Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
  • Groups
    • Research Collaboration and Enablement
    • DesignStart
    • Education Hub
    • Innovation
    • Open Source Software and Platforms
  • Forums
    • AI and ML forum
    • Architectures and Processors forum
    • Arm Development Platforms forum
    • Arm Development Studio forum
    • Arm Virtual Hardware forum
    • Automotive forum
    • Compilers and Libraries forum
    • Graphics, Gaming, and VR forum
    • High Performance Computing (HPC) forum
    • Infrastructure Solutions forum
    • Internet of Things (IoT) forum
    • Keil forum
    • Morello Forum
    • Operating Systems forum
    • SoC Design and Simulation forum
    • 中文社区论区
  • Blogs
    • AI and ML blog
    • Announcements
    • Architectures and Processors blog
    • Automotive blog
    • Graphics, Gaming, and VR blog
    • High Performance Computing (HPC) blog
    • Infrastructure Solutions blog
    • Innovation blog
    • Internet of Things (IoT) blog
    • Operating Systems blog
    • Research Articles
    • SoC Design and Simulation blog
    • Tools, Software and IDEs blog
    • 中文社区博客
  • Support
    • Arm Support Services
    • Documentation
    • Downloads
    • Training
    • Arm Approved program
    • Arm Design Reviews
  • Community Help
  • More
  • Cancel
Arm Community blogs
Arm Community blogs
Automotive blog Software on wheels: Do you have the right tools?
  • Blogs
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
More blogs in Arm Community blogs
  • AI and ML blog

  • Announcements

  • Architectures and Processors blog

  • Automotive blog

  • Embedded blog

  • Graphics, Gaming, and VR blog

  • High Performance Computing (HPC) blog

  • Infrastructure Solutions blog

  • Internet of Things (IoT) blog

  • Operating Systems blog

  • SoC Design and Simulation blog

  • Tools, Software and IDEs blog

Tags
  • automotive
  • Tools and Software
  • functional safety
  • Software Developers
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

Software on wheels: Do you have the right tools?

Peterson Quadros
Peterson Quadros
March 1, 2023

The automotive industry is evolving at a very rapid pace. With the shift towards electrification and autonomy, there is an ever-increasing demand for higher levels of computing power to run the growing number of software applications and workloads. Arm is fully invested in tackling this challenge and is driving innovation through our portfolio of Automotive Enhanced (AE) and Safety-Ready products and solutions.

Arm's processors are ubiquitous in every part of the vehicle. From high-performance systems in advanced driver-assistance systems (ADAS), automated driving (AD), in-vehicle infotainment (IVI) and digital cockpits to gateway, body, and microcontroller endpoints.

The Software Developer's Challenge

Many software applications running on the vehicle control highly safety-critical functions like the transmission, anti-lock braking systems (ABS), adaptive cruise control (ACC), radar, and LiDAR. A typical standard low-end vehicle can have close to 100 ECUs and execute over 100 million lines of code. Scaling this on a premium vehicle with ADAS and more advanced technologies, you will see how significantly the software increases in size and complexity.

As a result, the embedded software is required to meet higher reliability and safety, while still delivering performance and a reasonable memory footprint. Automotive software development uses industry standards, such as AUTOSAR (Automotive Open System Architecture) and ASPICE (Automotive Software Process Improvement and Capability Determination). Additionally, it must also comply to ISO 26262, an international standard for functional safety of electrical and electronic (EE) systems in road vehicles. ISO 26262 requires a functional safety development process from start to production. It defines an Automotive Safety Integrity Level (ASIL) that classifies the severity of safety risk into 4 levels A,B,C,D. ASIL D is the most severe as it relates to the potential for severely life-threatening injuries or fatal injury in the event of a malfunction. Implementing higher ASIL levels (ASIL C and D) introduces more stringent development processes, increasing the overall effort by 30-60 percent.

Another factor to consider is cybersecurity. The advancement in automotive technology and connected vehicles creates the risk of cyber-attacks. This new security challenge introduces new regulations requiring the compliance to ISO 21434 (cybersecurity standard in road vehicles), adding further requirements to the development process.

Software development teams have a massive challenge delivering high-quality, safe, and secure software. This is alongside ever-increasing pressures for a shorter time-to-market and shorter development times. As a result, it is crucial to have a robust software development and validation strategy that is supported by the right development tools. This ensures that the safety development activities are carried out efficiently and meet the product and delivery commitments.

Determining what tools need to be qualified

ISO 26262 standard requires the user to provide sufficient evidence that the tools used in the development are reliable. The ISO 26262-8:2011 provides methods and guidance on assessment of the development tools to determine whether the tool needs qualification or not. The assessment proceeds by classifying the tools based on their Tool Confidence Level.

