Tool Chain Qualification in Safety Critical SystemsTweet
Safety critical software usually entails some kind of certification, qualification or approval from a standards body in order to be productized and used by the public. The requirements and terminology varies from industry to industry but a common requirement among these various industries is adequate due diligence in development to satisfy the safety integrity level the product is designed for.
A piece of the puzzle that’s important to software tool vendors like GrammaTech is tool qualification which is required by these safety standards to assure that the results provided by a tool are correct. Many of the results used as proof of due diligence, good software practices and testing coverage come from software automation tools like CodeSonar. Our customers often have to prove to their respective auditors that our tools are producing correct results.
Depending on what kind of product CodeSonar is used on, there are different options for qualification. CodeSonar is certified by TÜV SÜD for IEC 61508 (general safety critical systems), ISO 26262 (automotive) and EN 50128 (railway systems.) This simplifies the qualification process in those particular systems and in most cases, standards that are derivatives of IEC 61508.
GrammaTech also provides a qualification kit. This kit which provides information, as well as tests, processes and guidelines needed to prove correct functionality of CodeSonar in your environment. The difference between the certificate and the qualification kit is that the kit helps you express how you are using static analysis and how this helps your certification activities. It clarifies and simplifies the certification process. It also allows you to adjust to changes in your environment quickly. Changes could be a new compiler, new header files, new version of the RTOS and so forth.
What about other tools?
Usually, any tool that has an impact on correct functionality of running application will need to be qualified. If a tool impacts the code in some way, generates code, tests or analyzes it, certification organizations want to be sure the product is working correctly. In some cases, vendors can qualify their tool with a certification body like TÜV ahead of time. In other cases, certifications might not exist, in which case, qualification kits are very handy.
What about the compiler, probably the most critical part of the tool chain? If using an open source compiler like GCC there won’t be a certification to rely on. Commercial vendors may or may not cater to safety critical applications and, more than likely, existing certifications won’t apply to your particular target system. This is an interesting point and something our partner Solid Sands addresses. They provide a compiler validation suite that proves correct compiler functionality on host and embedded target environment. Solid Sands provides a very comprehensive test suite that’s likely of interest to CodeSonar customers as well. A description of compiler validation and their solution is available here.Conclusion
Tool qualification is a fact of life in most safety critical projects. In cases where existing certification apply, the process can be straightforward. In other cases, qualification requires more work on our customers part and for that, we supply a qualification kit to ease the burden.