SDS_QP_FUSA : Functional Safety Viewpoint |
---|
Purpose The Functional Safety Viewpoint focuses on ensuring that the software design is based on the recommended techniques and avoids non-recommended techniques and methods for the desired safety integrity level. |
Design Concerns The safety design viewpoint is used to address the following concerns:
|
The following Table SDS-LANG lists the recommended techniques and measures for software design required by [IEC 61508-3:2010] Table A.3 to achieve SIL 3. The last two columns of the table define how these techniques shall be applied (or avoided) in the design of QP/C Framework and QP/C Applications.
Technique/Measure(*) | IEC 61508 Ref. | SIL 3 (#) | Specs for QP Framework | Specs for QP Application | |
---|---|---|---|---|---|
1 | Suitable programming language | C.4.5 | HR | SDS_QP_LANG_01 | SDS_QA_LANG_01 |
2 | Strongly typed programming language | C.4.1 | HR | SDS_QP_LANG_02 | SDS_QA_LANG_02 |
3a | Language subset | C.4.2 | R | SDS_QP_LANG_03 | SDS_QA_LANG_03 |
4a | Certified tools and certified translators | C.4.3 | HR | SDS_QP_LANG_04 | SDS_QA_LANG_04 |
4b | Tools and translators: increased confidence from use | C.4.4 | HR | SDS_QP_LANG_04 | SDS_QA_LANG_04 |
(#) Acronym | Description |
---|---|
HR | (Highly Recommended) — the technique or measure is highly recommended for this safety integrity level. If this technique or measure is not used then the rationale behind not using it should be detailed with reference to [IEC 61508-3:2010] Annex C during the safety planning and agreed with the assessor. |
R | (Recommended) — the technique or measure is recommended for this safety integrity level as a lower recommendation to a HR recommendation. |
— | (Neutral) — the technique or measure has no recommendation for or against being used. |
NR | (NOT Recommended) — the technique or measure is positively not recommended for this safety integrity level. If this technique or measure is used then the rationale behind using it should be detailed with reference to [IEC 61508-3:2010] Annex C during the safety planning and agreed with the assessor. |
SDS_QP_LANG_01 : Suitable programming language. |
---|
Description |
Traceability |
Forward Traceability |
Technique/Measure(*) | IEC 61508 Ref. | SIL 3 (#) | Specs for QP Framework | Specs for QP Application | |
---|---|---|---|---|---|
1a | Structured methods | C.3.1 | HR | SDS_QP_TECH-01 | SDS_QA_TECH_01 |
1b | Semi-formal methods | Table B.7 | HR | SDS_QP_TECH-01 | SDS_QA_TECH_01 |
1c | Formal design and refinement methods | B.2.2 C.2.4 | R | SDS_QP_TECH-01 | SDS_QA_TECH_01 |
2 | Computer-aided design tools | B.3.5 | R | SDS_QP_TECH-02 | SDS_QA_TECH_02 |
3 | Defensive programming | C.2.5 | HR | SDS_QP_TECH-03 | SDS_QA_TECH_03 |
4 | Modular approach | Table B.9 | HR | SDS_QP_TECH-04 | SDS_QA_TECH_04 |
5 | Design and coning standards | C.2.5 Tale B.1 | HR | SDS_QP_TECH-05 | SDS_QA_TECH_05 |
6 | Structured programming | C.2.7 | HR | SDS_QP_TECH-06 | SDS_QA_TECH_06 |
7 | Use of trusted/verified software elements (if available) | C.2.10 | HR | SDS_QP_TECH-07 | SDS_QA_TECH_07 |
8 | Forward traceability between the software safety requirements specification and software design | C.2.11 | HR | SDS_QP_TECH-08 | SDS_QA_TECH_08 |
(#) Acronym | Description |
---|---|
HR | (Highly Recommended) — the technique or measure is highly recommended for this safety integrity level. If this technique or measure is not used then the rationale behind not using it should be detailed with reference to [IEC 61508-3:2010] Annex C during the safety planning and agreed with the assessor. |
R | (Recommended) — the technique or measure is recommended for this safety integrity level as a lower recommendation to a HR recommendation. |
