certkitiec codeprover workflow
TRANSCRIPT
-
8/20/2019 Certkitiec Codeprover Workflow
1/35
IEC Certification Kit
Polyspace® Code Prover TM
Reference Workflow
R2015b
-
8/20/2019 Certkitiec Codeprover Workflow
2/35
How to Contact MathWorks
Latest news: www.mathworks.com
Sales and services: www.mathworks.com/sales_and_services
User community: www.mathworks.com/matlabcentral
Technical support: www.mathworks.com/support/contact_us
Phone: 508-647-7000
The MathWorks, Inc.3 Apple Hill Drive Natick, MA 01760-2098
IEC Certification Kit: Polyspace® Code Prover TM Reference Workflow
© COPYRIGHT 2013 – 2015 by The MathWorks, Inc.
The software described in this document is furnished under a license agreement. The software may be used or copied only under
the terms of the license agreement. No part of this manual may be photocopied or reproduced in any form without prior writtenconsent from The MathWorks, Inc.
FEDERAL ACQUISITION: This provision applies to all acquisitions of the Program and Documentation by, for, or through the
federal government of the United States. By accepting delivery of the Program or Documentation, the government hereby agrees
that this software or documentation qualifies as commercial computer software or commercial computer software documentation
as such terms are used or defined in FAR 12.212, DFARS Part 227.72, and DFARS 252.227-7014. Accordingly, the terms andconditions of this Agreement and only those rights specified in this Agreement, shall pertain to and govern the use, modification,reproduction, release, performance, display, and disclosure of the Program and Documentation by the federal government (or
other entity acquiring for or through the federal government)and shall supersede any conflicting contractual terms or conditi ons.
If this License fails to meet the government’s needs or is inconsistent in any respect with federal procurement law, thegovernment agrees to return the Program and Documentation, unused, to The MathWorks, Inc.
Trademarks
MATLAB and Simulink are registered trademarks of The MathWorks, Inc. See www.mathworks.com/trademarks f or alist of additional trademarks. Other product or brand names may be trademarks or registered trademarks of their respective
holders.
Patents
MathWorks products are protected by one or more U.S. patents. Please see www.mathworks.com/patents f or moreinformation.
http://www.mathworks.com/http://www.mathworks.com/http://www.mathworks.com/sales_and_serviceshttp://www.mathworks.com/sales_and_serviceshttp://www.mathworks.com/matlabcentral/http://www.mathworks.com/matlabcentral/http://www.mathworks.com/support/contact_us/http://www.mathworks.com/support/contact_us/http://www.mathworks.com/trademarkshttp://www.mathworks.com/trademarkshttp://www.mathworks.com/trademarkshttp://www.mathworks.com/patentshttp://www.mathworks.com/patentshttp://www.mathworks.com/patentshttp://www.mathworks.com/patentshttp://www.mathworks.com/trademarkshttp://www.mathworks.com/support/contact_us/http://www.mathworks.com/matlabcentral/http://www.mathworks.com/sales_and_serviceshttp://www.mathworks.com/
-
8/20/2019 Certkitiec Codeprover Workflow
3/35
Revision History
September 2013 New for Version 3.2 (Applies to Release 2013b)March 2014 Revised for Version 3.3 (Applies to Release 2014a)
October 2014 Revised for Version 3.4 (Applies to Release 2014b)March 2015 Revised for Version 3.5 (Applies to Release 2015a)
September 2015 Revised for IEC Certification Kit Version 3.6 (Applies to Release 2015b)
-
8/20/2019 Certkitiec Codeprover Workflow
4/35
-
8/20/2019 Certkitiec Codeprover Workflow
5/35
v
Contents
1
Introduction ...................................................................................................................................... 1-1
1.1 Overview ................................................................................................................................. 1-2
2 Integration of Polyspace Code Prover into the Software Life Cycle ................................................ 2-1
2.1 Workflow Overview ................................................................................................................ 2-2
2.2 Tool Use Cases ........................................................................................................................ 2-5 [PCP_UC1] Semantic code analysis with abstract interpretation of C/C++ code to detect
systematic and potential run-time errors ...................................................................................... 2-5
[PCP_UC2] Semantic code analysis with abstract interpretation of C/C++ code to detect
unreachable code .......................................................................................................................... 2-5
[PCP_UC3] Semantic analysis of the calling relationships in the C/C++ code ........................... 2-5 [PCP_UC4] Semantic analysis of global variable usage in the C/C++ code ............................... 2-6
[PCP_UC5] Reporting of software quality metrics ...................................................................... 2-6
[PCP_UC6] Semantic analysis of C/C++ code to assess interface between components ............ 2-6
Applicable ISO 26262, IEC 61508, and EN 50128 Requirements............................................... 2-7
Error Prevention and Detection Measures.................................................................................... 2-8