The TCL is determined by two factors:

  • Tool Impact: The possibility that a tool introduces or fails to detect errors.
  • Tool Error Detection: The confidence level that the tool prevents its potential malfunction.

A combination of Tool Impact and Tool Error Detection determines the Tool Confidence Level and then whether the tool needs to be qualified or not - see diagram below. There are three levels of TCL - TCL1, TCL2, and TCL3, with TCL3 relevant to the highest risk of undetected tool malfunction. 

Diagram showing the process for Tool Confidence Level

TCL# Confidence Level Does the tool need be qualified?
TCL1 Low No qualification required
TCL2 Medium Further qualification required
TCL3 High Further qualification required

Generally, a compiler toolchain would classify as TCL3, while a debugger would be TCL2 and an editor is TCL1.

For TCL3 and TCL2, ISO 26262-8:2018 Clause 11.4.6 provides methods to perform tool qualification depending on the ASIL target, shown in tables 1 and 2. 

Methods ASIL
A B C D
1a Increased confidence from use in accordance with 11.4.7 + + + + + +
1b Evaluation of the tool development process in accordance with 11.4.8 + + + + + +
1c Validation of the software tool in accordance with 11.4.9 + + + + + +
1d Development in accordance with a safety standard* + + + + + +
*No safety standard is fully applicable to the development of software tools. Instead, a relevant subset of requirements of the safety standard can be selected.

EXAMPLE: Development of the software tool in accordance with ISO 26262, IEC 61508, EN 50128 or RTCA D0-178C.

Qualification of software tools classified as TCL3

Methods ASIL
A B C D
1a Increased confidence from use in accordance with 11.4.7 + + + + ++ +
1b Evaluation of the tool development process in accordance with 11.4.8 + + + + ++ +
1c Validation of the software tool in accordance with 11.4.9 + + +  + +
1d Development in accordance with a safety standard* + + +  + 
*No safety standard is fully applicable to the development of software tools. Instead, a relevant subset of requirements of the safety standard can be selected.

EXAMPLE: Development of the software tool in accordance with ISO 26262, IEC 61508, EN 50128 or RTCA D0-178C.

Qualification of software tools classified as TCL2

Develop with confidence on Arm

To maximize the developer experience and focus on real safety development, Arm offers a range of tools and software that are dedicated to support safety development across our safety-ready IP.  

Compilers & libraries

The compiler is the center of any software development and for functional safety it is regarded as a TCL3 tool. The qualification of a TCL3 tool, like the compiler, can be extremely challenging, especially if the tool is not developed by the user. Moreover, it can be costly and time-consuming, taking several person-years of effort and does not offer any real differentiation to the final safety product. To save the user from performing unnecessary and non-differentiating tool qualification, Arm has gone above and beyond to qualify our flagship compiler toolchain in accordance with various functional safety standards that meet the highest safety integrity level, as shown in the table below:

Market Functional Safety Standard (SIL/ASIL)
Automotive ISO 26262 (up to ASIL D)
Industrial IEC 61508 (up to SIL 3)
Railways EN 50128 (up to SIL 4)
Medical IEC 62304 (up to Class C)

Arm Compiler for Embedded FuSa offers a complete safety-qualified C/C++ embedded toolchain that enables you to develop your safety project with state-of-the-art compiler technology for Arm. The toolchain has a certificate from TÜV SÜD, one of the premier safety-accredited certification houses, which provides assurance that it meets defined safety-related criteria and processes. The toolchain is also accompanied by a Qualification Kit. This includes a Safety Manual that provides guidance on safe usage of the toolchain and a Defect Report that maintains a record of all known safety-related defects affecting the toolchain. Our qualified toolchains are derived from a safety branch, which are frozen snapshots from mainline taken every few years. This brings the support of new architecture extensions, optimization improvements and modern developer features under the qualification. With the long development lifecycles and requirements for automotive and safety project, each of our safety branches also offers a long-term support and maintenance guarantee to provide assurance for many years down the line.

Using a safety-qualified compiler is not sufficient, you also need certified toolchain libraries. This is because a good portion of the safety software links in pre-compiled C/C++ library binaries are created by the toolchain vendor. Arm currently provides a Certified C library that is a subset of about 200 C-library functions. This library supports the Arm architecture run-time ABI, portions of the ISO C language specification and compiler helper functions. The library is developed as a Safety Element out of Context (SEooC) as defined in ISO 26262-10 and is fully compatible and validated with Arm’s FuSa compiler toolchains. The library has a TÜV Certificate that follows the same functional safety standards and safety integrity levels as the FuSa compiler toolchain and a Safety Manual that documents the usage and safe boundaries of the library functions. Besides the Certified C library, Arm is working towards certifying a subset of the Arm C++ library. This is because we are seeing a growing adoption of C++ in embedded and AUTOSAR development.

