An Approach for Evaluating Functional Safety of Software in the Context of IEC 61508

The quality of software is not only a key driver for its own success, but also for that of the systems in which it is included, e.g. cars. As a quality aspect safety plays an essential role for embedded computer systems, since system malfunctions can possibly harm human beings or cause damage to the environment. For this reason, several safety standards have emerged to systematically address safety issues and to assist engineers in system and software development, such as the standard for functional safety IEC 61508. These typically list a number of requirements and techniques that need to be considered when developing safety-related systems, but (including IEC 61508) they generally provide insufficient operationalization, i.e., support for measuring and assessing the extent to which the safety standard requirements are fulfilled by concrete products. In this thesis I present an approach that provides for the operationalization of the coding-related parts of IEC 61508 by means of measures related to the static analysis of source code. For this, I use the concept of a quality model to systematically refine the respective parts into measurable properties. In total, the developed quality model provides 236 measures, of which 228 are associated with rules and metrics of automatic code analysis tools for the languages C and C++. In addition to the systematic operationalization of the standard, this approach allows for automatic safety assessments with the help of the quality model that has been developed. For this purpose, I consider the concept of safety integrity levels (SIL) as proposed by IEC 61508 to enable different levels of rigor for the evaluation of software products.