ISO 26262-6 Road vehicles — Functional safety — Product development at the software level PDF
Document Details
Uploaded by LuxuriousNessie8706
2018
Tags
Summary
This document details the ISO 26262-6 standard for functional safety in road vehicles, specifically focusing on product development at the software level. It outlines general topics and requirements for software product development, including considerations for ASIL, motorcycle and truck applications.
Full Transcript
INTERNATIONAL ISO STANDARD 26262-6...
INTERNATIONAL ISO STANDARD 26262-6 Second edition 2018-12 Road vehicles — Functional safety — Part 6: Product development at the software level Véhicules routiers — Sécurité fonctionnelle — Partie 6: Développement du produit au niveau du logiciel Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 Reference number ISO 26262-6:2018(E) © ISO 2018 ISO 26262-6:2018(E) Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 COPYRIGHT PROTECTED DOCUMENT © ISO 2018 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester. ISO copyright office CP 401 Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +41 22 749 01 11 Fax: +41 22 749 09 47 Email: [email protected] Website: www.iso.org Published in Switzerland ii © ISO 2018 – All rights reserved ISO 26262-6:2018(E) Contents Page Foreword...........................................................................................................................................................................................................................................v Introduction............................................................................................................................................................................................................................... vii 1 Scope.................................................................................................................................................................................................................................. 1 2 Normative references....................................................................................................................................................................................... 2 3 Terms and definitions...................................................................................................................................................................................... 2 4 Requirements for compliance................................................................................................................................................................. 2 4.1 Purpose........................................................................................................................................................................................................... 2 4.2 General requirements........................................................................................................................................................................ 2 4.3 Interpretations of tables.................................................................................................................................................................. 3 4.4 ASIL-dependent requirements and recommendations........................................................................................ 3 4.5 Adaptation for motorcycles........................................................................................................................................................... 4 4.6 Adaptation for trucks, buses, trailers and semi-trailers...................................................................................... 4 5 General topics for the product development at the software level................................................................... 4 5.1 Objectives..................................................................................................................................................................................................... 4 5.2 General............................................................................................................................................................................................................ 4 5.3 Inputs to this clause............................................................................................................................................................................. 5 5.3.1 Prerequisites........................................................................................................................................................................ 5 5.3.2 Further supporting information.......................................................................................................................... 5 5.4 Requirements and recommendations.................................................................................................................................. 5 5.5 Work products.......................................................................................................................................................................................... 7 6 Specification of software safety requirements...................................................................................................................... 7 6.1 Objectives..................................................................................................................................................................................................... 7 6.2 General............................................................................................................................................................................................................ 8 6.3 Inputs to this clause............................................................................................................................................................................. 8 Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 6.3.1 Prerequisites........................................................................................................................................................................ 8 6.3.2 Further supporting information.......................................................................................................................... 8 6.4 Requirements and recommendations.................................................................................................................................. 8 6.5 Work products....................................................................................................................................................................................... 10 7 Software architectural design...............................................................................................................................................................10 7.1 Objectives.................................................................................................................................................................................................. 10 7.2 General......................................................................................................................................................................................................... 