simplify software development for functional...

© 2015 LDRA and Texas Instruments - CONFIDENTIAL and PROPRIETARY Slide 1

Simplify Software Development for Functional Safety Applications

Jay Thomas, Technical Development Manager, LDRA Siddharth Deshpande, Senior Software Engineer,

Texas Instruments

© 2010 Green Hills Software, Inc. CONFIDENTIAL and PROPRIETARY

Agenda

• Introduction to Functional Safety Software Development

• Elements of Risk Management

• System Partition Principles

• Introduction to SafeTI™ CSP • CSP Execution Process

• How this fits into the broader themes of Safety

Software?


What could go wrong?

How big

would the impact be?

3

Step 1: Risk Assessment


Introduction to Functional Safety

• What makes systems safe? • What makes software safe?

4


Functional Safety in Different Domains

IEC 61511 (First published 2003)

ISO 26262 (Published 2011)



EN 50128 (First published 2001)

DO-178B (First published 1992) / DO-178C

IEC 61508 (First published 1998, Updated 2010)

Avionics

Industrial

Railway

Nuclear

Automotive

Medical

Process


Risk Management Throughout Lifecycle

6


Cost*

Deployment Test Development Requirements & Design

Preferred Trend

Analysis

*Cost to Repair Software, Cost of Lost Opportunities, Cost of Lost Customers

Typical Trend

Analysis

Test Early and Often!

Risk Management in the Lifecycle

7


Level E to Level A

SIL Level 0 to SIL Level 4

Class A to Class C

ASIL A to ASIL D

SIL Level 1 to 4

Safety Integrity Levels – How Safe?

IEC 61508 (Industrial)

ISO 26262 (Automotive)

IEC 62304 (Medical)

EN 50128 (Railway)

DO-178B / DO-178C (Avionics)


Verification Activities

9


Software System Partitioning

• Safety Classification Principles: - No adverse side effects

caused by X and W - No hazard contributing

effect by X and W - Z include all software

system contributions to hazards

- Software system inherits “worst” safety class.

Software System/ Software item

(Class C)

Software item Y

(Class C)

Software item Z

(Class C)

Software item X

(Class A)

Software item W

(Class B)

10


Foundation for Safe Software

SafeTI™ Compliance Support Packages Available

10100011100010001000111011000100001110101000010010101 101001010100001110110100100110010110 1000101010010100101

Customer Application

Application Libraries

M a t h D S P F l a s h

SAFETY RTOS or AUTOSAR RTE

CAN FlexRay Ethernet USB

SafeTI™ Software Development Process Certified by TUEV NORD meeting ISO26262 and IEC61508 requirements


HALCoGen: Hardware Abstraction Layer Code Generator

HALCoGen Features

• User Input on High Abstraction Level

• Generates C Source Code for Hercules™ MCU

• Peripheral Drivers

• Device Initialization

• Native support for CCS, ARM, IAR and GHS IDEs

• Interactive Help System with example code

SafeTI™ HALCoGen Compliance Support Package: www.ti.com/tool/safeti-halcogen-csp

http://www.ti.com/tool/safeti-halcogen-csp


SafeTI™ Diagnostic Library

Application layer

Exception &

Error Handler

Initialization & startup diagnostics Periodic diagnostics

I/O diagnostics Internal/external watch dog

RTO

S

SafeTI™ Diagnostic Library

Hardware Abstraction Layer (HALCoGen)

SafeTI™ Hercules Diagnostic Library Compliance Support Package www.ti.com/tool/safeti-hercules-diag-lib-csp

Functions map directly to the

Hercules Safety Manual

Device Partition Unique Identifier Safety Feature or Diagnostic API Name

Cortex-R4F CPU

CPU1 Lockstep compare SL_SelfTest_CCMR4F

CPU2A Boot time execution of LBIST STC SL_SelfTest_STC

CPU2B Periodic execution of LBIST STC SL_SelfTest_STC

CPU7 Software readback of written configuration SL_Read_Compare

Error Signaling

ESM1 Periodic software readback of static configuration registers

SL_Read_Compare

ESM3 Use of status shadow registers SL_Init_ResetReason_XInfo

ESM4 Software readback of written configuration SL_Read_Compare

http://www.ti.com/tool/safeti-hercules-diag-lib-csp









mk:@MSITStore:C:\Users\a0321405\Documents\Hercules\Doc\SafeTI Docs\SafeTILibrary_User'sGuide.chm::/sl__api_8h.html








