1、Reference number ISO/TR 15497:2000(E) ISO 2000 TECHNICAL REPORT ISO/TR 15497 First edition 2000-11-01 Road vehicles Development guidelines for vehicle based software Vhicules routiers Guide pour le dveloppement de logiciels installs bord de vhiculesISO/TR 15497:2000(E) PDF disclaimer This PDF file m
2、ay contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the res
3、ponsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creat
4、ion parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO 2000 All rights reserved. Unless
5、 otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO cop
6、yright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.ch Web www.iso.ch Printed in Switzerland ii ISO 2000 All rights reservedISO/TR 15497:2000(E) ISO 2000 All rights reserved iii Foreword ISO (the International Organization for Standardizat
7、ion) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be r
8、epresented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards
9、 are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an Internat
10、ional Standard requires approval by at least 75 % of the member bodies casting a vote. In exceptional circumstances, when a technical committee has collected data of a different kind from that which is normally published as an International Standard (“state of the art“, for example), it may decide b
11、y a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and does not have to be reviewed until the data it provides are considered to be no longer valid or useful. Attention is drawn to the possibility that some of the
12、 elements of this Technical Report may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TR 15497 was prepared by the United Kingdom Motor Industry Software Reliability Association (MISRA) as guidelines published in 1994, and was ad
13、opted (without modifications except those stated in clause 2 of this International Standard) by Technical Committee ISO/TC 22, Road vehicles,S u b c o m m i t t e eS C3 ,Electrical and electronic equipment.ISO/TR 15497:2000(E) iv ISO 2000 All rights reserved Road vehicles Development guidelines for
14、vehicle based software 1 Scope This Technical Report provides safety-related guidelines for the development of vehicle based software. 2 Recommendations The technical recommendations are those made in the following publication (reproduced on the following pages), which is adopted as a Technical Repo
15、rt: Development Guidelines for Vehicle Based Software, Motor Industry Software Reliability Association (MISRA), United Kingdom, 1994. For the purposes of international standardization, the modifications outlined below shall apply to the specific clause and paragraphs of the MISRA publication. Page i
16、 to iv (of the MISRA publication) This is information relevant to the MISRA publication only. Page 73-75 Clause 6 Substitute the following for the corresponding references. 10 ISO 9001, Quality systems Model for quality assurance in design, development, production, installation and servicing. 15 ISO
17、 11748 (all parts) 1) , Road vehicles Technical documentation of electrical and electronic systems. 25 ISO 11898, Road vehicles Interchange of digital information Controller area network (CAN) for high- speed communication. 26 ISO 11519 (all parts), Road vehicles Low-speed serial data communication.
18、 29 ISO 14230 (all parts), Road vehicles Diagnostic systems Keyword Protocol 2000. Insert the following reference. 24 EMC standards and technical reports applicable to road vehicles: ISO 7637 (all parts), Road vehicles Electrical disturbance by conduction and coupling ; ISO /TR 10305, Road vehicles
19、Generation of standard EM field for calibration of power density meters from 20 kHz to 1 000 MHz ; ISO/TR 10605, Road vehicles Electrical disturbances from electrostatic discharge ; 1) To be published.ISO/TR 15497:2000(E) ISO 2000 All rights reserved v ISO 11451 (all parts), Road vehicles Vehicle te
20、st methods for electrical disturbances by narrowband radiated electromagnetic energy ; ISO 11452 (all parts), Road vehicles Component test methods for electrical disturbances by narrowband radiated electromagnetic energy. 3 Revision of the MISRA publication It has been agreed with the Motor Industry
