Software Testing
Tools for ISO 26262


Achieve compliance with certified
dynamic and static testing

ISO 26262

 

ISO 26262, Road vehicles - Functional Safety, is a risk-based safety standard that defines functional safety for all automotive electronic and electrical (E/E) safety-related systems. The standard is an adaptation of the Functional Safety standard, IEC 61508, and is applicable throughout the life-cycle of all safety-related systems that include electronic and/or electrical systems. 

 

The latest version of the standard,  ISO 26262:2018, was published in late 2018 and supersedes the earlier ISO 26262:2011 as well as previous drafts (DIS & FDIS) for all systems commencing development after the 2018 publication date. ISO 26262:2018 is an international standard for road vehicles. It applies not only to series production passenger cars but also provides guidance on developing E/E systems for use in trucks, buses, trailers and semi-trailers. Motorcycles (but not mopeds) are also covered by the 2018 version of the standard. ISO 26262 specifies four Automotive Safety Integrity Levels (ASIL A to D) with ASIL D as the highest safety level. This enables hazards to be classified based on a combination of the likelihood of the event occurring and the probable severity of the event should it occur.

 

Fitness for purpose litigation against companies and individuals is now an increasing risk. ISO 26262:2018 is a technical standard used by lawyers to interpret laws. The relevant law in question for Europe is the General Product Safety Directive 2001/95/EC (GPSD). This states that the product creator has the responsibility to develop a safety critical product in a way which is compliant with ‘State-of-the-Art’ development principles. ‘State-of-the-Art’ simply refers to commonly accepted best practices, which in the case of passenger road vehicles are now embodied in ISO 26262:2018. Where companies fail to employ accepted industry practices, they cannot use the “State-of-the-Art” legal defence against such litigation.

Automotive image with safety standard of ISO 26262 - iso 26262 software testing tool for automotive electronic and electrical safety-related systems
Software Safety Standard ISO 26262 for road vehicles and functional safety

Testing tools for compliance with ISO 26262 recommendations

 

QA Systems enables organisations to accelerate ISO 26262 compliance with automated static analysis and software testing tools:

Tool Certification

ISO 26262, Part 8 section 11 recommends that software tools are independently qualified. In accordance with this our Cantata testing tool has been classified and certified by SGS-TÜV GmbH, an independent third party certification body for functional safety, accredited by Deutsche Akkreditierungsstelle GmbH (DAkkS). Cantata has been classified as a Tool Confidence Level (TCL) 1 tool, and is usable in development of safety related software according to ISO 26262:2018 up to the Automotive Safety Integrity Level (ASIL) D.

 

The tool certification kit for ISO 26262 is available to ease our customers’ path to certification. This contains everything needed to prove that Cantata fulfills ISO 26262 recommendations as well as guidance to help you to achieve compliance.

 

Please contact us for more information about the tool certification kit. 

SGS TUEV Saar Logo - Functional Safety approved - certified

      Cantata Certificate

Dynamic testing for ISO 26262 compliance

 

Section 6 of ISO 26262 recommends unit and integration testing. The Cantata testing tool enables developers to automate their unit and integration testing and to verify ISO 26262 compliant code on host native and embedded target platforms. 

 

Cantata helps accelerate compliance with the standard’s dynamic testing requirements by automating:

  • Test framework generation
  • Test case generation
  • Test execution
  • Results diagnostics and report generation

 

Our ISO 26262 Standard Briefing traces the requirements of ISO 26262, identifying the scope of those which are supported by Cantata and identifies how the requirements are supported by Cantata.

 

Please contact us for more information on Cantata for ISO 26262. 

Cantata testing model with logo- Dynamic testing for IEC 62304 compliance - acceptance test and system requirements - system test and architectural design - integration test and detailed design - unit test and unit design then code

The ISO 26262 dynamic testing recommendations by ASIL and where these are supported by Cantata are summarised in the tables below:

ISO 26262 Table 10 – Methods for software unit testing

Methods ASIL A ASIL B ASIL C ASIL D Cantata
1a. Requirement-based test ++ ++ ++ ++ Yes
1b. Interface test ++ ++ ++ ++ Yes
1c. Fault injection test + + + ++ Yes
1d. Resource usage test + + + ++ Yes
1e. Back-to-back comparison test between model
      and code (if applicable)
+ + ++ ++ Yes

ISO 26262 Table 11– Methods for deriving test cases for software unit testing

Methods ASIL A ASIL B ASIL C ASIL D Cantata
1a. Analysis of requirements ++ ++ ++ ++ Yes
1b. Generation and analysis of equivalence classes + ++ ++ ++ Yes
1c. Analysis of boundary values + ++ ++ ++ Yes
1d. Error guessing + + + + Yes

ISO 26262 Table 12 - Structural coverage metrics at the software unit level

Methods ASIL A ASIL B ASIL C ASIL D Cantata
1a. Statement coverage ++ ++ + + Yes
1b. Branch coverage + ++ ++ ++ Yes
1c. MC/DC Modified Condition/Condition Coverage) + + + ++ Yes

