Alois Mayr: An Approach for Evaluating Functional Safety of Software in the Context of IEC 61508, Doctoral thesis, Department of Business Informatics - Software Engineering, Johannes Kepler University Linz, April 2013.


The quality of software is not only a key driver for its own success, but also for that of the systems in which it is included, e.g. cars. As a quality aspect safety plays an essential role for embedded computer systems, since system malfunctions can possibly harm human beings or cause damage to the environment. For this reason, several safety standards have emerged to systematically address safety issues and to assist engineers in system and software development, such as the standard for functional safety IEC 61508. These typically list a number of requirements and techniques that need to be considered when developing safety-related systems, but (including IEC 61508) they generally provide insufficient operationalization, i.e., support for measuring and assessing the extent to which the safety standard requirements are fulfilled by concrete products. In this thesis I present an approach that provides for the operationalization of the coding-related parts of IEC 61508 by means of measures related to the static analysis of source code. For this, I use the concept of a quality model to systematically refine the respective parts into measurable properties. In total, the developed quality model provides 236 measures, of which 228 are associated with rules and metrics of automatic code analysis tools for the languages C and C++. In addition to the systematic operationalization of the standard, this approach allows for automatic safety assessments with the help of the quality model that has been developed. For this purpose, I consider the concept of safety integrity levels (SIL) as proposed by IEC 61508 to enable different levels of rigor for the evaluation of software products. By conducting two studies I evaluate (1) the completeness and appropriateness of the quality model that has been developed regarding the coding-related parts of the standard and (2) the suitability of the entire approach by investigating the validity of the automatic assessment results that were obtained by applying the approach to trial projects. The results of these studies show that the quality model is almost complete regarding the respective parts of the standard. Furthermore, the assessment results correlate with an independent criterion (i.e., certified safety-related software) and are valid for the vast majority of the modeled elements of the standard in a deeper analysis. Moreover, by drilling down the assessment results I was able to detect some (major) deficiencies in the certified trial projects, in which the recommendations of the standard have apparently not been met.