Compliance to IEC 61508 with the LDRA tool suite®
Overview
In response to the increased use of electronic systems within the industrial automation and particularly in recognition of their application to safety critical functions, the IEC 61508 standard has been created in order to comply with needs specific to the application sector of electrical / electronic / programmable electronic (E/E/PE) systems for industrial automations.
The standard provides detailed industry specific guidelines for the production of all software for electrical and electronic systems, whether it is safety critical or not. It provides different Safety Integrity Levels (SILs) for assessment of risks involved in E/E/PE systems.
There are four levels of SILs (SIL 1-4 in IEC 61508) to specify the necessary safety measures for avoiding an unreasonable residual risk, with SIL- 4 representing the most stringent level.
Intended to provide confidence in the safety of Industrial electrical / electronic / programmable electronic (E/E/PE) systems, IEC 61508 (Part 3) covers the complete safety software lifecycle including phases like planning, development and integral processes to ensure correctness, control and confidence in the software. These integral processes include requirements traceability, software design, coding and software verification and validation.
IEC 61508:2010 (Part 3) applies to any software forming part of a safety-related system or used to develop a safety-related system. It provides specific requirements applicable to support tools such as development and design tools, language translators, testing and debugging tools, configuration management tools. Forward and Backward traceability with respect to the requirements at every stage of development and testing has become is an addition to the new release of the IEC 61508:2010 (Part 3) as compared to Edition 1 of IEC 61508. For the more demanding SIL levels, the latest release also includes new references to the achievement of the highest levels of structural coverage (Statement, Branch/Decision, and LCSAJ (Linear Code Sequence and Jumps)) and MC/DC (Modified Condition/Decision Coverage).
Both software analysis and requirements traceability tools are essential for cost conscious projects. The LDRA tool suite® provides the most comprehensive requirements traceability, source code analysis, structural coverage and unit testing facilities for assisting organisations to meet IEC 61508 (Part 3) Edition 1 and IEC 61508:2010 for software development and verification activities. As the application of IEC 61508 becomes more widespread it is essential that the choice of tools of choice are based on known expertise.
IEC 61508 Compliance
Ensuring software safety and requirements traceability with the LDRA tool suite®
The generic IEC 61508 standard was designed for use as the foundation for other industry specific standards. Previous examples of such adaptations include the CENELEC prEN 50128 standard in the rail industry, IEC 62304 in the medical industry and IEC 61511 standard in the process industry.
It also has much in common with the DO-178B standard seen in aerospace applications, particularly with respect to the requirement for MC/DC (Modified Condition/Decision Coverage) and the structural coverage analysis process. The LDRA tool suite has a long, proven track record of ensuring compliance to such standards, and is therefore the logical choice for working in accordance with IEC 61508.
The use of traceability and analysis tools for a project that must meet the IEC 61508 standard offers significant productivity and cost benefits. Tools make compliance checking easier, less error prone and more cost effective. In addition, they make the creation, management, maintenance and documentation of requirements traceability straightforward and cost effective. When selecting a test tool to assist in achieving compliance to IEC 61508 the following criteria should be considered:
- Does the tool provide a complete forward and backward Requirements Traceability to enable linkage and documentation from all levels to the source code and associated test cases?
- Does the tool have comprehensive fault and coding standards checking capability?
- Does the tool enable analysis for all Structural Coverage Analysis requirements?
- Can the tool perform MC/DC analysis in assignment statements as well as conditional statements?
- Is there tool availability for all the languages required in your project?
- Has the tool been utilised in this manner successfully already?
- Is tool support both flexible and extensive enough to meet changing requirements?
- Is the tool designed to support embedded systems?
- Can the tool support on target testing?
- Is the tool easy to use??
The LDRA tool suite meets all of these criteria.
Traceability
Traceability with the LDRA tool suite - LDRA tool suite highlights - IEC 61508 (Part 3)
The term "traceability" (or Requirements Traceability) refers to the ability to link system requirements to software safety requirements, and then from software safety requirements to source code and the associated test cases. Traceability is highly desirable in ensuring the verifiability deemed necessary by the standard, which also notes a requirement for bi-directional traceability. That would be very difficult to meet without using an automated traceability tool.
A key element of IEC 61508 (Part 3) is the practice of allocating technical safety requirements in the system design and developing that design further to derive an item integration and testing plan, and subsequently the tests themselves. It implicitly includes software elements of the system, with the explicit subdivision of hardware and software development practices being dealt with further down the "V" model.
TBreq assists here through its requirements traceability features. Not only does this facility aid in the recording of the results of any walkthrough (for instance) but it will also highlight any such actions which require revisiting in the event of a change to the requirements.
Highlights
LDRA tool suite highlights - IEC 61508 (Part 3)
Software Design, Implementation and Testing
IEC 61508 (Part 3) details the software development process of the product as design and coding work continues. It specifically addresses:
- The software architectural design
- Software unit design and implementation
- Software unit testing, and
- Software integration and testing
As these themes are developed in this part of the standard, it becomes clear that irrespective of the ASIL level involved assistance is available from the LDRA tool suite every step of the way.
Software Architectural Design
For instance, the standard calls for the "verification of the architectural design". Graphical artefacts generated by the LDRA tool suite are ideally suited to the review the implemented design against the design artefacts either by walkthroughs or inspections.
Software Unit Design and Implementation
LDRA Testbed and TBvision both have extensive standards checking capability, including industry leading compliance to the MISRA-C:1998, MISRA-C:2004 or MISRA C++:2008, CERT C or Netrino C standards, as examples.
During software unit design and implementation, IEC 61508 (Part 3) calls for coding standards to ensure the use of sound design principles for software unit implementation.
Software Unit Testing
The standard requires that "Software unit testing shall be planned, specified and executed..." TBrun provides a graphical user interface for unit test specification, to create tests according to the defined specification, and to present a list of all defined test cases with appropriate pass/fail status.
Automatic creating of the test harness, stubbed functions and even test vectors (if desired) mean that unit test execution becomes a quick and easy process, requiring a minimum of specialist knowledge.
Software Integration and Testing
LDRA Testbed and TBrun have the capability to provide Structural Coverage Analysis, both at system test level and at unit test level. The coverage data derived from these approaches can also be combined to provide the most effective way of working for the particular needs of a development project.
Addressing all ASIL levels with the LDRA tool suite
The LDRA tool suite is widely used for on target testing of embedded systems, in the development of software to meet DO-178B and in other IEC 61508 based standards such as CENELEC prEN 50128. This illustrates how the LDRA tool suite is equipped to support even the most demanding SIL level 4 application.
Seamless integration with the target hardware ensures that target testing is as efficient and effective as possible, with a host of mechanisms available to optimise the extraction of test data from the target system.
Integration with Eclipse based operating systems takes that integration one step further, whilst upstream integration with UML tools such as IBM Rational Rhapsody provides an integrated test environment throughout the software development process.