Author: IAR
Safety-critical applications may seem like a professional term to many people, but in fact they are very close to our daily lives. Things that are closely related to us, such as car driving systems, aircraft control systems, elevator operating systems, medical equipment, etc., can all be included. The scope of safety-critical applications.
For such applications, general or domain-related security standards have clear certification specifications, and even the tool chain for developing such applications must be certified in some way to ensure that it is suitable for these security-related developments. This article explains what it means to be certified for a tool chain used for safety-critical development, and how you can leverage this certification support in your own safety-related projects and applications.
Embedded Functional Safety Standard
Formal standards for security certification have been published for many years, but interest in and actual use of these standards has increased significantly over the past few years, especially in the embedded world. There is growing interest in certification and certified end products, partly due to legal requirements, but for manufacturers, obtaining safety certification means gaining market competitiveness.
The international comprehensive standard IEC 61508, which is related to many functional safety, has been revised many times and the second edition was released in 2010. This standard and its derived standards are now widely used in industries that require reliability and safety, such as process industries, railways and automation, such as ISO 26262 for the automotive field, EN 50128 for railway applications, and IEC 62304 For use in medical software and medical devices.
Certification and verification
If you are about to start a project with safety-critical functionality or functional safety requirements, you may have realized that the development tools you use must be qualified in some way to be suitable for safety-related development. The specific requirements for certified development tools depend on the standard you adhere to and, to some extent, the potential severity of a product failure. This also has to do with the nature of the tool, for example, a compiler that generates the code that goes into production is more difficult to certify than a source code measurement tool, which is more difficult to certify than a version control system or a requirements management system.
Different standards have different definitions of safety integrity (i.e., how critical a product is), and these standards also differ in how tools are classified. Taking IEC 61508 as an example, it stipulates that tools such as compilers need to be certified, although the specific meaning of "certification" is not clearly defined. Additionally, the standard requires tools to be validated to ensure they comply with relevant specifications or documentation. At worst, this means you must fully test the tool in your own project unless you can provide sufficient evidence that it has been tested. Additionally, you need to evaluate how dependent your project is on tools.
Another thing to consider and evaluate is the tool vendor's ability to support the tool, ideally throughout the lifecycle of the safety-critical product.
All of these things put together can give you quite a bit of work, and that's just one tool and one project... On the other hand, that's what IAR's toolchains get certified for The reason is.
Get certified and verified!
What exactly does it mean to be certified by IAR for tools used in safety-critical development ? It means the amount of work you have to do to justify the use of a tool will be significantly reduced. Because the independent third-party agency TÜV SÜD has evaluated IAR's development activities, problem handling procedures, and testing and verification activities, and certified that IAR's tools comply with the requirements of safety standards such as IEC 61508, ISO 26262, EN 50128, and IEC 62304. . These tools include IAR Embedded Workbench for Arm, RISC-V, STM8, Renesas RX, RL78 and RH850, etc. This also means that if you choose C or C++ as your programming language, IAR's toolchain is an excellent choice.
Continuing services
So, if you choose a certified tool, you’re done?
An important thing to consider as well is the level of support you need and the level of support you can get from your toolchain. This is not just limited to the project development period, but also includes the entire life cycle of the product. If a tool is old and replaced by a newer version, the tool vendor will not necessarily continue to support you on the older version of the tool. This stance goes against the needs of typical security-related projects, where tool updates should be avoided as much as possible.
If the update of a previously certified tool contains not only bug fixes but also feature updates, then accepting only bug fixes is useless because the tool updates require re-certification or detailed impact analysis and testing.
Through years of working with customers who develop security-related software or services with high-availability requirements, IAR understands that support for "frozen" releases is critical. A "frozen" version is a version of a tool that only receives bug fixes and never adds new features. This version can remain active and supported as needed. In the past, IAR has tailored special partnership agreements for customers who require specific "frozen" releases and related support services. Now, with certification, IAR has the opportunity to offer “frozen” releases and related support services in a streamlined manner to all customers using functional safety releases of IAR Embedded Workbench.
Comprehensive support and protection
IAR 's security solution includes the following main contents.
Summarize
To sum up, choosing a certified tool chain can make it easy for you to use it in security-related projects, and choosing a tool that includes appropriate support services can make your tool selection and investment more valuable.
Additionally, even if your product does not have direct safety requirements, functional safety support services can be useful if you need to meet various high-integrity or high-availability requirements.
- IAR Embedded Workbench functional safety versions: Certified and frozen tool-specific versions, including IAR Embedded Workbench for Arm, RISC-V, STM8, RL78, RX and RH850.
- TÜV SÜD ’s certification report: details the validity of the certification.
- Security Guide: In the terms of various security standards, this is a security manual intended to provide guidance on how to use a toolchain in security-related development. The guide covers everything from what to consider when installing a toolchain to how to deal with language extensions and compiler pragmas.
- Functional Safety Support and Update Agreement: Includes support for certified versions and pre-certified bug fix updates as long as the customer's agreement remains in effect.
- Regular updates: Regular updates with information about known issues in the tool chain.