How to verify your compiler for use in IEC 61508 safety-critical applications
IEC 61508 is a standard for electrical, electronic and programmable electronic, safety-related systems. It is interesting because it spans hardware and software components. Therefore, with care, software can be incorporated directly into a safety function, reducing the requirement for physical safety mechanisms. Broadly speaking, IEC61508 covers three areas:
1. Business processes and structure. This should be covered by systems that are compliant with a standard such as ISO9001:2000.
2. Hardware development. This focuses on techniques to reduce systematic and random hardware failures.
3. Software development. This focuses on techniques used to reduce systematic errors in safety-related software - the probability of which is not generally quantifiable.
Safety considerations extend throughout the design cycle (Figure 1 below). This article focuses on one aspect of IEC61508 software development - the vexing question of compiler verification.
|Figure 1: Software safety integrity and the development lifecycle (the V-model) [Source: IEC]|
IEC61508 describes two routes to compiler verification, but credible compliance with either can be difficult. This article sets out an alternative that has recently been used successfully during the IEC61508 process certification of SAFERTOS - a mini real-time scheduler. IEC61508 has no legally-sanctioned entity authorised to certify compliance.
In this case, I suggest that 'certification' means having compliance independently verified by a recognized authority. Furthermore, the certification means that the rigor with which the SAFERTOS component was developed makes it suitable for applications that have been assigned a Safety Integrity Level (SIL) of 3. It does not mean that the use of the software in an application makes the application SIL 3 compliant.
It does mean that systems to which a SIL of 3 has been assigned can use the compliance evidence gathered during the SAFERTOS development as evidence in the 'certification' of the entire system into which SAFERTOS is being built.
It therefore does not preclude the requirement for analysis and due diligence in the development of the whole system, but provides a very rapid low-risk route and framework to the formulation of a compliance argument for the software components.