21、 Software Reliability Association that ISO/TC 22/SC 3 will be consulted in the event of any revision or amendment of the MISRA publication. To this end, the British Standards Institution (BSI) will act as a liaison body between MISRA and ISO.ISO/TR 15497:2000(E) vi ISO 2000 All rights reserved First
22、 published November 1994 by The Motor Industry Research Association Watling Street Nuneaton Warwickshire CV10 0TU http:/www.misra.org.uk The Motor Industry Research Association, 1994, 2000 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted
23、 in any form or by any means, electronic, mechanical or photocopying, recording or otherwise without the prior written permission of the Publisher. ISBN 0 9524156 0 7 British Library Cataloguing in Publication Data. A catalogue record for this book is available from the British Library.ISO/TR 15497:
24、2000(E) ISO 2000 All rights reserved vii i Development Guidelines For Vehicle Based Soft ware November 1994 The Motor Industry Software Reliability AssociationISO/TR 15497:2000(E) viii ISO 2000 All rights reserved Foreword ii As coordinator of the Safety Critical Systems Research Programme, supporte
25、d by the Department of Trade and Industry and the Engineering and Physical Sciences Research Council, I am pleased to support the publication of these guidelines. In this programme we have been concerned to ensure that the results of research should not be buried in learned papers, but promulgated i
26、n ways which will affect practice in industry. We have therefore sought the involvement of user organizations so that the work based on an understanding of their real industrial needs, and so that the results will be credible to their peers. The MISRA Study, with its combination of vehicle and equip
27、ment manufacturers, has admirably realized that ambition. The voluntary nature of the guidelines is important. They were produced voluntarily, for the benefit of both the industry and the public. Their adoption will also be voluntary. This has encouraged the MISRA consortium to develop guidelines wh
28、ich offer genuine benefits for their users, rather than burdensome restrictions. The renowned cost-consciousness of the automotive industry might be thought by some to diminish its contribution to technological development. On the contrary: while this industry is properly cautious in the interests o
29、f safety, the fiercely competitive market and the public exposure of any problems ensures that the commercial value of new technology is thoroughly evaluated. This sector is a hard proving-ground for technology. So, while many of the issues on which the MISRA consortium has concentrated are specific
30、 to vehicles, other sectors might do well to see what they might glean from the trends here. Bob Malcolm DTI-EPSRC Safety Critical systemsISO/TR 15497:2000(E) ISO 2000 All rights reserved ix Foreword (continued) iii The motorist gains many benefits, including enhanced safety features, from advances
31、in vehicle electronics. The development of software is a specialized and often complex area where much relies on an effective approach by those directly involved. I welcome MISRAs initiative and efforts in developing these safety related guidelines and advice under a joint DTI, EPSRC and industry fu
32、nded programme. The guidelines reflect a responsible and serious industry attitude to safety issues. Malcolm Fendick BSc CEng FIMechE Chief Mechanical Engineer Department of Transport The use of electronic systems in vehicles has increased significantly over recent years and will continue to increas
33、e. Much time and resources are being committed by vehicle manufacturers to deal with the compatibility of such systems in particular the problem of interference from external sources. The vehicle owner expects his vehicle to be reliable and safe, and this includes the electronic systems. Electronic
34、systems are dependent on the software provided by the manufacturer. The greater complexity of such systems is increasing the need to maintain software quality and reliability. This has resulted in the need for a unified approach to software design. It is therefore pleasing that an independent group
35、has produced these guidelines on vehicle-based software which will be of benefit to the Motor Industry and also more importantly the motorist. K B Barnes Head of Engineering SMMTISO/TR 15497:2000(E) x ISO 2000 All rights reserved Acknowledgements iv The MISRA consortium would like to thank the follo
