Design Note: Static analysis, safety-critical railway software, and EN 50128

October 31, 2016 // By Marc Brown, Grammatech
Transportation systems and, in particular, railway systems, are growing markets that increasingly rely on software for command, communication, and control. Due to the impact of errors and accidents in this environment, software is developed to strict standards such as EN 50128. The standard is very specific on the use of good programming practices, tools, and techniques. This short paper discusses how a static analysis tool like GrammaTech CodeSonar satisfies various EN 50128 requirements.

Source-code compliance

The EN 50128 standard is very clear on using good programming techniques such as modularity, components, structure, and object-oriented programming. It also requires the use of design and coding standards, and language subsets such as MISRA C. In fact, these coding standards are mandatory for higher safety-integrity levels SIL 3 and 4. Static analysis tools such as GrammaTech CodeSonar are very good for enforcing coding standards, whether commonly-used standards such as MISRA C or customized versions specific to your application.

 

Static analysis

The EN 50128 standard is specific about the use of static analysis tools “using a customizable set of Coding Standards, Control Flow and Data Flow Analysis Rules” and is highly recommend for SIL 1 to 4. Interestingly, the EN 50128 says: “Use the inter-procedural Control Flow Analysis module to find variables in use before being initialized, buffer overflows, resource leaks etc.” As this is a highly recommended practice, it’s clear that static analysis is an important part of the safety critical development toolkit.

 

 

Satisfying EN50128 requirements

The following table illustrates how specific EN 50128 requirements are met with a static analysis tool such as CodeSonar. In many cases the techniques/practices are highly recommended, if not mandatory, at the most critical levels.

 

 

Table 1: EN 50128 requirements specifically met by static analysis tools and the recommendation level. References are to specific clauses in EN 50128. Legend: R = recommended, HR = highly recommended, M = mandatory

 

Supporting certification

 

An important part of satisfying the requirements for EN 50128 is not just compliance but documentation to support proof of compliance. Automated software tools, including static analysis, provide reporting that supports the certification effort, and with the additional benefits of risk mitigation and developer time savings, the use of automated tools means quicker time-to-market and development dollars saved.

 

Certified tools

GrammaTech CodeSonar is an EN 50128 certified tool, which means that