101x Filetype PDF File size 0.26 MB Source: nohau.eu
EXECUTIVE SUMMARY Achieving ISO 26262 Compliance with QA·C and QA·C++ August 2014 ISO 26262 is an automotive standard that places requirements on the quality of software, for which tools such as QA·C and QA·C++ are ideally positioned to enforce. With the highest adoption in the industry, and a strong heritage in safety-critical applications, QA·C and QAC++ have been certified as being “fit for purpose” to be used as tools by development teams wishing to achieve ISO 26262. This document describes the parts of the standard that are addressed by using QA·C with MISRA-C, and QA·C++ with MISRA-C++. ES118D/08/14 © 2014 Programming Research Ltd 1 Introduction initiation of software development; software architectural design and software unit design and Electronic equipment is increasingly being used in implementation. QA·C with MISRA-C and QA·C++ safety critical environments, and the software used with MISRA-C++ provide an approach to achieve in these products is becoming more and more compliance within these sub-sections of the complex. Exhaustive testing to ensure that there is standard. no situation in which a failure could occur is rarely possible, and therefore systems must be designed About PRQA, QA·C and QA·C++ in such a way to prevent failure or ensure controlled behavior if failures arise. PRQA pioneered coding standard inspection and is recognised worldwide as the coding standards The introduction of standards has been an important expert because of its industry-leading software factor in ensuring the development of robust inspection and standards enforcement technology. software in safety critical applications. Coding PRQA’s QA·C and QA·C++ static analysis tools standards such as MISRA, which mandate the use offer two of the most comprehensive parsers of a specific subset of a programming language available today, providing detailed information and have been a major factor in the improvement of accurately enforcing coding standards. software quality. More recently the introduction of ISO 26262 has mandated the use of better QA·C can be configured to enforce compliance with development processes, including the use of coding many coding standards, including MISRA-C:2004 standards to encourage further gains in software and MISRA-C:2012. Likewise, QA·C++ can be quality. configured to enforce compliance with many coding standards, including MISRA-C++:2008. Both tools About ISO 26262 can also be used for compliance checking in safety- related systems. ISO 26262 is an adaptation of the IEC 61508 functional safety standard for electronic / electrical / ISO 26262 Compliance with PRQA Tools programmable electronic safety-related systems. ISO 26262 focuses on the specific needs of QA·C 8.1.2 with MISRA-C and QA·C++ 3.1 with an electrical and / or electronic systems installed in extended MISRA-C++ have been certified by SGS – series-production passenger cars, and applies to all TÜV-SAAR as fit for purpose to develop safety- activities within the safety lifecycle of these safety- related software up to ASIL D according to ISO related systems. 26262 (if used as described in the appropriate Safety Manual). Examples of systems for which the standard was developed include driver assistance, propulsion and The integration of one of the PRQA Tools into a vehicle dynamics control as well as active and development process for a safety relevant system is passive safety systems. As the complexity of a described in the respective safety manual, which system increases, the risk of systematic failures and includes all relevant information for the proper random hardware failures increases. The standard usage of the tool in a safety-related environment. includes guidance that helps developers mitigate these risks through the provision of appropriate The QA·C with MISRA-C certificate pack for ISO requirements and processes. 