Methods Used for Inspecting Safety Relevant Software

Ekkehard Pofahl, TÜV Rheinland, Köln

The technical supervisory agencies TÜV (Technische Überwachungs Vereine) in Germany inspect software in many different applications. Typical applications range from software controlling railway switches and operating systems for PLCs (Programmable Logic Controllers) to software in microcontrollers for furnaces and lightgrids. Also commercially used software, where the focus is more in the field of user friendlyness than safety, is inspected by TÜV.

There are a few methodologies for inspecting software in safety relevant areas. One of the most work intensive in the method of ``diverse backtranslation''. This method uses the binary code of a software to reconstruct from it the specification. The several steps from binary code to the final specification are supported by a set of tools (editors, compilers, discompilers, etc.).

Another typical method for validation and verification of software is analysis and test. The first step of this method is to proof the validity of the software specification. After this step static analysis tools are used to proof that the specification is indeed implemented in the software. The results from the analysis of the specification and the results from the static analysis of the source code are used to dynamically check the software by means of white, or gray box testing. Special attention it put to diagnostic and fault handling routines. Some tests are also derived solely from the specification (black box test).

The inspections are done according to several national and international standards. The most important standard is the DIN V 19250, Fundamental Safety Aspects To Be Considered For Measurement And Control Protective Equipment (Grundlegende Sicherheitsbetrachtungen fur MSR-Schutzeinrichtungen) and DIN V VDE 0801 Principles For Computers In Safety Related Systems (Grundsatze fur Rechner in Systemen mit Sicherheitsaufgaben).

This talk was given during the Dagstuhl Seminar 9509, which was held from 1995-02-27 until 1995-03-03

High Integrity Programmable Electronic Systems

Organisers : W.J. Cullyer, W.A. Halang, B. Krämer


List with the other abstracts of the seminar :