Tool Classification

Tool classification is the process of categorizing software tools based on their potential impact on system safety during the development of safety-critical systems. Its purpose is to determine whether a tool could introduce or fail to detect errors that may affect the final product.

Tool classification is important because development tools directly influence the correctness and safety of systems used in domains such as automotive, aerospace, and industrial automation.

Benefits of Tool Classification:

• Assess safety risk by identifying tools with potential safety impact.

• Define tool qualification and verification requirements.

• Ensure compliance with functional safety standards such as ISO 26262, IEC 61508, and DO-178C.

Functional safety standards classify software tools based on their influence on system safety and their ability to prevent or detect errors during development.

• IEC 61508 classifies tools into three categories based on error introduction and detection capability.

• DO-178C uses DO-330 to define five Tool Qualification Levels (TQL1–TQL5).

• ISO 26262 determines tool classification using the Tool Confidence Level (TCL).

The Tool Confidence Level (TCL) represents the degree of confidence required in a software tool’s correct operation for its intended use within the ISO 26262 safety lifecycle.

The Tool Confidence Level is determined by evaluating two parameters: Tool Impact (TI) and Tool Error Detection (TD).

Tool Confidence Level Mapping

• TI1 (any TD) → TCL1

• TI2 with TD1 → TCL1

• TI2 with TD2 → TCL2

• TI2 with TD3 → TCL3

Tool Impact (TI)

Tool Impact (TI) describes whether a malfunction of a tool could directly introduce errors into a safety-related item.

Tool Error Detection (TD)

Tool Error Detection (TD) describes a tool’s capability to detect or prevent errors, either internally or in its generated outputs.

After a tool is classified and assigned a Tool Confidence Level, appropriate qualification or justification activities must be performed to demonstrate confidence in the tool’s correct operation.

Tool Qualification Outcome

The scope of qualification activities depends on the TCL, the intended Automotive Safety Integrity Level (ASIL), and the role of the tool within the development lifecycle.