The EN 50128 standard is very clear on using good programming techniques such as modularity, components, structure, and object-oriented programming. It also requires the use of design and coding standards, and language subsets such as MISRA C. In fact, these coding standards are mandatory for higher safety-integrity levels SIL 3 and 4. Static analysis tools such as GrammaTech CodeSonar are very good for enforcing coding standards, whether commonly-used standards such as MISRA C or customized versions specific to your application.
The EN 50128 standard is specific about the use of static analysis tools “using a customizable set of Coding Standards, Control Flow and Data Flow Analysis Rules” and is highly recommend for SIL 1 to 4. Interestingly, the EN 50128 says: “Use the inter-procedural Control Flow Analysis module to find variables in use before being initialized, buffer overflows, resource leaks etc.” As this is a highly recommended practice, it’s clear that static analysis is an important part of the safety critical development toolkit.
Satisfying EN50128 requirements
The following table illustrates how specific EN 50128 requirements are met with a static analysis tool such as CodeSonar. In many cases the techniques/practices are highly recommended, if not mandatory, at the most critical levels.
Table 1: EN 50128 requirements specifically met by static analysis tools and the recommendation level. References are to specific clauses in EN 50128. Legend: R = recommended, HR = highly recommended, M = mandatory
An important part of satisfying the requirements for EN 50128 is not just compliance but documentation to support proof of compliance. Automated software tools, including static analysis, provide reporting that supports the certification effort, and with the additional benefits of risk mitigation and developer time savings, the use of automated tools means quicker time-to-market and development dollars saved.
GrammaTech CodeSonar is an EN 50128 certified tool, which means that