Driving Safety into Autonomous Vehicles
Written by Chip Downing
September 9, 2020
As more autonomous ground and air vehicles approach commercial production, the demand for proven safety strategies increases. Due to the rigors of creating a commercial-off-the-shelf (COTS) safety certification product, this is one of the more challenging endeavors a software company faces.
RTI proceeded down this path about seven years ago to help customers who require safety certification for their complex distributed systems. We published our first RTCA DO-178C DAL A certification evidence product, Connext® DDS Cert, in 2016. With the expansion of the autonomous vehicle market, both ground and air systems, the demand for safety certification evidence continues to expand. To meet this demand, RTI is working on the next version of RTI Connext DDS Cert, which will have specific capabilities to address the requirements of autonomous automotive and avionics platforms.For automotive and autonomous customers, we are adding OSEK RTOS support, QNX 7 RTOS support, and CRCs for data integrity capabilities to our certification evidence product. The first release of this product will have an ISO 26262 ASIL D safety certificate and will support the ARMv8 and Infineon Aurix TriCore architectures for autonomous driving (AD) and Advanced Driving Assistance System (ADAS) platforms.
For commercial and military avionics customers, along with new Urban Air Mobility (UAM) platforms, we are adding industry standard ARINC 653 OS APIs supporting ARINC 653 APEX queuing port transport support. For military programs with Future Airborne Capability Environment (FACE™) requirements, we are adding FACE 3.1 Transport Services Segment (TSS) certification evidence that supports the FACE Operating System Segment (OSS) Safety Base Profile. We will also add Wind River VxWorks 653 3.x RTOS support on the NXP T2080 processor. This initial configuration for airborne systems will have COTS RTCA DO-178C DAL A certification evidence.
After these two releases, RTI will target other processors, operating systems and safety standards. We currently have planned support for over eight Real-Time Operating Systems (RTOS) and six microprocessor families, so our customers will have a rich and powerful ecosystem of solutions to select for their next-generation systems.
Our objective is to create a new generation of safety certification evidence that will help enable highly-connected autonomous systems in any deployment environment.
COTS Certification = Significant Customer Savings
Many customers have often asked me, “Why don’t all software companies have safety certification evidence for their products?” The answer is simple -- most customers do not need this very high level of safety assurance, and therefore they are certainly not willing to pay for it.
Certification evidence is challenging to create, release and maintain. There are some significant hurdles that must be overcome when a software company decides to create a commercial certification product. These include:
- Certification is not a small, incremental investment in engineering. Creating certification evidence impacts all phases of software development and product delivery. Its costs can easily be in the range of hundreds of dollars per line of code (LoC), which can easily add up to an investment of $10 million or more on relatively small software products.
- Creating code that can be readily certified by customers into their systems is a massive undertaking for most software engineering teams. It often requires a radical, disruptive departure from existing software development processes that many software engineers will not enjoy.
- Creating this certification evidence product takes far more engineering resources than filling out certification templates or creating better requirements and testing. It impacts all aspects of the software development process, and in many cases requires a level of rigor and discipline that eludes many software developers. Many tasks require independent review.
- Certification is not a one-shot-in-the-dark effort. A long-term maintenance and support structure needs to be put in place to support the product over the entire life of a certified platform.
- Regardless of the volume of certification artifacts and quality of work, there will always need to be a services component to match customer board, microprocessor and RTOS requirements. This requires plans for continuous investment.
Developing safe autonomous systems has significant risk. RTI has made and continues to make a significant investment into safety certification evidence to help our customers reduce cost and risk while increasing the capabilities for their safety-certified products.
The entire RTI team looks forward to helping your team succeed with your next project. To learn more about our roadmap for Micro Cert or to discuss your specific program needs, please contact your local representative.
About the author
Chip Downing is Senior Market Development Director, Aerospace & Defense, Real-Time Innovations, Inc.
Chair, FACE Business Working Group Outreach Subcommittee
Vice-President, Ecosystem, DDS Foundation