10 7.3 Inputs to this clause.......................................................................................................................................................................... 10 7.3.1 Prerequisites..................................................................................................................................................................... 10 7.3.2 Further supporting information....................................................................................................................... 10 7.4 Requirements and recommendations............................................................................................................................... 11 7.5 Work products....................................................................................................................................................................................... 16 8 Software unit design and implementation..............................................................................................................................16 8.1 Objectives.................................................................................................................................................................................................. 16 8.2 General......................................................................................................................................................................................................... 17 8.3 Inputs to this clause.......................................................................................................................................................................... 17 8.3.1 Prerequisites..................................................................................................................................................................... 17 8.3.2 Further supporting information....................................................................................................................... 17 8.4 Requirements and recommendations............................................................................................................................... 17 8.5 Work products....................................................................................................................................................................................... 19 9 Software unit verification.........................................................................................................................................................................19 9.1 Objectives.................................................................................................................................................................................................. 19 9.2 General......................................................................................................................................................................................................... 19 9.3 Inputs to this clause.......................................................................................................................................................................... 20 9.3.1 Prerequisites..................................................................................................................................................................... 20 9.3.2 Further supporting information....................................................................................................................... 20 9.4 Requirements and recommendations............................................................................................................................... 20 © ISO 2018 – All rights reserved iii ISO 26262-6:2018(E) 9.5 Work products....................................................................................................................................................................................... 24 10 Software integration and verification..........................................................................................................................................24 10.1 Objectives.................................................................................................................................................................................................. 24 10.2 General......................................................................................................................................................................................................... 24 10.3 Inputs to this clause.......................................................................................................................................................................... 24 10.3.1 Prerequisites..................................................................................................................................................................... 24 10.3.2 Further supporting information....................................................................................................................... 25 10.4 Requirements and recommendations............................................................................................................................... 25 10.5 Work products....................................................................................................................................................................................... 28 11 Testing of the embedded software...................................................................................................................................................28 11.1 Objective..................................................................................................................................................................................................... 28 11.2 General......................................................................................................................................................................................................... 28 11.3 Inputs to this clause.......................................................................................................................................................................... 28 11.3.1 Prerequisites..................................................................................................................................................................... 28 11.3.2 Further supporting information....................................................................................................................... 28 11.4 Requirements and recommendations............................................................................................................................... 29 11.5 Work products....................................................................................................................................................................................... 