Tool Classification

Tool classification is a process used to categorize software tools based on their potential impact on the safety of a system. Essentially, it helps us determine the role each tool plays within a safety case by evaluating the risk it introduces during the development.

Tool classification is necessary because safety-critical systems, like those in automobiles, aircraft, or industrial plants, must function correctly under all foreseeable conditions. The tools used to develop these systems are not part of the final product itself, but they directly influence the quality and safety of the system.

By identifying the criticality of each tool, you can:

• Assess Risk: Understand which tools have a higher potential to influence system safety.

• Determine Qualification Requirements: Identify when a tool must undergo additional verification or validation.

• Streamline Compliance: Ensure adherence to industry safety standards, like ISO 26262, by focusing qualification efforts where they matter most.

Different functional safety standards adopt different approaches to classifying software tools based on their impact on safety and the required level of assurance. For example, IEC 61508 categorizes tools into three classes, focusing on the tool’s potential to introduce or fail to detect errors.

In contrast, the DO-178C standard used in the aerospace domain relies on DO-330, which introduces five Tool Qualification Levels (TQLs), depending on the tool’s role and its influence on the safety of the airborne system.

In the automotive industry, ISO 26262 begins by evaluating the Tool Confidence Level (TCL) which reflects both the likelihood of tool errors and the tool’s ability to detect or prevent them. Determining the TCL is the first step in assessing whether a tool must be qualified and, if so, to what extent, based on its impact on the safety lifecycle and the confidence needed in its correct operation.

In the automotive domain, ISO 26262 mandates strict adherence and is used to determine which software tools might affect the safety lifecycle of automotive systems. Tools that fall into higher risk categories require Tool Qualification, ensuring that their use does not inadvertently introduce safety hazards into the development process.

The Tool Confidence Level (TCL) according to ISO 26262 is a metric that reflects our degree of trust in a tool's ability to perform correctly under defined conditions. The following section describes the various TCL levels, providing an overview of what each level signifies in terms of confidence and determining whether the software tool needs to be qualified.

Tool Impact TI1 and any Tool Error Detection → Tool Confidence Level TCL1
Tool Impact TI2 and Tool Error Detection TD1 → Tool Confidence Level TCL1
Tool Impact TI2 and Tool Error Detection TD2 → Tool Confidence Level TCL2
Tool Impact TI2 and Tool Error Detection TD3 → Tool Confidence Level TCL3

Tool Impact (TI)

Tool Impact (TI) quantifies the potential effect that a tool’s malfunction or failure could have on the overall system safety.

Tool Error Detection (TD)

Tool Error Detection (TD) refers to the capability of a tool to identify and flag potential errors during its operation. This is a critical parameter because it directly influences the overall safety confidence in the tool.

After a tool is classified and assigned a Tool Confidence Level (TCL) according to ISO 26262 (or similar criteria in other standards), the next step is to ensure that sufficient confidence exists in the tool's correct operation for its intended use within the safety lifecycle.

The required activities depend on the TCL and the specific requirements of the safety project. The outcome is a justification or qualification case that demonstrates the tool is reliable enough for developing safety-critical components up to the required Automotive Safety Integrity Level (ASIL).