Filetype PDF | Posted on 02 Feb 2023 | 2 years ago
Authentication
digital resources
101x Filetype PDF File size 0.26 MB Source: nohau.eu
EXECUTIVE SUMMARY
Achieving ISO 26262 Compliance
with QA·C and QA·C++
August 2014
ISO 26262 is an automotive standard that places requirements on the quality of
software, for which tools such as QA·C and QA·C++ are ideally positioned to enforce.
With the highest adoption in the industry, and a strong heritage in safety-critical
applications, QA·C and QAC++ have been certified as being “fit for purpose” to be
used as tools by development teams wishing to achieve ISO 26262. This document
describes the parts of the standard that are addressed by using QA·C with MISRA-C,
and QA·C++ with MISRA-C++.
ES118D/08/14 © 2014 Programming Research Ltd 1
Introduction initiation of software development; software
architectural design and software unit design and
Electronic equipment is increasingly being used in implementation. QA·C with MISRA-C and QA·C++
safety critical environments, and the software used with MISRA-C++ provide an approach to achieve
in these products is becoming more and more compliance within these sub-sections of the
complex. Exhaustive testing to ensure that there is standard.
no situation in which a failure could occur is rarely
possible, and therefore systems must be designed About PRQA, QA·C and QA·C++
in such a way to prevent failure or ensure controlled
behavior if failures arise. PRQA pioneered coding standard inspection and is
recognised worldwide as the coding standards
The introduction of standards has been an important expert because of its industry-leading software
factor in ensuring the development of robust inspection and standards enforcement technology.
software in safety critical applications. Coding PRQA’s QA·C and QA·C++ static analysis tools
standards such as MISRA, which mandate the use offer two of the most comprehensive parsers
of a specific subset of a programming language available today, providing detailed information and
have been a major factor in the improvement of accurately enforcing coding standards.
software quality. More recently the introduction of
ISO 26262 has mandated the use of better QA·C can be configured to enforce compliance with
development processes, including the use of coding many coding standards, including MISRA-C:2004
standards to encourage further gains in software and MISRA-C:2012. Likewise, QA·C++ can be
quality. configured to enforce compliance with many coding
standards, including MISRA-C++:2008. Both tools
About ISO 26262 can also be used for compliance checking in safety-
related systems.
ISO 26262 is an adaptation of the IEC 61508
functional safety standard for electronic / electrical / ISO 26262 Compliance with PRQA Tools
programmable electronic safety-related systems.
ISO 26262 focuses on the specific needs of QA·C 8.1.2 with MISRA-C and QA·C++ 3.1 with an
electrical and / or electronic systems installed in extended MISRA-C++ have been certified by SGS –
series-production passenger cars, and applies to all TÜV-SAAR as fit for purpose to develop safety-
activities within the safety lifecycle of these safety- related software up to ASIL D according to ISO
related systems. 26262 (if used as described in the appropriate
Safety Manual).
Examples of systems for which the standard was
developed include driver assistance, propulsion and The integration of one of the PRQA Tools into a
vehicle dynamics control as well as active and development process for a safety relevant system is
passive safety systems. As the complexity of a described in the respective safety manual, which
system increases, the risk of systematic failures and includes all relevant information for the proper
random hardware failures increases. The standard usage of the tool in a safety-related environment.
includes guidance that helps developers mitigate
these risks through the provision of appropriate The QA·C with MISRA-C certificate pack for ISO
requirements and processes. 26262 includes:
· Safety Manual, QA·C with MISRA-C
A system to which ISO 26262 is applicable may · ISO 26262 Certificate from SGS –TÜV-
have different levels of user risk or safety SAAR
requirements. To specify the necessary safety · Report to the Certificate
measures of a given system, ISO 26262 introduces
four Automotive Safety Integrity Levels (ASIL A – The QA·C++ with MISRA-C++ Extended certificate
D), where ASIL D represents the most stringent pack for ISO 26262 includes:
level. This allows different methods to be applied · Safety Manual, QA·C++ with MISRA-C++
depending upon the ASIL of the system at a Extended
functional level. · MISRA-C++ Extended Compliance Module
· ISO 26262 Certificate from SGS –TÜV-
Within the standard, Part 6 specifically addresses SAAR
software development, placing requirements on the · Report to the Certificate
ES118D/08/14 © 2014 Programming Research Ltd 2
ISO 26262 - Part 6 Compliance Tables
Part 6 of ISO 26262 addresses product development at the software level including several tables that define
the methods that must be considered in order to achieve compliance with the standard. The following tables
identify where QA·C with MISRA-C (referred to as “QA·C”) and QA·C++ with MISRA-C++ Extended (referred
to as “QA·C++”) can be used to ensure and demonstrate compliance.
