Skip to main content
All industries

Automotive

Functional Safety Assurance

Formal verification for ISO 26262 ASIL-D, MISRA C compliance, and AUTOSAR component safety. We help automotive software teams produce the evidence that safety assessors require.

The challenge

ISO 26262 demands more than test coverage

ISO 26262 ASIL-D software requires that safety goals are verified by a combination of techniques. Formal verification is explicitly listed as a highly recommended method — and for the most demanding safety requirements, it may be the only way to produce adequate evidence.

For concurrent software — AUTOSAR-based ECUs with multiple tasks sharing memory — testing cannot systematically cover thread interleavings. ESBMC's concurrency analysis can prove the absence of data races and deadlocks across all possible interleavings.

Target sectors

OEM ECU software (powertrain, body, chassis)
ADAS perception and decision software
EV powertrain and battery management systems
Tier-1 AUTOSAR component suppliers
Autonomous driving software (UL 4600)
V2X communication stacks

Compliance

Standards we address

ISO 26262

Road vehicles — functional safety. ESBMC produces formal assurance evidence for ASIL A through ASIL D software.

SOTIF / ISO 21448

Safety Of The Intended Functionality — particularly relevant for ADAS and autonomous driving.

MISRA C 2023

ESBMC can formally verify MISRA C compliance properties beyond what static analysis tools check.

AUTOSAR C++14

Formal verification of AUTOSAR adaptive and classic platform components.

UL 4600

Safety for evaluation of autonomous products — formal methods are central to UL 4600 assurance cases.

Our role

How we help

ASIL-D safety evidence

We produce formal verification reports suitable as evidence in ISO 26262 ASIL-D software safety analyses — with full traceability from requirement to verification result.

Concurrency verification

ESBMC's thread-aware analysis formally proves the absence of data races and deadlocks in AUTOSAR/OSEK concurrent software — a class of bug that testing rarely catches.

MISRA C formal compliance

Beyond rule-checking tools, ESBMC can prove that MISRA C safety properties hold across all execution paths, not just the ones your tests cover.

ECU firmware verification

We have experience verifying embedded C firmware — the same techniques applied to Intel's 190,000 LOC Power Management firmware apply to automotive ECU codebases.

Working toward ISO 26262 sign-off?

Let's discuss how formal verification fits into your safety plan. We work with OEMs, Tier-1 suppliers, and tool vendors from ASIL A to ASIL D.

Book a discovery call