ISO 26262 Road Vehicles - Functional Safety
ISO 26262 is an international standard for functional safety of road vehicles. This standard is an adaptation of the Functional Safety standard IEC 61508 for Automotive Electric/Electronic Systems. ISO 26262 provides a safety lifecycle, supports tailoring the necessary activities during these lifecycle phases. It provides an automotive-specific risk-based approach for determining risk classes (Automotive Safety Integrity Levels, ASIL) and uses them for specifying the necessary safety requirements for achieving an acceptable residual risk. ISO 26262 gives also requirements for validation and confirmation measures to ensure that a sufficient and acceptable level of safety is being achieved. It provides also requirements for relations with suppliers.
Part 6: Product development at the software level
Part 6 of ISO 26262 (ISO 26262-6) specifies the requirements for product development at the software level.
ISO 26262 and Code Complexity
One of the requirements of ISO 26262 is the enforcement of low code complexity
for all Automotive Safety Integrity Levels (see 5.4.7 of 26262-6).
Code Complexity Measures Tool can be used in order to achieve this goal.
ISO 26262 and Static Code Analysis
Static Code Analysis is highly recommended for ASIL levels B, C and D by the standards ISO 26262 as a method for verfication of the software unit design and implementation (point 8.4.5 of ISO 26262-6).
is a leading tool for static code analysis.
Whitepaper: Simplifying ISO 26262 Compliance with GrammaTech
ISO 26262 and Code Coverage
In order to evaluate the completeness of test cases, ISO 26262 requires the measurement of structural coverage. Depending on the Automotive Safety Integrity Level statement coverage, branch coverage and/or MC/DC (Modified Condition/Decision Coverage) is required (see 8.4.5 of 26262-6).
|MC/DC (Modified Condition/Decision Coverage)
+ + stands for "highly recommended", + stands for "recommended"
If the achieved structural coverage is considered insufficient, additional test cases or a rationale shall be provided according 9.4.5 of ISO 26262-6.
Test Coverage Analyser can be used for analysing this coverage levels.
In 9.4.6 the standard requires that the test environment for software unit testing shall correspond as closely as possible to the target environment
is the ideal coverage tool to respond to this requirement, because it analyses for test coverage in any (even smallest) embedded targets
In 10.4.6 ISO 26262 requires Call Coverage. Although Call Coverage (also known as Call Pair Coverage) is not shown directly by Testwell CTC++, 100% Call Pair Coverage can be concluded from higher coverage levels shown by Testwell CTC++.
Additionally, Call Coverage / Call Pair Coverage can be shown when using Testwell CTC++
together with Imagix 4D
Learn more: Call Coverage with Testwell CTC++ and Imagix 4D
> ISO 26262 and Code Coverage
Testwell CTC++ Qualification Kit for DO-178C, EN-50128, IEC 61508, IEC 60880, and ISO 26262
The Qualification Kit for Testwell CTC++
provides documentation, test cases, and procedures that let you qualify Testwell CTC++ Test Coverage Analyser for projects based on the safety standards ISO 26262, IEC 61508, EN-50128, IEC 60880, and DO-178C.
The kit contains tool qualification plans, tool operational requirements, and other materials required for qualifying Testwell CTC++ for usage in security critical projects. > further information