Ensuring Safe and Efficient AUTOSAR Development

AUTOSAR defines how software is structured. QA Systems tools prove that the software is safe.

AUTOSAR provides a standardised software architecture that underpins much of today’s automotive ECU development. While it delivers structural consistency and standardised interfaces, functional safety certification is determined by how the underlying C/C++ software is verified and not by architecture alone. When combined with rigorous static and dynamic verification, it enables OEMs and Tier 1 suppliers to achieve ISO 26262-compliant, ASIL-aligned software verification across powertrain, chassis, ADAS, and software-defined vehicle platforms.

Why AUTOSAR Alone Is Not Enough for ISO 26262

ISO 26262 compliance is achieved through rigorous software verification, regardless of whether a project uses Classic or Adaptive AUTOSAR. This includes:

• Mandatory coding-standard compliance
• Unit and integration testing
• Structural coverage, including MC/DC at higher ASILs
• Full traceability and audit-ready evidence

This is where QA-MISRA and Cantata integrate directly into AUTOSAR workflows, providing the static and dynamic verification evidence required to support ISO 26262 safety cases.

Where AUTOSAR Is Used in Safety-Critical Automotive Systems

Classic AUTOSAR Domains:

• Powertrain ECUs (torque control, fuel injection, emissions)
• Braking, steering and chassis systems (ABS, ESC, EPB, steer-by-wire)

Adaptive AUTOSAR Domains:

• ADAS and automated driving controllers (AEB, ACC, LKA)
• Software-defined vehicle platforms, OTA, V2X, EV energy management

Modern vehicles often combine Classic ECUs for actuation with Adaptive controllers for perception and planning, creating end-to-end safety-critical chains from sensor to actuator.

Using QA-MISRA in an AUTOSAR Workflow

QA-MISRA provides static analysis and coding-standard enforcement aligned with ISO 26262 Part 6 for AUTOSAR software implementation. It analyses:

• MISRA C
• MISRA C++
• AUTOSAR C++14

This ensures that BSW drivers, RTE glue code, and SWCs avoid undefined behaviour, data races, memory errors, and unsafe constructs. Typical QA-MISRA AUTOSAR Flow

• Generated and handwritten C/C++ is analysed in CI pipelines
• Project-specific rule profiles are derived from ASIL targets and HARA
• The QA-MISRA Tool Qualification Support Kit (QSK) provides ISO 26262 tool-confidence evidence

Benefits:

• Reduced manual code reviews
• Early detection of integration regressions
• Consistent enforcement across multi-supplier AUTOSAR projects

Using Cantata to Verify AUTOSAR Components

Cantata provides ISO 26262-aligned dynamic unit and integration testing and is independently certified for use up to ASIL D. Typical Cantata Applications in AUTOSAR

• Unit testing of safety-critical SWCs (e.g. brake pressure control, steering assist, torque arbitration) Using RTE and BSW stubs to achieve:
  • statement coverage
  • branch coverage
  • MC/DC coverage
• Integration testing of end-to-end safety chains (e.g. sensor fusion → motion control → brake/steering actuation) on target hardware

Cantata’s TÜV certification and ISO 26262 qualification kits provide regulators with confidence that test results can be relied upon in the safety case.

Bringing It All Together for Safety-Critical Projects

A pragmatic and certifiable approach for safety-critical automotive development is:

• AUTOSAR → architectural backbone
• QA-MISRA → static verification & defect prevention
• Cantata → dynamic verification, coverage & regression

AUTOSAR defines the structure. QA-MISRA and Cantata provide the verification evidence that the C/C++ implementation is robust, compliant, and tested to ASIL-appropriate coverage levels.

AUTOSAR Classic vs Adaptive: How QA Systems Maps Across Both

QA Systems tools operate horizontally across both Classic and Adaptive AUTOSAR. They do not replace AUTOSAR services, they verify the software that implements them.

AUTOSAR Classic: Control-Centric ECUs

Used for powertrain, chassis, airbags, EPS, and body ECUs.

• QA-MISRA enforces MISRA/AUTOSAR coding rules and provides ISO 26262 tool-qualification evidence
• Cantata performs unit and integration testing of SWCs and BSW using RTE/MCAL stubs, certified up to ASIL D

AUTOSAR Adaptive: Service-Oriented Platforms

Used for ADAS, central compute, connectivity, OTA, and domain controllers.

• QA-MISRA enforces safe C++ coding across complex Adaptive services
• Cantata validates safety-relevant shared libraries and services using structural coverage, regression testing, and fault-response validation

Cross-Cutting ISO 26262 and Tool Qualification

Classic and Adaptive AUTOSAR share the same ISO 26262 tool-qualification requirements.

• Cantata: TÜV-certified (ISO 26262 TCL 1, up to ASIL D)
• QA-MISRA: ISO 26262 Tool Qualification Support Kit

Together they provide the complete tool-confidence argument required by OEMs and Tier 1 suppliers.

Practical Mapping Summary

• Classic domain: powertrain, chassis, airbags, EPS → verify low-level C code with QA-MISRA + Cantata, apply MC/DC where required
• Adaptive domain: ADAS, central compute, connectivity, OTA → verify C/C++ services with QA-MISRA for defect prevention and Cantata for regression & safety-mechanism testing.

For more information about QA-MISRA and Cantata, visit qa-systems.com.

Author: Dylan Llewellyn