The growing adoption of safety standards in the automotive industry results in an increasing interest in as well as an increasing uncertainty about software tool certification and qualification. With ISO 26262 on the horizon, new tool qualification requirements need to be understood and implemented by automotive software practitioners. This paper summarizes the tool qualification approach of ISO/DIS 26262 and contrasts it with tool certification and qualification requirements outlined in other safety standards and guidelines. The authors also report about their first-hand experiences with qualifying development and verification tools according to ISO/DIS 26262 in practice. 1 Tool Certification / Qualification Approaches in Standards and Guidelines This section is intended to provide an overview about the requirements in popular safety standards and guidelines pertaining to qualifying or certifying software tools. The following discussion should provide the context for a more detailed discussion of the ISO/DIS 26262 tool qualification approach in sections 2 and 3. So far, there is no single approach for tool qualification or certification across standards. Rather, different standards attach different levels of importance to tool certification / qualification and suggest different approaches to gain confidence in the tools used. Typically, tool users are responsible in the end for the certifying or qualifying the software tools they are using. Tool vendors can support these efforts by providing certification or qualification kits that ease the certification or qualification efforts on the user‘s side. The safety standards and guidelines discussed in the following paragraphs target different application sectors with domain-specific requirements. The amount, scope, complexity and criticality of software tools used during the development of high-integrity systems may differ between these sectors. From the authors‘ point of view, this might be one of the reasons for having divergent tool qualification / certification requirements.
[1]
Len Buckwalter,et al.
Avionics Certification: A Complete Guide to DO-178 (Software), DO-254 (Hardware)
,
2007
.
[2]
Mirko Conrad.
Testing-based translation validation of generated code in the context of IEC 61508
,
2009,
Formal Methods Syst. Des..
[3]
Tilman Glotzner.
IEC 61508 Certification of a Code Generator
,
2008
.
[4]
Hoyt Lougee,et al.
SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION
,
2001
.
[5]
John A. McDermid,et al.
The potential for a generic approach to certification of safety critical systems in the transportation sector
,
1999
.
[6]
M Kuehl,et al.
Qualitaetssicherung und Zertifizierung beim Softwareentwurf sicherheitskritischer Kfz-Steuergeraete mit X-By-Wire-Technologie / Quality assurance and software certification in respect to software construction of safety critical x-by-wire systems
,
2003
.
[7]
Stefan-Alexander Schneider,et al.
The Validation Suite Approach to Safety Qualification of Tools
,
2009
.
[8]
Andrew J. Kornecki,et al.
Certification of software for real-time safety-critical systems: state of the art
,
2009,
Innovations in Systems and Software Engineering.
[9]
Mirko Conrad,et al.
A Verification and Validation Workflow for IEC 61508 Applications
,
2009
.