See how the Parasoft Continuous Quality Platform helps control & manage test environments to deliver high-quality software with confidence. Register for Demo >>

ISO 26262 Compliance & Tools

Fulfill software verification and validation of ISO 26262.

ISO 26262 is the functional safety standard for electrical, electronic, and programmable electronic devices in the automotive industry. Leverage Parasoft C/C++test to reduce the cost of achieving ISO 26262 compliance by automating the testing methods required by the standard.

What Is ISO 26262?

ISO 26262 (the international standard for functional safety) is an automotive functional safety standard that covers the entire automotive product development process. ISO 26262 inherited or is an adaptation of safety requirements standard IEC 61508 for the industrial automation industry, but tailored specifically for the automotive industry. The latest version is ISO 26262-1:2018.

It includes activities such as requirements analysis , safety analysis, quality management, design, implementation, integration, verification, validation, and configuration. This applies to road vehicles such as motorcycles, traditional oil-powered cars and trucks, hybrids, and autonomous vehicles.

The standard provides guidance on automotive safety lifecycle activities for OEMs and other suppliers by specifying the following requirements:

  • Functional safety management for automotive applications
  • Product development at the software level for automotive applications
  • The concept phase for automotive applications
  • Product development at the system level for automotive applications software architectural design
  • Automotive Safety Integrity Level (ASIL) oriented and safety-oriented analyses and failure analysis
  • Product development at the hardware level for automotive applications software unit testing
  • Production, operation, service, and decommissioning

What Are the Parts of ISO 26262?The 12 part of ISO 26262 broken down into a diagram.

Overall, ISO 26262 is separated into 12 parts to ISO that can be broken down simply using the above diagram.

  1. Part 1 – includes vocabulary, terms, abbreviations, and definitions.
  2. Part 2 – describes functional safety management.
  3. Part 3 – conceptual phase that drives what will ultimately be built and delivered.
  4. Part 4 – the beginning of product development.
  5. Part 5 – targets hardware development.
  6. Part 6 – targets software development.
  7. Part 7 – addresses production and operation of the product in the field, as well as operation service and decommissioning.
  8. Part 8 – describes supporting processes and solutions that ensure safety for development.
  9. Part 9 – addresses risk classification for pedestrians and passengers regarding product/platform development.
  10. Part 10 – provides ISO 26262 standard overview with additional information.
  11. Part 11 – offers information and guidance for manufacturers of semiconductors on how to remain ISO 26262 compliant. Particularly useful for vision-based technology like graphics processing units (GPUs), DRAM, sensors, and key components that empower advanced driver-assistance systems (ADAs).
  12. Part 12 – adaptation for motorcycles.

Part 6 of the standard specifically addresses product development at the software level, and Parasoft users can save time and effort adhering to this part of the standard. Sections 6.9, 6.10, and 6.11 represent the testing or formal verification and validation of the software.

This includes the multiple verification methods (unit testing, static analysis, structural code coverage, requirements traceability, and more) recommended or highly recommended based on the assigned automotive safety integrity levels (ASIL). As with safety concepts and safety-related systems, the margin for error in hardware and software is thin.

Compliance Benefits Parasoft Brings to ISO 26262

Satisfy ISO 26262 compliance objectives by automating verification and validation methods like code reviews, requirements traceability, static analysis, unit testing, code coverage, and more, while also reducing the amount of labor costs and time to market.

Compliance Walkthroughs and Inspections

Parasoft’s walkthroughs or Code Review module is designed to make peer reviews more practical and productive by automating preparation, notification, and tracking. It automatically identifies updated code, matches it with designated reviewers, and tracks the progress of each review item until closure.

Compliance Control Flow Analysis

Parasoft technology uses several analysis techniques, including simulation of application execution paths, to identify paths that could trigger runtime defects. Defects detected include the use of uninitialized memory, null pointer dereferencing, division by zero, memory, and resource leaks.

Compliance Data Flow Analysis

Parasoft’s data flow analysis helps find potentially crash-causing defects like exceptions and resource leaks without having to create, execute, or maintain test cases. Also, shows whether actual application execution paths could lead to injection vulnerabilities, XSS, exposure of sensitive data, and other vulnerabilities. This provides a fast and easy way to identify reliability and performance problems without having to execute the application.

