Testing tools
for IEC 61508


Achieve compliance with certified dynamic and static testing

IEC 61508

 

IEC 61508 (Functional Safety of Electrical / Electronic / Programmable Electronic Safety-related systems) is a generic functional safety standard which may be applicable to all cases where programmable devices are used to control the functioning of systems where safety is or may be a consideration.

 

A system to which IEC 61508 is applicable may have varying levels of risk to the user or different safety requirements. To accommodate this IEC 61508 has four Safety Integrity Levels (SIL 1 – 4), with SIL 4 representing projects with the most rigorous safety requirements. 

 

Fitness for purpose litigation against companies and individuals is now an increasing risk. IEC 61508 is a technical standard used by lawyers to interpret laws. The relevant law in question for Europe is the General Product Safety Directive 2001/95/EC (GPSD). This states that the product creator has the responsibility to develop a safety critical product in a way which is compliant with ‘State-of-the-Art’ development principles. ‘State-of-the-Art’ simply refers to commonly accepted best practices, which in the case of electronic saftey related systems are now embodied in IEC 61508:2010 (or the previously mentioned standards derived from it which focus on specific industries). Where companies fail to employ accepted industry practices, they cannot use the “State-of-the-Art” legal defence against such litigation.

 

 

IEC 61508 - Functional Safety of Electrical/ Electronic/ Programmable Electronic Safety-related Systems - Man in a factory with clipboard

Tool Certification

IEC 61508, Part 3 Annex A recommends that software tools are certified. Cantata testing tool has been classified and certified by SGS-TÜV GmbH, an independent third party certification body for functional safety, accredited by Deutsche Akkreditierungsstelle GmbH (DAkkS). Cantata has been classified as a Tool Confidence Level (TCL) 1 tool, and is usable in development of safety related software according to IEC 61508:2010 up to the Safety Integrity Level (SIL) D.

 

Cantata has been certified as a class T2 tool fulfilling the requirements of IEC 61508-3 sub-clause 7.4.4. Providing use of the tool follows the relevant version Safety Manual, Installation Manual, User Manual and this Standard Briefing then it has been certified as usable in development of safety related software according to IEC 61508 up to the highest Safety Integrity Level (SW-SIL 4).

 

The tool certification kit for IEC 61508 is available to ease our customers’ path to certification. This contains everything needed to prove that Cantata fulfills IEC 61508 recommendations as well as guidance to help you to achieve compliance.

 

Please contact us for more information about the tool certification kit.

SGS TUEV Saar Logo - Functional Safety approved - certified

      Cantata Certificate

 

 

Software testing for IEC 61508 compliance

 

IEC 61508 Section 3, Table A.5 recommends software module testing and integration. The Cantata testing tool enables developers to automate their unit and integration testing and to verify IEC 61508 compliant code on host native and embedded target platforms. 

 

Cantata helps accelerate compliance with the standard’s software testing requirements by automating:

  • Test framework generation
  • Test case generation
  • Test execution
  • Results diagnostics and report generation

 

Our IEC 61508 Standard Briefing traces the requirements of IEC 61508, identifying the scope of those which are supported by Cantata and identifies how the requirements are supported by Cantata.

 

Please contact us for more information on Cantata. 

The IEC 61508 software testing recommendations by SIL and where these are supported by Cantata are summarised in the tables below:

Cantata testing model with logo- Dynamic testing for IEC 62304 compliance - acceptance test and system requirements - system test and architectural design - integration test and detailed design - unit test and unit design then code

IEC 61508 Table A.3 – Software design and development – support tools and programming language

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1.&2.Suitable (strongly typed) programming language HR HR HR HR Yes
3. Language subset --- --- HR HR Yes
4a/b. Certified tools... R/HR HR HR HR Yes

IEC 61508 Table A.4 – Software design and development – detailed design

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
3. Defensive programming --- R HR HR Yes
4. Modular approach HR HR HR HR Yes
5. Design and coding standards R HR HR HR Yes

IEC 61508 Table A.5 – Software design and development – software module testing and integration

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Probabilistic testing --- R R R Yes
2. Dynamic analysis and testing R HR HR HR Yes
4. Functional and black box testing HR HR HR HR Yes
5. Performance testing R R HR HR Yes
7. Interface testing R R HR HR Yes
9. Forward traceability... R R HR HR Yes

IEC 61508 Table A.6 – Programmable electronics integration (hardware and software)

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Functional and black box testing HR HR HR HR Yes
2. Performance testing R R HR HR Yes

IEC 61508 Table A.7 – Software aspects of system safety validation

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Probabilistic testing --- R R HR Yes
4. Functional and black box testing HR HR HR HR Yes

IEC 61508 Table A.8 – Modification

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2. Reverify changed module HR HR HR HR Yes
3. Reverify affected software modules R HR HR HR Yes
5. Software configuration management HR HR HR HR Yes

IEC 61508 Table A.9 – Software Verification

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
3. Static analysis R HR HR HR Yes
4. Dynamic analysis and testing R HR HR HR Yes