30 Annex A (informative) Overview of and workflow of management of product development at the software level........................................................................................................................................................................................31 Annex B (informative) Model-based development approaches.............................................................................................36 Annex C (normative) Software configuration...........................................................................................................................................40 Annex D (informative) Freedom from interference between software elements...............................................46 Annex E (informative) Application of safety analyses and analyses of dependent failures at the software architectural level..........................................................................................................................................................48 Bibliography.............................................................................................................................................................................................................................. 57 Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 iv © ISO 2018 – All rights reserved ISO 26262-6:2018(E) Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html. This document was prepared by Technical Committee ISO/TC 22, Road vehicles Subcommittee, SC 32, Electrical and electronic components and general system aspects. Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 This edition of ISO 26262 series of standards cancels and replaces the edition ISO 26262:2011 series of standards, which has been technically revised and includes the following main changes: — requirements for trucks, buses, trailers and semi-trailers; — extension of the vocabulary; — more detailed objectives; — objective oriented confirmation measures; — management of safety anomalies; — references to cyber-security; — updated target values for hardware architecture metrics; — guidance on model based development and software safety analysis; — evaluation of hardware elements; — additional guidance on dependent failure analysis; — guidance on fault tolerance, safety related special characteristics and software tools; — guidance for semiconductors; — requirements for motorcycles; and — general restructuring of all parts for improved clarity. © ISO 2018 – All rights reserved v ISO 26262-6:2018(E) Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html. A list of all parts in the ISO 26262 series can be found on the ISO website. Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 vi © ISO 2018 – All rights reserved ISO 26262-6:2018(E) Introduction The ISO 26262 series of standards is the adaptation of IEC 61508 series of standards to address the sector specific needs of electrical and/or electronic (E/E) systems within road vehicles. This adaptation applies to all activities during the safety lifecycle of safety-related systems comprised of electrical, electronic and software components. Safety is one of the key issues in the development of road vehicles. Development and integration of automotive functionalities strengthen the need for functional safety and the need to provide evidence that functional safety objectives are satisfied. With the trend of increasing technological complexity, software content and mechatronic implementation, there are increasing risks from systematic failures and random hardware failures, these being considered within the scope of functional safety. ISO 26262 series of standards includes guidance to mitigate these risks by providing appropriate requirements and processes. To achieve functional safety, the ISO 26262 series of standards: a) provides a reference for the automotive safety lifecycle and supports the tailoring of the activities to be performed during the lifecycle phases, i.e., development, production, operation, service and decommissioning; b) provides an automotive-specific risk-based approach to determine integrity levels [Automotive Safety Integrity Levels (ASILs)]; c) uses ASILs to specify which of the requirements of ISO 26262 are applicable to avoid unreasonable residual risk; d) provides requirements for functional safety management, design, implementation, verification, validation and confirmation measures; and Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 e) provides requirements for relations between customers and suppliers. The ISO 26262 series of standards is concerned with functional safety of E/E systems that is achieved through safety measures including safety mechanisms. It also provides a framework within which safety-related systems based on other technologies (e.g. mechanical, hydraulic and pneumatic) can be considered. The achievement of functional safety is influenced by the development process (including such activities as requirements specification, design, implementation, integration, verification, validation and configuration), the production and service processes and the management processes. Safety is intertwined with common function-oriented and quality-oriented activities and work products. The ISO 26262 series of standards addresses the safety-related aspects of these activities and work products. Figure 1 shows the overall structure of the ISO 26262 series of standards. The ISO 26262 series of standards is based upon a V-model as a reference process model for the different phases of product development. Within the figure: — the shaded “V”s represent the interconnection among ISO 26262-3, ISO 26262-4, ISO 26262-5, ISO 26262-6 and ISO 26262-7; — for motorcycles: — ISO 26262-12:2018, Clause 8 supports ISO 26262-3; — ISO 26262-12:2018, Clauses 9 and 10 support ISO 26262-4; — the specific clauses are indicated in the following manner: “m-n”, where “m” represents the number of the particular part and “n” indicates the number of the clause within that part. © ISO 2018 – All rights reserved vii ISO 26262-6:2018(E) EXAMPLE “2-6” represents ISO 26262-2:2018, Clause 6. Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 Figure 1 — Overview of the ISO 26262 series of standards viii © ISO 2018 – All rights reserved INTERNATIONAL STANDARD ISO 26262-6:2018(E) Road vehicles — Functional safety — Part 6: Product development at the software level 1 Scope This document is intended to be applied to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production road vehicles, excluding mopeds. This document does not address unique E/E systems in special vehicles such as E/E systems designed for drivers with disabilities. NOTE Other dedicated application-specific safety standards exist and can complement the ISO 26262 series of standards or vice versa. Systems and their components released for production, or systems and their components already under development prior to the publication date of this document, are exempted from the scope of this edition. This document addresses alterations to existing systems and their components released for production prior to the publication of this document by tailoring the safety lifecycle depending on the alteration. This document addresses integration of existing systems not developed according to this document and systems developed according to this document by tailoring the safety lifecycle. This document addresses possible hazards caused by malfunctioning behaviour of safety-related E/E systems, including interaction of these systems. It does not address hazards related to electric shock, fire, smoke, heat, radiation, toxicity, flammability, reactivity, corrosion, release of energy and similar Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 hazards, unless directly caused by malfunctioning