Compliance Static Code Analysis

Achieve compliance with safety coding standards such as MISRA, AUTOSAR C++14, and more. Or create your own custom coding standards configuration for your organization and suppliers using our RuleWizard.

Static Analysis Security Testing (SAST)

Weave compliance with security coding standards like SEI CERT, CWE, OWASP, DISA-ASD-STIG, and UL 2900 into the SA testing processes and ensure your code meets stringent security standards.

Code Coverage Compliance Requirements

Fulfill all ISO 26262 code coverage requirements. All code coverage types (statement, branch, MC/DC and more) are supported and help ensure code safety, security, and reliability by exposing untested code, dead code and flushes out defects.

Unit Testing

Isolate the unit to be tested with Parasoft’s automated stubbing framework and mocks in cases where the dependent code is unavailable, lacks controllability, or in instances where fault injection is difficult.

Automated Test Case Generation

Creating unit tests manually is tedious, but fortunately, unit tests lend themselves well to automatic unit test creation. Parasoft’s configurable test case generation can build smart test cases that will identify bugs, automate code coverage, collect results and metrics to feed project analytics.

Incorporate Static & Dynamic Analysis Into Your CI/CD Workflow

Parasoft’s static analysis, unit testing, regression testing, and code coverage integrate easily into your CI/CD pipeline. With continuous testing, teams can deliver safe, secure, and quality code — quickly.

Compliance Reporting

Parasoft’s dynamic reporting dashboard automatically tracks compliance and can automatically produce reports. It also enables advanced reporting strategies using historical data, even when working with large codebases and legacy code where visibility into the code is typically challenging.

ISO 26262 Bidirectional Requirements Traceability

Automate bidirectional traceability between requirements, test cases, test results, code, and code reviews.

Reduce the Cost of Defects

Code defects found in production or out in the field are the most expensive. Prevent them from slipping through the cracks by highlighting code that has not been tested before you release your application. This can be performed at the developer’s workstation or automated as part of the continuous integration (CI) pipeline.

Use a TÜV Certified & Proven Solution for Safety- & Security-Critical Systems

Parasoft solutions have been TÜV SÜD certified for ISO 26262 for all ASIL levels.

Test Smarter With AI & ML

Parasoft incorporates artificial intelligence and machine learning to improve productivity in your team’s static analysis workflow — flagging and prioritizing the violations that need to be fixed first.

“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.

Solutions to Help Meet ISO 26262 Requirements

Best Practices for ISO 26262 Compliance

Perform and understand your hazard analysis and risk assessments (HARA).

Upon completion of the HARA, an automotive safety integrity level (ASIL) is assigned to software components from levels ASIL A through ASIL D. Software categorized at level D will require a higher level of testing. Know what the expectations are.

Automate static analysis and unit testing.

To comply with ISO 26262, organizations must implement multiple processes and requirements, and techniques like static analysis and unit testing. Test automation activities will significantly improve code safety, security, reliability, and expedite organizations in achieving ISO 26262 compliance.

Ensure your tool is qualified for use.

Parasoft C/C++test is certified by TÜV SÜD as suitable for use when developing safety-critical systems. Our TÜV certification covers C/C++test qualification for all levels of safety in ASIL. Parasoft also has a Qualification Kit that automates a significant part of the tool qualification process if it is ever needed.

Ensure bidirectional integration between your ALM and test automation solutions.

ISO 26262 requires bidirectional traceability between requirements and the test cases that verify and validate the requirements. Parasoft C/C++test has bidirectional integration between ALM tools like Jama, Polarion, codebeamer, and Jira which fulfill and have extended traceability needs.

Ensure that you can easily generate proof of compliance.

Parasoft C/C++test and Parasoft DTP cover all the bases in reporting the test verification and validation documentation needed to demonstrate compliance to ISO 26262, including audit purposes.

Manage ISO 26262 Compliance With Efficiency, Visibility, & Ease

Adopt an automated software testing solution that will support and take you through the entire ISO 26262 software development life cycle. The Parasoft ISO 26262 compliance dashboard puts everything at your fingertips.

