Summary
The challenge
- Support verification of ISO 26262 ASIL D hazard detection and braking software
The solution
- Comprehensive verification solution delivered by Rapita to support functional testing, structural coverage analysis and timing analysis
The benefits
- Comprehensive and qualifiable solution for ASIL D verification activities
- Seamless integration of RVS with existing development environment including CI software improved project efficiency
The challenge
EasyMile is developing its next generation of fully autonomous vehicles for passenger transport. The hazard detection and braking systems on such vehicles are a safety-critical component, and the software in these systems must be certified at the most rigorous safety level for automotive software in ISO 26262, ASIL D.
For ISO 26262 ASIL D certification, the hazard detection and braking software needs to be verified for functional behavior through functional testing, for completeness of structural coverage through testing, and for the worst-case timing behavior of the software.
EasyMile’s hazard detection and braking software is written in C, and the EasyMile verification team were using a Linux-based platform for on-host testing. EasyMile’s target platform is multicore, and they were using a LauterbachTM TRACE32® debugger to capture data during on-target software execution as part of their existing verification environment.
EasyMile were looking for an efficient verification toolsuite to support their ASIL D software verification.
The solution
EasyMile chose to evaluate Rapita’s RVS (Rapita Verification Suite) software to explore how to meet their ISO 26262 software verification needs.
Rapita delivered an RVS Proof of Concept Study to help EasyMile evaluate the capabilities of RVS and how it could meet their verification needs efficiently. As part of the study, Rapita integrated RVS into EasyMile’s existing Linux-based development environment, so their software can be verified through on-host testing. For on-target testing, Rapita developed an integration with EasyMile’s multicore processor, where measurements could be collected from on-target execution using a TRACE32 debugger, as this was already used in EasyMile’s on-target testing environment. RVS was also integrated with EasyMile’s continuous integration software, Jenkins®, to supported automated testing and results reporting.
During the study, RVS plugins for various verification activities were deployed to support EasyMile’s evaluation based on their software verification needs.
One of EasyMile’s primary verification needs was for an efficient functional testing solution. To provide this, RapiTest was deployed for this project. EasyMile’s preferred testing approach was to use test scripts to write tests. Test scripts were used internally at Rapita when the project began, but were not a supported test authoring method. To support this project, Rapita further developed RapiTest’s test script format to yield a mature test authoring solution that EasyMile could use, including documentation and tutorials to make it easy to get started.
Structural coverage analysis was also needed for ASIL D ISO 26262 certification of EasyMile’s software, and this was supported by RapiCover, which produces coverage results during testing up to and including the Modified Condition/Decision Coverage (MC/DC) level.
EasyMile also has a requirement for worst-case execution time analysis, which is planned for future verification activities. This was supported by developing an initial integration of RapiTime into the target environment.
EasyMile were impressed with the capabilities of RVS and selected to adopt RVS as their verification toolsuite.
The benefits
There were clear benefits for EasyMile in using RVS, which led to their decision to adopt RVS for use in their software verification.
As RVS fit seamlessly into EasyMile’s existing development environment, EasyMile did not need to update their existing processes. Integration with Jenkins supported automation of test execution and display of results. This was also supported by RVS’s flexible licensing, where users can configure and control how their licenses can be used, and where licenses can be reserved for use by specific users such as continuous integration servers.
Having a single tool that can support functional testing, structural coverage analysis and worst-case execution time analysis reduced costs and improved project efficiency.
RapiTest reduced the effort needed for EasyMile to write and run functional tests, and analyze and export results. Rapita’s development of the existing test script format into a fully supported and documented test format allowed EasyMile to use their preferred testing practices.
RapiCover supported EasyMile’s structural coverage analysis, including support for the most rigorous coverage metric commonly used in software verification, MC/DC, which is required for ISO 26262 certification of ASIL D software.
While EasyMile have not begun to use RapiTime yet, they are looking forward to seeing the benefits it can offer.
“We have been really impressed with Rapita throughout our relationship. RVS provides an extremely efficient and robust verification solution, and Rapita has worked together with us to support our preferred testing approach using test scripts. Based on the success we’ve had with RapiTest and RapiCover already, we’re looking forward to start using RapiTime to complete our rigorous testing for safety assurance cases. We’re impressed with Rapita’s technical support; Rapita’s engineers find a technical solution to any issues we encounter, and they find it quickly. We look forward to building on our relationship further as our project develops.”
Dr. Xavier Jean
R&D Software Engineer
EasyMile