Advanced Software Design Methodologies in Functional Safety

Safety Ready Safety Ready

▪ Shift Left and Trace using virtual processor models and safety qualified tools▪ Reduce Risk in FuSa compliance through the Software Development Life Cycle (SDLC)▪ Accelerate Time Test software before hardware in Dev Ops and CI environments

About the presenters

Christopher Seidl: Sr Product Manager Arm

Christopher is responsible for Keil MDK, Arm's leading development environment for Cortex-M based microprocessors. With over 20 years' experience in ASIC design and Arm cores, he joined Arm in 2013 to support the embedded and microcontroller industry.

Zdenek Fiedler: Sr Product Manager Siemens

Zdenek is responsible for the Polarion ALM product at Siemens Digital Industries. He has over 15 years experience in product life cycle management.

Stuart Turner: Field Application Engineer Electrosource

Stuart is an FAE supporting Siemens Polarion and Arm Tools at Electrosource. Electrosource is a representative and distributor for Arm and Siemens in Canada + USA

Agenda“Shift left and trace”: A methodology for creating digital threads that are functionally accurate and traceable for

safety critical systems

▪ Challenges in modern FuSa software development

▪ Agile V evolution + Agile LC

▪ iMBSE Managing + Tracing the SDLC digital threads

▪ FuSa in software development▪ Virtual Prototypes Functionally Accurate Models What and Why? ▪ Dev Ops CI/CD with Arm High Level View Unit testing, functional testing

in the SDLC (Software Development Life Cycle flow)

▪ Demonstration Validation example with safety qualified tools: Run a unit test on Arm Fast Model Tools,

inject a fault and store the results in Siemens Polarion

Christopher Seidl

Zdenek Fiedler

Stuart Turner

*Q&A – please enter into chat window

*Copies of presentations will be emailed out to registrants within 3-5 days of this event.

Problem: Functional Safety is hard Complexity is increasing in modern FuSa systems:

Example: vehicles have 100M+ lines of code and will be 2-4X in the next 3 years.

Compliance audits can delay time to market

Continuous Integration and Dev Ops unit tests, functional test typically wait for HW

Electronic component lead times extended… 6+months for MCU’s.

Bugs in the field = $X^x

exponentially more costly – find them earlier

Why Shift Left and Trace?

© 2021 Arm

Christopher Seidl10 June 2021

Advanced Software Development

Methodologies in Functional Safety

Joint webinar Arm, Siemens , ElectroSource

2 © 2021 Arm

Embedded software development trendsApplications are getting more complex

Projects are finishing faster

Safety standardsare increasing pressure

Safety standards are becoming stricter

0

50

100

150

200

250

300

350

Luxury car(2010)

Luxury car(L3 ADAS, 2020)

+200 M code lines

Faster profit

Pro

fit

Dev time

IEC 61508

ISO26262 EN 50128

IEC 62304

DO-178B

3 © 2021 Arm

Software Development Process

Analysis of timing behavior

Test completeness(Code coverage)

Test automation

Static code analysis (MISRA)

Model-based design

Fault InjectionAccess protection (MPU, TrustZone, stack overflow)

System Design

Safety requirements

Software architecture design

Software module implementation

System testing

Verification of safety

Integration testing

Unit testing

Verification & Validation

4 © 2021 Arm

Safety Integrity Levels (SIL)Safety functions in systems protect health of people, the environment, and/or goods

• Typical safety functions: emergency shutdown (overheating; dangerous movements)

• ALARP ("as low as reasonably practicable“) principle: risks shall be reduced as far as reasonably practicable

• SIL levels map development process to levels of acceptable risks

4

Pro

bab

ility

Risk matrix

Severity of Consequence

Insignificant Minor Severe Major Catastrophic

Rare - - 1 2 3

Unlikely - 1 2 3 4

Likely 1 2 3 4 5

Very Likely 2 3 4 5 6

Certain 3 4 5 6 7

Mapping of Risk to SIL

Severity of Consequence

Insignificant Minor Severe Major Catastrophic

Rare - - SIL1 SIL2 SIL3

Unlikely - SIL1 SIL2 SIL3 SIL4

Likely SIL1 SIL2 SIL3 SIL4 x

Very Likely SIL2 SIL3 SIL4 x x

Certain SIL3 SIL4 x x x

5 © 2021 Arm

SIL Impacts the Design & Validation RequirementsHigher level require more stringent design principals and higher test efforts

