SOFTWARE TESTING TOOLS FOR EN 50128 / 50657

Achieve compliance with certified Software Testing and Static Analysis

Slider

EN 50128 / 50657

The software safety standard EN 50128 originates from the European Committee for Electrotechnical Standardisation, or CENELEC. Its full title is ‘Railway applications. Communications, signalling and processing systems. Software for railway control and protection systems’. The International published version of the CENELEC EN 50128 standard is IEC 62279. The content of both publications is identical

The standard requires that all systems with safety implications and which contain software should be assigned a Software Integrity Level (SIL), ranging from a value of 0 to 4. The standard then details in a number of ‘normative’ and ‘informative’ ways, the software development activities appropriate to each SIL which should be carried out, and evidence for the completion of which should be generated.

The standard EN 50657:2017 specifies the process and technical requirements for the development of software for programmable electronic systems for use in rolling stock applications. The standard adapts EN 50128:2011 for the application in the Rolling Stock domain, but is shares a lot in common including the definition of the Software Integrity Levels (SIL).

Testing tools for compliance with EN 50128 / 50657 recommendations

QA Systems enables organisations to accelerate EN 50128 / 50657 compliance with automated static analysis and software testing tools:

Tool Certification

EN 50128 and 50657 (section 6.1.4.2) states that tools, hardware or software, used for testing shall be shown to be suitable for the purpose. Cantata testing tool has been classified and certified by SGS-TÜV GmbH, an independent third party certification body for functional safety, accredited by Deutsche Akkreditierungsstelle GmbH (DAkkS). Cantata has been classified as a class T2 tool, and is usable in development of safety related software according to EN 50128:2011 and 50657:2017 up to Software Safety Integrity Level (SW-SIL) 4.

The tool certification kits for EN 50128 and 50657 are available to ease our customers’ path to certification. This contains everything needed to prove that Cantata fulfills EN 50128 / 50657 recommendations as well as guidance to help you to achieve compliance.

Please contact us for more information about the tool certification kit.

Cantata Certificate

Software testing for EN 50128 / 50657 compliance

EN 50128 / 50657 recommends unit and integration testing. Cantata enables developers to verify EN 50128 / 50657 compliant C and C++ code on host native and embedded target platforms. Cantata helps accelerate compliance with the standard’s software testing requirements by automating:

  • Test framework generation
  • Test case generation
  • Test execution
  • Results diagnostics and report generation

Our EN 50128 / 50657 Standard Briefings trace the requirements of EN 50128 / 50657, identifying the scope of those which are supported by Cantata and identifies how the requirements are supported by Cantata. Please contact us for more information on Cantata for EN 50128 / 50657. The EN 50128 / 50657 software testing recommendations by SIL and where these are supported by Cantata are summarised in the tables below:

EN 50128 / 50657 Table A. 5 Verification and Testing

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
2. Static AnalysisHRHRHRHRYes
3. Dynamic Analysis and TestingHRHRHRHRYes
4. MetricsRRRRYes
5. TraceabilityRHRHRMMYes
6. Software Error Effect AnalysisRRHRHRYes
7. Test Coverage for codeRHRHRHRHRYes
8. Functional/ Black-box TestingHRHRHRMMYes
9. Performance TestingHRHRHRHRYes
10. Interface TestingHRHRHRHRHRYes

EN 50128 / 50657 Table A. 6 – Integration

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
1. Functional and Black-box TestingHRHRHRHRHRYes
2. Performance TestingRRHRHRYes

EN 50128 / 50657 Table A. 7 – Overall Software Testing

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
1. Performance TestingHRHRMMYes
2. Functional and Black-box TestingHRHRHRMMYes

EN 50128 / 50657 Table A. 8 – Software Analysis Techniques

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
1. Static Software AnalysisRHRHRHRHRYes
2. Dynamic Software AnalysisRRHRHRYes
5. Software Error Effect AnalysisRRHRHRYes

