software Testing
tools for EN 50128


Achieve compliance with certified
dynamic and static testing

EN 50128

 

The software safety standard EN 50128 originates from the European Committee for Electrotechnical Standardisation, or CENELEC. Its full title is ‘Railway applications. Communications, signalling and processing systems. Software for railway control and protection systems’. The International published version of the CENELEC EN 50128 standard is IEC 62279.  The content of both publications is identical

 

The standard requires that all systems with safety implications and which contain software should be assigned a Software Integrity Level (SIL), ranging from a value of 0 to 4. The standard then details in a number of ‘normative’ and ‘informative’ ways, the software development activities appropriate to each SIL which should be carried out, and evidence for the completion of which should be generated. 

 

The software safety standard EN 50128 originates from the European Committee for Electrotechnical Standardisation, or CENELEC. Its full title is ‘Railway applications' - monitors with railway data

Tool Certification

EN 50128 (section 6.1.4.2) states that tools, hardware or software, used for testing shall be shown to be suitable for the purpose. All of our tools have been classified and certified by SGS-TÜV GmbH, an independent third party certification body for functional safety, accredited by Deutsche Akkreditierungsstelle GmbH (DAkkS). Each tool has been classified as a class T2 tool, and is usable in development of safety related software according to EN 50128:2011 up to Software Safety Integrity Level (SW-SIL) 4. 

 

Tool certification kits for EN 50128 are available to ease our customers’ path to certification. This contains everything needed to prove that our tools fulfill EN 50128 recommendations as well as guidance to help you to achieve compliance. 

 

Please contact us for more information about tool certification kits.

SGS Tuev Saar Logo - Funktionale Sicherheit geprueft - Functional Safety approved - certified
Cantata unit testing tool for C & C++ - functional safety approved - testing requirements - SGS-TUV SAAR - ISO 26262 - IEC 60880 - IEC 62304 - IEC 61508 - EN 50128 - safety critical - certified

      Cantata Certificate

PRQA Certificate - QA-C with MISRA - QA-C++ with MISRA C++ - SGS TUEV Saar - certified - Programming Research Ltd.

 QA-C/QA-C++ Certificate

Dynamic testing for EN 50128 compliance

 

EN 50128 recommends unit and integration testing. Cantata enables developers to verify EN 50128 compliant C and C++ code on host native and embedded target platforms.

Cantata helps accelerate compliance with the standard’s dynamic testing requirements by automating:

  • Test framework generation
  • Test case generation
  • Test execution
  • Results diagnostics and report generation

 

Our EN 50128 Standard Briefing traces the requirements of EN 50128, identifying the scope of those which are supported by Cantata and identifies how the requirements are supported by Cantata.

 

Please contact us for more information on Cantata for EN 50128. 

 

The EN 50128 dynamic testing recommendations by SIL and where these are supported by Cantata are summarised in the tables below:

Cantata testing model with logo- Dynamic testing for IEC 62304 compliance - acceptance test and system requirements - system test and architectural design - integration test and detailed design - unit test and unit design then code

EN 50128 Table A. 5 Verification and Testing

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2. Static Analysis - HR HR HR HR Yes
3. Dynamic Analysis and Testing - HR HR HR HR Yes
4. Metrics - R R R R Yes
5. Traceability R HR HR M M Yes
6. Software Error Effect Analysis - R R HR HR Yes
7. Test Coverage for code R HR HR HR HR Yes
8. Functional/ Black-box Testing HR HR HR M M Yes
9. Performance Testing - HR HR HR HR Yes
10. Interface Testing HR HR HR HR HR Yes

EN 50128 Table A. 6 - Integration

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Functional and Black-box Testing HR HR HR HR HR Yes
2. Performance Testing - R R HR HR Yes

EN 50128 Table A. 7 - Overall Software Testing

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Performance Testing - HR HR M M Yes
2. Functional and Black-box Testing HR HR HR M M Yes

EN 50128 Table A. 8 - Software Analysis Techniques

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Static Software Analysis R HR HR HR HR Yes
2. Dynamic Software Analysis - R R HR HR Yes
5. Software Error Effect Analysis - R R HR HR Yes

EN 50128 Table A. 13 – Dynamic Analysis and Testing

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Test Case Execution from Boundary Value - HR HR HR HR Yes
2. Test Case Execution from Error Guessing R R R R R Yes
3. Test Case Execution from Error Seeding - R R R R Yes
5. Equivalence Classes and Input Partition Testing R R R HR HR Yes
6. Structure-Based Testing - R R HR HR Yes

