Software Tool Qualification According to ISO 26262

International standards that define requirements for the development of safety-related systems typically also define required confidence levels for the software tools used to develop those systems. The standards define—to a greater or lesser extent— procedures to classify, validate, certify, or qualify tools. To date, there is no common approach for tool validation, certification, and qualification across safety standards. Different standards attach different levels of importance to tool validation, certification, and qualification, and suggest different approaches to gain confidence in the tools used. With ISO 26262 ―Road Vehicles Functional Safety‖ on the horizon, automotive software practitioners will need to understand and implement the new software tool classification and qualification requirements laid out in this standard. ISO 26262 is the adaptation of IEC 61508 to comply with needs specific to the application sector of electric / electronic systems (E/E systems) within road vehicles. This adaptation applies to all activities during the safety lifecycle of systems composed of electrical, electronic, and software elements that provide safety-related functions. Clause 11 of ISO 26262-8 provides guidance on software tool classification and qualification. The clause applies, if the safety lifecycle incorporates using a software tool, such that (1) activities or tasks required by ISO 26262 rely on the correct functioning of that tool, and (2) relevant outputs of that tool are not fully examined or verified. This paper describes the tool classification and qualification approach of ISO/FDIS 26262 and summarizes the authors’ firsthand experiences with implementing this approach for development and verification tools. ISO/FDIS 26262 TOOL QUALIFICATION APPROACH This section provides a brief overview on the tool qualification approach as outlined in the final draft standard. International standards that define requirements for the development of safety-related systems typically also define the required level of confidence for the software tools used to develop these systems. To varying degrees, these standards define procedures to classify, validate, certify, or qualify tools. To date, there is no common approach for tool validation, certification, and qualification that can be applied to all safety standards. Different standards attach different levels of importance to these objectives and suggest different approaches to gain confidence in the tools used [CMR10]. ISO/FDIS 26262 ―Road Vehicles Functional Safety‖ [ISO/DIS 26262] is the adaptation of IEC 61508 [IEC 61508] to comply with needs specific to the application sector of electric / electronic systems (E/E systems) within road vehicles. This adaptation applies to all activities during the safety lifecycle of systems composed of electrical, electronic, and software elements that provide safety-related functions. As per ISO/FDIS 26262-8, 11, a software tool (or a software tool chain) used in the safety lifecycle, in a way that (1) activities or tasks required by ISO 26262 rely on the correct functioning of that tool, and (2) relevant outputs of that tool are not fully examined or verified, need to be assessed, classified, and potentially qualified. ISO/FDIS 26262-8 provides criteria to determine the required level