[M1] Preceding or Subsequent Dynamic Verification (Testing) of the Software ........................ 2-8 [M1_lim] Limited Preceding or Subsequent Dynamic Verification (Testing) of the Software ... 2-8
[M2] Specified Procedure for Corrective Action on Failure of Source Code Verification orAnalysis........................................................................................................................................ 2-8
[M3] Selective Review and Analysis of Source Code Portions not Reached by Testing ............. 2-9
[M4] Check of the underlying verification and analysis results for critical issues....................... 2-9
[M_MISC1] Revision Control and Configuration Management to Identify the Artifacts to beVerified; Use of Checksums ........................................................................................................ 2-9
[M_MISC2] Competency of the Project Team ............................................................................ 2-9 [M_MISC3] Adherence to Installation Instructions; Integrity of Tool Installation ..................... 2-9
[M_MISC4] Analysis of Available Bug Report Information ....................................................... 2-9
3
Additional Considerations ................................................................................................................ 3-1
3.1 Options Impacting Analysis or Verification ............................................................................ 3-2 3.2 Configuration Management and Revision Control .................................................................. 3-3
3.3 Competency of the Project Team ............................................................................................ 3-4
3.4 Installation Integrity and Release Compatibility ..................................................................... 3-5
3.5 Bug Reporting ......................................................................................................................... 3-6
3.6 Deviation from the Reference Workflow ................................................................................ 3-7 3.7 Integration with the Software Safety Life Cycle ..................................................................... 3-8
4
Workflow Overview ......................................................................................................................... 4-1 5 Conformance Demonstration Template ........................................................................................... 5-1
6 References ........................................................................................................................................ 6-1
-
8/20/2019 Certkitiec Codeprover Workflow
6/35
vi
-
8/20/2019 Certkitiec Codeprover Workflow
7/35
1 Introduction
-
8/20/2019 Certkitiec Codeprover Workflow
8/35
1-2
1.1 OverviewPolyspace® Code Prover ™ detects and proves the absence of overflow, divide-by-zero, out-of-
bounds array access, and certain other run-time errors in embedded software written in the C and
C++ programming languages.
Polyspace Code Prover uses formal methods-based abstract interpretation to formally prove run-
time attributes of software. Polyspace Code Prover uses color-coding to indicate run-time status
of each line of code. Additionally, Polyspace Code Prover calculates and provides ranges forvariables and operator parameters at any point of the program, taking into account every
possible configuration (inputs, global variables).
Polyspace Code Prover provides additional capabilities to analyze C and C++ source code as
well as to define, determine, and report software quality metrics.
This document provides a reference workflow for Polyspace Code Prover. In particular, itdescribes how to:
Leverage the code verification, unreachable code analysis, call tree computation, globalvariable usage analysis, and quality metrics reporting capabilities of Polyspace Code
Prover in the software life cycle
Check that these capabilities are functioning as expected
This workflow addresses handwritten, automatically generated, and mixed code. It is applicablefor developing code as well as for auditing code received from others.
Note If you are verifying only generated C or C++ code, see the Embedded Coder ® reference
workflow provided in IEC Certification Kit: Embedded Coder Reference Workflow before usingthis document. Polyspace Code Prover products provide added assurance to the reference
workflow for models and generated code.
The reference workflow presented in this document describes activities intended to comply withapplicable requirements of the overall software safety lifecycles defined by IEC 61508-3[1], ISO
26262[2], and EN 50128[3] respectively, as they relate to verification and analysis of
handwritten, generated, or mixed source code. The workflow addresses risk levels ASIL A -
ASIL D according to ISO 26262, SIL 1 - SIL 3 according to IEC 61508, and SIL 0 - SIL 4according to EN 50128.
-
8/20/2019 Certkitiec Codeprover Workflow
9/35
1-3
The document is organized as follows:
Chapter 2, “Integration of Polyspace Code Prover into the Software Life Cycle”
provides a reference workflow for the Polyspace Code Prover tool. It describesreference use cases and measures to prevent or detect potential tool errors.
Chapter 3, “Additional Considerations” describes tool options that impact verificationresults, and other considerations such as tailoring and bug reporting.