— | (Neutral) — the technique or measure has no recommendation for or against being used. |
NR | (NOT Recommended) — the technique or measure is positively not recommended for this safety integrity level. If this technique or measure is used then the rationale behind using it should be detailed with reference to [IEC 61508-3:2010] Annex C during the safety planning and agreed with the assessor. |
Technique/Measure(*) | IEC 61508 Ref. | SIL 3 (#) | Specs for QP Framework | Specs for QP Application | |
---|---|---|---|---|---|
1 | Use of coding standards to reduce likelihood of errors | C.2.6.2 | HR | SDS_QP_STD_01 | SDS_QA_STD_01 |
2 | No dynamic objects | Table B.7 | HR | SDS_QP_STD_01 | SDS_QA_STD_01 |
3a | No dynamic variables | B.2.2 C.2.4 | R | SDS_QP_STD_01 | SDS_QA_STD_01 |
3b | Online checking of the installation of dynamic variables | B.3.5 | R | SDS_QP_STD_02 | SDS_QA_STD_02 |
4 | Limited use of interrupts | C.2.5 | HR | SDS_QP_STD_03 | SDS_QA_STD_03 |
5 | Limited use of pointers | Table B.9 | HR | SDS_QP_STD_04 | SDS_QA_STD_04 |
6 | Limited use of recursion | C.2.5 Tale B.1 | HR | SDS_QP_STD_05 | SDS_QA_STD_05 |
7 | No unstructured control flow in programs in higher level languages | C.2.7 | HR | SDS_QP_STD_06 | SDS_QA_STD_06 |
8 | No automatic type conversion | C.2.10 | HR | SDS_QP_STD_07 | SDS_QA_STD_07 |
(#) Acronym | Description |
---|---|
HR | (Highly Recommended) — the technique or measure is highly recommended for this safety integrity level. If this technique or measure is not used then the rationale behind not using it should be detailed with reference to [IEC 61508-3:2010] Annex C during the safety planning and agreed with the assessor. |
R | (Recommended) — the technique or measure is recommended for this safety integrity level as a lower recommendation to a HR recommendation. |
— | (Neutral) — the technique or measure has no recommendation for or against being used. |
NR | (NOT Recommended) — the technique or measure is positively not recommended for this safety integrity level. If this technique or measure is used then the rationale behind using it should be detailed with reference to [IEC 61508-3:2010] Annex C during the safety planning and agreed with the assessor. |
Technique/Measure(*) | IEC 61508 Ref. | SIL 3 (#) | Specs for QP Framework | Specs for QP Application | |
---|---|---|---|---|---|
1 | Data flow diagram | C.2.6.2 | R | SDS_QP_MODEL_01 | SDS_QA_MODEL_01 |
2 | Finite state machines | Table B.7 | HR | SDS_QP_MODEL_01 | SDS_QA_MODEL_01 |
3a | Formal methods | B.2.2 C.2.4 | R | SDS_QP_MODEL_01 | SDS_QA_MODEL_01 |
3b | Time Petri nets | B.3.5 | R | SDS_QP_MODEL_02 | SDS_QA_MODEL_02 |
4 | Performance modeling | C.2.5 | HR | SDS_QP_MODEL_03 | SDS_QA_MODEL_03 |
5 | Prototyping/animation | Table B.9 | R | SDS_QP_MODEL_04 | SDS_QA_MODEL_04 |
6 | Structure diagrams | C.2.5 Tale B.1 | R | SDS_QP_MODEL_05 | SDS_QA_MODEL_05 |
(#) Acronym | Description |
---|---|
HR | (Highly Recommended) — the technique or measure is highly recommended for this safety integrity level. If this technique or measure is not used then the rationale behind not using it should be detailed with reference to [IEC 61508-3:2010] Annex C during the safety planning and agreed with the assessor. |
R | (Recommended) — the technique or measure is recommended for this safety integrity level as a lower recommendation to a HR recommendation. |
— | (Neutral) — the technique or measure has no recommendation for or against being used. |
NR | (NOT Recommended) — the technique or measure is positively not recommended for this safety integrity level. If this technique or measure is used then the rationale behind using it should be detailed with reference to [IEC 61508-3:2010] Annex C during the safety planning and agreed with the assessor. |