Advanced Software Design Methodologies in Functional Safety
Transcript of Advanced Software Design Methodologies in Functional Safety
Advanced Software Design Methodologies in Functional Safety
Safety Ready Safety Ready
▪ Shift Left and Trace using virtual processor models and safety qualified tools▪ Reduce Risk in FuSa compliance through the Software Development Life Cycle (SDLC)▪ Accelerate Time Test software before hardware in Dev Ops and CI environments
About the presenters
Christopher Seidl: Sr Product Manager Arm
Christopher is responsible for Keil MDK, Arm's leading development environment for Cortex-M based microprocessors. With over 20 years' experience in ASIC design and Arm cores, he joined Arm in 2013 to support the embedded and microcontroller industry.
Zdenek Fiedler: Sr Product Manager Siemens
Zdenek is responsible for the Polarion ALM product at Siemens Digital Industries. He has over 15 years experience in product life cycle management.
Stuart Turner: Field Application Engineer Electrosource
Stuart is an FAE supporting Siemens Polarion and Arm Tools at Electrosource. Electrosource is a representative and distributor for Arm and Siemens in Canada + USA
Agenda“Shift left and trace”: A methodology for creating digital threads that are functionally accurate and traceable for
safety critical systems
▪ Challenges in modern FuSa software development
▪ Agile V evolution + Agile LC
▪ iMBSE Managing + Tracing the SDLC digital threads
▪ FuSa in software development▪ Virtual Prototypes Functionally Accurate Models What and Why? ▪ Dev Ops CI/CD with Arm High Level View Unit testing, functional testing
in the SDLC (Software Development Life Cycle flow)
▪ Demonstration Validation example with safety qualified tools: Run a unit test on Arm Fast Model Tools,
inject a fault and store the results in Siemens Polarion
Christopher Seidl
Zdenek Fiedler
Stuart Turner
*Q&A – please enter into chat window
*Copies of presentations will be emailed out to registrants within 3-5 days of this event.
Problem: Functional Safety is hard Complexity is increasing in modern FuSa systems:
Example: vehicles have 100M+ lines of code and will be 2-4X in the next 3 years.
Compliance audits can delay time to market
Continuous Integration and Dev Ops unit tests, functional test typically wait for HW
Electronic component lead times extended… 6+months for MCU’s.
Bugs in the field = $X^x
exponentially more costly – find them earlier
Why Shift Left and Trace?
© 2021 Arm
Christopher Seidl10 June 2021
Advanced Software Development
Methodologies in Functional Safety
Joint webinar Arm, Siemens , ElectroSource
2 © 2021 Arm
Embedded software development trendsApplications are getting more complex
Projects are finishing faster
Safety standardsare increasing pressure
Safety standards are becoming stricter
0
50
100
150
200
250
300
350
Luxury car(2010)
Luxury car(L3 ADAS, 2020)
+200 M code lines
Faster profit
Pro
fit
Dev time
IEC 61508
ISO26262 EN 50128
IEC 62304
DO-178B
3 © 2021 Arm
Software Development Process
Analysis of timing behavior
Test completeness(Code coverage)
Test automation
Static code analysis (MISRA)
Model-based design
Fault InjectionAccess protection (MPU, TrustZone, stack overflow)
System Design
Safety requirements
Software architecture design
Software module implementation
System testing
Verification of safety
Integration testing
Unit testing
Verification & Validation
4 © 2021 Arm
Safety Integrity Levels (SIL)Safety functions in systems protect health of people, the environment, and/or goods
• Typical safety functions: emergency shutdown (overheating; dangerous movements)
• ALARP ("as low as reasonably practicable“) principle: risks shall be reduced as far as reasonably practicable
• SIL levels map development process to levels of acceptable risks
4
Pro
bab
ility
Risk matrix
Severity of Consequence
Insignificant Minor Severe Major Catastrophic
Rare - - 1 2 3
Unlikely - 1 2 3 4
Likely 1 2 3 4 5
Very Likely 2 3 4 5 6
Certain 3 4 5 6 7
Mapping of Risk to SIL
Severity of Consequence
Insignificant Minor Severe Major Catastrophic
Rare - - SIL1 SIL2 SIL3
Unlikely - SIL1 SIL2 SIL3 SIL4
Likely SIL1 SIL2 SIL3 SIL4 x
Very Likely SIL2 SIL3 SIL4 x x
Certain SIL3 SIL4 x x x
5 © 2021 Arm
