By Mirko Conrad, Guido Sandmann, and Patrick Munier, MathWorks
International standards that define requirements for the development of safety-related systems typically also define required confidence levels for the software tools used to develop those systems. The standards define—to a greater or lesser extent—procedures to classify, validate, certify, or qualify tools. To date, there is no common approach for tool validation, certification, and qualification across safety standards. Different standards attach different levels of importance to tool validation, certification, and qualification, and suggest different approaches to gain confidence in the tools used. With ISO 26262 "Road Vehicles - Functional Safety" on the horizon, automotive software practitioners will need to understand and implement the new software tool classification and qualification requirements laid out in this standard. ISO 26262 is the adaptation of IEC 61508 to comply with needs specific to the application sector of electric/electronic systems (E/E systems) within road vehicles. This adaptation applies to all activities during the safety life cycle of systems composed of electrical, electronic, and software elements that provide safety-related functions. Clause 11 of ISO 26262-8 provides guidance on software tool classification and qualification. The clause applies if the safety life cycle incorporates using a software tool, such that (1) activities or tasks required by ISO 26262 rely on the correct functioning of that tool, and (2) relevant outputs of that tool are not fully examined or verified. This paper describes the tool classification and qualification approach of ISO/FDIS 26262 and summarizes the authors’ firsthand experiences with implementing this approach for development and verification tools.
This paper was presented at SAE World Congress.
Read full paper.