behaviour of safety-related E/E systems. This document describes a framework for functional safety to assist the development of safety- related E/E systems. This framework is intended to be used to integrate functional safety activities into a company-specific development framework. Some requirements have a clear technical focus to implement functional safety into a product; others address the development process and can therefore be seen as process requirements in order to demonstrate the capability of an organization with respect to functional safety. This document does not address the nominal performance of E/E systems. This document specifies the requirements for product development at the software level for automotive applications, including the following: — general topics for product development at the software level; — specification of the software safety requirements; — software architectural design; — software unit design and implementation; — software unit verification; — software integration and verification; and — testing of the embedded software. It also specifies requirements associated with the use of configurable software. Annex A provides an overview on objectives, prerequisites and work products of this document. © ISO 2018 – All rights reserved 1 ISO 26262-6:2018(E) 2 Normative references The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 26262-1, Road Vehicles — Functional Safety — Part 1: Vocabulary ISO 26262-2:2018, Road Vehicles — Functional Safety — Part 2: Management of functional safety ISO 26262-3:2018, Road vehicles — Functional safety — Part 3: Concept phase ISO 26262-4:2018, Road vehicles — Functional safety — Part 4: Product development at the system level ISO 26262-5:2018, Road vehicles — Functional safety — Part 5: Product development at the hardware level ISO 26262-7:2018, Road vehicles — Functional safety — Part 7: Production, operation, service and decommissioning ISO 26262-8:2018, Road vehicles — Functional safety — Part 8: Supporting processes ISO 26262-9:2018, Road vehicles — Functional safety — Part 9: Automotive Safety Integrity Level (ASIL)- oriented and safety-oriented analyses 3 Terms and definitions For the purposes of this document, the terms, definitions and abbreviated terms given in ISO 26262-1 apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: — IEC Electropedia: available at http://www.electropedia.org/ Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 — ISO Online browsing platform: available at https://www.iso.org/obp. 4 Requirements for compliance 4.1 Purpose This clause describes how: a) to achieve compliance with the ISO 26262 series of standards; b) to interpret the tables used in the ISO 26262 series of standards; and c) to interpret the applicability of each clause, depending on the relevant ASIL(s). 4.2 General requirements When claiming compliance with the ISO 26262 series of standards, each requirement shall be met, unless one of the following applies: a) tailoring of the safety activities in accordance with ISO 26262-2 has been performed that shows that the requirement does not apply; or b) a rationale is available that the non-compliance is acceptable and the rationale has been evaluated in accordance with ISO 26262-2. 2 © ISO 2018 – All rights reserved ISO 26262-6:2018(E) Informative content, including notes and examples, is only for guidance in understanding, or for clarification of the associated requirement, and shall not be interpreted as a requirement itself or as complete or exhaustive. The results of safety activities are given as work products. “Prerequisites” are information which shall be available as work products of a previous phase. Given that certain requirements of a clause are ASIL‑dependent or may be tailored, certain work products may not be needed as prerequisites. “Further supporting information” is information that can be considered, but which in some cases is not required by the ISO 26262 series of standards as a work product of a previous phase and which may be made available by external sources that are different from the persons or organizations responsible for the functional safety activities. 4.3 Interpretations of tables Tables are normative or informative depending on their context. The different methods listed in a table contribute to the level of confidence in achieving compliance with the corresponding requirement. Each method in a table is either: a) a consecutive entry (marked by a sequence number in the leftmost column, e.g. 1, 2, 3), or b) an alternative entry (marked by a number followed by a letter in the leftmost column, e.g. 2a, 2b, 2c). For consecutive entries, all listed highly recommended and recommended methods in accordance with the ASIL apply. It is allowed to substitute a highly recommended or recommended method by others not listed in the table, in this case, a rationale shall be given describing why these comply with the corresponding requirement. If a rationale can be given to comply with the corresponding requirement without choosing all entries, a further rationale for omitted methods is not necessary. For alternative entries, an appropriate combination of methods shall be applied in accordance with the ASIL indicated, independent of whether they are listed in the table or not. If methods are listed with Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 different degrees of recommendation for an ASIL, the methods with the higher recommendation should be preferred. A rationale shall be given that the selected combination of methods or even a selected single method complies with the corresponding requirement. NOTE A rationale based on the methods listed in the table is sufficient. However, this does not imply a bias for or against methods not listed in the table. For each method, the degree of recommendation to use the corresponding method depends on the ASIL and is categorized as follows: — “++” indicates that the method is highly recommended for the identified ASIL; — “+” indicates that the method is recommended for the identified ASIL; and — “o” indicates that the method has no recommendation for or against its usage for the identified ASIL. 4.4 ASIL-dependent requirements and recommendations The requirements or recommendations of each sub-clause shall be met for ASIL A, B, C and D, if not stated otherwise. These requirements and recommendations refer to the ASIL of the safety goal. If ASIL decomposition has been performed at an earlier stage of development, in accordance with ISO 26262-9:2018, Clause 5, the ASIL resulting from the decomposition shall be met. If an ASIL is given in parentheses in the ISO 26262 series of standards, the corresponding sub-clause shall be considered as a recommendation rather than a requirement for this ASIL. This has no link with the parenthesis notation related to ASIL decomposition. © ISO 2018 – All rights reserved 3 ISO 26262-6:2018(E) 4.5 Adaptation for motorcycles For items or elements of motorcycles for which requirements of ISO 26262-12 are applicable, the requirements of ISO 26262-12 supersede the corresponding requirements in this document. Requirements of ISO 26262‑2 that are superseded by ISO 26262-12 are defined in Part 12. 4.6 Adaptation for trucks, buses, trailers and semi-trailers Content that is intended to be unique for trucks, buses, trailers and semi-trailers (T&B) is indicated as such. 5 General topics for the product development at the software level 5.1 Objectives The objectives of this clause are: a) to ensure a suitable and consistent software development process; and b) to ensure a suitable software development environment. 