Your browser does not support JavaScript! Skip to main content
Free 30-day trial Customer portal Careers DO-178C Handbook RapiCoupling Preview DO-178C Multicore Training
Rapita Systems
 

Industry leading verification tools & services

Rapita Verification Suite (RVS)

  RapiTest - Unit/system testing  RapiCover - Structural coverage analysis  RapiTime - Timing analysis (inc. WCET)  RapiTask - Scheduling visualization  RapiCoverZero - Zero footprint coverage analysis  RapiTimeZero - Zero footprint timing analysis  RapiTaskZero - Zero footprint scheduling analysis  RapiCouplingPreview - DCCC analysis

Multicore Verification

  MACH178  MACH178 Foundations  Multicore Timing Solution  RapiDaemons

Engineering Services

  V&V Services  Data Coupling & Control Coupling  Object code verification  Qualification  Training  Consultancy  Tool Integration  Support

Industries

  Civil Aviation (DO-178C)   Automotive (ISO 26262)   Military & Defense   Space

Other

RTBx Mx-Suite Software licensing Product life cycle policy RVS Assurance issue policy RVS development roadmap

Latest from Rapita HQ

Latest news

Magline joins Rapita Trailblazer Partnership Program to support DO-178 Certification
Eve Air Mobility joins Rapita Systems Trailblazer Partnership Program for eVTOL projects
Rapita Systems launches MACH178 Foundations for multicore DO-178C compliance
Collins Aerospace and Rapita present award winning paper at DASC 2024
View News

Latest from the Rapita blog

Data Coupling Basics in DO-178C
Control Coupling Basics in DO-178C
Components in Data Coupling and Control Coupling
The ‘A’ Team comes to the rescue of code coverage analysis
View Blog

Latest discovery pages

control_tower DO-278A Guidance: Introduction to RTCA DO-278 approval
Picture of a car ISO 26262
DCCC Image Data Coupling & Control Coupling
Additional Coe verification thumb Verifying additional code for DO-178C
View Discovery pages

Upcoming events

DO-178C Multicore In-person Training (Fort Worth, TX)
2025-04-15
DO-178C Multicore In-person Training (Toulouse)
2025-11-04
View Events

Technical resources for industry professionals

Latest White papers

Mitigation of interference in multicore processors for A(M)C 20-193
Sysgo WP
Developing DO-178C and ED-12C-certifiable multicore software
DO178C Handbook
Efficient Verification Through the DO-178C Life Cycle
View White papers

Latest Videos

Streamlined AMC 20-193 compliance with MACH178 Foundations
Streamlined software verification with RVS 3.21
Integrating & verifying time-critical applications on multicore platforms - Rapita & Asterios Technologies
A(M)C 20-193 vs AA-22-01 Webinar
View Videos

Latest Case studies

GMV case study front cover
GMV verify ISO26262 automotive software with RVS
Kappa: Verifying Airborne Video Systems for Air-to-Air Refueling using RVS
Supporting DanLaw with unit testing and code coverage analysis for automotive software
View Case studies

Other Downloads

 Webinars

 Brochures

 Product briefs

 Technical notes

 Research projects

Discover Rapita

Who we are

The company menu

  • About us
  • Customers
  • Distributors
  • Locations
  • Partners
  • Research projects
  • Contact us

US office

+1 248-957-9801
info@rapitasystems.com
Rapita Systems, Inc.
41131 Vincenti Ct.
Novi
MI 48375
USA

UK office

+44 (0)1904 413945
info@rapitasystems.com
Rapita Systems Ltd.
Atlas House
Osbaldwick Link Road
York, YO10 3JB
UK

Spain office

+34 93 351 02 05
info@rapitasystems.com
Rapita Systems S.L.
Parc UPC, Edificio K2M
c/ Jordi Girona, 1-3
Barcelona 08034
Spain

Working at Rapita

Careers

Careers menu

  • Current opportunities & application process
  • Working at Rapita
Back to Top Contact Us

Breadcrumb

  1. Home

Discover ISO 26262

  • ISO 26262
  • ASIL
  • Software Verification
  • Resources

Introduction to ISO 26262

ISO 26262 is a standard for implementing functional safety measures for electric systems in an automotive vehicle. The first version of ISO 26262 was released in 2011. This version only covered functional safety for passenger cars. A later edition of the standard, released in 2018, extended the scope to include all road vehicles except for mopeds.

ISO 26262 Life Cycle
Figure 1 – ISO 26262 automotive lifecycle

ISO 26262 describes the automotive lifecycle (Figure 1) and activities that must be carried out in each stage of it to meet functional safety requirements. One of the distinguishing features of ISO 26262 is that appropriate safety measures are implemented based on the level of risk should software fail.

Automotive Safety Integrity Level

The Automotive Safety Integrity Level (ASIL) is a classification system used in ISO 26262. Each component of an automotive system is assigned an ASIL based on the level of risk should the component fail, and this determines the verification activities required to demonstrate functional safety for the component. A risk can be assigned one of five ASIL ratings:

  • A (lowest integrity) to D (highest integrity), which define the level of risk in the event of failure. Failure at ASIL D could be potential for loss of life and require stricter compliance requirements compared to ASIL A.
  • QM (Quality Management), which assumes that the risk will be mitigated sufficiently by Quality Assurance activities.

