Static Verification of Non-Functional Software Requirements in the ISO-26262

The norm ISO-26262 aims at ascertaining the functional safety of Automotive Electric/Electronic Systems. It is not focused on purely functional system properties, but also demands to exclude nonfunctional safety hazards in case they are critical for a correct functioning of the system. Examples are violations of timing constraints in real-time software and software crashes due to runtime errors or stack overflows. The ISO-26262 ranks the static verification of program properties among the prominent goals of the software design and implementation phase. Static program analyzers are available that can prove the absence of certain non-functional programming errors, including those mentioned above. Static analyzers can be applied at different stages of the development process and can be used to complement or replace dynamic test methods. This article gives an overview of static program analysis techniques focusing on non-functional program properties, investigates the non-functional requirements of the ISO-26262 and discusses the role of static analyzers in the ISO-26262.