The measurement of structural source code coverage is nowadays defined as an important procedure in many functional safety standards. The non-intrusive measurement of structural coverage offers completely new possibilities in the future. For a long time, it was industry-wide consensus that structural coverage should and could only be determined in so-called white-box tests. In many textbooks, the measurement of structural source code coverage is even promoted as an independent test method. The following blog post shows why things are likely to change in the future. Read more
Tag Archive for: IEC61508
The Functional Safety Basic Standard IEC 61508 is often referred to as the mother of all functional safety standards. This standard was introduced in 1998 with the intention of defining cross-industry processes and methods to be used for safety-relevant electrical, electronic and programmable electronic systems. IEC61508 is applied if no industry-specific standards are available for this area. Read more
The term tool qualification triggers an unpleasant feeling and uncertainty in many people who deal with functional safety. IEC61508 requires the certification of software tools used for software development. Other functional safety standards also require similar measures. Unfortunately, however, the same terms are not always used. IEC61508 uses the term “certified tools”, often the term “qualified tools” or tool qualification is also used.
Besides the different terms, there are also very different, partly very individual, interpretations of what exactly is to be understood by the topic. The following article attempts to contribute to the clarification of open questions in this complex of topics. The following 3 questions will be answered:
- Why do functional safety standards require the tool qualification?
- What are the requirements of IEC61508?
- How to deal with the topic in a meaningful way?
The compiler is the central “tool”, which is required for every software development. It forms the link between the human-readable high-level source code (e.g., C and C ++) and the machine code, interpretable for the hardware processor. For the development of safety critical software according to relevant functional safety standards special requirements apply for the tools used during the development. (Refer to tool qualification blog 1 and blog 2) Such functional safety standards are ISO26262 (car), EN50128 (rail), IEC61508 (automation, general) or DO178C (aerospace). The compiler plays a special role here. On the one hand, it is the central tool for any development. On the other hand, the measures proposed in the standards can not be fully applied in practice. The blog shows a process from the aerospace industry how to use compiler for safety critical systems. This process can highly be recommended for other industries. Read more
In the blog post ISO26262: Freedom from interference – What is that?, I explained the principle of Freedom from Interference. The example used was based on the automotive industry and the ISO 26262.
Now I would like to consider Freedom from Interference with respect to the industry sectors railway, aviation and automotive and share my industry experiences with you. Read more
Structural Coverage Target: The proof of a 100% structural source code coverage is required by almost all functional safety standards (IEC61508, ISO26262, DO 178C, etc.). In the individual SIL / ASIL levels, only the type of source code coverage is differentiated. Essentially, the Statement Coverage (low SIL / ASIL Level), the Branch Coverage and the MC / DC Coverage (high SIL / ASIL Level) are required. For good reasons, however, e.g. no path coverage required. These would mean that you would check all the combinations of paths that are possible in a software. This would be an extremely high multiple of test cases compared to MC / DC coverage. Read more
IEC 61508, ISO26262, DO 178C, ISO 25119: Have you ever encountered these abbreviations in your professional life? If so, there is a high probability that you are already implementing functional safety projects in your company or that you are entering the market in the near future. Perhaps you have already made the experience, or at least, heard of the fact that especially software projects in the field of functional safety can only be carried out with very high documentation / test effort. The safety development process requires this effort. In addition, such projects are very rigid, inefficient, and inflexible. Is such an argument or experience known to you? Read more
Importance of Tool Qualification : Many companies and project teams that carry out projects for the first time in the field of functional safety have the impression that the tool qualification is critical to success and involves a great deal of effort. Although the Importance of Tool Qualification is justified, the subject is interestingly often given an not adequate attention.
This effect is very similar in several, very different industries such as aerospace, automotive or industrial automation.
The following article (part 1) therefore deals with this topic. Part 2 can be found here: Tool qualification – The phantom pain of functional safety (part 2)! Read more
In my daily projects in the automotive and industrial automation industry I’m continually confronted with the following question: How many levels of software requirements have to be written? That’s an interesting question, especially if we take the aerospace industry also into account. Software requirement level are a key topic if you want to improve your requirement engineering process. Therefore, I want to highlight in this blog post this topic a bit closer. I will compare the specifications of functional safety standards IEC 61508, ISO 26262 and DO-178B / C. In the final conclusion I will provide project best practices based on my more than 15 years of experience.
In my view, a good software specification is divided into two major parts: architecture / design and textual requirements.
The architecture describes, most predominantly in graphical form, the structure and design of the software. In particular, the data and control flows are shown. The focus of textual requirements is on the description of the functionality, and the time demands on the system.
The initial question of this blog refers to the number of levels of textual requirements. Not included is the level of system requirements, which must always be present. Read more
In the functional safety, there is a method which is always used – the FMEA (Failure Mode Effects Analysis).
In particular, on system and hardware level the FMEA supports systematic analysis. There are also variants such as the FMECA and the FMEDA. In this blog post I use only the term FMEA.
In project practice very often the question is raised, whether there is also a Software FMEA needed.
I will first explain the meaning and purpose of system and hardware FMEA in fulfilling the requirements of functional safety standards such as ISO 26262 or IEC 61508. Thereafter I will consider the possible needs to perform and Software FMEA. Read more
