software Testing
tools for IEC 61508


Achieve compliance with certified dynamic and static testing

IEC 61508

 

IEC 61508 (Functional Safety of Electrical / Electronic / Programmable Electronic Safety-related systems) is a generic functional safety standard which may be applicable to all cases where programmable devices are used to control the functioning of systems where safety is or may be a consideration.

 

A system to which IEC 61508 is applicable may have varying levels of risk to the user or different safety requirements. To accommodate this IEC 61508 has four Safety Integrity Levels (SIL 1 – 4), with SIL 4 representing projects with the most rigorous safety requirements. 

 

Fitness for purpose litigation against companies and individuals is now an increasing risk. IEC 61508 is a technical standard used by lawyers to interpret laws. The relevant law in question for Europe is the General Product Safety Directive 2001/95/EC (GPSD). This states that the product creator has the responsibility to develop a safety critical product in a way which is compliant with ‘State-of-the-Art’ development principles. ‘State-of-the-Art’ simply refers to commonly accepted best practices, which in the case of electronic saftey related systems are now embodied in IEC 61508:2010 (or the previously mentioned standards derived from it which focus on specific industries). Where companies fail to employ accepted industry practices, they cannot use the “State-of-the-Art” legal defence against such litigation.

 

 

IEC 61508 - Functional Safety of Electrical/ Electronic/ Programmable Electronic Safety-related Systems - Man in a factory with clipboard

Tool Certification

IEC 61508, Part 3 Annex A recommends that software tools are certified. QA Systems’ tools have been classified and certified by SGS-TÜV GmbH, an independent third party certification body for functional safety, accredited by Deutsche Akkreditierungsstelle GmbH (DAkkS). Each tool has been classified as a Tool Confidence Level (TCL) 1 tool, and is usable in development of safety related software according to IEC 61508:2010 up to the Safety Integrity Level (SIL) D.

 

Cantata has been certified as a class T2 tool fulfilling the requirements of IEC 61508-3 sub-clause 7.4.4. Providing use of the tool follows the relevant version Safety Manual, Installation Manual, User Manual and this Standard Briefing then it has been certified as usable in development of safety related software according to IEC 61508 up to the highest Safety Integrity Level (SW-SIL 4).

 

Tool certification kits for IEC 61508 are available to ease our customers’ path to certification. This contains everything needed to prove that our tools fulfill IEC 61508 recommendations as well as guidance to help you to achieve compliance.

 

Please contact us for more information about tool certification kits.

SGS TUEV Saar Logo - Functional Safety approved - certified
Cantata unit testing tool for C & C++ - functional safety approved - testing requirements - SGS-TUV SAAR - ISO 26262 - IEC 60880 - IEC 62304 - IEC 61508 - EN 50128 - safety critical - certified

      Cantata Certificate

PRQA Certificate Version 8.2.2/ Version 3.2.2 - QA-C with MISRA C - QA-C++ with MISRA C++ - SGS TUEV Saar - Programming Research Ltd

 QA-C/QA-C++ Certificate

Dynamic testing for IEC 61508 compliance

 

IEC 61508 Section 3, Table A.5 recommends software module testing and integration. The Cantata testing tool enables developers to automate their unit and integration testing and to verify IEC 61508 compliant code on host native and embedded target platforms. 

 

Cantata helps accelerate compliance with the standard’s dynamic testing requirements by automating:

  • Test framework generation
  • Test case generation
  • Test execution
  • Results diagnostics and report generation

 

Our IEC 61508 Standard Briefing traces the requirements of IEC 61508, identifying the scope of those which are supported by Cantata and identifies how the requirements are supported by Cantata.

 

Please contact us for more information on Cantata. 

The IEC 61508 dynamic testing recommendations by SIL and where these are supported by Cantata are summarised in the tables below:

Cantata testing model with logo- Dynamic testing for IEC 62304 compliance - acceptance test and system requirements - system test and architectural design - integration test and detailed design - unit test and unit design then code

IEC 61508 Table A.3 – Software design and development – support tools and programming language

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1.&2.Suitable (strongly typed) programming language HR HR HR HR Yes
3. Language subset --- --- HR HR Yes
4a/b. Certified tools... R/HR HR HR HR Yes

IEC 61508 Table A.4 – Software design and development – detailed design

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
3. Defensive programming --- R HR HR Yes
4. Modular approach HR HR HR HR Yes
5. Design and coding standards R HR HR HR Yes

IEC 61508 Table A.5 – Software design and development – software module testing and integration

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Probabilistic testing --- R R R Yes
2. Dynamic analysis and testing R HR HR HR Yes
4. Functional and black box testing HR HR HR HR Yes
5. Performance testing R R HR HR Yes
7. Interface testing R R HR HR Yes
9. Forward traceability... R R HR HR Yes

IEC 61508 Table A.6 – Programmable electronics integration (hardware and software)

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Functional and black box testing HR HR HR HR Yes
2. Performance testing R R HR HR Yes

IEC 61508 Table A.7 – Software aspects of system safety validation

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Probabilistic testing --- R R HR Yes
4. Functional and black box testing HR HR HR HR Yes

IEC 61508 Table A.8 – Modification

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2. Reverify changed module HR HR HR HR Yes
3. Reverify affected software modules R HR HR HR Yes
5. Software configuration management HR HR HR HR Yes

IEC 61508 Table A.9 – Software Verification

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
3. Static analysis R HR HR HR Yes
4. Dynamic analysis and testing R HR HR HR Yes

IEC 61508 Table B.1 – Design and coding standards

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Use of coding standard HR HR HR HR Yes