SIL Impacts the Design & Validation RequirementsHigher level require more stringent design principals and higher test efforts
R = recommended, HR = highly recommended
Ref. Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4
IEC61508: Table A.2 – Software design and development – software architecture design
1 Fault detection - R HR HR
2… Error detection codes R R R HR
…13b Time-trigger architecture R HR HR HR
13c Event-driven, with guaranteed maximum response time R HR HR -
14… Static resource allocation - R HR HR
IEC61508: Table B.2 – Dynamic analysis and testing
1 Test case execution from boundary value analysis R HR HR HR
7c Structural test coverage (branches) 100% R R HR HR
7 © 2021 Arm
Types of software testingConforming to industrial/automotive safety standards
System Testing
Test that final system meets requirements
Integration Testing
Test multiple components working together
Functional Testing
Test if given functionality works as expected
Unit Testing
Test small parts of code at a time (function level)
• Unit Testing• Large # of tests• Verifying code snippet behavior
• Virtual Prototypes• Functionally accurate• Scalable & repeatable
• System/Production Testing• Small/medium number of tests • Verifying system behavior
• Hardware• Timing accurate• Final sanity check
8 © 2021 Arm
What development platform to choose?It depends on the stage of your software development
At
scal
eA
ccu
racy
100% functionally accurate
Software
Inexpensive
Same toolchain
Virtual Models
Arm Fast Models
Software
Inexpensive
Different toolchain
Inaccurate
Native executable
Run on host computer
Accurate
Hardware
Complex
Same toolchain
Development board
Off-the-shelf hardware
Hardware
Expensive
Same toolchain
Accurate
FPGA
Hardware like end target
Hardware
Expensive
Same toolchain
Identical
On target
End-embedded system
9 © 2021 Arm
Benefits of Virtual PrototypesProgrammer’s view models provide good performance, accuracy and flexibility
• Models are available early
• Fast and functionally accurate
• Non-intrusive debug
• No HW dependency
• Unlimited memory for unit testing
Hardware development
Software development
Hardware development
Software development TTM Gain
11 © 2021 Arm
Embedded development is hard
Embedded Software Developer
• Develop & test on host machine
• Development flows simpler
• Develop & test on external targets
• Development flows are complex
1. Creating a consistent environment across teams.
2. Purchasing expensive hardware board farms that do not scale.
3. Testing on hardware is slow (flash time, limited clock speed).
4. Integrating various enterprise software into one flow.
General-purpose Software Developer
12 © 2021 Arm
Optimizing software development
If you have… If you want…
Merge conflicts
Frequent code bugs
Near-release chaos
Efficient development
Verifiable code health
Safety-certified flow
Common challenges and goals for embedded software development
13 © 2021 Arm
Automotive Aviation Industrial Railway Medical
Proven for safetyProven for efficiency
Speed Quality
Cost
v v
Continuous Integration (CI)Specialized for embedded software development
14 © 2021 Arm
Development styles compared
Shared Distributed
Builds
Shared Regression
Tests
Code Coverage
Developer ‘n’ Local Builds
Developer ‘n’ Local Tests
Code Repository
Desktop Development CI Development
Code Repository
Developer 2 Local Builds
Developer 2 Local Tests
Developer 1 Local Builds
Developer 1 Local Tests
X1Per Day
X10Per Day
Manual Automated
15 © 2021 Arm
Code Build Test Package Deploy
View from the cloudsCI/CD flow explained – Simplified view
16 © 2021 Arm
View from the treesCI/CD flow explained – Simplified view
CodeUnit
BuildUnit
TestsProduction
Build DeployProduction
User Tests
Integration
BuildIntegration
TestsSystem
BuildSystem
Tests
17 © 2021 Arm
View from the groundCI/CD flow explained
App.axf
Device
Device
Device
Device
Device
Production branch
Testing branch
CodeUnit
BuildUnit
TestsProduction
Build DeployProduction
User Tests
Integration
BuildIntegration
TestsSystem
BuildSystem
Tests
18 © 2021 Arm
Arm Tools view
Arm Compiler 6, GCC
Google Test, Unity
Arm FVP Models, Docker, Virtual Machines, Hardware Boards
GitHub, GitLab, BitBucket, CodeCommit
Jenkins, Bamboo, CircleCI
Arm FuSa RTS, Arm Development Studio, Arm Keil MDK, DSTREAM, ULINK
Docker, Pelion
App.axf
Device
Device
Device
Device