Software components

The Arm FuSa toolchain and libraries are also used in the development and certification of our software offerings - Arm Software Test Library (Arm STL) and CMSIS (Common Microcontroller Software Interface Standard).

Arm STL provides certified software routines written in assembly that provide boot-time and run-time checks and diagnostics of the safety system. This complements Arm’s safety-ready processors through supporting the systematic capability for ISO26262 ASIL D. It offers a C language API that allows developers to quickly scale the library to add more test coverage.

CMSIS is a set of software building blocks for Cortex-M based applications that offers a standardized framework to simplify software reuse and reduce the learning curve for microcontroller applications. While CMSIS is open source, it is highly modular, and its components can be integrated directly into the microcontroller application and qualified as part of the final safety application. Arm has also certified a subset of CMSIS (CMSIS-Core, CMSIS-RTOS) to offer a small safety-certified run time system called FuSa RTS. Currently FuSa RTS is available for Cortex-M0/M0+, M3, M4, and M7. CMSIS/FuSa-RTS has been used across many automotive applications. These include motor control, Ethernet switches, head-up display controllers and other small controller applications based on Cortex-M.

Debuggers and IDE toolkits

The compiler and libraries make up only one part of the tools story. Arm also provides fully featured development tool suites that integrate the Arm C/C++ Compiler and its safety-qualified variants. This provides a seamless developer workflow when developing on Arm.

Arm Development Studio is Arm’s most comprehensive development suite that supports development across all of Arm processors and architectures. It is the perfect choice for developing a complex SoC based on Cortex-A or Cortex-R or a heterogenous system that involves different Arm processors. It supports all SoC configurations: from single core to more complex multiprocessors. The Arm debugger offers assurance during SoC bring-up activities, such as emulation, simulation, FPGA, or real silicon bring-up. Arm Development Studio also includes a system performance analyzer called Streamline that can find hotspots and compute bottlenecks in the system. It also includes a library of instruction-accurate Fixed Virtual Platforms (FVPs). These are reference simulations that support the integration of Arm IP with memory and peripherals into the virtual hardware target. FVPs can be used to speed up software development and verification activities ahead of the real hardware availability.     

Keil MDK is another development tool suite primarily designed for microcontroller development on Cortex-M. It integrates all the tools needed to help expedite the development of embedded applications. Keil MDK includes software components as building blocks for creating applications. These software components are delivered as software packs that can contain device drivers, CMSIS libraries and royalty-free middleware components designed to support peripheral communications in microcontrollers. FuSa RTS is available as a licensed software pack.

While Arm Development Studio and Keil MDK are not safety-qualified, they are mature tools that are widely used across all markets. They are both fully validated with Arm's FuSa toolchain and safety-certified software, demonstrating increased confidence for use in safety development. 

The use of static code analysis tools to perform continuous code inspection is another important practice that must be carried out in safety development. Arm does not offer its own static analysis tools, but can integrate third-party tools as plug-ins into Arm Development Studio and Keil MDK.  

Continuous Integration and cloud-native development

The Arm software tools can be easily deployed in continuous integration (CI) workflows and cloud environments, bringing in automation, quick feedback, and efficiency to software development. This builds confidence, creates shorter development times and reduces the risk. Aside from the software tools mentioned here, Arm offers tools that support the SoC design workflow that are not covered in this blog.

On a final note, developers can scale their development activities through using Arm-based servers in the cloud, such as AWS Graviton3. Being able to build natively on Arm instead of traditional cross-compilation delivers significant developer performance and efficiency while reducing potential errors. Moreover, the ability to host virtual hardware targets in the cloud when integrated into a CI/CD framework enables a powerful end-to-end workflow to build, test, and optimize workloads on the Arm architecture. Through the SOAFEE initiative, Arm is working with its cloud and ecosystem partnerships to unlock the potential of cloud-native development. This leverages the Arm servers in the cloud to deliver a cloud to edge execution and environment parity in the age of software-defined vehicles.

You can read all of Arm's functional safety resources on developer.arm.com by clicking the following link.

Learn more

Anonymous
Automotive blog
  • Introducing device virtualization principles for real-time systems

    Alexandre Romana
    Alexandre Romana
    Learn more about virtualization and its benefits for the automotive industry.
    • March 23, 2023
  • Software on wheels: Do you have the right tools?

    Peterson Quadros
    Peterson Quadros
    Learn about the different Arm software and tools that can be used to accelerate functional safety development for automotive vehicles.
    • March 1, 2023
  • Wind River and Arm collaboration accelerates journey to functional safety compliance in centralized vehicle controllers

    Guilherme Marshall
    Guilherme Marshall
    New Arm collaboration with Wind River is set to deliver functional safety compliance in centralized vehicle controllers in the automotive sector.
    • November 9, 2022