Safety-critical software development standards, as such as ISO 26262 (automotive), DO178B/C (aerospace), IEC 62304 (medical devices), EN-50128 (railway), and IEC 61508 (functional safety of EE system), require that manufacturers prove that the tools they are using to develop their software provide correct and predictable results.
The process of providing such evidence is known as Tool Qualification or Tool Validation. It can be a time-consuming process, and for sure, it adds time and effort for teams that need to be focused on developing and testing software for the project. While users are ultimately responsible for the tool qualification process, they use tool vendors like Parasoft, to support these efforts. Tool vendors can ease the burden on the end-users by certifying their products and providing qualification kits.
Do I need to qualify all my tools?
There is no single approach for tool qualification or certification across standards and not all tools require qualification. Therefore, standards define a “classification” process, attaching different levels of importance to tool qualification, and defining different methods to gain confidence in the tools used, which helps in determining whether a qualification is necessary for the specific tool.
This being said, as a general rule, if a tool is used to automate the verification process or produces the output that is used as a part of a critical system, like source code generated from the model, then qualification of the tool is required.
The short answer is, it depends on the standard.
In short, the practice in the industry is that for ISO26262, IEC 61508 and IEC 62304 teams can use tools that are certified by an independent organization (such as TÜV SÜD) without other qualification activities. For DO178B/C, certificates are not accepted and teams must go through the qualification process.
Tool vendors hire an independent organization (such as TÜV SÜD) specializing in functional safety to evaluate the software tool development process. The evaluation includes an assessment of intended use cases and review with a special focus on software quality assurance, known defect lifecycle and release management.
If the processes meets the standards and guarantees the quality of the tool, the organization is granted certification for the tool. Certification is given for the specific release of the tool; it is not possible to certify “future” releases.
The certificate is then offered together with the tool to simplify the process of approving it for safety-critical development. For all safety standards that allow for it, this is the preferred way of tool qualification, as it reduces the effort for the tool user.
Parasoft C/C++test Compliance editions have been certified by TÜV SÜD for use in safety-critical software development according to:
TÜV SÜD is an organization oriented on providing safety and security audits and certifications. It is a widely recognized and respected organization. Unlike some competitors, Parasoft certifies every release of its product so you are able to take advantage of the most recent innovations and are not limited to a special Long Term Support version.
For more about TÜV SÜD, please follow https://www.tuvsud.com/
TÜV certification can be used to approve and qualify Parasoft C/C++test for developing software for all ASIL or SIL levels. Teams developing software for ASIL D or SIL 4 can still consider approving the tool with the qualification kit. However, in general, the practice in the industry is that the certification is sufficient.
The TÜV Certification is a pdf document that is part of the “C/C++test Functional Safety Distribution Package” and is available to customers who are using a Compliance version of Parasoft C/C++test. The package contains the following documents:
Z10 075084 0005 Rev.02.pdf – The main certificate. Includes the information about the tool version that was certified and the list of functional safety standards for which the certification is valid. The certification should be included in the project documentation that is submitted for the functional safety audit.
C++test <version> – Functional Safety Considerations.pdf – Tool safety manual. It contains important information on how to use the tool safely. This document should be distributed to all users of the tool. It defines which features have been certified and how to configure the tool to detect potential errors.
C++test <version> – Known Defects.pdf – List of all known defects in the tool that may affect the output of the tool. Tool end-users shall review this document and apply workarounds for all the problems that affect relevant use cases of the tool in a specific project.
PK83996C V6.4.pdf – Report to the Certificate. It states the scope of testing and tool classification and qualification requirements. It is a supplement to the main certificate.
PK83317T V7.4.pdf– Technical Report of Functional Safety. It is a supplement to the main certificate.
In addition, all users of Parasoft C/C++test who are developing safety-critical software should register for updates of the “known defects” list. Parasoft maintains an up-to-date list of known defects and distributes it to all registered users.
The TÜV Certification can be downloaded from the Parasoft Customer Portal, which is available from the main Parasoft web page (parasoft.com). Customers can log in using their credentials and go to “Products & Licenses”, “Downloads” and select the “Functional Safety Distribution Package.”
“Functional Safety Distribution Package” is available for all customers who have purchased the “Compliance” edition of Parasoft C/C++test.
Product Manager for Parasoft's embedded testing solutions, Miroslaw's specialties include C/C++, RTOSes, static code analysis, unit testing, managing software quality for safety critical applications, and software compliance to safety standards.