IEC 61508

IEC 61508

The IEC 61508 standard is the international umbrella standard for functional safety for electrical/electronic/programmable safety-related systems. The standard is used in a wide variety of industries with reliability and safety requirements, such as the process industry, power plants, robotics and industrial control systems. Several other functional safety standards including the ISO 26262 standard for the automotive industry are derived from IEC 61508.

Section 7.4.4 of Part 3 of the standard specifies requirements for support tools and programming languages. This is the section that applies to compilers. In IEC 61508, compilers are “software off-line support tools” of class T3. T3 tools “generate outputs which can directly or indirectly contribute to the executable code of the safety related system”. SuperTest is designed to support the following key requirements from IEC 61508:

  • “7.4.4.5 An assessment shall be carried out for off-line support tools in classes T2 and T3 to determine the level of reliance placed on the tools, and the potential failure mechanisms of the tools that may affect the executable software. Where such failure mechanisms are identified, appropriate mitigation measures shall be taken.”
  • “7.4.4.6 For each tool in class T3, evidence shall be available that the tool conforms to its specification or documentation. Evidence may be based on a suitable combination of history of successful use in similar environments and for similar applications (within the organisation or other organisations), and of tool validation as specified in 7.4.4.7.”
  • “7.4.4.7 The results of tool validation shall be documented covering the following results:
    • a) a chronological record of the validation activities;
      b) the version of the tool product manual being used;
      c) the tool functions being validated;
      d) tools and equipment used;
      e) the results of the validation activity; the documented results of validation shall state either that the software has passed the validation or the reasons for its failure;
      f) test cases and their results for subsequent analysis;
      g) discrepancies between expected and actual results.”

The C and C++ languages are defined by the international ISO language standards ISO 9899 and ISO 14882. SuperTest verifies that the behavior of the executable code generated by the compiler conforms to the language standard. SuperTest contains automated tools that summarize the results of a validation run into manageable reports. One of these reports provides requirements traceability. It details match between the requirements of the language specification and the tests that have PASSED or FAILED.

There are few, if any, compilers that pass SuperTest verification without failures. Most common are errors that fail to detect violations of constraints, which may allow programming errors to go unnoticed. More rare are errors that incorrectly implement the required behavior. These are run-time errors that potentially pose an unacceptable risk to a safety-critical system. To avoid the first category (undetected constraint violation) a good mitigation is to verify the source code with a more strict static analysis tool than the compiler. This static analysis tool can also be verified with SuperTest. Different options are available to mitigate errors of the second category – run-time errors. In most cases, the error can be linked to a specific programming construct or to compilation options. If the error is linked to a programming construct, Solid Sands can help to avoid this by providing an automatic analysis tool that detects the construct in the application source code.

Compiler compliance with IEC 61508 is an important step in the development of a safety-critical system. SuperTest is the best tool available to provide validation for C and C++ compilers.