26262 includes: · Safety Manual, QA·C with MISRA-C A system to which ISO 26262 is applicable may · ISO 26262 Certificate from SGS –TÜV- have different levels of user risk or safety SAAR requirements. To specify the necessary safety · Report to the Certificate measures of a given system, ISO 26262 introduces four Automotive Safety Integrity Levels (ASIL A – The QA·C++ with MISRA-C++ Extended certificate D), where ASIL D represents the most stringent pack for ISO 26262 includes: level. This allows different methods to be applied · Safety Manual, QA·C++ with MISRA-C++ depending upon the ASIL of the system at a Extended functional level. · MISRA-C++ Extended Compliance Module · ISO 26262 Certificate from SGS –TÜV- Within the standard, Part 6 specifically addresses SAAR software development, placing requirements on the · Report to the Certificate ES118D/08/14 © 2014 Programming Research Ltd 2 ISO 26262 - Part 6 Compliance Tables Part 6 of ISO 26262 addresses product development at the software level including several tables that define the methods that must be considered in order to achieve compliance with the standard. The following tables identify where QA·C with MISRA-C (referred to as “QA·C”) and QA·C++ with MISRA-C++ Extended (referred to as “QA·C++”) can be used to ensure and demonstrate compliance. Where the table lists consecutive entries (labeled e.g. 1, 2, etc), all methods shall be applied. Alternative entries (labeled e.g. 1a, 1b, 1c, etc) require only an appropriate combination of methods to be used. For each method, the degree of recommendation to use the corresponding method depends on the ASIL and is categorized as follows: · “++” indicates that the method is highly recommended for the identified ASIL; · “+” indicates that the method is recommended for the identified ASIL; · “o” indicates that the method has no recommendation for or against its usage for the identified ASIL. Table 1 – Topics to be covered by modeling and coding guidelines ASIL Methods QA·C QA·C++ A B C D 1a. Enforcement of low complexity ++ ++ ++ ++ 1b. Use of language subsets ++ ++ ++ ++ 1c. Enforcement of strong typing ++ ++ ++ ++ 1d. Use of defensive implementation techniques o + ++ ++ 1e. Use of established design principles + + + ++ 1f. Use of unambiguous graphical representation + ++ ++ ++ - - 1g. Use of style guides + ++ ++ ++ 1h. Use of naming conventions ++ ++ ++ ++ Table 3 – Principles for software architectural design ASIL Methods QA·C QA·C++ A B C D 1a. Hierarchical structure of software components ++ ++ ++ ++ - - 1b. Restricted size of software components ++ ++ ++ ++ 1c. Restricted size of interfaces + + + + 1d. High cohesion within each software component + ++ ++ ++ 1e. Restricted coupling between software components + ++ ++ ++ - 1f. Appropriate scheduling properties ++ ++ ++ ++ - - 1g. Restricted use of interrupts + + + ++ - - ES118D/08/14 © 2014 Programming Research Ltd 3 Table 8 – Design principles for software unit design and implementation ASIL Methods QA·C QA·C++ A B C D 1a. One entry and one exit point in subprograms and ++ ++ ++ ++ functions 1b. No dynamic objects or variables, or else online test + ++ ++ ++ during their creation 1c. Initialization of variables ++ ++ ++ ++ 1d. No multiple use of variable names + ++ ++ ++ 1e. Avoid global variables or else justify their usage + + ++ ++ 1f. Limited use of pointers o + + ++ 1g. No implicit type conversions + ++ ++ ++ 1h. No hidden data flow or control flow + ++ ++ ++ 1i. No unconditional jumps ++ ++ ++ ++ 1j. No recursions + + ++ ++ Table 9 – Methods for the verification of software unit design and implementation ASIL Methods QA·C QA·C++ A B C D 1a. Walk-through ++ + o o - - 1b. Inspection + ++ ++ ++ - - 1c. Semi-formal verification + + ++ ++ - - 1d. Formal verification o o + + - - 1e. Control flow analysis + + ++ ++ 1f. Data flow analysis + + ++ ++ 1g. Static code analysis + ++ ++ ++ 1h. Semantic code analysis + + + + Summary Contact Us QA·C with the MISRA-C Compliance Module and PRQA has offices globally and offers worldwide QA·C++ with the MISRA-C++ Extended Compliance customer support. Visit our website to find details of Module have been certified as “fit for purpose” for your local representative. achieving compliance with ISO 26262. The time and cost of meeting many of the standard’s Email: info@programmingresearch.com requirements associated with development at the Web: www.programmingresearch.com software level can be reduced by using these tools. The long history of widespread use of QA·C and All products or brand names are trademarks or registered trademarks of QA·C++ in automotive development, demonstrates their respective holders. its suitability for use within this industry. QA·C and QA·C++ with MISRA are highly effective tools for any company that needs to achieve ISO 26262 compliance for its products. ES118D/08/14 © 2014 Programming Research Ltd 4
no reviews yet
Please Login to review.