ISO 26262 Table 13 – Methods for software integration testing

Methods ASIL A ASIL B ASIL C ASIL D Cantata
1a. Requirement-based test ++ ++ ++ ++ Yes
1b. Interface test ++ ++ ++ ++ Yes
1c. Fault injection test + + ++ ++ Yes
1d. Resource usage test + + + ++ Yes
1e. Back-to-back comparison test between model
     and code (if applicable)
+ + ++ ++ Yes

ISO 26262 Table 14 – Methods for deriving test cases for software integration testing

Methods ASIL A ASIL B ASIL C ASIL D Cantata
1a. Analysis of requirements ++ ++ ++ ++ Yes
1b. Generation and analysis of equivalence classes + ++ ++ ++ Yes
1c. Analysis of boundary values + ++ ++ ++ Yes
1d. Error guessing + + + + Yes

ISO 26262 Table 15 – Structural coverage metrics at the architecture level

Methods ASIL A ASIL B ASIL C ASIL D Cantata
1a. Function coverage + + ++ ++ Yes
1b. Call coverage + + ++ ++ Yes
Key for ISO 26262 - for ASIL - Road Vehicles - Functional Safety

Starten Sie eine kostenlose Testversion, um Ihren Code mit Cantata zu testen.


Static testing for ISO 26262 compliance

 

Part 6 of ISO 26262 addresses product development at the software level including several tables that define the methods that must be considered in order to achieve compliance with the standard.

 

Static Analysis is most useful for meeting clause 8 “Unit design and implementation”, within part 6 of the standard. QA-C/QA-C++ can be used to make sure that the software conforms to coding standards as specified by section 5.4.7 and required by section 8.4.3.d. QA-MISRA provides a tool configuration for QA-C or QA-C++ specifically for ensuring compliance with the MISRA guidelines.

 

Please contact us for more information on QA-C, QA-C++ and QA-MISRA for ISO 26262. 

 

The ISO 26262 static testing recommendations by ASIL and where these are supported by QA-C and QA-C++ are summarised in the tables below.  

Static testing for ISO 26262 compliance - Advanced static analysis - iso 26262 software testing tool

ISO 26262 Table 1 – Topics to be covered by modelling and coding guidelines

Methods ASIL A ASIL B ASIL C ASIL D QA-C QA-C++
1a. Enforcement of low complexity ++ ++ ++ ++ Yes Yes
1b. Use of language subsets ++ ++ ++ ++ Yes Yes
1c. Enforcement of strong typing ++ ++ ++ ++ Yes Yes
1d. Use of defensive implementation techniques                    0 + ++ ++ Yes Yes
1e. Use of established design principles + + + ++ Yes Yes
1f. Use of unambiguous graphical representation + ++ ++ ++ Yes Yes
1g. Use of style guides + ++ ++ ++ - -
1h. Use of naming conventions ++ ++ ++ ++ Yes Yes

ISO 26262 Table 3 – Principles for software architectural design

Methods ASIL A ASIL B ASIL C ASIL D QA-C QA-C++
1a. Hierarchical structure of software components ++ ++ ++ ++ - -
1b. Restricted size of software components ++ ++ ++ ++ Yes Yes
1c. Restricted size of interfaces + + + + Yes Yes
1d. High cohesion within each software component                + ++ ++ ++ Yes Yes
1e. Restricted coupling between software components + ++ ++ ++ - Yes
1f. Appropriate scheduling properties ++ ++ ++ ++ - -
1g. Restricted use of interrupts + + + ++ - -

ISO 26262 Table 8 – Design principles for software unit design and implementation

Methods ASIL A ASIL B ASIL C ASIL D QA-C QA-C++
1a. One entry and one exit point in subprograms and functions ++ ++ ++ ++ Yes Yes
1b. No dynamic objects or variables, or else online test
      during their creation
+ ++ ++ ++ Yes Yes
1c. Initialization of variables ++ ++ ++ ++ Yes Yes
1d. No multiple use of variable names + ++ ++ ++ Yes Yes
1e. Avoid global variables or else justify their usage + + ++ ++ Yes Yes
1f. Limited use of pointers 0 + + ++ Yes Yes
1g. No implicit type conversions + ++ ++ ++ Yes Yes
1h. No hidden data flow or control flow + ++ ++ ++ Yes Yes
1i. No unconditional jumps ++ ++ ++ ++ Yes Yes
1j. No recursions + + ++ ++ Yes Yes

ISO 26262 Table 9 – Methods for the verification of software unit design and implementation

Methods ASIL A ASIL B ASIL C ASIL D QA-C QA-C++
1a. Walk-through ++ + 0 0 - -
1b. Inspection + ++ ++ ++ - -
1c. Semi-formal verification                                                + + ++ ++ - -
1d. Formal verification 0 0 + + - -
1e. Control flow analysis + + ++ ++ Yes Yes
1f. Data flow analysis + + ++ ++ Yes Yes
1g. Static code analysis + ++ ++ ++ Yes Yes
1h. Semantic code analysis + + + + Yes Yes
Key for ISO 26262 - for ASIL - Road Vehicles - Functional Safety

Starten Sie eine kostenlose Testversion, um Ihren Code mit QA-C oder QA-C++ zu testen.

Start
Trial
QA-Systems