Functional Safety FAQ - Development Tools
Functional Safety FAQ
Are there requirements on what kinds of development tools are used?
Yes, each standard will have varying expectations for minimizing the risk that a development tool, not the developer, is responsible for a bug making its way into the final product. It might be impossible to prove that a tool can never have an incorrect output (ex: simulators can only simulate as well as the models that are given to it), but the user should be able to provide some reasons for why the tool is generally trustworthy. Ex: the tool has been successfully used in other similar projects, the tool comes from an industry leading vendor, the user has been documented as going through a training course on the tool, the tool vendor has performed validation testing and provided some kind of relevant certificate to the user, the tool comes has a user's guide, there is a forum or document discussing known problems with the tool, confirmation that the tool's intended usage is for the same purpose that the user's planned usage is, etc. All this evidence together is typically called tool qualification.
Is the degree of data necessary for tool qualification the same for every tool?
No, but each tool must be evaluated for its possible risk of introducing a bug (or failing to detect a bug) into the design. Depending on the level of risk, more or less qualification data will be expected. For this reason, the tool qualification expectations for a CAD silicon layout tool will be higher than the expectations for a PCB's silkscreen layout.
Do all dev tools need to be qualified?
Not all industries have the same level of concern for Functional Safety, but for those in which human life is at risk each time the application is used, then there is a higher level of expectation that each tool be qualified. Ex: Every industry might want the CAD tool used for silicon layout to be qualified, but maybe some industries would not care about qualifying Atlassian tools (JIRA, Bitbucket) where the risk of a safety relevant failure is lower.
Are tool qualifications done once, and then never need to be repeated?
No, tool risk analysis and the ensuing qualification need to be done for each project. For some projects, not all the tool’s capabilities will be used. For some projects, the user might not have access to an ideal tool, and therefore attempt to "make do" with another tool that wasn't intended for that usage. Therefore, the risk of a given tool will be different in each project.
Are in house developed tools more or less preferred than externally developed tools?
Most Functional Safety standards do not care where the tool was developed. The risk classification and resulting qualification requirements are no different depending on where it was developed, or how much the tool cost.