IEC 61508 and Safety-Critical Software: Ensuring Functional Safety
What is IEC 61508?
IEC 61508, titled „Functional Safety of Electrical / Electronic / Programmable Electronic Safety-related systems (E/E/PE, or E/E/PES),“ is a comprehensive and generic functional safety standard. It is applicable to cases where programmable devices are used to control systems with safety considerations. The standard is designed to ensure that safety-critical systems function reliably and mitigate potential hazards.
Why is IEC 61508 Important?
In safety-critical industries, the consequences of system failures can be severe, leading to injuries, loss of life, or environmental damage. IEC 61508 plays a crucial role in reducing risks associated with safety-related systems by providing a structured framework for designing, implementing, and maintaining these systems to ensure their functional safety.
Functional safety ensures that systems will reliably perform their safety functions when needed, reducing risks to an acceptable level. IEC 61508 provides a foundation for other industry-specific standards derived from it, serving as a consistent reference for developing safety-related systems across various sectors.
Furthermore, IEC 61508 has legal implications, particularly in Europe where it is relevant to the General Product Safety Directive 2001/95/EC (GPSD). This directive stipulates that the product creator is responsible for developing a safety-critical product in compliance with ‚State-of-the-Art‘ development principles. ‚State-of-the-Art‘ refers to commonly accepted best practices, which, in the case of electronic safety-related systems, are now embodied in IEC 61508:2010 (or the previously mentioned standards derived from it, which focus on specific industries). Consequently, failing to adhere to accepted industry practices would render companies unable to use the “State-of-the-Art” legal defense against litigation related to product fitness for purpose.
IEC 61508 is of paramount importance due to its role in enhancing functional safety, providing a basis for industry-specific standards, and holding companies accountable to legal requirements in safety-critical product development.
IEC 61508 SILs Safety Integrity Levels
IEC 61508 introduces Safety Integrity Levels (SILs) to classify safety performance. SIL 1 to SIL 4 represent increasing safety requirements, with SIL 4 being the most stringent. Engineers use SIL classification to determine risk reduction measures and design safety mechanisms accordingly. The assigned SIL depends on the probability of failure, influencing software development efforts to manage risk effectively. Adherence to SIL requirements ensures safety-critical systems are suitably protected, reducing potential hazards.
How to Comply with IEC 61508?
An IEC 61508 certification demonstrates that a safety-related system or software complies with the standard’s requirements. It provides confidence to stakeholders, customers, and regulatory authorities that the system has been developed following best practices and adheres to safety integrity levels.
Compliance with IEC 61508 involves a systematic approach to functional safety, including requirements, design, implementation, verification, and validation. It requires a safety management system, risk assessment, and safety case documentation. A safety culture, competent personnel, and regular assessments are vital for maintaining compliance.
Regarding software, IEC 61508:2010 emphasizes the objectives for specifying software safety requirements, including functional safety requirements derivation, software systematic capability, and implementing required safety functions.
The V-model highlights the need for traceability between process steps, with bidirectional traceability specified as an explicit goal. Bidirectional Traceability ensures all requirements are addressed, detailed requirements trace back to high-level ones, and avoids surplus code in software requirements.
Testing Tools for Compliance
To expedite compliance with IEC 61508 recommendations, specialized testing tools are available. Tools like QA-MISRA and ASTRÉE facilitate automated coding standards compliance and static analysis to identify potential runtime errors and data races in C/C++ code. Additionally, CANTATA and ADATEST 95 offer automated unit and integration testing for both C/C++ and Ada code.
The certification for development tools is optional but hugely benefits the qualification process.
Tool Certification & Qualification
IEC 61508 recommends that software tools used in the development of safety-critical software should be certified. QA Systems‘ CANTATA has been classified and certified as a Tool Confidence Level (TCL) 1 tool, suitable for use in developing safety-related software up to SIL 4. Similarly, QA-MISRA has a tool qualification verification test suite to support IEC 61508 tool qualification.
By adopting certified and qualified tools, developers can streamline the certification process and demonstrate compliance with the IEC 61508 standard.
For more information about our IEC 61508 tool kits and how they can assist you in achieving compliance, please don’t hesitate to contact us. Ensuring functional safety is a critical aspect of embedded software development, and our tools can significantly ease the path to certification and guarantee safety in your projects.
Testing tools for compliance with IEC 61508 recommendations
QA Systems enables organisations to accelerate IEC 61508 compliance with automated static analysis and software testing tools:
STATIC ANALYSIS
Tool Certification & Qualification
IEC 61508, Part 3 Annex A recommends that software tools are certified. QA Systems’ dynamic testing tool Cantata has been classified and certified by SGS-TÜV GmbH, an independent third party certification body for functional safety, accredited by Deutsche Akkreditierungsstelle GmbH (DAkkS). Cantata has been classified as a Tool Confidence Level (TCL) 1 tool, and is usable in development of safety related software according to IEC 61508:2010 up to the Safety Integrity Level (SW-SIL) 4.
Cantata has been certified as a class T2 tool fulfilling the requirements of IEC 61508-3 sub-clause 7.4.4. Providing use of the tool follows the relevant version Safety Manual, Installation Manual, User Manual and this Standard Briefing then it has been certified as usable in development of safety related software according to IEC 61508 up to the highest Safety Integrity Level (SW-SIL 4).
For our static analysis tool QA-MISRA, our tool Qualification Support Kit (QSK) automatically executes a full tool qualification verification test suite on the installed tool configuration and generates the necessary reports for IEC 61508 tool qualification.
These tool kits for IEC 61508 are available to ease our customers’ path to certification. They contain everything needed to prove that Cantata and QA-MISRA provide the required confidence in the use of software tools under IEC 61508 recommendations as well as comprehensive and detailed guidance on how to use them to comply with the required software verification activities of IEC 61508.
Please contact us for more information about these tool kits.
Cantata Certificate
Software testing for IEC 61508 compliance
IEC 61508 Section 3, Table A.5 recommends software module testing and integration. The Cantata testing tool enables developers to automate their unit and integration testing and to verify IEC 61508 compliant code on host native and embedded target platforms.
Cantata helps accelerate compliance with the standard’s software testing requirements by automating:
Start a free trial to evaluate Cantata using your code.
Static analysis for IEC 61508 compliance
Part 3 of IEC 61508 addresses the software requirements of a safety-related system mandating the use of better development processes, including the use of coding standards such as MISRA to encourage further gains in software quality. It includes several tables that define the methods that must be considered in order to achieve compliance with the standard.
The IEC 61508 static analysis recommendations by SIL and how these are supported by QA-MISRA and Astrée are summarised in our “QA-MISRA Safety Manual”.
Start a free trial of QA-MISRA to evaluate your code against MISRA, AUTOSAR, CERT C/C++, CWE and other coding standards to ensure automated compliance with IEC 61508.
