Survey Says Safety, Security, Quality Software Dev are Top Auto Industry Concerns
We all know that modern vehicles depend heavily on software, not just physical components. Ensuring that software is safe, secure, and of high quality are clearly high priorities. However, the results of a recent survey among automotive design professionals suggest that many find it challenging to address those concerns during the development of that software, including compliance to ISO 26262 requirements (necessary for the majority of those surveyed).
Depending on the vehicle, whether a standard modern passenger car through to a more sophisticated connected one, there might be up to a billion lines of code. The scale and complexity of those codebases will continue to grow as the market for connected and autonomous vehicles accelerates (to upwards of three hundred million lines of code). Of those surveyed, 74% are already working with connected components to a lesser or greater degree. Similarly, 70% are involved in autonomous vehicle design.
Development Challenges
With projects having teams and external contributors from various companies and all over the world, keeping control over software-development projects requires lots of hard work. One survey respondent mentioned that over 30 software vendors are involved in a single vehicle design. On top of that, complex interactions between hardware and software can bring major organizational and process challenges, adding complexity and exacerbating risk.
The good news from the survey results is that there are signs that companies are beginning to adopt methods to deal with these challenges—ultimately to make software safer, more secure, and high quality. Widely available methodologies, standards, and tools support those efforts; more on that later. First, here’s an overview of the survey and the main results.
Survey Results
The survey, commissioned by Perforce across 400 automotive design professionals around the world, asked a range of questions concerning software development in modern vehicle design. Respondents included employees from some of the world’s largest tier 1 automotive brands, as well as a variety of other firms involved in vehicle design or component manufacture.
Of those who cited safety as their top concern, 49% said it was difficult and time-consuming to fulfill every requirement for ISO 26262, the functional safety standard that’s widely adopted within the automotive industry. Almost a third said that verifying and validating software was the most time-consuming task, followed by documentation for ISO 26262 purposes (20%). Around 20% admitted that they found it challenging to ensure software safety across the supply chain.
Software quality was the highest concern for 20% of survey respondents and 42% expressed concern that their software testing efforts aren’t exhaustive. And 35% said that they experienced difficulties in enforcing software coding best practices, which can have an impact on final software quality. About 20% also mentioned that the complexity of their codebases hinders software quality control.
Only 14% said security was their top concern, but of those, their biggest fear is hackers, which was highlighted by 55%. This isn’t surprising, given several high-profile cyberattacks on connected vehicles hitting the news. Approximately 20% of respondents mentioned a lack of developer skills to combat security risks, and around the same percentage said that security testing takes too long and thus slows development.
Addressing These Challenges
Survey respondents indicated they’re taking positive steps to deal with these multiple issues in several ways. For instance, 60% are using artificial intelligence (AI) and/or machine learning (ML) within their software-development processes. While AI and ML are never likely to completely replace manual or human effort, they help automate complex processes, reduce risk, and most importantly, create a “learning” environment of continual improvement.
However, while AL and ML bring improvements, the use of coding standards is as important as ever. They’re already used by 70% of survey respondents and anecdotally, usage is growing across all safety-critical markets. One of the drivers is the growing prevalence of C++, a programming language that gives developers lots of flexibility to be innovative, but also introduces far more room for interpretation and therefore risk. While C is still the top programming language used by survey respondents, C++ follows hot on its heels at almost 50%.
Coding standards can contribute hugely to software quality and compliance, making it easier to comply with ISO 26262 and other standards that require the use of coding standards.
A coding standard is a set of rules and/or guidelines that developers follow to prevent common defects entering code during development. For instance, a common example is when a program is receiving data without any checks in place to ensure that an input buffer can’t overflow. Someone could design an input, or “payload” containing malicious code. A coding standard will include a rule to prevent this, along the lines of “do not form or use out-of-bounds pointers or array subscripts.”
MISRA and AUTOSAR
A collaboration between vehicle manufacturers, component suppliers, and engineering consultancies, MISRA is probably the best known in the automotive industry and has been around since the late 1990s. Oriented toward more modern versions of C++ in connected and autonomous vehicles, AUTOSAR is a partnership of over 180 companies with the common aim to standardize open architectures for automotive software and embedded-systems development. MISRA now plans to merge the AUTOSAR coding standard into the MISRA C++ standard, giving developers the best of both worlds.
Of the automotive survey respondents, MISRA is the most popular coding standard at 53%, closely followed by AUTOSAR at 45 percent. Teams are also using other coding standards, including C++ Core Guidelines, Embedded C (Barr Group), and CERT, and in many cases, employ multiple coding standards. Approximately 60% use static code analyzers to automate adherence to coding standards, thus reducing the additional workload on developers and minimizing the risk of errors.
In tandem, organizations around the world are looking at how software is tested, including greater emphasis on automated and continuous testing. The idea is that the more testing is automated, the “smarter” it can become. Moreover, the earlier and more frequently it happens, the faster it becomes to find and deal with problems.
New Methodologies and Processes
The survey’s respondents are also revisiting the development methodologies and processes they’re using, to achieve quality, security, and safety while still meeting time and market pressures. While the traditional Waterfall methodology is still used by just under a quarter, the most popular is Model Driven Development at 48%, followed by Agile at 45%. Others making the list include test-driven development and automatic code generation.
Model-driven development is at a higher abstraction level than traditional methods; as the model is developed, it’s automatically transformed into a working software application. The result is a quicker development cycle with much less code. It’s also easier and faster to change and maintain the model as the behavior can be more readily understood. Validation and testing can focus on the functionality rather than syntax checking, resulting in higher quality.
Greater use of Agile underlines the growing realization that Agile can work well in compliance-driven markets, whereas in its early days, it was often viewed as suitable for more disruptive, less safety-critical markets. It also reflects the fact that there’s a shifting balance from hardware to software in many automotive projects. That’s because when the two coexist, there can be huge logistical and cultural barriers to overcome.
Agile helps to engender better collaboration without sacrificing individual autonomy, but only when solid Agile project management is in place. Otherwise, there’s the risk of losing control and missing goals.
The automotive industry is going through one of the most innovative and fast-changing periods in its history, presenting design engineers with exciting opportunities but also a new set of challenges. Software is now no longer an add-on. Instead, it’s at the very heart of modern vehicle design. Making sure that it’s developed safely, securely, and with consistent high quality—without adversely affecting time-to-market or competitiveness—is the name of the game. The challenges are big, but given the right tools and processes, they can be overcome.
A copy of the survey results is available at https://www.perforce.com/resources/qac/state-of-automotive-software-development-2019.
Richard Bellairs champions Perforce Software’s code quality management solution.