WATTALPS streamlines ISO 26262 BMS verification with LDRA test tools from TASKING
What is it about
Headquartered in Moirans, France, WATTALPS develops and produces modular lithium-ion battery systems capable of delivering reliable power under extreme operating conditions. The company’s high-performance battery technology is used across demanding sectors such as off-road vehicles, mining equipment, heavy trucks, and marine systems, where performance, durability, and safety are critical.
WATTALPS delivers battery systems covering voltage ranges from 48V to 800V and energy capacities from 10kWh to over 500kWh, enabling scalable electrification solutions for a wide variety of industrial and automotive applications.
The company developed its Battery Management System (BMS) to meet safety requirements in accordance with ISO 26262 ASIL C. By using LDRA tools from TASKING to automate unit testing of its embedded software, WATTALPS reduced unit test effort by approximately 50% compared to manual harness testing. This avoided around twelve months of additional development time and ultimately led to independent certification of its development processes in 2023.
Patented immersion cooling
A key differentiator of the company’s technology is its patented immersion-cooling system, in which battery cells are fully immersed in an electrically insulating dielectric fluid. This advanced thermal management enables sustained high-power peaks, repeated fast-charging cycles, and reliable operation even when exposed to extreme temperatures, shock, dust, and vibration.
Because these systems operate in safety-critical environments, WATTALPS develops its own Battery Management System (BMS) in-house. The BMS is designed to comply with stringent industrial and automotive safety standards such as IEC 62619 and ISO 26262 to help ensure safe battery operation and prevent hazards such as thermal-runaway propagation throughout the battery lifecycle.
Battery safety standards and functional safety
High-energy lithium-ion battery systems must comply with strict safety standards to ensure reliable operation and to prevent hazardous conditions during charging, discharging, or fault situations. In industrial and automotive applications, this typically involves both battery-specific safety standards and functional safety standards governing the embedded control systems that manage them.
IEC 62619 defines safety requirements for industrial lithium-ion battery systems, including protection against hazards such as overcharge, overcurrent, and overheating. In practice these protections are typically implemented by the Battery Management System (BMS). When the BMS forms part of an automotive or safety-related control system, standards such as ISO 26262 define the functional safety lifecycle used to develop and verify the embedded software responsible for these protection functions.
Derived from the more generic functional safety standard IEC 61508, the sector-specific ISO 26262 addresses functional safety for electrical and electronic systems in road vehicles. It defines a structured lifecycle for identifying hazards, assessing associated risks, and implementing safety mechanisms to reduce those risks to acceptable levels.
For battery systems, this includes the development and verification of the Battery Management System (BMS), which monitors cell voltages, temperatures, and current while enforcing safe operating limits.
ISO 26262 requires systematic testing of safety-related software components. Unit and component testing with TASKING’s LDRA tools help demonstrate that BMS software behaves correctly under both normal and fault conditions.
A WATTALPS battery system
“LDRA test tools have allowed us to run the unit-testing project far more efficiently. Compared to manual harness testing, we saved approximately 50% of test effort, reducing the development phase of the project by around 12 months. These are significant cost savings.”
Unit & component tests contribute to the safety-critical software development lifecycle
WATTALPS battery systems are also used in a wide range of industrial applications beyond the automotive sector. These environments are typically governed by safety standards also derived from IEC 61508, such as those used in machinery, industrial control, and energy systems. While the terminology differs, there are strong parallels between these standards. A system engineered to meet the rigorous development and verification practices required by ISO 26262 will typically align closely with the safety expectations associated with equivalent Safety Integrity Levels (SIL) in other domains.
Achieving ISO 26262 compliance and certification
Sylvain Basset, Embedded Software Engineer at WATTALPS, takes up the story. “Three years ago, WATTALPS undertook a project to bring its BMS into compliance with the ISO 26262 standard which is often required for automotive applications.”
The system was developed to comply with the demands of ISO 26262 Automotive Software Integrity Level C (or “ASIL C”). ASILs allow ISO 26262 to scale its development and verification requirements according to the criticality of the software being developed. ASIL C is used for systems that demand stringent safety requirements and thorough validation, since failure could result in serious injury.
“The system was designed in accordance with ASIL C from the outset. We needed to complete the mandated unit test of the BMS C++ code to be fully ASIL C compliant.” continued Sylvain. “Our project therefore consisted of using the LDRA tools from TASKING to perform unit tests on an existing embedded software package.”
“To prepare for the test campaign, we carried out a detailed analysis of the software architecture and identified all safety‑critical modules to ensure complete coverage” Sylvain said. “The unit‑testing project was carried out externally in collaboration with our partner ISIT, of Plaisance du Touch, France.”
“ISIT provided strong expertise in both functional safety and embedded software validation. The project was successfully completed, achieving full code‑coverage requirements and producing detailed traceability documentation to support ISO 26262 compliance” he concluded.
Compliance with ISO 26262 is demonstrated through the development artefacts and verification evidence produced during each project. Although the standard does not provide a formal regulatory certification scheme, organisations may seek independent assessment of their development processes to confirm alignment with its requirements. WATTALPS successfully completed such an assessment in 2023, obtaining certification that its development processes comply with ISO 26262.
Automotive manufacturers and system integrators typically require suppliers to meet the standard contractually and will review the resulting evidence to confirm compliance.
Sylvain Bassett, Embedded software
Engineer at WATTALPS
Why TASKING’s LDRA test tools?
“After reviewing alternative tools, LDRA was selected due to its widespread use in the software development industry and because we already had internal expertise and experience with it.” Sylvain explained. A combination of ease of use, code coverage capabilities, cost, and particularly the on-target test capabilities also contributed to making LDRA test tools the ideal fit
TASKING’s structured approach with LDRA allowed ISIT to systematically verify each software component against design intent and functional requirements. Automated test execution and coverage analysis provided clear, reproducible evidence of verification activities - a key advantage in regulated sectors.
Building capability and confidence
LDRA test tools from TASKING enable the WATTALPS team to use meaningful code coverage metrics and keep better track of the fulfilment of requirements. In addition, the efficiency gains have translated directly into reduced verification effort and project cost. According to Sylvain, “LDRA test tools have allowed us to run the unit-testing project far more efficiently. Compared to manual harness testing, we saved approximately 50% of test effort, reducing the development phase of the project by around 12 months. These are significant cost savings.”
The company’s emphasis on quality, safety, and efficiency aligns closely with TASKING’s own philosophy of software verification excellence, so it is no surprise that there have been demonstrable practical benefits. LDRA’s structured testing environment has streamlined the creation, execution, and documentation of ISO 26262 compliant unit tests, helping WATTALPS deliver trusted results retrospectively on existing code.
Along the way, WATTALPS’s engineers have also shared valuable suggestions for further refinement, from enhanced cut and paste facilities to the introduction of macro-like capabilities. TASKING welcomes such feedback as part of its ongoing commitment to continuous product improvement and collaboration with users in the field.
Together into the future
With the initial unit test work having been in 2023, LDRA’s automated unit and component testing is now firmly established in the WATTALPS toolkit, and it continues to contribute. As Sylvain summarizes, “Today, we continue to use LDRA to maintain unit tests as the software evolves and receives updates and bug fixes, ensuring long-term compliance and reliability. It is a valuable part of the broader strengthening of our internal development processes by integrating systematic verification practices to further improve software quality and support future certification efforts.”
In an industry where complexity and deadlines are ever more demanding, TASKING’s LDRA helps WATTALPS keep its testing firmly under control.