R = recommended, HR = highly recommended

Ref. Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4

IEC61508: Table A.2 – Software design and development – software architecture design

1 Fault detection - R HR HR

2… Error detection codes R R R HR

…13b Time-trigger architecture R HR HR HR

13c Event-driven, with guaranteed maximum response time R HR HR -

14… Static resource allocation - R HR HR

IEC61508: Table B.2 – Dynamic analysis and testing

1 Test case execution from boundary value analysis R HR HR HR

7c Structural test coverage (branches) 100% R R HR HR

© 2021 Arm

Software Testing…

7 © 2021 Arm

Types of software testingConforming to industrial/automotive safety standards

System Testing

Test that final system meets requirements

Integration Testing

Test multiple components working together

Functional Testing

Test if given functionality works as expected

Unit Testing

Test small parts of code at a time (function level)

• Unit Testing• Large # of tests• Verifying code snippet behavior

• Virtual Prototypes• Functionally accurate• Scalable & repeatable

• System/Production Testing• Small/medium number of tests • Verifying system behavior

• Hardware• Timing accurate• Final sanity check

8 © 2021 Arm

What development platform to choose?It depends on the stage of your software development

At

scal

eA

ccu

racy

100% functionally accurate

Software

Inexpensive

Same toolchain

Virtual Models

Arm Fast Models

Software

Inexpensive

Different toolchain

Inaccurate

Native executable

Run on host computer

Accurate

Hardware

Complex

Same toolchain

Development board

Off-the-shelf hardware

Hardware

Expensive

Same toolchain

Accurate

FPGA

Hardware like end target

Hardware

Expensive

Same toolchain

Identical

On target

End-embedded system

9 © 2021 Arm

Benefits of Virtual PrototypesProgrammer’s view models provide good performance, accuracy and flexibility

• Models are available early

• Fast and functionally accurate

• Non-intrusive debug

• No HW dependency

• Unlimited memory for unit testing

Hardware development

Software development

Hardware development

Software development TTM Gain

© 2021 Arm

…and Continuous Integration

11 © 2021 Arm

Embedded development is hard

Embedded Software Developer

• Develop & test on host machine

• Development flows simpler

• Develop & test on external targets

• Development flows are complex

1. Creating a consistent environment across teams.

2. Purchasing expensive hardware board farms that do not scale.

3. Testing on hardware is slow (flash time, limited clock speed).

4. Integrating various enterprise software into one flow.

General-purpose Software Developer

12 © 2021 Arm

Optimizing software development

If you have… If you want…

Merge conflicts

Frequent code bugs

Near-release chaos

Efficient development

Verifiable code health

Safety-certified flow

Common challenges and goals for embedded software development

13 © 2021 Arm

Automotive Aviation Industrial Railway Medical

Proven for safetyProven for efficiency

Speed Quality

Cost

v v

Continuous Integration (CI)Specialized for embedded software development

14 © 2021 Arm

Development styles compared

Shared Distributed

Builds

Shared Regression

Tests

Code Coverage

Developer ‘n’ Local Builds

Developer ‘n’ Local Tests

Code Repository

Desktop Development CI Development

Code Repository

Developer 2 Local Builds

Developer 2 Local Tests

Developer 1 Local Builds

Developer 1 Local Tests

X1Per Day

X10Per Day

Manual Automated

15 © 2021 Arm

Code Build Test Package Deploy

View from the cloudsCI/CD flow explained – Simplified view

16 © 2021 Arm

View from the treesCI/CD flow explained – Simplified view

CodeUnit

BuildUnit

TestsProduction

Build DeployProduction

User Tests

Integration

BuildIntegration

TestsSystem

BuildSystem

Tests

17 © 2021 Arm

View from the groundCI/CD flow explained

App.axf

Device

Device

Device

Device

Device

Production branch

Testing branch

CodeUnit

BuildUnit

TestsProduction

Build DeployProduction

User Tests

Integration

BuildIntegration

TestsSystem

BuildSystem

Tests

18 © 2021 Arm

Arm Tools view

Arm Compiler 6, GCC

Google Test, Unity

Arm FVP Models, Docker, Virtual Machines, Hardware Boards

GitHub, GitLab, BitBucket, CodeCommit

Jenkins, Bamboo, CircleCI

Arm FuSa RTS, Arm Development Studio, Arm Keil MDK, DSTREAM, ULINK

Docker, Pelion

App.axf

Device

Device

Device

Device

Device

Production branch

Testing branch

CodeUnit

BuildUnit

TestsProduction

Build DeployProduction

User Tests

Integration

BuildIntegration

TestsSystem

BuildSystem

Tests

Where Arm development tools can increase efficiency of the CI flow

bit.ly/3pvkYrL

Advance Software

Development

Methodologies Joint Webinar ARM, ElectroSource, Siemens

Unrestricted | © Siemens 2021 | 2021-MM-DD | Author | Title | Siemens Digital Industries Software | Where today meets tomorrow.UnrestrictedUnrestrictedUnrestricted