5.2 General The reference phase model for the development of software is given in Figure 2. Details concerning the treatment of configurable software are provided in Annex C. Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 NOTE Within the figure, the specific clauses of each part of the ISO 26262 series of standards are indicated in the following manner: “m‑n”, where “m” represents the number of the part and “n” indicates the number of the clause, e.g. “4-7” represents ISO 26262-4:2018, Clause 7. Figure 2 — Reference phase model for the product development at the software level 4 © ISO 2018 – All rights reserved ISO 26262-6:2018(E) NOTE 1 Development approaches or methods from agile software development can also be suitable for the development of safety-related software, but if the safety activities are tailored in this manner, ISO 26262-2:2018 6.4.5 is considered. However, agile approaches and methods cannot be used to omit safety measures or ignore the fundamental documentation, process or safety integrity of product rigour required for the achievement of functional safety. EXAMPLE 1 Test Driven Development can be used to improve quality and testability of requirements. EXAMPLE 2 Continuous integration based on an automated build system can support consistency of sub- phases and facilitate regression tests. Such a build system typically performs code generation, compiling and linking, static code analysis, documentation generation, testing and packaging. It allows, subject to tool chain and tool configuration, repeatable and, after changes, comparable production of software, documentation and test results. NOTE 2 Cybersecurity can also be considered when developing the embedded software of a particular item, see ISO 26262-2:2018, 5.4.2.3. In order to be able to develop software, specific topics are addressed in this clause concerning the modelling, design and/or programming languages to be used, and the application of guidelines and tools. NOTE 3 Tools used for software development can include tools other than software tools. EXAMPLE 3 Tools used for testing phases. 5.3 Inputs to this clause 5.3.1 Prerequisites The following information shall be available: — (none) 5.3.2 Further supporting information Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 The following information can be considered: — qualified software tools available (see ISO 26262-8:2018, Clause 11); — design and coding guidelines for modelling, design and programming languages (from an external source); — guidelines for the application of methods (from an external source); and — guidelines for the application of tools (from an external source). 5.4 Requirements and recommendations 5.4.1 When developing the software of an item, software development processes and software development environments shall be used which: a) are suitable for developing safety-related embedded software, including methods, guidelines, languages and tools; b) support consistency across the sub-phases of the software development lifecycle and the respective work products; and c) are compatible with the system and hardware development phases regarding required interaction and consistency of exchange of information. NOTE 1 The sequencing of phases, tasks and activities, including iteration steps, for the software of an item intends to ensure the consistency of the corresponding work products with the product development at the hardware level (see ISO 26262-5) and the product development at the system level (see ISO 26262-4). © ISO 2018 – All rights reserved 5 ISO 26262-6:2018(E) NOTE 2 The software tool criteria evaluation report (see ISO 26262-8:2018, 11.5.1) or the software tool qualification report (see ISO 26262-8:2018, 11.5.2) can provide input to the tool usage. 5.4.2 The criteria that shall be considered when selecting a design, modelling or programming language are: a) an unambiguous and comprehensible definition; EXAMPLE Unambiguous definition of syntax and semantics or restriction to configuration of the development environment. b) suitability for specifying and managing safety requirements according to ISO 26262-8:2018 Clause 6, if modelling is used for requirements engineering and management; c) support the achievement of modularity, abstraction and encapsulation; and d) support the use of structured constructs. NOTE Assembly languages can be used for those parts of the software where the use of high-level programming languages is not appropriate, such as low-level software with interfaces to the hardware, interrupt handlers, or time-critical algorithms. However using assembly languages can require a suitable application or tailoring of all software development phases (e.g. requirements of Clause 8). 5.4.3 Criteria for suitable modelling, design or programming languages (see 5.4.2) that are not sufficiently addressed by the language itself shall be covered by the corresponding guidelines, or by the development environment, considering the topics listed in Table 1. EXAMPLE 1 MISRA C (see Reference ) is a coding guideline for the programming language C and includes guidance for automatically generated code. EXAMPLE 2 In the case of model based development with automatic code generation, guidelines can be applied at the model level as well as the code level. Appropriate modelling style guides including the MISRA AC series can Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32 be considered. Style guides for commercial tools are also possible guidelines. NOTE Existing coding guidelines and modelling guidelines can be modified for a specific item development. 6 © ISO 2018 – All rights reserved ISO 26262-6:2018(E) Table 1 — Topics to be covered by modelling and coding guidelines ASIL Topics A B C D 1a Enforcement of low complexitya ++ ++ ++ ++ 1b Use of language subsetsb ++ ++ ++ ++ 1c Enforcement of strong typingc ++ ++ ++ ++ 1d Use of defensive implementation techniquesd + + ++ ++ 1e Use of well-trusted design principlese + + ++ ++ 1f Use of unambiguous graphical representation + ++ ++ ++ 1g Use of style guides + ++ ++ ++ 1h Use of naming conventions ++ ++ ++ ++ 1i Concurrency aspectsf + + + + a An appropriate compromise of this topic with other requirements of this document may be required. b The objectives of topic 1b include: — Exclusion of ambiguously-defined language constructs which may be interpreted differently by different modellers, programmers, code generators or compilers. — Exclusion of language constructs which from experience easily lead to mistakes, for example assignments in conditions or identical naming of local and global variables. — Exclusion of language constructs which could result in unhandled run-time errors. c The objective of topic 1c is to impose principles of strong typing where these are not inherent in the language. d Examples of defensive implementation techniques: — Verify the divisor before a division operation (different from zero or in a specific range). — Check an identifier passed by parameter to verify that the calling function is the intended caller. — Use the “default” in switch cases to detect an error. Normen-Download-Beuth-Continental Teves AG & Co. oHG-KdNr.7627936-ID.RFMZYTOAVEZNBEAQCPVTKHTH.1-2019-01-09 09:47:32