Introduction: Functional Safety in the Automotive Industry
Safety functions are increasingly being carried out by electrical, electronic, or programmable electronic systems. These systems are usually complex, making it impossible in practice to fully determine every failure mode or to test all possible behavior. Although it is difficult to predict the safety performance, testing is still essential. The challenge is to design the system in such a way as to prevent dangerous failures or to control them when they arise.
Safety is one of the key issues of today's and tomorrow's electrical/electronic/programmable electronic safety-related systems. New functionalities increasingly touch the domain of safety engineering. Each function that is required to keep a risk at an accepted level is called a safety function. To achieve functional safety these functions need to fulfill safety function requirements (what the function does) and safety integrity requirements (the likelihood of a function behaving in a satisfactory manner). Future development and integration of the functionalities containing safety functions will further strengthen the need to have safe system development processes and to provide evidence that all reasonable safety objectives are satisfied.
With the trend of increasing complexity, software content, and mechatronic implementation, there are rising risks of systematic failures and random hardware failures. IEC 61508 includes guidance to reduce these risks to a tolerable level by providing feasible requirements and processes.
The purpose of this document is to detail how the use of Parasoft C/C++test can help software development teams meet requirements for particular SIL levels. It first introduces the idea of SIL as defined by the IEC 61508 standard. Next, it describes Parasoft C/C++test: an integrated solution for automating best practices in software development and testing. Finally, it presents how Parasoft C/C++test can be used to fully or partially satisfy software development process requirements for particular SILs.
Software Integrity Levels
Safety Integrity Level (SIL)as defined by the IEC 61508 standardis one of the four levels (SIL1-SIL4) corresponding to the range of a given safety function's target likelihood of dangerous failures. Each safety function in a safety-related system needs to have appropriate safety integrity level assigned. An E/E/PE safety-related system will usually implement more than one safety function. If the safety integrity requirements for these safety functions differ, unless there is sufficient independence of implementation between them, the requirements applicable to the highest relevant safety integrity level shall apply to the entire E/E/PE safety-related system.
According to IEC 61508, the safety integrity level for a given function is evaluated based on either the average probability of failure to perform its design function on demand (for a low demand mode of operation) or on the probability of a dangerous failure per hour (for a high demand or continuous mode of operation).
The IEC 61508 standard specifies the requirements for achieving each safety integrity level. These requirements are more rigorous at higher levels of safety integrity in order to achieve the required lower likelihood of dangerous failures.
To read more, download the complete Satisfying SIL Requirements for Software paper as a PDF.