The release of a standard designed to improve the safety of road vehicles has led to a scramble by software vendors to offer tools and consultancy services to manufacturers and subcontractors as they rush to update their processes.
LDRA, The MathWorks, and Visure are among the companies that launched tools and services at the Embedded World show in Nürnberg, Germany to support the ISO26262 standard that was published with the exception of one chapter late last year. Although the standard is not mandatory across Europe, automakers are keen to adopt its processes so that they can demonstrate to courts they were not negligent in their practices if accidents involving their vehicles result in legal action against them.
Although engineers at carmakers, such as Jaguar Land Rover in the UK, were active in the development of ISO26262, many companies and their contractors have limited experiences with the changes it brings to design for safety.
At the recent Safety Critical Systems Symposium, Roger Rivett, senior engineer at Jaguar Land Rover, explained: "The standard was begun in 2005 and finally published in 2011, with the remaining part ten down for publication this year. It is not a legal requirement, but it will be taken as an example of best practice in the industry."
The biggest change is the introduction of the idea of the safety case. Although this is already in use in industries such as railways and nuclear power, carmakers do not necessarily have processes designed to build accurate safety cases that define risks and the techniques used to deal with them.
"The ISO standard is having a positive impact," said Rivett. "We are starting to use functional safety disciplines a lot more within the company and it can provide the impetus for building more of a systems engineering approach."
Hans Dürr, senior applications engineer at The MathWorks, says: "Although companies were starting the change processes before the release of ISO26262, it's gaining more momentum now. But it takes a lot of time to interpret the document. So, we are launching a service to carry out assessments to identify where companies are in the process, and work out where their gaps are."
Dürr's colleague Alexander Schreiber, senior applications engineer at The MathWorks, says tools such as Matlab and Simulink would be used to support the shift to ISO26262 processes: "In our code-generation products we have the ability to trace between generated code and a model of the system. So, we can trace code back to the requirement that calls for that software to be implemented. And we can run coverage metrics to ensure that the testbench we generate covers the design effectively."
The MathWorks launched its ISO26262 service alongside the 2012a release of its Matlab software environment, which adds greater support for generating hardware designs and complex electromechanical systems.
Mark James, marketing manager at Liverpool-based LDRA, says: "Traditionally, LDRA has provided the tools to support processes such as ISO26262. We are now bringing in a team of safety assessors to provide services to support adoption. Some people have no idea of where to start with adoption, so they will use these experts to help build up the experience and feed that down into the development teams.
"What is unique about our approach is that we provide a fixed-price solution. The problem with these types of service traditionally is that it has been charged on an hourly model where the customer has little idea of what the eventual cost will be," James adds.
Fernando Valera, product manager at Spanish requirement-analysis software specialist Visure, says a lot of existing processes use basic office software such as Microsoft Excel to store the documentation used to manage development. "But for standards such as ISO26262, you cannot afford to generate all the evidence needed using manual processes."
Valera says the company has built a template for embedded-systems development designed to support ISO26262 in smaller contractors that are now expected to provide safety-case evidence. "It provides a faster start for small and medium-sized companies. Many of the OEMs and tier-one suppliers will have similar approaches.
"Customers will customise the template but rather than take a couple of weeks to build one they can have something they can start with immediately for failure mode and risk analysis."