36、wing organizations for their support of the study that produced these Guidelines: AB Automotive Electronics Ltd (CM) AP Borg & Beck (CM) Delco Electronics (CM) Department of Trade and Industry Department of Transport Ford Motor Company Ltd (CM) Jaguar Cars Ltd (CM) Lotus Engineering (CM) Lucas Elect
37、ronics (CM) Rolls-Royce and Associates Ltd (C) Rover Group Ltd (CM) The Centre for Software Engineering Ltd (C) The Motor Industry Research Association (PM, C) The Society of Motor Manufacturers and Traders Ltd The University of Leeds (C) Key CM controlling member of the MISRA consortium PM project
38、manager C consultant The MISRA consortium would like to thank the following individuals for their contributions to these Guidelines: Alex Abbot Klaus Allen Neil Andrewartha Nigel Barrett Terry Beadman Nick Bennett Colin Bowles Tom Buckley John Comfort Nick Dunn Paul Edwards Simon Farrall John Fox Vi
39、vien Hamilton Nick Heatley Keith Hobley Peter Jesty Edward Jones Ian Kendall Keith Longmore Paul Manford Chris Marshall Josh McCallin Tom Monk Tony Moon Dave Newman Frank ONeill Dave Perry Mike Radford Roger Rivett Steve de la Salle Chris Shakespeare Heather Storey Ian Stothers Lloyd Thomas David Wa
40、rd Brian Whitfield Anthony Wood Marco ZasiuraISO/TR 15497:2000(E) ISO 2000 All rights reserved xi Contents v Page 1. Introduction1 1.1 Statement of mission and objectives1 1.2 Benefits to the end cust omer1 1.3 The MISRA consortium .1 1.4 Background .2 1.5 Scope and uses of the Guidelines3 1.5.1 Sco
41、pe .3 1.5.2 Uses .3 1.6 Fundamental concepts5 2. Definition of terms7 2.1 Definitions7 2.2 List of abbreviations .7 3. Software lifecycle8 3.1 Project planning .8 3.1.1 Project definition8 3.1.2 Lifecycle plans9 3.1.3 Planning for verification and validation .9 3.1.4 Assessment .13 3.1.5 Reuse .14 3
42、.2 Integrity14 3.2.1 Introduction14 3.2.2 Safety analysis15 3.2.3 Human factors in safety analysis18 3.2.4 Development approaches19 3.3 Requirements specification .22 3.3.1 Whole vehicle architecture22 3.3.2 Vehicle control systems25 3.3.3 Noise and electro magnetic compatibility .28 3.3.4 Verificat
43、ion and validation of software requirements .30 3.3.5 Tools and techniques for requirements specification32 3.4 Design33 3.4.1 Real-time implications .33 3.4.2 Floating point arithmetic .36 3 .4.3 Modelling .37 3.4.4 Optimization and adaptive control .38 3.4.5 Communications and multiplexing .38 3.4
44、.6 On-board diagnostics41 3.4.7 System security .43 3.4.8 Fault management .43 3.4.9 Design for verification and validation45 3.4.10 Tools and techniques for design46ISO/TR 15497:2000(E) xii ISO 2000 All rights reserved Contents (continued) vi 3.5 Programming .47 3.5.1 Codes of practice47 3.5.2 Veri
45、fication and validation of code48 3.5.3 Programming tools and techniques48 3.6 Testing49 3.6.1 General .49 3.6.2 Dynamic tes t .49 3.6.3 Integration test .49 3.6.4 System test .51 3.6.5 Tools and techniques for testing51 3.7 Product support .52 3.7.1 Off-board diagnostics .52 3.7.2 Software maintena
46、nce .53 4. Software quality planning55 4.1 Management re sponsibilities .55 4.2 Education and experience .56 4.3 Human factors in software development .56 4.3.1 Introduction56 4.3.2 Teams and organizational structure .57 4.3.3 Individual differences and job design .57 4.3.4 Human error manageme nt .
47、58 4.3.5 The physical environment .58 4.4 Quality assurance .59 4.4.1 Standards and accreditation59 4.4.2 Checklists .59 4.4.3 Assessment of compliance59 4.4.4 Changes during production .60 4.4.5 Software process metrics60 4 .5 Documentation requirements62 4.6 Subcontracting .63 4.6.1 Introduction63
48、 4.6.2 Definitions63 4.6.3 Technical considerations .65 4.6.4 Commercial considerations .67 5. Emerging technologies70 5.1 General70 5.2 Neural netwo rks .70 5.3 Object orientation .71 5.4 Fuzzy logic71 5.5 Formal mathematical methods72 6. References 73 7. Index 76TECHNICAL REPORT ISO/TR 15497:2000(
49、E) ISO 2000 All rights reserved 1 1. Introduction 1.1 Statement of mission and objectives 1 . 1 . 1 The purpose of these Guidelines is to provide assistance to the automotive industry in the creation and application within a vehicle system of safe, reliable software. 1 . 1 . 2 Th ere has been much recent growth in the quantity and complexity of electronic controls on motor vehicles. The greater the complexity, the harder it is to maintain the software quality and reliability the cu