Systemarray

System…

E/EComponents

Sensor

Hardware

HardwareComponents

HardwareParts

Software

SoftwareComponents

SoftwareUnits

Controller

Hardware

HardwareComponents

Software

SoftwareComponents

SoftwareUnits

Actuater

Hardware

HardwareComponents

HardwareParts

Software

SoftwareComponents

SoftwareUnits

Communication Other technologyComponents

Item

Element

HardwareParts

Compliance Support Package

Test Reports

Test Automation

Unit

Requirements &

Design CSP

• Test Automation Unit (TAU) • Allows customers to execute test cases

based on their configuration

• Software Safety Requirements Specification

• Software Architecture Document • Software Safety Manual

• Detailed Static Analysis Report

• Detailed Dynamic Analysis Report

• Test Results report

• Traceability Matrix

• Software User Guide

• Software release Notes

• Datasheet with performance details


15

ISO 26262 and IEC61508 Standards TI Work Products

ISO 26262 Clause IEC 61508 Clause ISO 26262 Work products IEC61508 Work products CSP Artifact

6 Specification of software safety requirements

7.2.2 Software safety requirements specification

6.5.1 Software safety requirements specification

Software safety requirements specification

Software Safety Requirements Specification

Bi-Directional Traceability Forward and Backward Traceability at all stages

Verification Reports Forward and backward traceability

Traceability matrix

7 Software architectural design 7.4.3 Requirements for SW Architecture Design development

7.5.1 Software architectural design specification

software architecture design;

Software Architecture Document

9 Software unit testing 7.4.5 Detailed design and development (individual software module design):

9.5.3 Software verification report (refined)

SW Module Test Report Test Results Report, Detailed Static analysis and Dynamic analysis report

10 Software integration and testing

7.4.8 Software integration testing:

10.5.3 Embedded software verified and tested integrated programmable electronics

SW User Guide, Software Safety Manual, Data sheet

11 Verification of software safety requirements

7.7.2 Software aspects of system safety validation

11.5.3 Software verification report (refined)

software safety validation results; validated software

Test Results Report

7.4.9- Safety Manual Safety Manual Software Safety Manual

CSP Work Products


CSP Execution Process

Bidirectional Traceability

Traceability Matrix

Static Analysis & Quality Metrics

CSP Test Reports

CSP Execution Process

Structural Coverage Metrics & Regression Reports

Dynamic Analysis

Static Analysis


Test Automation Unit - Overview

Generates Dynamic Coverage Analysis Report and Regression Reports Run Unit Tests with user specific

• HALCoGen Configuration • Compiler Selection • Build Options • Target Configurations

Customized test cases • Selectively run test cases

relevant to their configuration • Easily add or modify test cases

Test cases in excel format • Easy to review, add or modify

test cases


Test Automation Unit Functional Blocks

Script Engine

TAU GUI

TCF

Test Case File with selected

test cases

Test case selection

LDRA Unit

HALCoGen drivers/ SafeTI™ Diagnostic

Library

Dynamic & Regression Reports

TAU

JTAG

Report

Target Hardware

Test Vectors

Excel Based Test

Database


TAU Demo


Dynamic Coverage Reports Dynamic Coverage Summary

Dynamic Coverage Report for CRC driver

Regression report for DCC Unit Test


Regression Report


Static Analysis Report


Traceability Matrix Report


Conclusion

24

Software Safety Requirements Specification

SafeTI CSP Artifact

Software Architecture Document

Detailed Static

Analysis Report & HIS Quality Metrics

Detailed Dynamic Analysis Report &

Test Results Report

Software Safety

Manual

Traceability Matrix


Conclusion

• Developing functional safety compliant software is challenging

• Risk management throughout the software life cycle is key

• Software system partitioning can be used to classify safety requirements

• Starting with a strong foundation can reduce risk to comply with functional safety requirements

• SafeTI CSPs and the LDRA Tool Suite can help simplify the development of functional safety software


Questions & Answers


For more information contact:

[email protected] [email protected]

www.ldra.com www.ti.com

Contact Information