We frequently discuss compiler qualification and its importance in making sure that your safety-critical components work properly and adhere to safety standards. But what actually is compiler qualification? How does it work?
In essence, as far as most functional safety standards are concerned, compiler qualification is part of the tool qualification process defined under the ‘confidence in the use of software tools’ supporting process. The standards provide you with a roadmap on how to perform the process. If that roadmap is rigorously followed, the compiler can be correctly described as qualified.
To comply with tool qualification requirements, you have to do three things: (1) classify the compiler; (2) validate it with a suitable test suite – such as, SuperTest – and, if necessary, mitigate the impact of detected errors; (3) document your inputs, findings, test results and mitigations.
Classify the compiler
This first step is about gathering information. What type of compiler are you using (its make, version etc.) and in what configuration are you using it to generate software for your safety-critical component. Then, you need to ask yourself a question – if there is an unknown compiler error that leads to incorrectly generated code, is there even a small chance that it will not be found by your application test procedures?
Usually the definitive answer to this is yes, which means the compiler needs to be qualified. For a compiler, the only realistic qualification option is to validate it against the language definition.
Validate the compiler and define mitigations
Validation against the language definition requires a test suite that is itself based on the language definition, which is where SuperTest comes in. SuperTest is a test suite that verifies that a compiler is compliant with all aspects of the language definition, including the diagnostics needed to identify an ill-formed program.
Because of the breadth and depth of its tests, it is very likely that SuperTest will find compiler errors. However, that doesn’t necessarily mean your compiler fails to qualify. Errors are allowed, but the standards do require you to develop workarounds for them – so-called mitigations – if they are safety-critical. These workarounds can take the form of guidelines for application developers, but alternatively you may prefer to have an automated procedure in place.
Create a qualification report
Once validation of the compiler is complete, the entire process, including test results and mitigations, needs to be documented in a compiler qualification report. Depending on the Safety Integrity Level (SIL or ASIL) of the component for which the compiler is being used to generate code, the qualification process may then be reviewed by an independent third party.
Tailor-made or in-house qualification
The most flexible way to qualify a compiler is to do it in-house with SuperTest. This allows for a quick qualification rerun if there is a change to the compiler version or configuration, or the way mitigations are handled. However, we fully understand that not everyone wants to perform compiler qualification themselves. That’s why Solid Sands offers a Tailor-Made Compiler Qualification Service, designed to qualify your compiler using your individual set of compiler options and configuration parameters.
If you would like to know more about our Tailor-Made Compiler Qualification Service or about the compiler qualification process itself, do not hesitate to contact us.