Parasoft’s tool suite provides a complete verification and validation framework with static analysis, unit testing, integration testing, system testing, structural code coverage, and more for the delivery of safe, secure, and reliable software, compliant to any ASIL level, satisfying ISO 26262.

Something else that’s extremely important to note is that C/C++test integrates right into your developers’ IDE. This dramatically shortens the learning curve, simplifies adoption, improves productivity and costs.

Begin by implementing your code to requirements. As the code is written, run the static analysis often to identify and fix any coding violations identified. This prevents defects in safety, security, and quality at the earliest and least expensive phase in software development agnostic of methodology, Agile, Waterfall, Spiral, and more.

Screenshot of Parasoft Report Center showing graphical test results of AUTOSAR compliance.

As you move into and up the software verification phases (unit, integration, and system testing), strongly consider integrating your testing into your build process. Automation into a modern continuous integration and continuous delivery (CI/CD) workflow has shown to be very beneficial in many ways.

Defects are found quicker and often, the products improve rapidly, more features are introduced, release cycles are shorter, and much more. C/C++test easily integrates into modern CI/CD development ecosystems, offering the most value and cost-effective automated software tools and testing solutions.

Why Parasoft?

There are many unique advantages that Parasoft brings to the table. Since many of our clients span across industries ranging from medical devices to defense systems, our tools must be dynamic and robust. Parasoft solutions perform a variety of tasks from offering development tools to life cycle management. Here are some of the ways Parasoft solutions help embedded software teams comply with ISO 26262.

Dedicated Integrations

One key Parasoft C/C++test benefit is its dedicated integrations with embedded IDEs and debuggers. Supported IDE environments include Eclipse, VS Code, Green Hills Multi, Wind River Workbench, IAR EW, ARM MDK, ARM DS-5, TI CCS, Visual Studio, and many others.

C/C++test can also be used to execute unit, integration, and system tests on the host platform, simulator, or on the embedded target hardware. The fully integrated solution can be optimized to take minimal additional overhead for the binary footprint of process cycles.

Automotive Software Testing

One other huge benefit Parasoft brings to the table is its unique tool suite offering to address today’s automotive needs in terms of automotive testing and confirmation measures.

Network-Based System-Level Testing

Parasoft SOAtest and Virtualize are well suited for network-based system-level testing of various types. Virtualize allows developers to build integrations earlier, stabilize dependencies, and gain full control of their test data. Teams can move forward quickly without waiting for access to dependent services that are either incomplete or unavailable.

SOAtest delivers fully integrated API and web service testing tools that automate end-to-end functional API testing. Teams can streamline automated testing with advanced functional test creation capabilities for applications with multiple interfaces and protocols.

Time & Cost Savings

Parasoft test automation solutions provide considerable time and cost savings. We strive to make it as painless as possible with as much hand-holding as needed for your safety goals in achieving ISO 26262 compliance. Our educational materials like webinars, whitepapers, and our blog act as ongoing supplemental tools, as well.

Frequently Asked Questions

A functional safety standard like ISO 26262 is needed because automobiles have evolved into a complex electrical and electronic architecture, containing multiple interconnected ECUs with millions of lines of code.

Assurance that these systems are equipped to address the possible hazards caused by malfunctioning behavior is crucial. ISO 26262 lays out a set of objectives throughout the entire automobile product life cycle that helps address safety in the development of electronic systems.

Automotive Software Performance Improvement and Capability dEtermination (ASPICE) is a standard that defines the process for the development of software in the automotive industry.

ASPICE addresses practices in how teams should organize their projects and manage deliverables. It builds on each of the phases of the V-model to ensure continuous innovation and product development at every stage, to help the automotive supplier become more efficient.

It’s a standard that incorporates safety functions or a fail-safe function to provide a way for the electronic system to function correctly or fail in a predictable safe manner. Hardware failures and software failures can both have catastrophic effects. Your tool confidence levels increase by using tools with TÜV certification.

An example would be the thermal heat sensor in your vehicle’s engine to detect overheating so that the engine controller would not just notify the driver of its increasing hazard condition. Ultimately, this forces the shutdown of the vehicle to prevent a fire hazard and potential loss of life.