SOFTWARE TESTING TOOLS FOR IEC 61508

Achieve compliance with certified Software Testing and Static Analysis

Slider

IEC 61508

IEC 61508 (Functional Safety of Electrical / Electronic / Programmable Electronic Safety-related systems) is a generic functional safety standard which may be applicable to all cases where programmable devices are used to control the functioning of systems where safety is or may be a consideration.

A system to which IEC 61508 is applicable may have varying levels of risk to the user or different safety requirements. To accommodate this IEC 61508 has four Safety Integrity Levels (SIL 1 – 4), with SIL 4 representing projects with the most rigorous safety requirements.

Fitness for purpose litigation against companies and individuals is now an increasing risk. IEC 61508 is a technical standard used by lawyers to interpret laws. The relevant law in question for Europe is the General Product Safety Directive 2001/95/EC (GPSD). This states that the product creator has the responsibility to develop a safety critical product in a way which is compliant with ‘State-of-the-Art’ development principles. ‘State-of-the-Art’ simply refers to commonly accepted best practices, which in the case of electronic saftey related systems are now embodied in IEC 61508:2010 (or the previously mentioned standards derived from it which focus on specific industries). Where companies fail to employ accepted industry practices, they cannot use the “State-of-the-Art” legal defence against such litigation.

Testing tools for compliance with IEC 61508 recommendations

QA Systems enables organisations to accelerate IEC 61508 compliance with automated static analysis and software testing tools:

Tool Certification

IEC 61508, Part 3 Annex A recommends that software tools are certified. Cantata testing tool has been classified and certified by SGS-TÜV GmbH, an independent third party certification body for functional safety, accredited by Deutsche Akkreditierungsstelle GmbH (DAkkS). Cantata has been classified as a Tool Confidence Level (TCL) 1 tool, and is usable in development of safety related software according to IEC 61508:2010 up to the Safety Integrity Level (SIL) D.

Cantata has been certified as a class T2 tool fulfilling the requirements of IEC 61508-3 sub-clause 7.4.4. Providing use of the tool follows the relevant version Safety Manual, Installation Manual, User Manual and this Standard Briefing then it has been certified as usable in development of safety related software according to IEC 61508 up to the highest Safety Integrity Level (SW-SIL 4).

The tool certification kit for IEC 61508 is available to ease our customers’ path to certification. This contains everything needed to prove that Cantata fulfills IEC 61508 recommendations as well as guidance to help you to achieve compliance.

Please contact us for more information about the tool certification kit.

Cantata Certificate

Software testing for IEC 61508 compliance

IEC 61508 Section 3, Table A.5 recommends software module testing and integration. The Cantata testing tool enables developers to automate their unit and integration testing and to verify IEC 61508 compliant code on host native and embedded target platforms.

Cantata helps accelerate compliance with the standard’s software testing requirements by automating:

  • Test framework generation
  • Test case generation
  • Test execution
  • Results diagnostics and report generation

Our IEC 61508 Standard Briefing traces the requirements of IEC 61508, identifying the scope of those which are supported by Cantata and identifies how the requirements are supported by Cantata.

Please contact us for more information on Cantata.

The IEC 61508 software testing recommendations by SIL and where these are supported by Cantata are summarised in the tables below:

IEC 61508 Table A.3 – Software design and development – support tools and programming language

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
1.&2.Suitable (strongly typed) programming languageHRHRHRHRYes
3. Language subsetHRHRYes
4a/b. Certified tools…R/HRHRHRHRYes
Key
Hightly RecommendedHR
RecommendedR

IEC 61508 Table A.4 – Software design and development – detailed design

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
3. Defensive programmingRHRHRYes
4. Modular approachHRHRHRHRYes
5. Design and coding standardsRHRHRHRYes

IEC 61508 Table A.5 – Software design and development – software module testing and integration

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
1. Probabilistic testingRRRYes
2. Dynamic analysis and testingRHRHRHRYes
4. Functional and black box testingHRHRHRHRYes
5. Performance testingRRHRHRYes
7. Interface testingRRHRHRYes
9. Forward traceability…RRHRHRYes

IEC 61508 Table A.6 – Programmable electronics integration (hardware and software)

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
1. Functional and black box testingHRHRHRHRYes
2. Performance testingRRHRHRYes

IEC 61508 Table A.7 – Software aspects of system safety validation

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
1. Probabilistic testingRRHRYes
4. Functional and black box testingHRHRHRHRYes

IEC 61508 Table A.8 – Modification

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
2. Reverify changed moduleHRHRHRHRYes
3. Reverify affected software modulesRHRHRHRYes
5. Software configuration managementHRHRHRHRYes

IEC 61508 Table A.9 – Software Verification

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
3. Static analysisRHRHRHRYes
4. Dynamic analysis and testingRHRHRHRYes

IEC 61508 Table B.1 – Design and coding standards

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
1. Use of coding standardHRHRHRHRYes