The ASIL rating is calculated based on the following factors (see Table 1):

  • Severity of injuries afflicted to the passengers
  • Probability of exposure
  • Controllability of the hazard (probability that the passenger will avoid the harm)
Table 1 — ASIL Rating Classification
SeverityClass ProbabilityClass ControllabilityClass
C1 (Simple) C2 (Normal) C3 (Difficult)
S1 (Light injuries) E1 (Very Low) QM QM QM
E2 (Low) QM QM QM
E3 (Medium) QM QM A
E4 (High) QM A B
S2 (Severe injuries) E1 (Very Low) QM QM QM
E2 (Low) QM QM A
E3 (Medium) QM A B
E4 (High) A B C
S3 (Fatal injuries) E1 (Very Low) QM QM A
E2 (Low) QM A B
E3 (Medium) A B C
E4 (High) B C D

■ Quality Management ■ ASIL A ■ ASIL B ■ ASIL C ■ ASIL D

Software Verification for ISO 26262 projects

ISO 26262 requires you to plan all software development activities, including the software verification activities you will use to demonstrate functional safety. The standard states the following:

  • Hardware and software development will need to verify the interference specification, and
  • Demonstrate that the software safety requirements are compliant with the technical safety requirements, system design and hardware safety requirements.

The above can be achieved by implementing appropriate verification as dictated by the ASIL of your project. Verification tools can improve the efficiency of verification activities by automating key parts in the process.

Functional Testing

ISO 26262 requires that functional testing is carried out to demonstrate software robustness and functionality, and that sufficient hardware resources are available for the system’s operation, based on specifications for the software’s functionality (REQ 9.4.2). Different types of testing are expected based on the software’s ASIL (Table 2).

 
Table 2 — Types of testing required for ISO 26262 software verification (Adapted from ISO 26262, Part 6, Table 12)
Methods ASIL
A B C D
Requirements-based test ++ ++ ++ ++
Interference test ++ ++ ++ ++
Fault injection test + + + ++
Resource usage test + + + ++
Back-to-back test between model and code, if applicable + + ++ ++
++ (Highly recommended) + (Recommended)
 

Software tools such as RapiTest enable you to effectively test critical automotive software for functional behavior including on-target testing (i.e. testing on the final hardware or vehicle), which is an important part of the validation process, and Worst-Case Execution Time (WCET) analysis which is fully automated within the test environment.

'Back-to-back' model-based testing is also supported and is the optimal testing method for model-based developers. Using this method, it is only necessary to write your tests once, and then the same tests can be used all the way from initial model-based analysis to the final target hardware environment.

Requirements-based functional testing tools can streamline the unit testing process by automating test harness generation, execution, and results collection, thereby improving verification efficiency and reducing time to market.

Structural Coverage

ISO 26262 requires the completeness of testing to be demonstrated by measuring the structural code coverage achieved during functional testing (REQ 9.4.4). The coverage metrics that must be analyzed depend on the software ASIL (Table 3). This can include statement, branch and modified condition/decision coverage (MC/DC) data.

 
Table 3 — Structural coverage metrics required for ISO 26262 software verification (Adapted from ISO 26262, Part 6, Table 14)
Methods ASIL
A B C D
Requirements-based test ++ ++ ++ ++
Interference test ++ ++ ++ ++
Fault injection test + + + ++
Resource usage test + + + ++
Back-to-back test between model and code, if applicable + + ++ ++
++ (Highly recommended) + (Recommended)
 

Code coverage analysis can be supported by using software tools, which can automate the collection of coverage data during testing. Tools such as RapiCover enable you to collect coverage measurements from software tests run on host computers, simulators, and embedded targets. Some tools may have specific features to improve verification efficiency such as integrations with continuous build software and the ability to merge results collected from different tests.

Freedom from interference

ISO 26262 requires appropriate steps to be taken to ensure freedom from interference (FFI) being implemented on the system (REQ 7.4.11). ISO 26262 defines FFI as “absence of cascading failures between two or more elements (both hardware and software components) that could lead to the violation of a safety requirement”.

The effect of cascading failures on elements
Figure 2 – The effect of cascading failures on elements.

RTOS scheduling visualization tools (such as RapiTask) can assist with the collection of task-level scheduling behavior during software tests. The metrics it collects, including response time and periodicity, can be used to determine if the software has appropriate scheduling properties.

RVS

Rapita Verification Suite: On-target software verification for critical embedded systems

 
Choose your free resource:
When you contact us, we will process your personal data in accordance with our data protection policy, please see our Customer Privacy Information for more information.
  • Solutions
    • Rapita Verification Suite
    • RapiTest
    • RapiCover
    • RapiTime
    • RapiTask
    • MACH178
    • Verification and Validation Services
    • Qualification
    • Training
    • Integration
  • Latest

    • Latest menu

    • News
    • Blog
    • Events
    • Videos
  • Downloads

    • Downloads menu

    • Brochures
    • Webinars
    • White Papers
    • Case Studies
    • Product briefs
    • Technical notes
    • Software licensing
  • Company

    • Company menu

    • About Rapita
    • Careers
    • Customers
    • Distributors
    • Industries
    • Locations
    • Partners
    • Research projects
    • Contact
  • Discover
    • Multicore Timing Analysis
    • Embedded Software Testing Tools
    • Worst Case Execution Time
    • WCET Tools
    • Code coverage for Ada, C & C++
    • MC/DC Coverage
    • Verifying additional code for DO-178C
    • Timing analysis (WCET) & Code coverage for MATLAB® Simulink®
    • Data Coupling & Control Coupling
    • Aerospace Software Testing
    • Automotive Software Testing
    • Certifying eVTOL
    • DO-178C
    • AC 20-193 and AMC 20-193
    • ISO 26262
    • What is CAST-32A?

All materials © Rapita Systems Ltd. 2024 - All rights reserved | Privacy information | Trademark notice Subscribe to our newsletter