Evaluation of software

Modern systems for critical applications almost always include software as a part of their critical function.  As opposed to hardware, no new errors are introduced into the software after the system has been commissioned. Instead, errors may be introduced during the development stages.  It is therefore important that the software development process itself is well-proven, and that verification and validation is performed properly. 

For safety-critical systems, where a loss of function could lead to catastrophic consequences, the software typically needs to be evaluated by an independent third party.

Evaluation of software includes checking that the software architecture is properly structured and modular, that a coding standard has been employed, and that probability checks have been applied to the input for functions.  In addition, it is common to perform data flow analyses and control flow analyses which can find, for example, inactive code, code which is never accessed, or variables that are written but never read. 

Other reviews include more hardware-related aspects such as running regular memory tests and monitoring the program execution. 
RISE has many years' experience of evaluation of safety-critical software, and can provide the following services in these fields: 

• Evaluation of software, e.g., in accordance with IEC 61508-03, ISO 13849, ISO 26262-6
• Evaluation of the safety of software with respect to data flows and program execution
• Quality control of software in connection with version management, documentation, development process etc.
• Evaluation of software constructed from models and with automatic code generation, e.g., Matlab, Simulink, TargetLink, Rhapsody and SCADE
• Evaluation of software in measuring instruments under the Measuring Instruments Directive for weighing instruments, energy meters, taximeters etc.

These methods are by no means exhaustive, but should be seen as a sample of what RISE can offer.