Compliance to ISO 26262 with the LDRA tool suite®
Overview
In response to the increased use of electronic systems within the automotive industry and particularly in recognition of their application to safety critical functions, the ISO 26262 standard has been created in order to comply with needs specific to the application sector of electrical / electronic / programmable electronic (E/E/PE) systems within road vehicles.
The standard provides detailed industry specific guidelines for the production of all software for automotive systems and equipment, whether it is safety critical or not. It provides a risk-based approach for determining risk classes (Automotive Safety Integrity Levels, ASILs). There are four levels of ASILs (A-D in ISO 26262) to specify the necessary safety measures for avoiding an unreasonable residual risk, with D representing the most stringent level.
ISO 26262 translates these software levels into software specific objectives that must be satisfied during the development process. An assigned ASIL therefore determines the level of effort required to show compliance with the standard. This means that the effort and expense of producing a system critical to the continued safe operation of an automobile (e.g. a steer-by-wire system) is necessarily higher than that required to produce a system with only a minor impact in the case of a failure (e.g. the in-car entertainment system).
Intended to provide confidence in the safety of automotive systems, ISO 26262 covers the complete software lifecycle: planning, development and integral processes to ensure correctness, control and confidence in the software. These integral processes include requirements traceability, software design, coding and software validation and verification.
Both software analysis and requirements traceability tools are essential for cost conscious projects. LDRA has extensive experience in this specialised area with the LDRA tool suite® which provides the most comprehensive requirements traceability, source code analysis and testing facilities for assisting companies to meet ISO 26262 software development and verification requirements. As the application of ISO 26262 becomes more widespread it is essential that the choice of tools is based on known expertise.
ISO 26262 Compliance
Ensuring compliance with the LDRA tool suite®
ISO 26262 is an adaptation of the IEC 61508 generic standard which was designed for use as the foundation for other industry specific standards. Previous examples of such adaptations include the CENELEC prEN 50128 standard in the rail industry and the IEC 61511 standard in the process industry.
It also has much in common with the DO-178B standard seen in aerospace applications, particularly with respect to the requirement for MC/DC (Modified Condition/Decision Coverage) and the structural coverage analysis process.
The LDRA tool suite has a long, proven track record of ensuring compliance to such standards, and is therefore the logical choice for working in accordance with ISO 26262.
The use of traceability and analysis tools for an automotive project that must meet the ISO 26262 standard offers significant productivity and cost benefits. Tools make compliance checking easier, less error prone and more cost effective. In addition, they make the creation, management, maintenance and documentation of requirements traceability straightforward and cost effective. When selecting a test tool to assist in achieving compliance to ISO 26262 the following criteria should be considered:
- Does the tool provide a complete 'bi-directional' Requirements Traceability capability to enable linkage and documentation from all levels to the source code and associated test cases?
- Does the tool have comprehensive fault and coding standards checking capability?
- Does the tool enable analysis for all Structural Coverage Analysis requirements?
- Can the tool perform MC/DC analysis in assignment statements as well as conditional statements?
- Is there tool availability for all the languages required in your project?
- Has the tool been utilised in this manner successfully already?
- Will the tool vendor assist in tool qualification?
- What is the certification pedigree of the tool vendor?
- Is tool support both flexible and extensive enough to meet changing requirements?
- Is the tool designed to support embedded systems?
- Can the tool support on target testing?
- Is the tool easy to use?
(The LDRA tool suite meets all of these criteria.)
Traceability
Traceability with the LDRA tool suite - ISO 26262 (Parts 4 and 6)
The term "traceability" (or Requirements Traceability) refers to the ability to link system requirements to software safety requirements, and then from software safety requirements to source code and the associated test cases. Traceability is highly desirable in ensuring the verifiability deemed necessary by the standard, which also notes a requirement for bi-directional traceability. That would be very difficult to meet without using an automated traceability tool.
A key element of ISO 26262 (Part 4) is the practice of allocating technical safety requirements in the system design and developing that design further to derive an item integration and testing plan, and subsequently the tests themselves. It implicitly includes software elements of the system, with the explicit subdivision of hardware and software development practices being dealt with further down the "V" model.
ISO 26262 (Part 6) then goes on to deal with the initiation of product development at the software level, and the derivation of software safety requirements from the part 4 system level, and their subsequent verification.
TBreq assists here through its requirements traceability features. Not only does this facility aid in the recording of the results of any walkthrough (for instance) but it will also highlight any such actions which require revisiting in the event of a change to the requirements.
Highlights
LDRA tool suite highlights - ISO 26262 (Part 6)
Software Design, Implementation and Testing
ISO 26262 (part 6) details the software development process of the product as design and coding work continues. It specifically addresses:
- The software architectural design
- Software unit design and implementation
- Software unit testing, and
- Software integration and testing
As these themes are developed in this part of the standard, it becomes clear that irrespective of the ASIL level involved assistance is available from the LDRA tool suite every step of the way.
Software Architectural Design
For instance, the standard calls for the "verification of the architectural design". Graphical artefacts generated by the LDRA tool suite are ideally suited to the review the implemented design against the design artefacts either by walkthroughs or inspections.
Software Unit Design and Implementation
During software unit design and implementation, ISO 26262 calls for coding standards to ensure the use of sound design principles for software unit implementation.
LDRA Testbed and TBvision both have extensive standards checking capability, including industry leading compliance to the MISRA C and C++ standards mentioned in the ISO 26262 standard itself.
Software Unit Testing
The standard requires that "Software unit testing shall be planned, specified and executed..." TBrun provides a graphical user interface for unit test specification, to create tests according to the defined specification, and to present a list of all defined test cases with appropriate pass/fail status.
Automatic creating of the test harness, stubbed functions and even test vectors (if desired) mean that unit test execution becomes a quick and easy process, requiring a minimum of specialist knowledge.
Software Integration and Testing
LDRA Testbed and TBrun have the capability to provide Structural Coverage Analysis, both at system test level and at unit test level. The coverage data derived from these approaches can also be combined to provide the most effective way of working for the particular needs of a development project.
Addressing all ASIL levels with the LDRA tool suite
The LDRA tool suite is widely used for on target testing of embedded systems, in the development of software to meet DO-178B and in other IEC 61508 based standards such as CENELEC prEN 50128. This illustrates how the LDRA tool suite is equipped to support even the most demanding ASIL level D application.
Seamless integration with the target hardware ensures that target testing is as efficient and effective as possible, with a host of mechanisms available to optimise the extraction of test data from the target system.
Integration with Eclipse based operating systems takes that integration one step further, whilst upstream integration with UML tools such as IBM Rational Rhapsody provides an integrated test environment throughout the software development process.