Device
Production branch
Testing branch
CodeUnit
BuildUnit
TestsProduction
Build DeployProduction
User Tests
Integration
BuildIntegration
TestsSystem
BuildSystem
Tests
Where Arm development tools can increase efficiency of the CI flow
bit.ly/3pvkYrL
Advance Software
Development
Methodologies Joint Webinar ARM, ElectroSource, Siemens
Unrestricted | © Siemens 2021 | 2021-MM-DD | Author | Title | Siemens Digital Industries Software | Where today meets tomorrow.UnrestrictedUnrestrictedUnrestricted
Rising Complexity
Challenges In Modern Software Development
Unrestricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 5
Release More Frequently
Increasing Variability
Improving Quality
Time
Software CharacteristicsEvolution of the Agile V + DevOps
Unrestricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 6
Requirements
Architecture
Implementation
CI&CD
New Expectations For Cyber-physical Software Development Software Lifecycle Under Control
Restricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 7
Secure Collaboration
Advance Reuse
Granular Traceability
• Agile
• Complex & Integrated
• Model Based
• DevOps Built
• Safety-Critical
• Verified & Validated
Software characteristics
Software CharacteristicsEmergence of MBSE
Unrestricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 8
Define your
System of
Systems
Explore your
design space
Virtually test
before you
build
Define
Interfaces
Manage
program
integration
Continuous Performance Monitoring
Complete
Final
Verification
MODELING
DRIVES PRODUCT
ARCHITECTURE &
REQUIREMENTS
PRODUCT ARCHITECTURE
DRIVES INTERFACE
DESIGN
MULTI-DISCIPLINARY
OPTIMIZATION
REDUCE RISK AND THE
AMOUNT OF TESTING
FULL TRACEABILITY
OF TEST & ANALYSIS
TO REQUIREMENTS
PRODUCT AND
SUPPLIER INTEGRATION
USING DEFINED
INTERFACES
TRACK KEY PERFORMANCE INDICATORS TO MEET PRODUCT REQUIREMENTS
What Is Siemens Polarion?Software Lifecycle Under Control
Unrestricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 9
Polarion helps you to Define,
Deliver, Verify and Maintain
any software solution
interacting with physical
hardware
• Out of the Box SAFe
Support
• Advanced Reuse
• Integrated DevOps
Pipeline
• Traceability,
Compliance & Auditing
• Verification
Automation
Safety Critical Software Development
Unrestricted © Siemens 2020
Functional safety requirements management drives down the risk of malfunctioning software due to failures.
Manage risk
Calculate the risk of software failure
Manage compliance
ISO 26262, CMMI, IEC 62304, FDA 21 CFR Part 11, etc.
Build traceability
Enable the digital thread
Software CharacteristicsFunctional Safety & Requirements Management
Software Lifecycle Under ControlPolarion - One unified ALM platform orchestrates all related activities
Organically collaborate Always in product-context Continuous Integration
Application
Definition & Planning
Virtual
Hardware
Physical
Hardware
System
Definition
In-c
on
text o
f p
rod
uct
Application
Development
Embedded
Application
Architecture and
Modeling
Quality
Assurance
& Compliance
Implementation
& Verification
Requirements,
Tests & Targets
Release
& Integrate
Product
Integration
Pro
du
ct
co
nte
xt In
-pro
du
ct
Dep
loym
en
t
Protect quality and traceability,
to address complexity while
shifting left.
Restricted | © Siemens 2020 | Siemens Digital Industries Software | Where today meets tomorrow.
Revised The Message in conjunction ARM
Demonstration Overview
POLARION
Development StudioFast Models
Requirement Repository
Test Case + Results
Requirement
Test Case
Run Module
Inject Fault
Pass/Fail?
StoreResult
Summary
• Shift Left and Trace: Shift your testing left on Functionally Accurate Models and Trace the result
• CI/CD: Run simple unit tests and more complex functional tests on servers; leverage 3rd
party plug-ins (i.e. Jenkins, Jira)
• iMBSE: Functionally accurate processor models can be used as MBSE vehicles pre-hardware and post hardware too
• ALM: Application Life Management tools trace and manage the SDLC for FuSa compliance.
• FuSa Tools: Arm Development Tools + Siemens Polarion are Safety Qualified
• Resources to learn more will be provided via follow up email. Presentations + Links.
• Try it out for yourself with available GIT downloads or eval request
Contact: [email protected] [email protected] or [email protected]