Chapter 4, “Workflow Overview” summarizes the workflow in a tabular way.
Chapter 5, “Conformance Demonstration Template” references a template that can beused to demonstrate conformance with this reference workflow.
Chapter 6, “References” lists the standards and guidelines referenced in this document
Disclaimer While adhering to the recommendations in this document will reduce the risk
that an error is introduced in development and not be detected, it is not a guarantee that thesystem being developed will be safe. Conversely, if some of the recommendations in this
document are not followed, it does not mean that the system being developed will be unsafe.
-
8/20/2019 Certkitiec Codeprover Workflow
10/35
1-4
-
8/20/2019 Certkitiec Codeprover Workflow
11/35
2 Integration of Polyspace CodeProver into the Software Life
Cycle
-
8/20/2019 Certkitiec Codeprover Workflow
12/35
2-2
2.1 Workflow OverviewThis section describes use cases for the following capabilities of Polyspace Code Prover as part
of the software life cycle:
Code verification
Unreachable code analysis
Call tree computation
Global variable usage analysis
Software quality metrics reporting
During the development of embedded application software, C or C++ code can be used toimplement the required functionality. The source code can be the result of manualimplementation (see upper part of Figure 1) or automatic code generation (see lower part of
Figure 1) or a combination of both. Handwritten source code and source code created using codegeneration can be combined to create the application software for an embedded system.
-
8/20/2019 Certkitiec Codeprover Workflow
13/35
2-3
Figure 1: Software life cycle (development activities and artifacts)1,2
You can use the code verification, unreachable code analysis, call tree computation, global
variable usage analysis, and software quality metrics reporting capabilities of Polyspace CodeProver to verify or analyze C or C++ source code regardless of its origin. Figure 2 identifies the
development artifacts that can be verified or analyzed by Polyspace Code.
1 Solid arrows in the figure indicate the succession of software development activities.
2 The model uses for production code generation can contain handwritten source code. For example: C code contained in user S-functions. This mixed-code use case is indicated by the dashed arrow in the figure.
-
8/20/2019 Certkitiec Codeprover Workflow
14/35
2-4
Figure 2: Integration of source code analysis and verification into the softwarelife cycle
Note For generated code, this workflow can also be used to provide added assurance to the
one described in
IEC Certification Kit: Embedded Coder Reference Workflow
-
8/20/2019 Certkitiec Codeprover Workflow
15/35
2-5
2.2 Tool Use CasesThe Polyspace Bug Finder tool use cases, described in the Polyspace Bug Finder Reference
Workflow, R2015b, are applicable Polyspace Code Prover use cases.
Additionally, it is assumed that the Polyspace Code Prover tool is used as described by one or
more of the following use cases:
[PCP_UC1] Semantic code analysis with abstractinterpretation of C/C++ code to detect systematic and
potential run-time errorsThe Polyspace Code Prover tool is used to identify systematic and potential run-time errors in Cor C++ source code.
Code verification provided by Polyspace Code Prover proves the absence of overflow, divide-
by-zero, out-of-bounds array access, and certain other run-time errors in the source code, asdescribed in the Polyspace Code Prover User’s Guide, R2015b.
This verification uses formal-methods based on abstract interpretation techniques. It can beapplied to handwritten as well as generated source code.
[PCP_UC2] Semantic code analysis with abstractinterpretation of C/C++ code to detect unreachable code
Gray checks provided by the Polyspace Code Prover tool are used to identify unreachable code
branches in C or C++ source code. This verification uses formal-methods based on abstract
interpretation of the source code.
This analysis can be applied to handwritten as well as generated source code.
[PCP_UC3] Semantic analysis of the calling relationshipsin the C/C++ code
The Polyspace Code Prover tool is used to extract control flow information from C or C++
source code. The extracted information is used by Polyspace Code Prover to generate anapplication call tree.
Generated call graphs can e.g. be reviewed to analyze the control flow or to identify recursive
function calls.
-
8/20/2019 Certkitiec Codeprover Workflow
16/35
2-6
This analysis can be applied to handwritten as well as generated source code.
[PCP_UC4] Semantic analysis of global variable usage inthe C/C++ code
The Polyspace Code Prover tool is used to extract data flow information from C or C++ sourcecode with regards to the usage of global variables. For each global variable in the source code,
Polyspace Code Prover provides the following information:
Number and location(s) of read and write access(es) to global variables, directly orthrough pointer access
Type value ranges for individual access operations Shared variables and associated concurrent access protection
The variable access information can e.g. be reviewed to analyze the data flow.
