.. _fsd322: FSD322: Software Verification Plan ################################## Motivations ************ .. motivation:: EN-61508-3 clause 7.9.2.1/4 :id: MOTIVATION_322_001 :tags: fsd322 :status: PASS all phases in the software safety lifecycle, EN 61508-3:2010, figure 4, shall have complete and correct output documented when completed. Before closing a phase, the outputs shall be evaluated and then be used as input to the next phase. .. motivation:: EN-61508-3 clause 7.9.2.2/3/5 :id: MOTIVATION_322_002 :tags: fsd322 :status: PASS There is no verification plan for phase Verification plan for software aspects of system safety. There is no verification plan for phase Software operation and maintenance procedures, as this is covered by :ref:`FSD107`, phase E/E/PE system operation and maintenance procedures. Safety-related software can't be configured, updated, changed etc. during operation. .. motivation:: EN-61508-3 clause 7.9.2.6 :id: MOTIVATION_322_003 :tags: fsd322 :status: PASS See the result of SW lifecycle phases. Verification plan ***************** Definition of Validation test ----------------------------- The scope of this test level is to verify the functional safety requirements in a complete system environment. These test cases are for complete systems of one or more safety simplifiers, connected to I/Os. Definition of System Integration test -------------------------------------- The scope of this test level is to verify that interfaces between different components work as expected. A component could be either a HW or SW unit, or also an entire safety simplifier. Example: Testing the interface between two CPU's in the same device. Testing the interface between CPU and HW, e.g. CPU and relay driver. Testing the radio interface between two units. Focus will normally be on one unit, or even a part of a unit - even though several units are often used. Definition of SW Integration test ---------------------------------- All integration tests will be run as system integration tests. Definition of SW Module test ----------------------------- The scope in this test level is to focus on functional software building blocks. Example: To verify that the relay driver and the feedback of the state of the relays are deterministic. Some of these test cases will require several units present in the test setup, but most of the test cases can be executed with only one unit present, since the focus will be on internal software features in the unit under test. Tests ----- .. test:: 61508-3:2010 clause 7.9.2.7 activities :id: TEST_322_001 :tags: fsd322 :derived: RESULT_322_001 Verify that the points in 61508-3:2010 clause 7.9.2.7 activities have been performed: \a) verification of software safety requirements; \b) verification of software architecture; \c) verification of software system design; \d) verification of software module design; \e) verification of code; \f) verification of data; \g) verification of timing performance; \h) software module testing (see 7.4.7); \i) software integration testing (see 7.4.8); \j) programmable electronics integration testing (see 7.5); \k) software aspects of system safety validation (see 7.7). .. result:: 61508-3:2010 clause 7.9.2.7 activities :id: RESULT_322_001 :tags: fsd322 :status: PASS \a) Performed in :ref:`FSD319`. \b) Performed in :ref:`FSD304`. \c) Performed in :ref:`FSD304`. \d) Performed in :ref:`FSD304`. \e) Performed in :ref:`FSD320`. \f) N/A: data is not available in the product. \g) Performed in :ref:`FSD300`. Online testing implemented and verified in software. \h) Performed in :ref:`FSD300`. \i) Performed in :ref:`FSD300`, :ref:`FSD124`, and :ref:`FSD150`. \j) Performed in :ref:`FSD300`, :ref:`FSD124`, and :ref:`FSD150`. \k) N/A: no separate validation of software (see :need:`MOTIVATION_319_100` and linked requirements). .. test:: 61508-3:2010 clause 7.9.2.8 :id: TEST_322_002 :tags: fsd322 :derived: RESULT_322_002 Let persons knowledgeable in EN 61508:2010 and the application area review the software safety requirements specification to judge whether it fulfils the requirements in EN 61508-3:2010, clause 7.9.2.8. The specification passes if the reviewers find that it fulfils the requirements in 7.9.2.8. .. result:: 61508-3:2010 clause 7.9.2.8 :id: RESULT_322_002 :tags: fsd322 :date: 2025-06-21 :status: PASS The people outlined in :ref:`FSD002` have reviewed the software safety requirements specification and found that: \a) the software safety requirements specification adequately fulfils the requirements in :ref:`FSD114`. \b) the software validation plan adequately fulfils the requirements in :ref:`FSD114`. \c) No incompatibilities was found between :ref:`FSD319` and :ref:`FSD114`. No incompatibilities was found between :ref:`FSD319` and :ref:`FSD116`. .. test:: 61508-3:2010 clause 7.9.2.9 :id: TEST_322_003 :tags: fsd322 :derived: RESULT_322_003 Let persons knowledgeable in EN 61508:2010 and the application area review the software architecture to judge whether it fulfils the requirements in EN 61508-3:2010, clause 7.9.2.9. The architecture passes if the reviewers find that it fulfils the requirements in EN 61508-3:2010, clause 7.9.2.9. .. result:: 61508-3:2010 clause 7.9.2.9 :id: RESULT_322_003 :tags: fsd322 :date: 2025-06-21 :status: PASS The people outlined in :ref:`FSD002` have reviewed the software architecture and found that: \a) Software architecture adequately fulfils the requirements in :ref:`FSD304`. \b) The integration tests are deemed adequate as all requirements are covered by tests. \c) Safety performance, testability, readability, and safe modification is deemed adequate. \d) No incompatibilities were found. .. test:: 61508-3:2010 clause 7.9.2.10 :id: TEST_322_004 :tags: fsd322 :derived: RESULT_322_004 Let persons knowledgeable in EN 61508:2010 and the application area review the software system design to judge whether it fulfils the requirements in EN 61508-3:2010, clause 7.9.2.10. .. result:: 61508-3:2010 clause 7.9.2.10 :id: RESULT_322_004 :tags: fsd322 :date: 2025-06-21 :status: PASS \a) The software system design adequately fulfils the requirements in :ref:`FSD304`. \b) The integration tests are deemed adequate as all requirements are covered by tests. All applicable requirements have corresponding test cases. \c) See :need:`TEST_322_003`. \d) No incompatibilities were found. This is continuously reviewed during development. Software design and development --------------------------------- .. test:: 61508-3:2010 clause 7.9.2.11 :id: TEST_322_005 :tags: fsd322 :derived: RESULT_322_005 Let persons knowledgeable in EN 61508:2010 and the application area review the software module design to judge whether it fulfils the requirements in EN 61508-3:2010, clause 7.9.2.11. .. result:: 61508-3:2010 clause 7.9.2.11 :id: RESULT_322_005 :tags: fsd322 :date: 2025-06-21 :status: PASS a) The software module design adequately fulfils the requirements in :ref:`FSD304`. b) :ref:`FSD300` covers all parts of the module design specification. c) \1) Safety performance is deemed feasible. \2) The software module tests fully cover the software module design specification. \3) The code is deemed readable and maintainable by the developer team. \4) Modification is usually part of work packages and the changes to be made are specified in detail. This is deemed adequate by the developer team. \d) \1) No incompatibilities were found. \2) No incompatibilities were found between module tests and specifications. \3) No incompatibilities were found between module tests and integration tests. .. test:: 61508-3:2010 clause 7.9.2.12 :id: TEST_322_006 :tags: fsd322 :derived: RESULT_322_006 Let persons knowledgeable in EN 61508:2010 and the application area review the code to judge whether it fulfils the requirements in EN 61508-3:2010, clause 7.9.2.12. .. result:: 61508-3:2010 clause 7.9.2.12 :id: RESULT_322_006 :tags: fsd322 :date: 2025-06-21 :status: PASS Static methods used are specified in :ref:`FSD303` in 61508-3 table B.2. .. test:: 61508-3:2010 clause 7.9.2.13 :id: TEST_322_007 :tags: fsd322 :derived: RESULT_322_007 Let persons knowledgeable in EN 61508:2010 and the application area review the data to judge whether it fulfils the requirements in EN 61508-3:2010, clause 7.9.2.13. .. result:: 61508-3:2010 clause 7.9.2.13 :id: RESULT_322_007 :tags: fsd322 :date: 2025-06-21 :status: PASS \a) The general data structures are verified as part of the software review process. \b) The interfaces between the CPUs, and the configuration data are considered here. \1) All communication data have versions, checksums, magic values, etc, to verify that the data is correct. The configuration structures shared between firmware and logic have version, magic value, and checksum to verify that the data is correct. \2) All data is complete and complies with the application requirements. \3) Compatibility is checked via the version field in all shared data structures. \4) Correctness is handled via the magic values and checksums. Incorrect data (corrupt, old, out of date, etc) is handled by this. c) Settings (operational parameters) have been verified against the application requirements. d) 1-3: See :ref:`FSD300` (specifically input handling). e) see \b) above, :need:`MOTIVATION_129_058` and :need:`MOTIVATION_129_059`. .. test:: Software module tests :id: TEST_322_008 :tags: fsd322 :derived: RESULT_322_008 Perform tests according to the software module test specification (:ref:`FSD300`). Test is passed if all software module test cases are passed. .. result:: Software module tests :id: RESULT_322_008 :tags: fsd322 :date: 2025-06-21 :status: PASS See :ref:`FSD300` for the results of the software module tests. .. test:: Software integration tests (verification 8) :id: TEST_322_009 :tags: fsd322 :derived: RESULT_322_009 Perform tests according to the software integration test specification (:ref:`FSD124` and :ref:`FSD150`). Test is passed if all software integration test cases are passed. .. result:: Software integration tests (verification 8) :id: RESULT_322_009 :tags: fsd322 :date: 2025-06-21 :status: PASS See :ref:`FSD124` and :ref:`FSD150` for the results of the software integration tests. .. test:: System safety validation :id: TEST_322_010 :tags: fsd322 :derived: RESULT_322_010 Perform tests according to the software safety validation plan. Test is passed if all software safety validation test cases are passed. .. result:: System safety validation :id: RESULT_322_010 :tags: fsd322 :date: 2025-06-21 :status: PASS See :ref:`FSD133`.