Where the table lists consecutive entries (labeled e.g. 1, 2, etc), all methods shall be applied. Alternative
entries (labeled e.g. 1a, 1b, 1c, etc) require only an appropriate combination of methods to be used. For each
method, the degree of recommendation to use the corresponding method depends on the ASIL and is
categorized as follows:
· “++” indicates that the method is highly recommended for the identified ASIL;
· “+” indicates that the method is recommended for the identified ASIL;
· “o” indicates that the method has no recommendation for or against its usage for the identified ASIL.
Table 1 – Topics to be covered by modeling and coding guidelines
ASIL
Methods QA·C QA·C++
A B C D
1a. Enforcement of low complexity ++ ++ ++ ++
1b. Use of language subsets ++ ++ ++ ++
1c. Enforcement of strong typing ++ ++ ++ ++
1d. Use of defensive implementation techniques o + ++ ++
1e. Use of established design principles + + + ++
1f. Use of unambiguous graphical representation + ++ ++ ++ - -
1g. Use of style guides + ++ ++ ++
1h. Use of naming conventions ++ ++ ++ ++
Table 3 – Principles for software architectural design
ASIL
Methods QA·C QA·C++
A B C D
1a. Hierarchical structure of software components ++ ++ ++ ++ - -
1b. Restricted size of software components ++ ++ ++ ++
1c. Restricted size of interfaces + + + +
1d. High cohesion within each software component + ++ ++ ++
1e. Restricted coupling between software components + ++ ++ ++ -
1f. Appropriate scheduling properties ++ ++ ++ ++ - -
1g. Restricted use of interrupts + + + ++ - -
ES118D/08/14 © 2014 Programming Research Ltd 3
Table 8 – Design principles for software unit design and implementation
ASIL
Methods QA·C QA·C++
A B C D
1a. One entry and one exit point in subprograms and ++ ++ ++ ++
functions
1b. No dynamic objects or variables, or else online test + ++ ++ ++
during their creation
1c. Initialization of variables ++ ++ ++ ++
1d. No multiple use of variable names + ++ ++ ++
1e. Avoid global variables or else justify their usage + + ++ ++
1f. Limited use of pointers o + + ++
1g. No implicit type conversions + ++ ++ ++
1h. No hidden data flow or control flow + ++ ++ ++
1i. No unconditional jumps ++ ++ ++ ++
1j. No recursions + + ++ ++
Table 9 – Methods for the verification of software unit design and implementation
ASIL
Methods QA·C QA·C++
A B C D
1a. Walk-through ++ + o o - -
1b. Inspection + ++ ++ ++ - -
1c. Semi-formal verification + + ++ ++ - -
1d. Formal verification o o + + - -
1e. Control flow analysis + + ++ ++
1f. Data flow analysis + + ++ ++
1g. Static code analysis + ++ ++ ++
1h. Semantic code analysis + + + +
Summary Contact Us
QA·C with the MISRA-C Compliance Module and PRQA has offices globally and offers worldwide
QA·C++ with the MISRA-C++ Extended Compliance customer support. Visit our website to find details of
Module have been certified as “fit for purpose” for your local representative.
achieving compliance with ISO 26262. The time and
cost of meeting many of the standard’s Email: info@programmingresearch.com
requirements associated with development at the Web: www.programmingresearch.com
software level can be reduced by using these tools.
The long history of widespread use of QA·C and All products or brand names are trademarks or registered trademarks of
QA·C++ in automotive development, demonstrates their respective holders.
its suitability for use within this industry. QA·C and
QA·C++ with MISRA are highly effective tools for
any company that needs to achieve ISO 26262
compliance for its products.
ES118D/08/14 © 2014 Programming Research Ltd 4
no reviews yet
Please Login to review.
