ISO 26262


The trend of increasing complexity of E/E Systems and shortened development cycles presents a clear challenge in the selection of appropriate development methods and tools. By providing recommendations and processes for the development of safety-related systems, the ISO 26262 standard allows first of all a classification of functions of E/E systems as more or less safety critical (=ASIL levels). It likewise gives recommendations regarding  corresponding, state-of-the art methods for development and testing. Over the past years, this has become a de facto standard in the automotive industry for development of safety critical applications.

Relevant methods for developing and testing software are described in part 6 of the standard. Within the different verification methods, Requirement-Based Testing for example, allows demonstration that the software unit fulfils  specified requirements and is highly recommended for all ASIL levels. Another important testing goal is to guaranty the robustness of the software unit: the absence of undesired functionally or the sufficient hardware resources to run the software unit can be verified using methods like interface testing, fault-injection testing and resource testing. In regards to model-based development and additionally to other testing methods, the comparison between the model and automatically generated code is necessary to ensure that they behave equivalently to the test objectives.

The completeness of testing activities cannot be evaluated without measuring structural coverage of the software unit. That is why ISO 26262 specifies relevant metrics like statement, decision or MC/DC coverage to be measured in order to establish sufficient confidence in coverage at the software unit level.

To comply with safety-critical functions according to ASIL C or ASIL D, it is also recommended to consider formal methods that help obtain a high degree of confidence regarding a reliable system behavior. While using a formal notation within the software specification process, the computer will be able to understand the meaning of the requirements and will therefore offer advanced verification techniques including proof of complete integrity of the requirements.

With BTC EmbeddedPlatform, BTC Embedded Systems addresses the different verification objectives recommended by ISO 26262 in a complete tool chain within a single and consistent platform that allows alternating from one verification use case to another.

ISO 26262 also provides specific recommendations regarding confidence towards software tools used for development or testing activities. Tool qualification has to show that the tool is suitable to be used in the development process of a safety-critical product and can successfully address one or more development or test activities demanded by the standard. Since 2010, the German TÜV Süd prequalifies BTC EmbeddedTester as “Fit-for-purpose” for ISO 26262, with a Tool Confidence Level of 3 for all ASIL levels. To help our customers qualify the tool in their process, we also provide a “Validation Suite” that allows demonstration that the tool works as intended in a customer environment. The certificate and corresponding certification report are available on-demand.