Railway systems must follow functional safety requirements developed specifically for the railway industry. These requirements are contained in the European EN 501xx family of standards developed by CENELEC (European Committee for Electro-technical Standardization). It consists of EN 50126, EN 50128, EN 50129 and EN 50155. The standards are used worldwide.
EN 50128 “Railway Application – Communications, Signalling and Processing Systems – Software for Railway Control and Protection Systems” is focused on software. It also governs software tools such as the compiler, which is, because of its function and complexity, the most safety-critical tool used in software development. SuperTest supports the functional safety requirements in the standard with regards to compiler validation as described below.
In section 6.7 of the standard, requirements for support tools are given for three different tool classes: T1, T2 and T3. Compilers are part of tool class T3, as compilers are tools that generate outputs which can directly or indirectly contribute to the executable code of the safety related system.
The key tool validation requirements from EN 50128 that SuperTest is designed to support are:
- “126.96.36.199 All tools in classes T2 and T3 shall have a specification or manual which clearly defines the behavior of the tool and any instructions or constraints on its use.”
- “188.8.131.52 For each tool in class T3, evidence shall be available that the output of the tool conforms to the specification of the output or failures in the output are detected.”
- “184.108.40.206 The results of tool validation shall be documented”
- “220.127.116.11 Where the conformance evidence of 18.104.22.168 is unavailable, there shall be effective measures to control failures”
The verifiable part of the specification of the compiler is the definition of the programming language that the compiler is designed to translate in combination with the compiler’s “use-case” – the configuration (compiler options setting etc.) that developers are using in their projects. For the C and C++ languages, their specifications are defined by the ISO and go back to 1989. These specifications are extensively discussed and well-understood by many people in the industry (22.214.171.124). SuperTest itself goes back to even before 1989 and has since then been used in hundreds of compiler development and compiler usage projects to verify the conformance of the compiler to the language standard. It does so by verifying that the behavior of the executable code generated by the compiler conforms to the language specification (126.96.36.199). SuperTest contains automated tools that summarize the results of a validation run into manageable reports. One of these reports provides requirements traceability. It is a detailed match between the tests that have PASSED or FAILED with the language specification (188.8.131.52).
There are few, if any, compilers that pass SuperTest verification without failures. Most common are errors that fail to detect violations of constraints, which may allow programming errors to go unnoticed. More rare are errors that incorrectly implement the required behavior. These are run-time errors that potentially pose an unacceptable risk to a safety-critical system. To avoid the first category, undetected constraint violation, a good mitigation is to verify the source code with a more strict static analysis tool than the compiler. This static analysis tool can also be verified with SuperTest. Different options are available to mitigate errors of the second category – run-time errors. In most cases, the error can be linked to a specific programming construct or to compilation options. If the error is linked to a programming construct, Solid Sands can help to avoid this by providing an automatic analysis tool that detects the construct in the application source code (184.108.40.206).
Compliance with CENELEC EN 50128 is an important step in the development of railway systems. SuperTest is the best tool available to provide tool validation for C and C++ compilers that are used for safety-critical railway systems.