LDRA: functionally safe positioning with tool suite
LDRA announced that Renishaw, an engineering and scientific technology company with expertise in precision measurement and healthcare, has successfully applied the LDRA tool suite to certify its RESOLUTE FS optical encoder system as functionally safe to level SIL 2 in accordance with IEC 61508-1:2010. Using the LDRA tool suite, Renishaw engineers were able to show MISRA C compliance of the re-engineered source code, to demonstrate functional correctness using unit test, and to analyze code coverage to prove the completeness of that testing.
Renishaw used its existing RESOLUTE product as the starting point and retrospectively applied the IEC 61508 standard to develop RESOLUTE FS, which is the company’s first absolute encoder product to be certified for the functional safety market. RESOLUTE FS is intended for markets where the encoder feedback must be functionally safe for machinery requiring safe motion functions, such as Safely Limited Speed or SLS. Using an encoder system that is already rated for use in these applications enables machine builders to make safer machines with higher functionality, reduced set-up times, and less machine downtime.
IEC 61508 provides clearly defined requirements relating to language selection for the development of safety-related software. The UK’s Motor Industry Software Reliability Association (MISRA) has established a set of guidelines for the use of C language in safety-critical systems, and these guidelines were followed by Renishaw to meet those requirements. The retrospective application of MISRA C:2012 to existing source code required a new, more challenging level of detail. LDRArules helped significantly in that the MISRA guidelines are frequently broken down in the LDRA reporting schema to less generic, more concise definitions, complete with practical examples of violations. This improved granularity made it easier to understand the relationship of each individual rule violation, which was reinforced by the detailed explanations in the LDRA documentation.
Renishaw’s successful experience with LDRA’s static analysis tools led to an easy decision to extend its commitment further to the acquisition of the LDRA TBrun Unit Test tool. Renishaw needed an efficient way of unit testing and of showing code coverage associated with that testing in order to comply with the requirements of the standard. Although it is possible to develop unit tests using a simulator, Renishaw opted to do all of their testing on their target hardware, the Analog Devices Blackfin DSP BF534. The development team was very familiar with both the device and its debugging environment, and there was very little overhead involved in downloading and executing the tests on target.