You can choose between reading an article about bungee jumping or going out and doing it. If you choose to jump, functional safety kicks in. Bungee jumping is a safety-critical activity, because if your equipment fails you may find yourself in hospital, or worse. Functional safety standards require designers of safety-critical components to consider the risk of harm in the case of a malfunction.
If a potential risk exists, the designer must mitigate it. For the bungee cord, it is clearly imperative to have a multi-stranded elastic cord. The redundancy in a multi-strand cord mitigates the possibility of a single point of failure.
Many of today’s safety-critical devices are protected by software that monitors and controls actuators and information systems. Take the system that closes the door of a metro train for example. It is a threat to human life if a passenger accidentally leaves a limb between the closing doors. The door control system must therefore be programmed to handle this situation. It should be part of its specification i.e. the controller shall detect excessive resistance to the closing door, reopen the door, inform the train driver, and block the train from moving off. It is the task of functional safety analysis to examine the implementation of specifications like these and mitigate any weaknesses. The software development toolchain that is used to generate the target machine code is one of the items that must be analyzed.
The bad news is that it’s impossible to predict the resulting behavior of a safety-critical device if there is an error in the software development toolchain. An error in the generated program may well result in a random action by the controller. In the case of the passenger limb left between the metro doors, the door may not reopen, the driver may not be informed, and the train may leave the station with catastrophic results. Every effort must therefore be made to reduce the risk of toolchain errors.
The good news is convergence, most noticeably in the dominance of the C and C++ languages in safety-critical embedded software development. There is a good reason for this dominance. Despite their shortcomings, both languages are known for their efficiency and predictability, and most importantly, they are well-defined by detailed ISO standards. (Programmers who use other programming languages would be well-advised to check if this is the case for those languages). These ISO standards are the fundamentals on which we can build a case for C and C++ toolchain quality and its safe use.
Because of this convergence, the methods and test suites we have created for qualifying C and C++ compilers and libraries are universally applicable. They fit well with many functional safety standards including IEC 61508, ISO 26262 and EN 50128.
The functional safety competence center of KUKA, one of the world’s leading suppliers of intelligent automation solutions, is well aware of these safety risks. KUKA uses our SuperTest Compiler Test and Validation Suite to decide on the best toolchain to use on a project-by-project basis, because toolchain quality and functional safety go hand in hand. You can read more about it in the customer experience story.
As for bungee jumping, I’ll stick to the fascinating article by world-famous natural historian (now) Sir David Attenborough about its origins on Pentecost Island, Vanuatu, rather than taking the leap myself. I do happily ride the metro, though.
Dr. Marcel Beemster, CTO