This analysis can be applied to handwritten as well as generated source code.
[PCP_UC5] Reporting of software quality metrics
The Polyspace Code Prover tool is used to define, determine, and report quality metrics for C orC++ source code. The reports are based on analysis and verification results provided byPolyspace Code Prover and Polyspace Bug Finder.
Software quality metrics can be applied to handwritten as well as generated source code.
Note The analysis and verification results provided by Polyspace Code Prover can be used toassess the quality of the C or C++ source code with respect to defined software quality goals, for
example Software Quality Objectives SQO-2 to SQO-6 according to [4].
[PCP_UC6] Semantic analysis of C/C++ code to assessinterface between components
The Polyspace Code Prover tool is used to detect interface error between components.
Polyspace Code Prover provides the following information:
Function-call with an incorrect number of arguments.
Function-call with an incorrect type of arguments.
This analysis can be applied to handwritten and generated source code.
-
8/20/2019 Certkitiec Codeprover Workflow
17/35
2-7
Applicable ISO 26262, IEC 61508, and EN 50128Requirements
Using Polyspace Code Prover to perform the verification and analysis activities described in the
above use cases supports a variety of objectives and measures listed in functional safety
standards.
ISO 26262, IEC 61508, and EN 50128 techniques and measures that can be supported by using
Polyspace Code Prover are described in:
• IEC Certification Kit: Model -Based Design for ISO 26262
• IEC Certification Kit: Model -Based Design for IEC 61508• IEC Certification Kit: Model -Based Design for EN 50128
In these documents, for information on use cases, refer to items labeled with:
‘Polyspace Code Prover – Code verification’ for use case [PCP_UC1], [PCP_UC6]
‘Polyspace Code Prover – Unreachable code analysis’ for use case [PCP_UC2] ,[PCP_UC6]
‘Polyspace Code Prover – Call tree computation’ for use case [PCP_UC3]
‘Polyspace Code Prover – Global variable usage analysis’ for use case [PCP_UC4] ‘Polyspace Code Prover – Code metrics’ and ‘Polyspace Bug Finder – Code metrics’
for use case [PCP_UC5]
-
8/20/2019 Certkitiec Codeprover Workflow
18/35
2-8
Error Prevention and Detection Measures
It is assumed that the user carries out the following measures to check the seamless functioning
of the verification and analysis capabilities provided by Polyspace Code Prover and to verifytheir results.
[M1] Preceding or Subsequent Dynamic Verification(Testing) of the Software
Before or after verifying or analyzing the source code with Polyspace Code Prover:
Dynamically verify (test) the executable code corresponding to the C or C++ sourcecode.
[M1_lim] Limited Preceding or Subsequent DynamicVerification (Testing) of the Software
Before or after verifying or analyzing the source code with Polyspace Code Prover:
Dynamically verify (test) the executable code corresponding to the C or C++ sourcecode without specifically aiming at detecting run-time errors.
Note [M1_lim] is a variation of [M1] where the test process is not be optimized to detect run-time errors. For example, you can specifically detect run-time errors by injecting randomsamples of software inputs that stress the software, without checking the functional results. The
likelihood of detecting systematic or potential run-time errors by testing might be low when
using [M1_lim]. For details see section ‘Tool Classification Summary’ in IEC Certification Kit: Polyspace Code Prover ISO 26262 Tool Qualification Package.
[M2] Specified Procedure for Corrective Action on Failureof Source Code Verification or Analysis
After verifying or analyzing the source code with Polyspace Code Prover:
Analyze the identified issues using a defined procedure for corrective action.
The procedure for corrective action includes manual analysis and review of the issuesuncovered.
-
8/20/2019 Certkitiec Codeprover Workflow
19/35
2-9
[M3] Selective Review and Analysis of Source CodePortions not Reached by Testing
After dynamically verifying (testing) the source code:
Review and analyze the portions of the C or C++ source code that were not reached bytesting.
Note [M3] is intended to be used in conjunction with [M1] or [M1_lim] respectively. Fordetails, see section ‘Tool Classification Summary’ in IEC Certification Kit: Polyspace Code
Prover ISO 26262 Tool Qualification Package.
[M4] Check of the underlying verification and analysisresults for critical issues
Check the individual verification and analysis results that are the basis for the quality metrics
reported by Polyspace Code Prover for critical issues that require further attention.
