Staying Inside the Compiler’s Safety Envelope

Continuous Qualification of the toolchain is the idea that compiler and library qualification is an ongoing engineering process. Its goal is to ensure that the use of the toolchain remains within the defined safety envelope: the specific compiler versions, options and assumptions for which qualification evidence is valid.

To make this practical, we need tooling that can follow how the toolchain is actually used and verify it accordingly.

Let’s start with the compiler. In safety-critical software development, compilers are typically qualified by validation. The test suite verifies whether the compiler behaves according to the language standard. This provides the evidence required by standards such as ISO 26262.

But there is a challenge.

The compiler is called by the application’s build system, often with many different option combinations, target configurations, and use cases. In modern applications, this can easily result in dozens of distinct compiler use cases, each of which must be covered by qualification. Identifying these use cases manually is difficult and error-prone.

This is where automation becomes essential.

CerTran (by our partner BUGSENG) is an analysis tool that analyses the application build process and reconstructs how the compiler is actually used. It detects the compiler options, configurations and usage patterns. After the initial qualification and during additional application development, this process detects the introduction of any new use case that is not yet qualified.

CerTran creates a test configuration for each use case, including new ones. Based on this, SuperTest automatically executes the tests. Only if new test failures are found is the application stepping outside the safety envelope.

This transforms compiler qualification from a static, singular activity into a repeatable and scalable process. More importantly, it aligns qualification with reality. For example, the EU’s new ruling about machine safety views safety as a continuing process, not as a one-time checkbox.

It also enables integration with modern development workflows. Compiler validation can be embedded into CI pipelines, where it is triggered whenever the toolchain or its configuration changes.

Of course, compiler validation is only part of the picture. Continuous Qualification requires that all elements of the toolchain (compilers, libraries and build configurations) are verified in a consistent and coordinated way. This is where the collaboration between BUGSENG and Solid Sands comes into play.

BUGSENG focuses on build system analysis, source code quality and compliance with coding guidelines, while Solid Sands ensures compiler, library and toolchain correctness.

Together, we enable a continuous process: understanding how the toolchain is used, verifying that it behaves correctly, and repeating this as the system evolves. This helps organizations build trustworthy software for safety-critical systems.

Continuous Qualification is possible, practical, and above all, necessary.