Rising Complexity

Challenges In Modern Software Development

Unrestricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 5

Release More Frequently

Increasing Variability

Improving Quality

Time

Software CharacteristicsEvolution of the Agile V + DevOps

Unrestricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 6

Requirements

Architecture

Implementation

CI&CD

New Expectations For Cyber-physical Software Development Software Lifecycle Under Control

Restricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 7

Secure Collaboration

Advance Reuse

Granular Traceability

• Agile

• Complex & Integrated

• Model Based

• DevOps Built

• Safety-Critical

• Verified & Validated

Software characteristics

Software CharacteristicsEmergence of MBSE

Unrestricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 8

Define your

System of

Systems

Explore your

design space

Virtually test

before you

build

Define

Interfaces

Manage

program

integration

Continuous Performance Monitoring

Complete

Final

Verification

MODELING

DRIVES PRODUCT

ARCHITECTURE &

REQUIREMENTS

PRODUCT ARCHITECTURE

DRIVES INTERFACE

DESIGN

MULTI-DISCIPLINARY

OPTIMIZATION

REDUCE RISK AND THE

AMOUNT OF TESTING

FULL TRACEABILITY

OF TEST & ANALYSIS

TO REQUIREMENTS

PRODUCT AND

SUPPLIER INTEGRATION

USING DEFINED

INTERFACES

TRACK KEY PERFORMANCE INDICATORS TO MEET PRODUCT REQUIREMENTS

What Is Siemens Polarion?Software Lifecycle Under Control

Unrestricted | © Siemens 2020 | 2020-12-04 | Siemens Digital Industries Software | Where today meets tomorrow. Page 9

Polarion helps you to Define,

Deliver, Verify and Maintain

any software solution

interacting with physical

hardware

• Out of the Box SAFe

Support

• Advanced Reuse

• Integrated DevOps

Pipeline

• Traceability,

Compliance & Auditing

• Verification

Automation

Safety Critical Software Development

Unrestricted © Siemens 2020

Functional safety requirements management drives down the risk of malfunctioning software due to failures.

Manage risk

Calculate the risk of software failure

Manage compliance

ISO 26262, CMMI, IEC 62304, FDA 21 CFR Part 11, etc.

Build traceability

Enable the digital thread

Software CharacteristicsFunctional Safety & Requirements Management

Software Lifecycle Under ControlPolarion - One unified ALM platform orchestrates all related activities

Organically collaborate Always in product-context Continuous Integration

Application

Definition & Planning

Virtual

Hardware

Physical

Hardware

System

Definition

In-c

on

text o

f p

rod

uct

Application

Development

Embedded

Application

Architecture and

Modeling

Quality

Assurance

& Compliance

Implementation

& Verification

Requirements,

Tests & Targets

Release

& Integrate

Product

Integration

Pro

du

ct

co

nte

xt In

-pro

du

ct

Dep

loym

en

t

Protect quality and traceability,

to address complexity while

shifting left.

Restricted | © Siemens 2020 | Siemens Digital Industries Software | Where today meets tomorrow.

Revised The Message in conjunction ARM

Demonstration Overview

POLARION

Development StudioFast Models

Requirement Repository

Test Case + Results

Requirement

Test Case

Run Module

Inject Fault

Pass/Fail?

StoreResult

Summary

• Shift Left and Trace: Shift your testing left on Functionally Accurate Models and Trace the result

• CI/CD: Run simple unit tests and more complex functional tests on servers; leverage 3rd

party plug-ins (i.e. Jenkins, Jira)

• iMBSE: Functionally accurate processor models can be used as MBSE vehicles pre-hardware and post hardware too

• ALM: Application Life Management tools trace and manage the SDLC for FuSa compliance.

• FuSa Tools: Arm Development Tools + Siemens Polarion are Safety Qualified

• Resources to learn more will be provided via follow up email. Presentations + Links.

• Try it out for yourself with available GIT downloads or eval request

Contact: sales@electrosource.com support@electrosource.com or peter@electrosource.com