Development of Safety-Critical Sofware Using Automatic Code Generation

Author(s):
Michael Beine (dSPACE GmbH), 
Michael Jungmann (MTU Aero Engines GmbH), 
Rainer Otterbach (dSPACE GmbH), 
Thomas Thomsen (dSPACE GmbH), 
Company: MTU Aero Engines GmbH, Germany
Published: SAE World Congress, Mar 2004

In future cars, mechanical and hydraulic components will be replaced by new electronic systems (x-by-wire). A failure of such a system constitutes a safety hazard for the passengers as well as for the environment of the car. Thus electronics and in particular software are taking over more responsibility and safety-critical tasks. To minimize the risk of failure in such systems safety stan- dards are applied for their development. The safety standard IEC 61508 has been established for automo- tive electronic systems.

At the same time, automatic code generation is increas- ingly being used for automotive software development. This is to cope with today?s increasing requirements concerning cost reduction and time needed for ECU de- velopment combined with growing complexity.

However, automatic code generation is hardly ever used today for the development of safety-critical systems. Reasons for this are the specific requirements on the code as well as inadequate experience in the develop- ment of safety-critical software itself.

This paper deals with the application of automatic code generation for the development of safety-critical sys- tems. It describes the role and benefits of automatic code generation in a safety-critical software develop- ment process. The requirements imposed on an auto- matic code generator by a safety standard such as the IEC 61508 are examined. The pros and cons of using a certified code generator and possible alternatives are discussed. The benefits and know-how gained from many years of experience in developing software ac- cording to safety standards such as RTCA DO-178B in the aerospace industry is taken into consideration.

The paper uses dSPACE's production code generator TargetLink as an example. The use of TargetLink at ATENA Engineering for the development of IEC 61508 SIL 3 software is described. The experiences and ac- complishments made at ATENA are shown.



  • English: Development of Safety-Critical Sofware Using Automatic Code Generation PDF, 302 KB

Drive innovation forward. Always on the pulse of technology development.

Subscribe to our expert knowledge. Learn from our successful project examples. Keep up to date on simulation and validation. Subscribe to/manage dSPACE direct and aerospace & defense now.

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.