IEC 61508 Table B.1 – Design and coding standards

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Use of coding standard HR HR HR HR Yes

IEC 61508 Table B.2 – Dynamic analysis and testing

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1.Boundary value analysis R HR HR HR Yes
2.Error guessing R R R R Yes
3.Error seeding --- R R R Yes
4. Test case execution from model-based test case generation R R HR HR Yes
6.Equivalence class and partition testing R R R HR Yes
7. a) Structural test coverage (entry points) HR HR HR HR Yes
7. b) Structural test coverage (statements) R HR HR HR Yes
7. c) Structural test coverage (branches) R R HR HR Yes
7. d) Structural test coverage (conditions, MC/DC) R R R HR Yes

IEC 61508 Table B.3 – Functional and black-box testing

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2. Test case execution from model-based test case generation R R HR HR Yes
4. Equivalence class and input partition testing including boundary value analysis R HR HR HR Yes

IEC 61508 Table B.5 – Modelling

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2a. Finite state machines (FSM) --- R HR HR Yes

IEC 61508 Table B.6 – Performance testing

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
2. Response timing and memory constraints HR HR HR HR Yes
3.Performance requirements HR HR HR HR Yes

IEC 61508 Table B.7 – Semi-formal methods

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
4a. Finite state machines R R HR HR Yes

IEC 61508 Table B.9 – Modular approach

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4 Cantata
1. Software module size limit HR HR HR HR Yes
2. Software complexity control R R HR HR Yes
3. Information hiding/encapsulation R HR HR HR Yes
4. Parameter number limit R R R R Yes
5. One entry/exit point... HR HR HR HR Yes
Key
Hightly RecommendedHR
Recommended R

Starten Sie eine kostenlose Testversion, um Ihren Code mit Cantata zu testen.

Static analysis for IEC 61508 compliance

 

Part 3 of IEC 61508 addresses the software requirements of a safety-related system mandating the use of better development processes, including the use of coding standards such as MISRA to encourage further gains in software quality. It includes several tables that define the methods that must be considered in order to achieve compliance with the standard.

 

The following tables identify where Static Analysis can be used to ensure and demonstrate compliance with IEC 61508.

 

Please contact us for more information on Static Analysis tools for IEC 61508.

IEC 61508 Section 6 – Additional Requirements for Management of Safety-Related Software

Reference
6.2 Requirements
6.6.2 Function safety planning

IEC 61508 Table 1 – Software Safety Lifecycle – Overview

Reference
10.1 Software safety requirements specification - -
10.2 Validation plan for software aspects of system safety - -
10.3 Software design and development
  • Support tools and programming languages: select a suitable set of tools
10.4 Programmable electronics integration - -
10.5 Software operation and modification procedures - -
10.6 Software aspects of system safety validation

 

 

IEC 61508 Section 7.4.4 – Requirements for Support Tools, Including Programming Languages

Reference
7.4.4.2 Software off-line support tools shall be selected as a coherent part of the software development activities
7.4.4.10 The software or design representation (including a programming language) selected shall:
b) use only defined language features
d) contain features that facilitate thedetection of design or programmingmistakes
7.4.4.12 Programming languages for the development of all safety-related software shall be used according to a suitable programming languagecoding standard
7.4.4.13 A programming language coding standard shall specify good programming practice, proscribe unsafe language features (e.g.undefined language features), promote code understandability.
7.9 Software verification
7.9.2.12 Verification of the code

IEC 61508 Table A.2 – Software Design and Development – Software Architecture Design

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4
14. Static resource allocation --- R HR HR

IEC 61508 Table A.3 – Software design and development – support tools and programming language (copy 1)

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4
1. Suitable programming language HR HR HR HR
2. Strongly typed programming language HR HR HR HR
3. Language subset --- --- HR HR
4a. Certified tools and certified translators R HR HR HR
4b. Tools and translators: increased confidence from use HR HR HR HR

IEC 61508 Table A.4 – Software design and development – Detailed design

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4
3. Defensive programming --- R HR HR
5. Design and coding standards R HR HR HR
6. Structured programming HR HR HR HR

IEC 61508 Table A.9 – Software Verification

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4
3. Static analysis HR HR HR HR

IEC 61508 Table B.1 – Design and coding standards

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4
1. Use of coding standard to reduce likelihood of errors HR HR HR HR
2. No dynamic objects R HR HR HR
3a. No dynamic variables --- R HR HR
4. Limited use of interrupts R R HR HR
5. Limited use of pointers --- R HR HR
6. Limited use of recursion --- R HR HR
7. No unstructured control flow in programs in higher level languages R HR HR HR
8. No automatic type conversion R HR HR HR

IEC 61508 Table B.8 – Design and coding standards

Technique/Measure SIL 1 SIL 2 SIL 3 SIL 4
3. Control flow analysis R HR HR HR
4. Data flow analysis R HR HR HR
7. Symbolic execution --- --- R R
Key
Hightly RecommendedHR
Recommended R

Starten Sie eine kostenlose Testversion, um Ihren Code mit QA-C oder QA-C++ zu testen.

Start
Trial
QA-Systems