Development of 
Safety-Critical Systems:
The Timing Aspect

Timing issues that remain undetected or unresolved in a safety-critical system will compromise safety – to an extent and in a way that is rarely predictable.

Challenges

In safety-critical systems, such as vehicles that support autonomous driving features from advanced driver assistance systems to fully autonomous driving, machines have to make decisions that should be much safer than the decisions of human drivers facing exactly the same driving scenario. Under certain circumstances, the decisions and reactions made by machines are already superior to those of a human driver.

 

Engineers who develop safety-critical systems face numerous challenges. The huge number of scenarios advanced safety critical systems have to deal with and the proper abstraction of the environment based on data delivered by sensors of different types are among the rather obvious challenges. However, there are other challenges that arise from the intrinsic properties of the safety-critical system itself, such as the effect of physical parameters like temperature or mechanical stress on safety, or taking care of all the requirements of safety-compliant development and production processes. 

The Timing Aspect

The behavior of a complex safety-critical system itself puts another challenge on top, that is – based on what we learned from our customers – rarely taken into account adequately. This behavior may result in serious quality issues that will become visible in the later phases of the development process and that are typically difficult to fix without introducing significant design changes. Such issues will be happening sporadically, and after digging deeply into the root causes, developers often realize that these are timing issues: It’s all about the complexity introduced by sharing limited hardware resources like processors, buses and memories dynamically by multiple applications, that results in wide distributions of response times and, under certain circumstances, timing requirement violations. 

Timing issues that remain undetected or unresolved in a safety-critical system compromise safety – to an extent and in a way that is rarely predictable. 

Mastering the Complexity of the Timing Aspect

INCHRON recommends the following approach to master the complexity of the timing aspect for the development of a safety-critical system:

  • Precisely define and manage timing requirements from day 1 of the development project.
  • Strictly apply and continuously monitor bidirectional traceability to timing requirements across all deliverables of the development process.
    In particular timing requirements must be appropriately verified (by means of simulation and system tests) and must be comprehensively covered by test and acceptance specifications and reports over the entire development process.
  • Systematically pay attention to the timing requirements as an integral part of the development process. As timing tends to be complex in nature, the compliance with timing requirements must be designed-in rather than tested-in or inspected-in.

Learn more about how to benefit from on-chip tracing for comprehensive timing analysis on the Infineon AURIX platform