Compiler Quality Management Report

IEC61508 part 3 (Table A3) strongly recommends the use of a “certified translator” (i.e. compiler) at SIL2 and above. In the case of PASCAL and ADA, this is not a particular problem as appropriate validation suites are available. However as the text of the 61508 standard notes, compilers are generally only certified against their respective language standard and not certified in anyway with respect to safety or correctness of generated object code. In reality the typical embedded system uses C and this presents a particular set of problems. Very few, if any embedded cross compilers are certified against ISO-C90 or C99. Moreover, the implementation-specific areas of the ISO-C standards are left up to the compiler vendor and in many cases, these are the areas where the limitations or characteristics of the underlying microcontroller architecture are most likely to give rise to safety issues. Pointer behaviour is a good example of this.

Other quality standards such as DO178B, Tickit and DefStan 00-55 make similar recommendations as regards C compilers as IEC61508 so these issues are now widespread across the embedded software industry.

IEC61508 states that C is only suitable for SIL1 applications. In practice, any project that is to be conducted in accordance with the standard is going to be SIL2 or above so users are obliged by the standard to use a coding standard and “safe language subset” such as MISRA. This will prevent the use of C’s more unregulated aspects.

The issue of C compiler certification is addressed by the concept of “increased confidence from use”. The basis of this is that a compiler that has been used successfully on previous projects without any serious failures, or one whose manufacturer’s bug list shows no major errors, is thus suitable for use under IEC61508. Where the compiler shows small deficiencies or has unusual or unexpected behaviour in the ISO-C implementation-specific areas, these should be documented and either avoided or used in a prescribed and safe manner.

This can present a problem to companies wishing to use a CPU and compiler on a new IEC61508 project of which they have no previous in-house experience. Any unexpected or CPU-influenced departures from “normal” C language behaviour will be unknown. This could have the effect of locking companies into older, more expensive or otherwise unsatisfactory CPUs simply because they have insufficient experience of them.

To overcome these problems, Hitex UK has prepared a “Quality Management Report” for the Keil C166 compiler. This independently-written report examines the implementation-specific parts of ISO-C90 and how the standard ISO-C library functions behave on the C166 architecture. It also records the version and bug history, Plum-Hall test results, floating point characteristics and many other aspects of compiler performance. Importantly, as it has been drawn-up independently of Keil, it provides users with a valid “increased confidence from use” statement as it draws on experience and feedback from hundreds of existing users plus incorporates the bug and version history. The report runs to 252 pages and as well as meeting the requirements of IEC61508, DO178B and other standards, it is a useful reference work on C166 programming for any project team.

How The Report Is Customised To Your Company And Project

The report is supplied as a high resolution Adobe PDF file, customized to individual companies’ requirements. This means that the front page is edited to include the company name
In section 1, the details of the project on which the compiler has been used is entered. The specific features of the project is also added.
The full table of contents for the report is available here as a PDF file. This shows the section headings so that you can see what the report covers in detail.
Implementation-specific C behaviour is tested and documented using a library of test programs. Tests are performed on representative silicon so that CPU errata and other effects are taken into account.

Complete Sample Report

A completed (non-printable) report is available here for you to assess.

Compiler Versions For Which Reports Are Available

We currently have reports available for C166 v3.12k, v4.10 and v4.27. A report for C166 v5.0x is in preparation.

Other reports for Keil C-ARM and C51 will follow. If you have an urgent requirement for either of these, please email us.

Report Customization Costs

The cost of the report, customized to your company and project is Euro 2195 (£1495/US$2725)). To order your report, please complete the following order form. This will ask for your company details to appear on the report, plus the project name and details. This will be added to the report and you will be emailed when the customised document is available. To receive the report .PDF file, either FAX your order to 02476692131 (UK only) or go to our webshop to enter your credit card details.

	Please use this webform to order a customised C166 compiler quality management report for your project and company. Your Details: Company Name:   First Name: (required) Surname:(required) Function: Department: Unit Number: Street: District: City: County: Postcode: Country:(required) Phone:(required) Fax: Email:(required)   Enter the company name you require to appear in the report in the box below: Enter the project name and other details that you wish to appear in the report in the box below: Enter the any other text you want to appear in the report, along with any new section name or where in the report you want it to appear.       When the report has been customised, you will receive the pages containing your text as a proof. If you approve the changes, you will be asked to FAX an order or visit our webshop to enter your credit card details.