EN 50128 / 50657 Table A. 13 – Dynamic Analysis and Testing

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
1. Test Case Execution from Boundary ValueHRHRHRHRYes
2. Test Case Execution from Error GuessingRRRRRYes
3. Test Case Execution from Error SeedingRRRRYes
5. Equivalence Classes and Input Partition TestingRRRHRHRYes
6. Structure-Based TestingRRHRHRYes

EN 50128 / 50657 Table A. 14 – Functional/Black Box Test

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
3. Boundary Value AnalysisRHRHRHRHRYes
4. Equivalence Classes and Input Partition TestingRHRHRHRHRYes

EN 50128 Table A. 15 – Textual Programming Languages

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
4. C or C++RRRRRYes
7. AssemblerRRRRRYes

EN 50128 / 50657 Table A. 18 – Performance Testing

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
2. Response Timing and Memory ConstraintsHRHRHRHRYes

EN 50128 / 50657 Table A. 20 – Components

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
1. Information HidingYes
2. Information EncapsulationRHRHRHRHRYes
3. Parameter Number LimitRRRRRYes
4. Fully Defined InterfaceRHRHRMMYes

EN 50128 / 50657 Table A. 21 – Test Coverage for Code

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4Cantata
1. StatementRHRHRHRHRYes
2. BranchRRHRHRYes
3. Compound ConditionRRHRHRYes
4. Data flowRRHRHRYes
5. PathRRHRHRYes

Start a free trial to evaluate Cantata using your code.

Static Analysis for EN 50128 / 50657 compliance

While Static Analysis is not Mandatory at any EN 50128 / 50657 SIL, it is the only practical way in which a coding standard (which is Mandatory for SIL 3 and 4) can be enforced.

Within the standard, Phase 7.5 (Software Component Implementation) together with Annex A (Criteria for the Selection of Techniques and Measures) address software development, placing requirements on the initiation of software development; software architectural design and software unit design and implementation. This is the main area where the Static Analysis tools are used; however, some of the information generated from the tools can also be used to assist in later stages, particularly testing.

Please contact us for more information on Static Analysis tools for EN 50128 / 50657.

The following tables are from the normative Annex A of EN 50128 / 50657 and show where Static Analysis can be used to meet the required technique or measurement.

EN 50128 / 50657 Table A. 4 – Software Design and Implementation

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4
4. Modular ApproachHRMMMM
5. ComponentsHRHRHRHRHR
6. Design and Coding StandardsHRHRHRMM
7. Analyzable ProgramsHRHRHRHRHR
8. Strongly Typed Programming LanguageRHRHRHRHR
9. Structured ProgrammingRHRHRHRHR
11. Language SubsetHRHR

EN 50128 / 50657 Table A. 5 – Verification and Testing

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4
2. Static AnalysisHRHRHRHR
4. MetricsRRRR

EN 50128 / 50657 Table A. 8 – Software Analysis Techniques

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4
1. Static Software AnalysisRHRHRHRHR

EN 50128 / 50657 Table A. 12 – Coding Standards

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4
1. Coding StandardHRHRHRMM
2. Coding Style GuideHRHRHRHRHR
3. No Dynamic ObjectsRRHRHR
4. No Dynamic VariablesRRHRHR
5. Limited Use of PointersRRHRHR
6. Limited Use of RecursionRRHRHR
7. No Unconditional JumpsHRHRHRHR
8. Limited size and complexity of Functions,
Subroutines and Methods
HRHRHRHRHR
9. Entry / Exit Point strategy for Functions,
Subroutines and Methods
RHRHRHRHR
10. Limited number of subroutine parametersRRRRR
11. Limited use of Global VariablesHRHRHRMM

EN 50128 / 50657 Table A. 19 – Static Analysis

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4
3. Control Flow AnalysisHRHRHRHR
4. Data Flow AnalysisHRHRHRHR

EN 50128 / 50657 Table A. 20 – Components

MethodsSIL 0SIL 1SIL 2SIL 3SIL 4
1. Information Hiding
2. Information EncapsulationRHRHRHRHR
3. Parameter Number LimitRRRRR