的其他人包括测试驱动的开发和自动代码生成。
模型驱动开发是abstractio更高n level than traditional methods; as the model is developed, it’s automatically transformed into a working software application. The result is a quicker development cycle with much less code. It’s also easier and faster to change and maintain the model as the behavior can be more readily understood. Validation and testing can focus on the functionality rather than syntax checking, resulting in higher quality.
敏捷的更多使用强调了越来越多的认识,即敏捷可以在合规驱动的市场中很好地运作,而在其早期,它通常被视为适合于更具破坏性,较少安全至关重要的市场。这也反映了以下事实:在许多汽车项目中,从硬件到软件的平衡不断变化。那是因为当两者共存时,可能会有巨大的后勤和文化障碍。
Agile helps to engender better collaboration without sacrificing individual autonomy, but only when solid Agile project management is in place. Otherwise, there’s the risk of losing control and missing goals.
汽车行业正在经历其历史上最具创新性和快速变化的时期之一,为设计工程师提供了令人兴奋的机会,但也带来了一系列新的挑战。现在,软件不再是附加组件。相反,它是现代车辆设计的核心。确保它是安全,安全地开发的,并且具有一致的高质量 - 不利影响市场或竞争力的不利影响 - 是游戏的名称。挑战很大,但是鉴于正确的工具和流程,可以克服它们。
A copy of the survey results is available athttps://www.perforce.com/resources/qac/state-of-automotive-software-development-2019.
Richard Bellairs championsPerforce Software’scode quality management solution.
