Software Safety Integrity Level

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Software Safety Integrity Level

1,169 Views
amirnat
Contributor I

Hello, I use a MKV31F128 MCU in a functional safety project. As I know, MKV31F128  has a acceptable FIT rate, 2.3. I use MCUXpresso for software development. How can I calculate SIL (Safety Integrity Level) for my developed software? How can I prove it? Has NXP a tool for this purpose?  Thank you in advance.

0 Kudos
3 Replies

1,164 Views
bobpaddock
Senior Contributor III

What SIL level do you require?

To my knowledge there are no certified compilers that work with MUCExpresso.

Something like the Green Hills compiler that is certified to SIL4 is needed,

if SIL 4 is your aim:

https://www.ghs.com/products/compiler.html


I won't use code from any third-party IDE/Library in my safety related products.
It is my liability that is on the line, not theirs, and in their fine print legalese they tell you that.
Also the library code I've looked at tends to suck.

You might find some background information to help you at my Software Safety site:

http://www.softwaresafety.net


1,151 Views
amirnat
Contributor I

thank you bobpaddock for your reply, I have developed many software project for MCUs but I'm new in the field of safety software, I  have studied IEC61508 for starting but I haven't found the right way yet. I don't know from what to start. what is the easiest way to reach SIL3 in software?

which compiler?(for MKV31F MCU) 

which analysis tools?

which coding style or standard?

how to calculate SIL for available code?

Is there any free compiler/tool?

I appreciate your reply in advance.

0 Kudos

1,125 Views
bobpaddock
Senior Contributor III

"... I  have studied IEC61508 for starting but I haven't found the right way yet. I don't know from what to start. what is the easiest way to reach SIL3 in software?"

The 'right way' depends on your starting point and ending points.
Academia and Industry tend to have different ideas, sadly. Academia never has a shipping deadline.

Lind Westfall, Software Safety Guru is having an 8-hour class at the start of December.
It is two hours a day.  I STRONGLY suggest you take it.  I don't see it listed on her website yet, send her and email.  She has also been doing free weekly webinars about software safety development. I always make a point to listen to them if I can.  http://www.westfallteam.com/

I can give you some other reference reading if you want that, I do recommended such studies.

> which compiler?(for MKV31F MCU) 

There are better suited safety parts, in the NXP realm the S32 series.
TI such as the TMS570.

> which analysis tools?

For static analysis, I have long been a fan of Gimpel Software LLC's Lint product for doing static analysis of my projects.

I was excited about buying the new "PC-lint PLUS" version, even with the price increase. That is until I actually read their license agreement.  I detail that fiasco in my blog:

http://blog.softwaresafety.net/2018/06/i-have-long-been-fan-of-gimpel-software.html

> which coding style or standard?

That is dictated by your target device/industry.
FDA?  Rail Road? Aircraft (DO-178B)?

At a very minimum follow the MISRA guidelines, that in general are common sense: https://www.misra.org.uk/ 
You will need to buy the book or the PDF, that is a reasonable price.

Also use astyle so your code is consistent from all developers, and across time.
What you pick is not as important as picking something and being consistent with it.
http://astyle.sourceforge.net/astyle.html

MISRA will tell you to always use braces {} for ifs/whiles/fors etc.

so get use to such formatting.  Avoid shortcuts like if( !x) it would be if( 0 == x ) in MISRA.
Learn to put constants on the left: if( 0 == x ) not if( x == 0 ) etc.  that removed the common if( x = 0 ) bug, because x can not be assigned to a constant.

>how to calculate SIL for available code?

Doing some searches will give you some advice.

Myself I say you can't.  The foundation of safety is the requirements document, and the verification and validation documents.  It is extremely rare to get those documents for any existing code.

A stable house needs built on a stable foundation.

> Is there any free compiler/tool?


Not that I'm aware of.  In the safety realm it is pay-to-play.
The more likely your device is to kill someone, should something go wrong, the more it costs to get the standards, and tools.  

I look at the code the SDK generates, especially for initialization then write my own version.
The bottom line is it could be me in the liability suite, it won't be NXP.

Do you really want to tell the Court: "I didn't write that part of my code in my Pacemaker product, it came with my tool package and I never looked at it", "I did not look at the code my free, unvalidated, compiler produced..."?

This is what I'm familiar with in tools, it is one of many and they are not cheap, last I got a quote it was starting around $30,000 USD and that was a longtime ago.  $75k would not surprise me today:

https://www.ansys.com/products/embedded-software


General advice is study Formal Methods.

Try to write everything as a state-machine, such as run-to-completion state-machines.
They are easier to verify than if/else trees.  See McCabe's Cyclomatic Complexity number.
McCabe also sells a package for testing, which you might find of help.


For RTOS, which I've always avoided in my projects (despite me being involved in the development of uCOS-II years ago (my name is in the first edition of the book)), I'd look at uCOS-II, which is now Open Source.  There is uCOS-III that I have less knowledge about.  I know uCOS-II has been validated to some higher standards, and there is commercial support for that validated version.

https://www.micrium.com/rtos/

The bottom line is we do the best with what we can with what we can afford.
Sometimes it might be wise to say 'No' to a project.