What if a car crash is caused by a bug in the software?
Vehicle digitalization is advancing rapidly. Today’s vehicle cockpit is a digital screen signaling information to the driver. Malfunctioning software can cause injuries or deaths. Rightware and Tieto joined forces to increase driving safety by diminishing the probability of bugs in vehicle software through ISO 26262 compliance.
The instrument cluster in the vehicle cockpit has undergone a major digitalization shift. As a byproduct, safety-critical information is no longer signaled to the driver via electric LED lamps but instead with graphical symbols on the digital screen: for example, the electronic parking brake tell-tale and the gear lever indicator (P/R/N/D) are such safety-critical information.
ISO 26262 Functional Safety Standard
The ISO 26262 standard has been recognized for years, although it has not yet been officially mandated by regulators. It is used by Original Equipment Manufacturers (OEMs) and other suppliers to limit their legal liability in traffic incidents where malfunctioning software or hardware in the vehicle is suspected.
However, ramping up ISO 26262 process capabilities in organizations can be very time-consuming. Also, delivering functional safety projects can be considerably costlier than delivering ordinary software projects. The cost factor is very much determined by the product complexity and the targeted Automotive Safety Integrity Level (ASIL).
How to foster safe user interfaces for cars?
Rightware enables rapid creation and deployment of user interfaces for cars with its Kanzi UI design software. When Rightware embarked on a project to introduce functional safety into their product, they turned to their longtime Kanzi Partner, Tieto. Tieto developed a new product, Kanzi Safety, which ensures that safety-critical information is always displayed correctly in the software-orchestrated environment.
Kanzi Safety is designed to fulfill automotive industry expectations in terms of managing and displaying the safety-critical information on-screen and validating what was rendered. It helps to design UI systems which are ISO 26262 compliant.
Kanzi Safety consists of two parts:
1. Kanzi Studio plugin allows the designing and workflow management of safety-critical UIs in the same tool with the rest of the non-safety-critical UIs
2. Kanzi Safety Runtime component is used in the actual operational vehicle environment. Under the definitions given in ISO 26262 it is an ASIL-B compliant Safety Element out of Context (SEooC)
Kanzi Safety Runtime introduces a middleware layer on top of the QNX Neutrino RTOS (ASIL-D) and QNX Graphics for Safety (ASIL-B), exposing a simple API for the application. The services include: loading and validating the configuration and UI designed and exported from Kanzi Studio, rendering safety-critical UI elements, and validating the rendered content.
Proven software development processes to automotive industry
When developing the Kanzi Safety product, Tieto ramped up a new software development process and tools for automotive software engineering purposes. This hybrid V-model and Agile Scrum process improves speed, transparency and cost-efficiency of development. TÜV Rheinland audited the process to ensure its compliance with ISO 26262.
Establishing ISO 26262 compliant software development is laborious, but now that the work is done, we are powered to scale and help automotive industry companies in their software engineering challenges.
I hope our hard work will benefit many others, so that they don’t need to put the same effort in becoming ISO 26262 compliant.
Tieto focuses on software R&D and consulting services for the automotive industry with a full service portfolio from software concept design to verification and system integration.