Building safe and scalable automotive systems with Functional Safety, containers, and DDS

As the automotive industry accelerates toward software-defined vehicles (SDVs), developers face two primary challenges: building modular, high-performance software and ensuring operational safety under all conditions. In this blog post, we will explore how functional safety, containerized workloads, and DDS-based real-time communication form the foundation of a resilient AV system—optimized to run on Arm.

Functional Safety: The foundation of Automotive Software

Functional Safety ensures that automotive software systems behave predictably—even in the presence of faults. Governed by standards such as ISO 26262, it is not just about compliance—it’s about engineering confidence into every line of code.

For example, if sensor data becomes unreliable, a functionally safe system can detect the fault and shift into a safe mode, avoiding dangerous behavior. This requires:

• ASIL-based risk assessment and HARA workflows
• Fault detection, exception handling, and fallback logic
• Redundant system design across hardware and software layers

In SDVs, functional safety is not optional, it is essential.

But how do we translate these safety principles into tangible software architecture? A monolithic system, where a single fault can cascade and bring down the entire stack, is simply not an option. This is where a modern, container-based approach becomes critical.

Modularizing workloads for safety through containerization

By splitting key functions—like perception, planning, and control—into separate, isolated containers, we directly address the requirements of functional safety. This architecture provides the "firewalls" necessary for fault isolation, preventing an error in one module from affecting another. It unlocks:

• Fine-grained error recovery (restart only the failed module)
• Reduced cross-module dependencies, enhancing maintainability
• Easier implementation of OTA updates and safety validations

This modular, containerized architecture provides the necessary fault isolation. However, it also introduces a new challenge: how do we ensure these distributed, independent modules can communicate with each other in a way that is real-time, reliable, and deterministic? A failure in communication is just as critical as a failure in computation.

DDS: Building a deterministic data flow for ROS 2

This is the precise problem that the Data Distribution Service (DDS)—the middleware backbone of ROS 2—is designed to solve. It provides a loosely-coupled, real-time communication framework that is essential for scalable AV systems. It offers:

• Topic-based publish-subscribe with configurable QoS
• Multi-sensor fusion and selective data delivery
• Resilience across distributed, containerized nodes

DDS enables robust communication, even when modules run independently across CPUs or devices, without sacrificing the determinism required for safety.

Start your safety-first SDV journey on Arm

This blog post introduces the architectural pillars of safe and scalable AV design—but the real value lies in implementation. Arm’s Learning Path provides detailed, developer-ready guides to help you build:

• Functionally safe ROS 2 systems
• Modular containers with Docker Compose
• DDS-based data flows with runtime QoS tuning
• Multi-instance simulations on Arm-based hardware (Graviton, Neoverse, and more)