Long ago, automotive engineers switched from mechanized control to software components and coding, progressing to the C language. The C programming language itself is so popular that the whole Linux has been written in C. However, the standard of the C language is incomplete and there are lots of undefined/unspecified behavior where the standard leads to a high amount of uncertainty. The critical issue using the C language is that there is no runtime error checking where the developers need to write their code.
Evolution of MISRA C as a Reliable Guideline to work for Embedded System
The flexibility of the C programming language comes with the trade-off of undefined and uncertain behaviors which has the possibility of not behaving in a predictable manner if the software fails. To ensure the software safety, security and reliability in the critical embedded system, the Motor Industry Software Reliability Association (MISRA) has created a formal set of software development guidelines that work on the predictable subset of the C language and develop safe and secure embedded applications. Below depicts the evolution of the MISRA C from 1998 – 2020.
Today, MISRA C is widely accepted and known as the de facto standard in many embedded industries such as Aerospace, Telecom, Automotive, Medical Devices, Defense, Railways, Connected Consumer Electronics, Process Control, Nuclear Power, and many more.
Adoption of MISRA C by Major Automobile Companies
A few of the legends in the automotive industries such as Nissan Motor Company Ltd., Fiat Automobiles S.p.A., Toyota Motor Corporation, General Motors Company, Ford Motor Company, etc. had faced software failure issues in different vehicle software-based systems. The fact is that most of the vehicle systems such as the Automatic Emergency Braking System, Acceleration System, Engine Turning ON/OFF, etc are monitored and controlled by the software solutions. Therefore, when the software fails to monitor or control as per the design, the key vehicle systems stop working at the moment, which undefinedly can lead to a wrong incident.
NHTSA (National Highway Traffic Safety Administration) Critical Actions towards Automotive Failure Incidents
In this scenario, the NHTSA may ask automotive companies to recall their vehicles and fix the issues which may come with the huge amount of the cost associated with the recall and the stack of the reputation for the automobile companies.
However, in the past, the NHTSA has been reported for around 14 crashes and 5 injuries due to the software failure in the automatic emergency braking (AEB) system in certain cars, designed by one of the famous automotive companies. The AEB system scans the road ahead using cameras or radars and applies the brakes automatically if it detects a collision with another object. A software failure in the AEB system may read the situation as an emergency and trigger the AEB system to apply the brake automatically, which leads to the sudden stop of the vehicle and prevent an unwanted car accident.
As per the rules and regulations, Automobile manufacturers are responsible for the safety and security of automotive vehicles. They are also held liable for any crashes or injuries to occupants’ vehicles due to the failure of the software in the Automobile vehicles. Motor Industry Software Reliability Association (MISRA) has proactively worked on addressing the challenge of crashes or injuries happening due to the failure of the software, designed with C language. MISRA worked on taking care of the undefined and unspecified behavior of the C language and came up with the MISRA C guidelines for developers to design and develop the most secure and reliable software for automobile industries.
Possible Challenges could occur due to Negligence of MISRA C Guidelines in Automotive Software Development
- Cybersecurity Issue in Automotive: The NHTSA has reported one of the facts, where the two hackers were able to hack the automotive system, designed by one of the giant automotive manufacturers. These hackers were able to disable the car’s brake and take control of the steering wheel. This was an eye-opening incident that happened in the automotive industry where the automobile manufacturers need to act proactively on designing the most secure embedded software and provide more safety and confidence to buyers
- Unintended Acceleration by Electronic Throttle Control System: Electronic throttle control system (ETCS) has cruise control which is the feature meant to learn the behavior of the driver on the usage of the accelerator pedal while the user is driving their vehicle and replicate the same behavior by generating the same acceleration using the actuator which helps in maintaining the speed of the vehicle and ensure the comfort and feeling for relaxation even for the long drive. The NHTSA has reported about the ETCS software failure which generates the Unintended Acceleration and can be avoided only if the drivers remove their foot fully from the brake pedal
The software was found malfunctioning, as one of the important MISRA C rules is being violated which leads to the stack overflow in one of the recursion routines and ending up in the corruption of the data, due to which the software was making their decisions based on auto acceleration
- Malfunctioning of Airbag Deployment During the Crash: One of the most important systems for the safety of the occupant for the automotive industry is the Airbag Deploying System. The NHTSA has reported such a case for the vehicle manufactured by one of the automotive giants, where the software for the airbag system could not detect the condition of the crash during the certain driving condition and failed to deploy the airbags and leads to the life of the occupant at stack
- Software Failure in Ignition On/Off System: This scenario has also happened in the past, where the car software failed and it didn’t allow the occupant of the car to switch off the engine even if they removed the key
The increased demand in the automotive industry leads to a challenge for the manufacturers and the developer to ensure the software quality including the safety and security of the user. This can be achieved or the probability can be minimized to a greater extent using the defined guidelines of MISRA C.
With extensive experience and expertise, VOLANSYS helps Automotive companies in designing and developing full-proof, secure and connected automotive solutions for new edge cars. We also design and certify the rugged, fail-safe hardware system to function and deliver robust firmware design with a standardized software framework complied with MISRA C standards.
Let’s quickly go through with one of the success stories where VOLANSYS helped their automotive clients in ensuring the MISRA C 2012 compliance for their custom MIPI driver. The client is a US-based leading manufacturer and offers analog and digital solutions to their Automotive customers. They wanted VOLANSYS to help them in achieving the MISRA C 2012 compliance for their MIPI driver without compromising the backward compatibility of the driver code and McCabe cyclomatic complexity to meet automotive software compliance requirements.
VOLANSYS has ensured the total 2.5K lines of MISRA C 2012 code compliance and delivered a better, safe and more reliable source code in 3 weeks without impacting the code coverage, McCabe cyclomatic complexity and total usage of Stack and RAM of the existing source code.
About the Author: Brijesh Thakkar
Brijesh Thakkar is working with VOLANSYS as an Associate Project Manager and has more than 12 years of experience working with Semiconductor and Embedded Product companies. He has expertise in Architecting, Designing, and Developing Solutions focussed on the areas of BSP, IoT, and Embedded Systems with expertise in Debugging, Embedded C Programming, Linux Device Driver Programming and Linux Kernel Programming on the various Platforms & SoCs.