IEC 61508 Table B.2 – Dynamic analysis and testing

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
1.Boundary value analysisRHRHRHRYes
2.Error guessingRRRRYes
3.Error seedingRRRYes
4. Test case execution from model-based test case generationRRHRHRYes
6.Equivalence class and partition testingRRRHRYes
7. a) Structural test coverage (entry points)HRHRHRHRYes
7. b) Structural test coverage (statements)RHRHRHRYes
7. c) Structural test coverage (branches)RRHRHRYes
7. d) Structural test coverage (conditions, MC/DC)RRRHRYes

IEC 61508 Table B.3 – Functional and black-box testing

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
2. Test case execution from model-based test case generationRRHRHRYes
4. Equivalence class and input partition testing including boundary value analysisRHRHRHRYes

IEC 61508 Table B.5 – Modelling

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
2a. Finite state machines (FSM)RHRHRYes

IEC 61508 Table B.6 – Performance testing

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
2. Response timing and memory constraintsHRHRHRHRYes
3.Performance requirementsHRHRHRHRYes

IEC 61508 Table B.7 – Semi-formal methods

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
4a. Finite state machinesRRHRHRYes

IEC 61508 Table B.9 – Modular approach

Technique/MeasureSIL 1SIL 2SIL 3SIL 4Cantata
1. Software module size limitHRHRHRHRYes
2. Software complexity controlRRHRHRYes
3. Information hiding/encapsulationRHRHRHRYes
4. Parameter number limitRRRRYes
5. One entry/exit point…HRHRHRHRYes
Start a free trial to evaluate Cantata using your code.

Static analysis for IEC 61508 compliance

Part 3 of IEC 61508 addresses the software requirements of a safety-related system mandating the use of better development processes, including the use of coding standards such as MISRA to encourage further gains in software quality. It includes several tables that define the methods that must be considered in order to achieve compliance with the standard.

The following tables identify where Static Analysis can be used to ensure and demonstrate compliance with IEC 61508.

Please contact us for more information on Static Analysis tools for IEC 61508.

IEC 61508 Section 6 – Additional Requirements for Management of Safety-Related Software

Reference
6.2 Requirements
6.6.2 Function safety planning
Key
Hightly RecommendedHR
RecommendedR

IEC 61508 Table 1 – Software Safety Lifecycle – Overview

Reference
10.1 Software safety requirements specification – –
10.2 Validation plan for software aspects of system safety – –
10.3 Software design and development
  • Support tools and programming languages: select a suitable set of tools
10.4 Programmable electronics integration – –
10.5 Software operation and modification procedures – –
10.6 Software aspects of system safety validation

IEC 61508 Section 7.4.4 – Requirements for Support Tools, Including Programming Languages

Reference
7.4.4.2 Software off-line support tools shall be selected as a coherent part of the software development activities
7.4.4.10 The software or design representation (including a programming language) selected shall:
b) use only defined language features
d) contain features that facilitate thedetection of design or programmingmistakes
7.4.4.12 Programming languages for the development of all safety-related software shall be used according to a suitable programming languagecoding standard
7.4.4.13 A programming language coding standard shall specify good programming practice, proscribe unsafe language features (e.g.undefined language features), promote code understandability.
7.9 Software verification
7.9.2.12 Verification of the code

IEC 61508 Table A.2 – Software Design and Development – Software Architecture Design

Technique/MeasureSIL 1SIL 2SIL 3SIL 4
14. Static resource allocationRHRHR

IEC 61508 Table A.3 – Software design and development – support tools and programming language (copy 1)

Technique/MeasureSIL 1SIL 2SIL 3SIL 4
1. Suitable programming languageHRHRHRHR
2. Strongly typed programming languageHRHRHRHR
3. Language subsetHRHR
4a. Certified tools and certified translatorsRHRHRHR
4b. Tools and translators: increased confidence from useHRHRHRHR

IEC 61508 Table A.4 – Software design and development – Detailed design

Technique/MeasureSIL 1SIL 2SIL 3SIL 4
3. Defensive programmingRHRHR
5. Design and coding standardsRHRHRHR
6. Structured programmingHRHRHRHR

IEC 61508 Table A.9 – Software Verification

Technique/MeasureSIL 1SIL 2SIL 3SIL 4
3. Static analysisHRHRHRHR

IEC 61508 Table B.1 – Design and coding standards

Technique/MeasureSIL 1SIL 2SIL 3SIL 4
1. Use of coding standard to reduce likelihood of errorsHRHRHRHR
2. No dynamic objectsRHRHRHR
3a. No dynamic variablesRHRHR
4. Limited use of interruptsRRHRHR
5. Limited use of pointersRHRHR
6. Limited use of recursionRHRHR
7. No unstructured control flow in programs in higher level languagesRHRHRHR
8. No automatic type conversionRHRHRHR

IEC 61508 Table B.8 – Design and coding standards

Technique/MeasureSIL 1SIL 2SIL 3SIL 4
3. Control flow analysisRHRHRHR
4. Data flow analysisRHRHRHR
7. Symbolic executionRR