Safety Manual

Core workflow and documentation for safety information

CT can be utilized for the testing of software critical to safety. Therefore, the core workflow of CT as well as the release and test process of CT product has been certified according to ISO 26262, IEC 61508, EN 50128, IEC 62279, IEC 60880 and IEC 62304. The certification was carried out by TÜV SÜD. Our quality management system guarantees the appropriate management of all development processes for CT and continually enhances all procedures related to quality and safety.

The diagram above illustrates the core workflow of CT, which is fully automated and subject to tool qualification. The core workflow of CT has been certified in accordance with certification standards like ISO 26262 mentioned above. This workflow also encompasses detailed functions, including test data editing for test design and configuring test execution settings based on the test environment. Furthermore, coverage measurements have been verified as per our certified safety plan.

Safety-related issues that arise in released CT versions are reported and then analyzed and corrected by CT development department if action is required. Modified content will be reflected in the tool and the troubleshooting documentation included in the tool when the next version is released. Because modifications to safety-related items may be considered important to customers, the support office notices such information via email or phone. Customers can use the email information below to discuss issues with the tools they are using or request supporting safety information.

• help@suresofttech.com
  

CT verification and certification

CT has been certified by TÜV SÜD as a testing tool for use in safety-related software development in accordance with ISO 26262 and IEC 61508. CT extracts automatically test elements from controller SW source code (C, C++), creates test cases, and executes tests; therefore, the results of CT are safety-relevant, because they influence the verification results. On that reason, Tool Impact (TI2) is assigned according to ISO 26262-8. Additionally, if there are no expected reference results, the correctness of the results cannot be confirmed; therefore, Tool error Detection (TD3) is assigned.

Additionally, CT was evaluated against IEC 62304 (medical technology) and EN 50128 (railway technology). EN 50128 is an application standard based on IEC 61508. CT cannot directly influence a safety-related system during its run time; therefore, it is an off-line tool according to IEC 61508-4. CT supports Software module and integration testing of C or C++ executable code, which can lead to latent defects; therefore, CT was classified as a T2 offline tool in compliance with EN 50128.

Operational limits

CT is designed as a unit testing tool for testing functions in C/C++ source code. The following subsequent limitations and requirements apply to CT:

• The source code to be tested must be compilable without errors or warnings by the compiler for the respective microcontroller target. CT may fail to analyze the source code if there are syntactical errors present.
• Source code that operates only in unsupported compilers other than the supported compilers specified in CT manual may fail in analysis.
• Executing tests on a target system relies heavily on the correct configuration of the target device, accurate compiler/linker settings within CT environment, and device-specific settings within CT. Users must verify their environment to ensure the proper operation of unit test execution, when using the CT tool’s predefined settings for supported devices.
• CT does not verify the runtime behavior or timing constraints of the function under test. If the test does not complete successfully due to a runtime error, users can use the test error information provided by CT for troubleshooting.
• Automated tests are good for testing the robustness of the application code, but not the correctness (even if they provide a high level of code coverage). For correctness, testing must be done based on the requirements and not the implementation.