[M_MISC1] Revision Control and Configuration
Management to Identify the Artifacts to be Verified; Use ofChecksums
Apply configuration management to the artifacts to be verified or analyzed using Polyspace
Code Prover.
[M_MISC2] Competency of the Project Team
Those carrying out verification or analysis activities using Polyspace Code Prover shall becompetent for the activities undertaken.
[M_MISC3] Adherence to Installation Instructions;Integrity of Tool Installation
Adhere to the installation instructions for Polyspace Code Prover (including dependent tools)
and verify the version and integrity of the tool.
Validate modifications or additions made to the shipping product(s), if applicable.
[M_MISC4] Analysis of Available Bug Report Information
Assess and analyze bug report information for Polyspace Code Prover provided by MathWorks ® and comply with the recommendations and workarounds, if applicable.
-
8/20/2019 Certkitiec Codeprover Workflow
20/35
2-10
-
8/20/2019 Certkitiec Codeprover Workflow
21/35
3 Additional Considerations
When implementing this reference workflow, consider the following topics:
-
8/20/2019 Certkitiec Codeprover Workflow
22/35
3-2
3.1 Options Impacting Analysis or VerificationThe options you select in your Polyspace project impact your analysis or verification results.
The options should be justified and selected to fit the needs of the project.
For more information on Polyspace options, see the Polyspace Code Prover Reference.
-
8/20/2019 Certkitiec Codeprover Workflow
23/35
3-3
3.2 Configuration Management and Revision ControlConfiguration management shall be applied to the artifacts to be verified or validated, as well as
to other work products specified in the respective standard or in this document.
-
8/20/2019 Certkitiec Codeprover Workflow
24/35
3-4
3.3 Competency of the Project TeamAs described in Software Quality Objectives for Source Code [4], Section 3.2.2:
Those carrying out coding and verification activities shall be competent for theactivities undertaken.
Coding and verification activities should be conducted by independent roles.
The applicable safety standard may provide additional guidance on the required degree ofindependence.
-
8/20/2019 Certkitiec Codeprover Workflow
25/35
3-5
3.4 Installation Integrity and Release CompatibilityThe tool user shall adhere to the installation instructions for Polyspace Code Prover (including
dependent tools).
The tool user shall verify the version of Polyspace Code Prover and the integrity of the tool’s
installation (including dependent tools).
Note You can use the ver command in MATLAB® to display the current versions of
MATLAB, Polyspace® Bug Finder ™, Polyspace Code Prover, and other MathWorks products.
The tool user shall validate modifications or additions to shipping product(s), if applicable.
-
8/20/2019 Certkitiec Codeprover Workflow
26/35
3-6
3.5 Bug ReportingThe tool user shall assess bug report information provided by the tool vendors and comply with
the recommendations and workarounds, if applicable.
After deployment of the application under development, bug report information shall also be
assessed by the tool user on a regular basis.
The tool user shall carry out corrective actions if deployed applications are affected by bugs inthe tools identified after deployment.
Issues with Polyspace Code Prover shall be reported.
Note You can use the bug reports section of the MathWorks web site
www.mathworks.com/support/bugreports to view and report bugs related to Polyspace
Code Prover.
Note You can use the IEC Certification Kit Model Advisor check Display bug reports forPolyspace Code Prover to display bug report information for this product.
http://www.mathworks.com/support/bugreportshttp://www.mathworks.com/support/bugreportshttp://www.mathworks.com/support/bugreports
-
8/20/2019 Certkitiec Codeprover Workflow
27/35
3-7
3.6 Deviation from the Reference WorkflowIn some instances, deviation from the reference workflow explained in this document might
occur. In these cases, a defined deviation procedure shall be used to document and justifydeviations from the workflow.
-
8/20/2019 Certkitiec Codeprover Workflow
28/35
3-8
3.7 Integration with the Software Safety Life CycleThe application-specific verification and validation activities shall be integrated with the overall
software safety life cycle for the application under consideration.
The applicable safety standard provides additional guidance on additional objectives and
requirements for the overall software safety life cycle.
