As the microprocessors embedded developers become more powerful and the software they design and write gets more complex and increases in size, they are faced with not just increasing opportunities, but also with the need to make the code as safe as is possible to use.
This is first being driven by such traditional application segments such as military-aerospace, automotive and medical, which all have strict software certification requirements testing standards in place. The second driver is the uncertain nature of the interactions between these segments with the totally unregulated nature of much of the current consumer and mobile market. And as far as newly burgeoning embedded consumer apps opening up in home electronics, safety does not seem to even be on the radar map.
However, according to Mark Pitchford and Bill St. Clair, LDRA, authors of this two-part series, an ever-increasing reliance on software control and the nature of the applications has led many companies to undertake safety-related analysis and testing.
"Consider the antilock braking and traction control of today's automobile," they write. "These safety systems are each managed by software running on a networked set of processors; the failure of any of these systems sparks major safety concerns that could lead to recalls and lawsuits.
"Companies concerned about safety in their products are looking outside their own market sector for best practice approaches, techniques, and standards. Examples of such industry crossover have been seen in the automotive and avionics industries with the adoption of elements of the DO-178C standard by automotive and a similar adoption of the MISRA standards by avionics."
Such crossovers are likely to become more common, placing additional challenges before not only individual developers, but the certification standards groups in various industries as well.
In automobile environment, for example, increasing computerisation of not only engine and power train electronics but the infotainment systems, and interactions between them means software safety will be an on-going challenge. And when you add in such things as vehicle-to-vehicle wireless networks, it seems to me that automotive developers have a real can of worms to deal with as far as safety is concerned.
In medical designs, for another example, there is an ageing population in many countries where there is considerable effort underway to adapt software and devices originally designed for consumer environments to health and medical applications, forcing standards groups – and the FDA—to go back to the drawing board to come up with specifications and certification requirements that deal with such issues.
Fortunately, there are a wide range of tools, RTOS alternatives and requirements and specification testing procedures available. However, despite this range of tools, capabilities and industry specifications to guide developers, there remain considerable uncertainties ahead as embedded systems become more connected and the Internet of Things phenomenon takes hold.
Already the auto industry is looking for ways to deal with the intrusion of a variety of mobile smartphones and mobile computing platforms into the automobile and the security issues that raises. Added to that are the moves towards vehicle to vehicle wireless connectivity. Unless there are strict dividing lines between an automobile's entertainment systems, the information systems on which the driver relies and the body/engine electronics, the ultimate safety of any of these sub-systems remains open.
In medical applications, the impact of network security on device safety is already raising concerns. Users of medical devices (such as yours-truly) who place their lives in the hands of the safety standards the FDA imposes, are continually bombarded on a month by month basis with offers of the newest smartphone app and wireless device add-ons to complement the operation of their medical devices. And the rate at which they are being offered tells me that many of them have not gone though any sort of FDA approval, which traditionally can take years.
The dividing line between the methods for developing software for use in a secure environment and for use in a safety-critical design is razor thin. And it is apt to get thinner and more ambiguous unless safety standards organisations also start taking the impact of connectivity and security in how they evaluate safety.
To my mind at least, an insecure network-connected device or application by definition is not safe: if you do.
文章评论(0条评论)
登录后参与讨论