LONDON – Texas Instruments Inc. (Dallas, Texas) is offering a qualification kit to allow customers to demonstrate that software compiled for its Hercules Cortex-R4 based microcontrollers meets functional safety standards such as IEC 61508 and ISO 26262.
These standards also require that tools used in system development are checked against the possibility that they could introduce errors and unintended safety issues.
The SafeTI Compiler Qualification Kit includes a document from third-party safety consultant TUV Nord that states: "The requirements of ISO 26262 Part 8, Chapter 11 on classification and qualification of software tools as well as the requirements of IEC 61508 Part 3, Chapter 7.4.4 on the tool validation can be sufficiently fulfilled by applying the qualification kit."
The kit is based on a software qualification method developed by consulting company Validas AG (Munich, Germany) and includes the SuperTest qualification software from Associated Compiler Experts BV (Amsterdam, The Netherlands). The kit also includes verified and validated test cases for selected TI ARM compiler features; a test automation framework to run the test in the user's environment on target hardware and up to 24 hours of Validas consulting for general support, model-extensions, coverage comparison and result and documentation review support.
A single-project license is $15,000 and a multi-project license is $25,000, according to documentation at TI's website.
Your point about software testing not being exhaustive against all possibilities and timings of external events is important.
Formal methods were once thought to be the way to "prove" hardware was correct but idea of formally provable hardware lost momentum when it was realized that formally proving sofware-plus-hardware-plus-interrupts was a much less tractable problem.
An example of the kind of thing that these standards do is that IEC 61508 requires that the software is fully tested at the function level and that all possible branches and paths are taken through the software. This is an important step in that having a system do unexpected things that were never tested may be possible to avoid. This, however, cannot necessarily ensure that every unexpected external event will result in the correct software "decision" and outcome.
IEC 61508 is a standard on the functional safety of electrical and electronic systems and specifically includes software.
So if you want to learn what is necessary I suggest you download the standard.
ISO 26262 is an automotive functional safety standard which again sets out methods of risk assement and how risk concatenates through an automotive function chain. Again it explicitly mentions software.
How you test software for safety is an enormous topic and too beg to address here.
I would just point out that these standards also expect users to test the tools they use to help them create software - such as compilers - to make sure they do not introduce problems.
David Patterson, known for his pioneering research that led to RAID, clusters and more, is part of a team at UC Berkeley that recently made its RISC-V processor architecture an open source hardware offering. We talk with Patterson and one of his colleagues behind the effort about the opportunities they see, what new kinds of designs they hope to enable and what it means for today’s commercial processor giants such as Intel, ARM and Imagination Technologies.