-
8/20/2019 Certkitiec Codeprover Workflow
29/35
4 Workflow Overview
-
8/20/2019 Certkitiec Codeprover Workflow
30/35
4-2
Table A. 1 Objectives, Prerequisites, and Work Products
Activity Objective Prerequisites Work Products
Code verification Prove the absenceof certain classesof run-time errorsin C or C++ source
code
• C source code (e.g. .c and.h files) or C++ source(e.g. .cpp and .hpp files)code to be verified
• Data range specification• Polyspace configuration
and project information(.psprj and .ppm files)
• Procedures for correctiveaction
• Raw code verification results with potential and systematic run-time errors(.pscp files and dependent files)
• Reviewed and commented code
verification results (.pscp files anddependent files)
• Verified C or C++ source code
Unreachable codeanalysis
Identifyunreachable code branches in C or
C++ source code
• C source code (e.g. .c and.h files) or C++ source(e.g. .cpp and .hpp files)
code to be analyzed• Data range specification• Polyspace configuration
and project information
(.psprj and .ppm files)• Procedures for corrective
action
• Raw code analysis results withunreachable code branches (.pscp filesand dependent files)
• Reviewed and commented codeanalysis results (.pscp files anddependent files)
• Analyzed C or C++ source code
Call tree
computation
Analyze the calling
relationships in Cor C++ source code
• C source code (e.g. .c and
.h files) or C++ source(e.g. .cpp and .hpp files)code to be analyzed
• Polyspace configuration
and project information(.psprj and .ppm files)
• Procedures for corrective
action
• Call tree
_Call_Tree file(.html, .pdf, .rtf, .docx, or .xml)
• Reviewed call tree
_Call_Tree file(.html, .pdf, .rtf, .docx, or .xml)
• Analyzed C or C++ source code
Global variableusage analysis
Analyze the usageof global variablesin C or C++ source
code
• C source code (e.g. .c and.h files) or C++ source(e.g. .cpp and .hpp files)
code to be analyzed• Polyspace configuration
and project information(.psprj and .ppm files)
• Procedures for corrective
action
• Dictionary containing information aboutglobal variables_Variable_View file (.html, .pdf, .rtf, .docx, or .xml)
• Reviewed dictionary_Variable_View file (.html, .pdf, .rtf, .docx, or .xml)
• Analyzed C or C++ source code
-
8/20/2019 Certkitiec Codeprover Workflow
31/35
4-3
Activity Objective Prerequisites Work Products
Software qualitymetrics reporting
Define, determine,and report quality
metrics for C orC++ source code
based on analysis /verification results provided by
Polyspace Bug
Finder and/orPolyspace CodeProver
• C source code (e.g. .c and.h files) or C++ source
(e.g. .cpp and .hpp files)code to be analyzed
• Analysis / verificationresults provided byPolyspace Bug Finder
and / or Polyspace Code
Prover
• Software quality level for theapplication
• Software quality objectives for eachmodule• Software quality metrics results
displayed in Web Dashboard orexported via Polyspace GUI (.html,
.pdf, .rtf, .docx, or .xml file)
-
8/20/2019 Certkitiec Codeprover Workflow
32/35
4-4
-
8/20/2019 Certkitiec Codeprover Workflow
33/35
5 Conformance DemonstrationTemplate
To justify that the requirements outlined in this document have been satisfied you must provide
evidence for the activities that have been carried out.
The IEC Certification Kit product provides an editable Conformance Demonstration Template that can
be used to demonstrate conformance with the parts of ISO 26262-6, IEC 61508-3, or EN 50128
covered in this document.
To access the conformance demonstration template, on the MATLAB® command line, type
certkitiec to open the Artifacts Explorer. The template is in Polyspace Code Prover.
For each technique or measure:
In the third column, state to what degree you applied the technique or measure for theapplication under consideration by using one of the phrases Used, Used to a limited degree,
or Not used.
In the fourth column, state how you used the technique or measure in the application underconsideration. If the reference workflow includes alternative means for compliance, indicate
what variant you used. In addition, enter a reference to the document (for example, test
report or review documentation) that satisfies the requirement.
-
8/20/2019 Certkitiec Codeprover Workflow
34/35
5-2
-
8/20/2019 Certkitiec Codeprover Workflow
35/35
6 References
[1] IEC 61508-3:2010. International Standard IEC 61508 Functional safety of electrical / electronic /
programmable electronic safety-related systems — Part 3: Software requirements. Second edition,
2010.
[2] ISO 26262-6:2011. Road vehicles — Functional safety — Part 6: Product development: softwarelevel. International Standard, 2011.
[3] EN 50128:2011. Railway applications - Communication, signalling and processing systems -Software for railway control and protection systems. International Standard 2011.
[4] The MathWorks. Software Quality Objectives for Source Code. Version 3.0, 2012.