IEC 61508 Table B.2 – Dynamic analysis and testing

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1.Boundary value analysis R HR HR HR Yes
2.Error guessing R R R R Yes
3.Error seeding --- R R R Yes
4. Test case execution from model-based test case generation R R HR HR Yes
6.Equivalence class and partition testing R R R HR Yes
7. a) Structural test coverage (entry points) HR HR HR HR Yes
7. b) Structural test coverage (statements) R HR HR HR Yes
7. c) Structural test coverage (branches) R R HR HR Yes
7. d) Structural test coverage (conditions, MC/DC) R R R HR Yes

IEC 61508 Table B.3 – Functional and black-box testing

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2. Test case execution from model-based test case generation R R HR HR Yes
4. Equivalence class and input partition testing including boundary value analysis R HR HR HR Yes

IEC 61508 Table B.5 – Modelling

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2a. Finite state machines (FSM) --- R HR HR Yes

IEC 61508 Table B.6 – Performance testing

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2. Response timing and memory constraints HR HR HR HR Yes
3.Performance requirements HR HR HR HR Yes

IEC 61508 Table B.7 – Semi-formal methods

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
4a. Finite state machines R R HR HR Yes

IEC 61508 Table B.9 – Modular approach

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Software module size limit HR HR HR HR Yes
2. Software complexity control R R HR HR Yes
3. Information hiding/encapsulation R HR HR HR Yes
4. Parameter number limit R R R R Yes
5. One entry/exit point... HR HR HR HR Yes
Key
Hightly RecommendedHR
Recommended R

Start a free trial to evaluate Cantata using your code.

Static testing for IEC 61508 compliance

 

Part 3 of IEC 61508 addresses the software requirements of a safety-related system mandating the use of better development processes, including the use of coding standards such as MISRA to encourage further gains in software quality. It includes several tables that define the methods that must be considered in order to achieve compliance with the standard.

 

The following tables summarize where QA·C with MISRA-C (referred to as “QA·C”) and QA·C++ with MISRA-C++ Extended (referred to as “QA·C++”) can be used to ensure and demonstrate compliance. The related Safety Manual also contains all necessary requirements relating to documentation and references to results and validation.

 

Please contact us for more information on QA-C, QA-C++ and QA-MISRA for IEC 61508.

Static testing for IEC 61506 compliance - Advanced static analysis - Coding standards compliance - sophisticated bug detection

IEC 61508 Section 6 – Additional Requirements for Management of Safety-Related Software

Reference QA-C QA-C++
6.2 Requirements    
6.6.2 Function safety planning Yes Yes

IEC 61508 Table 1 – Software Safety Lifecycle – Overview

Reference QA-C QA-C++
10.1 Software safety requirements specification - - - -
10.2 Validation plan for software aspects of system safety - - - -
10.3 Software design and development - -
  • Support tools and programming languages: select a suitable set of tools
Yes Yes
10.4 Programmable electronics integration - - - -
10.5 Software operation and modification procedures - - - -
10.6 Software aspects of system safety validation - -

 

IEC 61508 Section 7.4.4 – Requirements for Support Tools, Including Programming Languages

Reference QA-C QA-C++
7.4.4.2 Software off-line support tools shall be selected as a coherent part of the software development activities Yes Yes
7.4.4.10 The software or design representation (including a programming language) selected shall:    
b) use only defined language features Yes Yes
d) contain features that facilitate thedetection of design or programmingmistakes Yes Yes
7.4.4.12 Programming languages for the development of all safety-related software shall be used according to a suitable programming languagecoding standard Yes Yes
7.4.4.13 A programming language coding standard shall specify good programming practice, proscribe unsafe language features (e.g.undefined language features), promote code understandability. Yes Yes
7.9 Software verification    
7.9.2.12 Verification of the code Yes Yes

IEC 61508 Table A.2 – Software Design and Development – Software Architecture Design

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
14. Static resource allocation --- R HR HR Yes Yes

IEC 61508 Table A.3 – Software design and development – support tools and programming language (copy 1)

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
1. Suitable programming language HR HR HR HR Yes Yes
2. Strongly typed programming language HR HR HR HR Yes Yes
3. Language subset --- --- HR HR Yes Yes
4a. Certified tools and certified translators R HR HR HR Yes Yes
4b. Tools and translators: increased confidence from use HR HR HR HR Yes Yes

IEC 61508 Table A.4 – Software design and development – Detailed design

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
3. Defensive programming --- R HR HR Yes Yes
5. Design and coding standards R HR HR HR Yes Yes
6. Structured programming HR HR HR HR Yes Yes

IEC 61508 Table A.9 – Software Verification

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
3. Static analysis HR HR HR HR Yes Yes

IEC 61508 Table B.1 – Design and coding standards

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
1. Use of coding standard to reduce likelihood of errors HR HR HR HR Yes Yes
2. No dynamic objects R HR HR HR Yes Yes
3a. No dynamic variables --- R HR HR Yes Yes
4. Limited use of interrupts R R HR HR - Yes
5. Limited use of pointers --- R HR HR Yes Yes
6. Limited use of recursion --- R HR HR Yes Yes
7. No unstructured control flow in programs in higher level languages R HR HR HR Yes Yes
8. No automatic type conversion R HR HR HR Yes Yes

IEC 61508 Table B.8 – Design and coding standards

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
3. Control flow analysis R HR HR HR Yes Yes
4. Data flow analysis R HR HR HR Yes Yes
7. Symbolic execution --- --- R R Yes Yes
Key
Hightly RecommendedHR
Recommended R

Start a free trial to evaluate QA-C or QA-C++ using your code.

Start
Trial
QA-Systems