Feasibility of Developing S32K3 ASIL B Functional Safety Products Using S32DS3.4 + GCC10.2

SethWang

Hi team，

The customer wants to know the feasibility of developing S32K324 ASIL B Functional Safety product using S32DS3.4+GCC10.2.
My understanding is that it is difficult to develop S32K324 ASIL B functional safety products using S32DS3.4+GCC10.2 to be certified by third-party evaluation organizations. That means this program is basically not feasible.
However, I know that some industrial customers using our S12 series MCU with GCC compiler have already passed the SIL 4 certification of IEC61508. They use Code Warrior IDE 5.1 for development. After the development is done, the GCC compiler is called through makefile to compile and generate .s19 file or bin file.
From this case, the development of S32K324 ASIL B functional safety product using S32DS3.4 + GCC10.2 is likely to be able to be certified by a third-party assessment organization.
Hence, please help to answer my query:
1. Is it possible to develop S32K324 ASIL B functional safety product using S32DS3.4+GCC10.2 to pass the third party assessment organization certification? If yes, is it very difficult to pass the certification?
2、Is there already a customer using S32DS3.4+GCC10.2 to develop S32K3 ASIL B functional safety products and has passed the third-party evaluation organization certification?

Thanks!

Kind Regards

Seth

antoinedubois

Hi Seth,

this is good question and different customer are more or less conservative.

There is a part in ISO26262 called the confidence in the use of SW tool (Part8 clause 11). The team has to argue that the tool will not introduce undetected failure mode. Tool are classified based on the Impact (TI) and detectability (TD) to create a TCL -> tool confidence level. This is the argumentation your customer has to build for their project.

Usually a compiler required TCL3 (not one can detect issue in the assembly code and it can have a big impact) this is why people buy certified compiler. However I have seen some company taking a less conservative approach and relying on the wide-spread support of some gcc version to be considered a reliable tool.

So it is a strategic decision your customer should take, and the argumentation they want to build for it. using GCC and S32DS they would have to bring some argumentation why they could detect or mitigate their impact with some testing or review.

NXP position is that you should use a certified compiler.

View solution in original post

antoinedubois

Hi Seth,

this is good question and different customer are more or less conservative.

There is a part in ISO26262 called the confidence in the use of SW tool (Part8 clause 11). The team has to argue that the tool will not introduce undetected failure mode. Tool are classified based on the Impact (TI) and detectability (TD) to create a TCL -> tool confidence level. This is the argumentation your customer has to build for their project.

Usually a compiler required TCL3 (not one can detect issue in the assembly code and it can have a big impact) this is why people buy certified compiler. However I have seen some company taking a less conservative approach and relying on the wide-spread support of some gcc version to be considered a reliable tool.

So it is a strategic decision your customer should take, and the argumentation they want to build for it. using GCC and S32DS they would have to bring some argumentation why they could detect or mitigate their impact with some testing or review.

NXP position is that you should use a certified compiler.

SethWang

Hi，

It is clear and helpful.

Thanks!

Kind regards

Seth

Feasibility of Developing S32K3 ASIL B Functional Safety Products Using S32DS3.4 + GCC10.2

Feasibility of Developing S32K3 ASIL B Functional Safety Products Using S32DS3.4 + GCC10.2

MCUs & MPUs

Photos