The combination of hardware with a known history, application software, diagnostic software, and safety-certified development tools is a powerful enabler for developers of safety-critical applications. It allows them to start development quickly and achieve end product certification efficiently, saving both time and money. This article examines the benefits of using a certified development and build chain.
1. History Repeats
In recent decades, the number of embedded projects with functional safety requirements has increased significantly. Industries like measurement and control, medical devices, and automotive demand products that meet reliability thresholds and behave safely in case of failure. The avionics field has long prioritized safety and reliability. However, each niche traditionally had its own safety standards and concepts. A trend in the recent years has been the unification of these standards, allowing methods from one standard to be applied to other areas if justified.
The IEC 61508 standard, serves as a reference for all kinds of programmable electronic devices. Sector-specific standards, such as IEC 62061 for machinery and ISO 26262 for automotive, build on IEC 61508 but adapt it to their contexts.
The market and regulations drive the trend towards formal safety requirements. End users and product integrators demand high reliability and independent verification of safety, leading to certifications like IEC 61508 compliance. This trend is growing exponentially, especially with the rise of edge devices and IoT, where devices from toasters to emergency car systems are interconnected. This evolution blurs the line between functional safety and device security, as vulnerabilities in one can affect the other.
2. Brace for Impact
Designing a functional safety system in hardware involves ensuring the reliability and integrity of components. Some components have well-understood failure rates and modes and can be dimensioned or duplicated to reduce the risk of malfunction. For microcontrollers (MCUs), additional measures are needed due to their complexity, such as resilience to radiation and wear and tear on non-volatile storage.
Malfunctioning software is another concern, where issues like writing beyond the stack can have disastrous effects. Silicon vendors provide safety packages, including safety manuals, self-test diagnostic libraries, and market-proven devices, which serve as solid foundations for safety-related projects.
3. Standards Apply
Starting a software project with safety-critical functionality requires qualified development tools. The qualification process varies based on the tool's criticality and nature. IEC 61508 part 3, section 7.4.4, details tool qualification but is not specific about C compiler requirements, necessitating significant effort and documentation for higher Safety Integrity Levels.
4. Jumping Through the Hoops
In-house tool qualification is time-consuming and requires skills more aligned with compiler writing and testing than typical safety-critical development. To simplify this, IAR has certified its IAR Embedded Workbench and IAR Build Tools for Arm, RISC-V, STM8, Renesas RX, RL78 and RH850 through TÜV SÜD. The certification covers:
- Development processes for high-quality software.
- Test and quality measures, including language standard compliance.
- Processes for field issues and user updates.
- Safety information in manuals and documentation.
- User base and product distribution assurance.
The certification covers IEC 61508, ISO 26262, IEC 62304, EN 50128/ EN 50657, IEC 60730, ISO 13849, IEC 62061, IEC 61511 and ISO 25119 demonstrating the overlap and similarities between different standards.
5. How on Earth?
Experienced developers know the importance of streamlined processes for safety-related projects. Over-engineering processes can lead to unnecessary paperwork without addressing real issues. Balancing factors like production costs, time-to-market, and development choices (buy, develop, or outsource) is crucial. Existing solutions that cut down on administrative burdens are invaluable.
6. Software Galore
Developing safety-critical software under standards like IEC 61508 involves stringent requirements, such as using the V model, selecting appropriate programming languages, and rigorous testing and verification. Balancing safety precautions with production and market demands can be challenging.
Using language extensions and optimizations, although not generally encouraged, can be justified with proper validation and verification. Extensions allow safe access to hardware features without resorting to assembly language. Optimization reduces object code, simplifying verification.
7. Say What?
Choosing the functional safety version of IAR Embedded Workbench offers:
- Tools certified by TÜV SÜD
- Long-term support through a special functional safety agreement
- Safety certificate renewal as long as agreement is active
- Coverage of 10 safety standards
- Full flexibility with wide tools support across architectures
- Certification reports.
- Detailed safety manuals and documentation.
- Test reports.
- Regular updates on toolchain issues.
Standards Covered
The functional safety editions of IAR Embedded Workbench (for Arm, RISC-V, STM8, Renesas RX, RL78 and RH850) are certified by TÜV SÜD according to the following standards:
- IEC 61508 - Functional safety of electrical/electronic/programmable electronic safety-related systems.
- ISO 26262 - Functional safety for road vehicles.
- EN 50128 and EN 50657 - Railway applications.
- IEC 62304 - Medical device software.
- ISO 25119 - Safety of tractors and machinery for agriculture and forestry.
- IEC 62061 - Safety of machinery - Functional safety of safety-related electrical, electronic, and programmable electronic control systems.
- ISO 13849 - Safety of machinery - Safety-related parts of control systems.
- IEC 61511 - Functional safety - Safety instrumented systems for the process industry sector.
- IEC 60730 - Automatic electrical controls for household and similar use.
- IEC 61511-1 - Functional safety - Safety instrumented systems for the process industry sector.
The combination of Silicon Vendor safety packages with IAR Embedded Workbench provides a head start in developing safety-critical products, reducing non-developmental burdens. The tool offers outstanding optimization performance, best-in-class language conformance, and optional extensions for hardware access.