Dec 6, 2018   SOURCE: BusinessWire

Functionally Safe Positioning with the LDRA Tool Suite

LDRA, the leader in standards compliance, automated software verification, software code analysis, and test tools, today announced that Renishaw, an engineering and scientific technology company with expertise in precision measurement and healthcare, has successfully applied the LDRA tool suite to certify its RESOLUTE FS optical encoder system as functionally safe to level SIL 2 in accordance with IEC 61508-1:2010. Using the LDRA tool suite, Renishaw engineers were able to show MISRA C compliance of the re-engineered source code, to demonstrate functional correctness using unit test, and to analyze code coverage to prove the completeness of that testing.

Renishaw used its existing RESOLUTE product as the starting point and retrospectively applied the IEC 61508 standard to develop RESOLUTE FS, which is the company’s first absolute encoder product to be certified for the functional safety market. RESOLUTE FS is intended for markets where the encoder feedback must be functionally safe for machinery requiring safe motion functions, such as Safely Limited Speed or SLS. Using an encoder system that is already rated for use in these applications enables machine builders to make safer machines with higher functionality, reduced set-up times, and less machine downtime.

“Much of the firmware was already written, but the development process was not in accordance with IEC 61508 SIL2,” said Liz Smith, Senior Software Engineer at Renishaw. “With new, detailed requirements in place, static analysis was a logical starting point for re-engineering the code. We had confidence in LDRA from the start, based on the recommendations of consultants and certification authority, the CSA. In addition, the availability of LDRArules stand-alone gave us the opportunity to experience the quality of LDRA products and support without committing upfront to the whole tool suite.”

IEC 61508 provides clearly defined requirements relating to language selection for the development of safety-related software. The UK’s Motor Industry Software Reliability Association (MISRA) has established a set of guidelines for the use of C language in safety-critical systems, and these guidelines were followed by Renishaw to meet those requirements. The retrospective application of MISRA C:2012 to existing source code required a new, more challenging level of detail. LDRArules helped significantly in that the MISRA guidelines are frequently broken down in the LDRA reporting schema to less generic, more concise definitions, complete with practical examples of violations. This improved granularity made it easier to understand the relationship of each individual rule violation, which was reinforced by the detailed explanations in the LDRA documentation.

Unit and regression testing with efficiency

Renishaw’s successful experience with LDRA’s static analysis tools led to an easy decision to extend its commitment further to the acquisition of the LDRA TBrun Unit Test tool. Renishaw needed an efficient way of unit testing and of showing code coverage associated with that testing in order to comply with the requirements of the standard. Although it is possible to develop unit tests using a simulator, Renishaw opted to do all of their testing on their target hardware, the Analog Devices Blackfin DSP BF534. The development team was very familiar with both the device and its debugging environment, and there was very little overhead involved in downloading and executing the tests on target.

“In addition to completing the unit tests to demonstrate adherence to the IEC 61508 standard, we were also enthused about the ability to perform regression tests with ease,” said Liz Smith. “During development, regression tests allowed us to ensure that new modifications didn’t affect existing functionality and, less obviously, they also gave us the ability to easily confirm that software is functioning in accordance with requirements if problems were to arise.”

“Renishaw applied the LDRA products with the specific aim of certification for RESOLUTE FS,” said Ian Hennell, Operations Director, LDRA. “However, thanks to the ease of use of the LDRA tool suite, sound development processes, and the support we provided along Renishaw’s path to compliance, the RESOLUTE FS team now intends to continue to follow IEC 61508 methodologies and apply the tool suite in future. For Renishaw, the benefits of an exemplary development process reinforced by the LDRA tool suite speak for themselves in the development of cost effective, thoroughly tested, high quality software.”

To learn more about Renishaw’s IEC 61508 upgrade, visit www.ldra.com/renishaw or watch a video here.

About LDRA

For more than 40 years, LDRA has developed and driven the market for software that automates code analysis and software testing for safety-, mission-, security-, and business-critical markets. Working with clients to achieve early error identification and full compliance with industry standards, LDRA traces requirements through static and dynamic analysis to unit testing and verification for a wide variety of hardware and software platforms. Boasting a worldwide presence, LDRA is headquartered in the United Kingdom with subsidiaries in the United States and India coupled with an extensive distributor network. For more information on the LDRA tool suite, please visit www.ldra.com.