Functionally safe positioning with the LDRA tool suite

LDRA, the leader in standards compliance, automated software verification, software code analysis, and test tools, has announced that Renishaw, an engineering and scientific technology company with expertise in precision measurement and healthcare, has successfully applied the LDRA tool suite to certify its RESOLUTE FS optical encoder system as functionally safe to level SIL 2 in accordance with IEC 61508-1:2010. Using the LDRA tool suite, Renishaw engineers were able to show MISRA C compliance of the re-engineered source code, to demonstrate functional correctness using unit test, and to analyse code coverage to prove the completeness of that testing.

Renishaw used its existing RESOLUTE product as the starting point and retrospectively applied the IEC 61508 standard to develop RESOLUTE FS, which is the company’s first absolute encoder product to be certified for the functional safety market. RESOLUTE FS is intended for markets where the encoder feedback must be functionally safe for machinery requiring safe motion functions, such as Safely Limited Speed or SLS. Using an encoder system that is already rated for use in these applications enables machine builders to make safer machines with higher functionality, reduced set-up times, and less machine downtime.

“Much of the firmware was already written, but the development process was not in accordance with IEC 61508 SIL2,” said Liz Smith, senior software engineer at Renishaw. “With new, detailed requirements in place, static analysis was a logical starting point for re-engineering the code. We had confidence in LDRA from the start, based on the recommendations of consultants and certification authority, the CSA. In addition, the availability of LDRArules stand-alone gave us the opportunity to experience the quality of LDRA products and support without committing upfront to the whole tool suite.”

IEC 61508 provides clearly defined requirements relating to language selection for the development of safety-related software. The UK’s Motor Industry Software Reliability Association (MISRA) has established a set of guidelines for the use of C language in safety-critical systems, and these guidelines were followed by Renishaw to meet those requirements. The retrospective application of MISRA C:2012 to existing source code required a new, more challenging level of detail. LDRArules helped significantly in that the MISRA guidelines are frequently broken down in the LDRA reporting schema to less generic, more concise definitions, complete with practical examples of violations. This improved granularity made it easier to understand the relationship of each individual rule violation, which was reinforced by the detailed explanations in the LDRA documentation.

Unit and regression testing with efficiency

Renishaw’s successful experience with LDRA’s static analysis tools led to an easy decision to extend its commitment further to the acquisition of the LDRA TBrun Unit Test tool. Renishaw needed an efficient way of unit testing and of showing code coverage associated with that testing in order to comply with the requirements of the standard. Although it is possible to develop unit tests using a simulator, Renishaw opted to do all of their testing on their target hardware, the Analog Devices Blackfin DSP BF534. The development team was very familiar with both the device and its debugging environment, and there was very little overhead involved in downloading and executing the tests on target. 

“In addition to completing the unit tests to demonstrate adherence to the IEC 61508 standard, we were also enthused about the ability to perform regression tests with ease,” said Liz Smith. “During development, regression tests allowed us to ensure that new modifications didn’t affect existing functionality and, less obviously, they also gave us the ability to easily confirm that software is functioning in accordance with requirements if problems were to arise.”

“Renishaw applied the LDRA products with the specific aim of certification for RESOLUTE FS,” said Ian Hennell, operations director, LDRA. “However, thanks to the ease of use of the LDRA tool suite, sound development processes, and the support we provided along Renishaw’s path to compliance, the RESOLUTE FS team now intends to continue to follow IEC 61508 methodologies and apply the tool suite in future. For Renishaw, the benefits of an exemplary development process reinforced by the LDRA tool suite speak for themselves in the development of cost effective, thoroughly tested, high quality software.”

Check Also

Hammond’s 1553 hand-held family new twin removable end panel versions

Mailer copy Hammond has introduced the BX, CX and DX versions of the 1553 family …