EN 50128 Table A. 14 – Functional/Black Box Test

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
3. Boundary Value Analysis R HR HR HR HR Yes
4. Equivalence Classes and Input Partition Testing R HR HR HR HR Yes

EN 50128 Table A. 15 – Textual Programming Languages

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
4. C or C++ R R R R R Yes
7. Assembler R R R R R Yes

EN 50128 Table A. 18 – Performance Testing

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2. Response Timing and Memory Constraints - HR HR HR HR Yes

EN 50128 Table A. 20 – Components

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Information Hiding - - - - - Yes
2. Information Encapsulation R HR HR HR HR Yes
3. Parameter Number Limit R R R R R Yes
4. Fully Defined Interface R HR HR M M Yes

EN 50128 Table A. 21 – Test Coverage for Code

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Statement R HR HR HR HR Yes
2. Branch - R R HR HR Yes
3. Compound Condition - R R HR HR Yes
4. Data flow - R R HR HR Yes
5. Path - R R HR HR Yes
Key for EN 50128 tables for railways - Verification and testing - integration - overall software testing - software analysis techniques - dynamic analysis and testing - functional black box test - textual programming languages - performance - components - coverage codes

Starten Sie eine kostenlose Testversion, um Ihren Code mit Cantata zu testen.


Static testing using QA-C and QA-C++ for EN 50128 compliance

 

While static analysis is not Mandatory at any EN 50128 SIL, it is the only practical way in which a coding standard (which is Mandatory for SIL 3 and 4) can be enforced.

 

Within the standard, Phase 7.5 (Software Component Implementation) together with Annex A (Criteria for the Selection of Techniques and Measures) address software development, placing requirements on the initiation of software development; software architectural design and software unit design and implementation. This is the main area where the static analysis tools are used; however, some of the information generated from the tools can also be used to assist in later stages, particularly testing.

 

Please contact us for more information on QA-C, QA-C++ and QA-MISRA. 

 

 

The following tables are from the normative Annex A and show where the QA-C and QA-C++ tools can be used to meet the required technique or measurement.

Static testing for IEC 61506 compliance - Advanced static analysis - Coding standards compliance - sophisticated bug detection

EN 50128 Table A. 4 – Software Design and Implementation

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
4. Modular Approach HR M M M M Yes Yes
5. Components HR HR HR HR HR Yes Yes
6. Design and Coding Standards HR HR HR M M Yes Yes
7. Analyzable Programs HR HR HR HR HR Yes Yes
8. Strongly Typed Programming Language R HR HR HR HR Yes Yes
9. Structured Programming R HR HR HR HR Yes Yes
11. Language Subset - - - HR HR Yes Yes

EN 50128 Table A. 5 – Verification and Testing

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
2. Static Analysis - HR HR HR HR Yes Yes
4. Metrics - R R R R Yes Yes

EN 50128 Table A. 8 – Software Analysis Techniques

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
1. Static Software Analysis R HR HR HR HR Yes Yes

EN 50128 Table A. 12 – Coding Standards

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
1. Coding Standard HR HR HR M M Yes Yes
2. Coding Style Guide HR HR HR HR HR Yes Yes
3. No Dynamic Objects - R R HR HR Yes Yes
4. No Dynamic Variables - R R HR HR Yes Yes
5. Limited Use of Pointers - R R HR HR Yes Yes
6. Limited Use of Recursion - R R HR HR Yes Yes
7. No Unconditional Jumps - HR HR HR HR Yes Yes
8. Limited size and complexity of Functions,
Subroutines and Methods
HR HR HR HR HR Yes Yes
9. Entry / Exit Point strategy for Functions,
Subroutines and Methods
R HR HR HR HR Yes Yes
10. Limited number of subroutine parameters R R R R R Yes Yes
11. Limited use of Global Variables HR HR HR M M Yes Yes

EN 50128 Table A. 19 – Static Analysis

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
3. Control Flow Analysis - HR HR HR HR Yes Yes
4. Data Flow Analysis - HR HR HR HR Yes Yes

EN 50128 Table A. 20 – Components

Methods SIL 0 SIL 1 SIL 2 SIL 3 SIL 4 QA-C QA-C++
1. Information Hiding - - - - - Yes Yes
2. Information Encapsulation R HR HR HR HR Yes Yes
3. Parameter Number Limit R R R R R Yes Yes
Key for EN 50128 tables for railways - Verification and testing - integration - overall software testing - software analysis techniques - dynamic analysis and testing - functional black box test - textual programming languages - performance - components - coverage codes

Starten Sie eine kostenlose Testversion, um Ihren Code mit QA-C oder QA-C++ zu testen.

Start
Trial
QA-Systems