How does Automotive or medical grade code looks like?

Has anyone made project for certified automotive or medical grade equipment? I would like to know how code are coded for those applications looks like. Of course component have to be rated for that use cases but how about the software?

For example the microcontroller that supevises the injection of fuel in fuel injection engines how are they coded?

if(timeToInjectFuel)
 injectFuel();

Straightfoward as that? where timeToInjectFuel could be either a timer Interrupt or a sensor inside the engine generating a pulse. and injectFuel() as simple as turning the GPIO pin HIGH which inturn triggers a solenoid valve to inject fuel

In practice., timeToInjectFuel has to be something that evaluates to true Or false

But sure, code is code. What matters is how you get there and guarantee it does what’s expected

On health software only side, read the 9 chapters of IEC 62304 (2006/2015). You’ll also need to read about ISO 1497, IEC 13485, IEC 60601-1, IEC 82304,….

Read also

I think in Automotive they use the MISRA C standard, maybe you can use some of those rules in your own project.

1 Like

Development of software that may affect functional safety is not a static set of rules but a moving target. When you read standards like ISO26262 you will see that developers of these system need to use the best software practice available at the time of development.

There is plenty of information available online that will get you started. Google is your friend. Look for standards like MISRA, keywords like "functional safety" and companies like LDRA that provide tools to developers to analyze code for standard compliance as well as company specific rules.

I suspect your code would violate a few rules:

  • if() statements likely requires {} brackets
  • if() statements likely require an else statement
  • the if statement needs to use == to be explicit

There are likely more.

It’s not the ‘code’, it’s the strategy & methods.

  • Fault tolerance
  • Fail-safe
  • Redundancy
  • Diversity

Then start on the code.

  • Non-blocking
  • Responsive
  • Manual capability if needed.

There's this famous aerospace code:


It caused Ariane 5 to blow up. (and it looks AWFUL. <expletive> "AdaTran")

See also https://www.edn.com/toyotas-killer-firmware-bad-design-and-its-consequences/

1 Like

No, Standard components from a reputable distributor are fine. But the company that produces the equipment/circuit boards, etc. MUST be FDA certified. We were asked many times, but were not willing to pay the costs for certification.
Paul

From my limited knowledge -
If this is for a personal project and it's nothing dangerous, don't worry about it! I put some sound-activated lights in the back of my van so that's "automotive" but nothing terrible can happen... almost...

If it's a breaking system for your car, or you're trying to make a pacemaker or something that could make a patient overdose, etc., don't do it!

Most of this stuff is about procedures, certification, quality control, documentation, etc. Companies mostly make their own procedures. Those procedures have to "make sense" and they have to demonstrate/document that they are actually following their procedures (not deviating from the documentation, etc.).

i.e Do you have a procedure for documenting software changes? Do you have a procedure for validating software (and software changes/corrections) and is this procedure valid and reliable? Do you have a procedure for making sure any "necessary" software/firmware updates are applied to units/software in the field? Can you document that you're actually following those procedures?

I've also noticed that the regulation & QA people check/audit things that are easy to check. Where I work we have to check our ground straps every morning before we start. It's recorded by "the computer" and if you don't do it (or if you fail and don't correct it) you'll get a warning email. It's important but it's not the MOST important thing, just easy to check/monitor.

I think maybe ONCE I've blown a circuit with static discharge because I wasn't grounded. The last place I worked we were rather lax and there were no actual problems. (The risk might depend on the humidity where you live.)

There was one FDA inspector for a company that I used to work for and he'd spend a half-day or a day until he found something wrong... Then he'd write it up and he was "happy" and he'd leave.

There's no way you'd ever get a "homemade" medical device approved. But if you want to build something to monitor your own heart rate (or something like that) nobody is going to stop you. But if you work for a doctor and you bring it into the office, that could be a problem.

it would seem that this falls into the category of "if you have to ask the question, you are not ready to perform the task"

I think an instructor asked the class, if you were on a plane at 30,000 feet and you know that the software controlling the plane was written by your and your team.
by a show of hands, how many would have total confidence ?

then he asked the one person who raised his hand, and asked why are you so confident ?

"because I am certain that if the plane were controlled by the software written by my team, well that plane would never get off the ground !

3 Likes

I can speak only to automotive code.

  1. you must use a recognized compiler
  2. you cannot use semi documented macros like those that are common in the Arduino IDE.
  3. The code must be tested usually in the product validation testing
  4. The code must be evaluated by a 2nd programmer (or consultant**) to verify EVERY possible code path or input value is valid and will not fail.

** There are companies that offer code "checking" as a service. There is a specific name for this activity that escapes me at the moment.

There are some other requirements but the above are all I can remember tonight.

1 Like

I should have stated in my post #9 that we were dealing with imbedded controllers with a manageable amount of code.

For major vehicle systems I expect a different approach, however were were working to a vehicle specification so perhaps it does apply. Especially for safety / vehicle function code.

Oddly enough, the most complex bit of code on a vehicle ECM is the level sender code. Sloshing fuel, driving / parking on an angle makes the level sender information difficult to unwind.

I won't be "working" for a doctor, but I will be trying to get a specialist interested in my monitoring project. Could you expand on the type of problems that scenario might create?

@claude_j_greengrass If somebody dies while monitored by your medical device, you may end up in jail and be liable for more money than you will ever earn in your life.
Medical devices are used on people that have medical issues. That is their function.
If something happens, you need to be able to proof that you developed your medical device to the best practices know today. For a single developer that is simply not possible.

So the moral of the story is that OP should try to sell it to a company that makes medical equipment already?

No, the moral of the story is the OP should form a corporation so he can protect his assets, but has to have more than one shareholder, otherwise the corporation is a sham. Then the corporation should license the product to other companies.
Paul

Monitoring a medical condition doesn't always involve life/death conditions. In the case of Essential Tremors and Parkinson's Disease, the long term prognosis of either condition is still not well understood nor well studied. Both conditions get worse with age.

Longitudinal studies, particular of ETs, is a sadly neglected study area. Something I hope to make a minor contribution to.

The world is not just populated by compassionate developers like you but also people in a bad situation and lawyers that take advantage of the situation.

Before you work with a real patient get some advice from a lawyer to cover yourself.

I wish you all the best for your project and hope you can help some people.

That’s an interesting point…
Even if your device has no direct association with the ‘cause of death’, a good prosecutor may suggest the failing of the device led professionals to ignore ‘real’ life threatening symptoms…. masked by incorrect output or indications from the device.

While full liability probably wouldn’t be ascribed to you or the device, you might get off with 20% exposure to the $50million settlement. :scream:

That of course depends on where you live and the local laws...

Before a device is accepted as "medical grade" it has to go through lots of validation and certification if there is even a remote chance that it might lead to bad consequences.