W H I T E PA P E R

How to Comply With the

ISO 26262 Standard
Software Development and Design Requirements
For Every ASIL

Introduction

ISO 26262 is a functional safety standard used in the automotive industry,

adapted from IEC 61508. It includes requirements for software development
and design. Most of these requirements are covered in the compliance tables of
Part 6.

In this white paper, you’ll learn how using a coding standard and a static code
analyzer helps you comply with these ISO 26262 requirements for every ASIL.

www.perforce.com © Perforce Software, Inc. All trademarks and registered trademarks

are the property of their respective owners. (0220TP22)
WHITE PAPER

2 | How to Comply with the ISO 26262 Standard

ISO 26262 is essential as more electronic equipment is
being used in vehicles and it is becoming more complex.
For that reason, software failure is not an option as it
could compromise the safety of the vehicle.
Software failure isn’t an option. It could compromise the
safety of the vehicle. Development teams need to ensure
there is no situation where failure could occur. However,
exhaustive testing is rarely possible. So, systems must
be designed to prevent failure — or ensure controlled
behavior in response to failure.
Complying with functional safety standards, such as ISO
26262, is key for safe automotive system design.
ISO 26262 Overview
ISO 26262 is an adaptation of IEC 61508, the functional
safety standard for electronic safety-related systems. ISO
26262 focuses on the specific needs of those systems in
vehicles throughout their safety lifecycles.
Systems that need to comply with ISO 26262 include:
• Driver assistance.
• Propulsion and vehicle dynamics control.
The ASIL of the system (at a functional level)
determines which methods development teams
will need to use.
These requirements are specified in ISO 26262,
Part 6, including:
• The initiation of software development.
• Software architectural design.
• Software unit design and implementation.
CODING STANDARD REQUIREMENTS
The use of a coding standard, such as MISRA, is
recommended for ISO 26262 compliance. Applying a
coding standard with a static code analyzer
can help you comply with the requirements of
ISO 26262, Part 6.
ISO 26262, PART 6 COMPLIANCE TABLES
ISO 26262, Part 6 includes tables that define the
methods for achieving compliance with the standard.
Here, we cover how to comply with five of these tables by
using Helix QAC — a static code analyzer for C/C++.

• Active and passive safety systems.

A key to the recommended methods:
The more complex the system is, the greater the risk of failure.
++ Highly recommended for the identified ASIL.
This includes systematic and random hardware failures.
+ Recommended for the identified ASIL.

How to Mitigate Risk With ISO o No recommendation for or against use in

the identified ASIL.
26262
ISO 26262 provides guidance for developers to mitigate
these risks. This includes the following requirements and
design processes.

AUTOMOTIVE SAFETY INTEGRITY LEVELS (ASIL)

ISO 26262 classifies risk and safety requirements. There
are four Automotive Safety Integrity Levels (ASIL A–D).
ASIL A is the mildest level. ASIL D is the strictest level.

www.perforce.com © Perforce Software, Inc. All trademarks and registered trademarks

are the property of their respective owners. (0220TP22)
WHITE PAPER

3 | How to Comply with the ISO 26262 Standard

Table 1 — Topics to Be Covered By Modeling and Coding Guidelines

Table 1 includes modeling and coding guidelines recommended for all ASIL levels. You can use Helix QAC
to comply with most of these guidelines for software written in C or C++.

For example, it’s highly recommended to enforce low code complexity across all ASIL levels. You can use Helix QAC’s web
dashboard to monitor trends in code complexity over time. This makes it easy to ensure your codebase doesn’t get more
complex as it grows.

ASIL
Methods Helix QAC
A B C D

1a. Enforcement of low complexity ++ ++ ++ ++ 

1b. Use of language subsets ++ ++ ++ ++ 
1c. Enforcement of strong typing ++ ++ ++ ++ 
1d. Use of defensive implementation techniques + + ++ ++ 
1e. Use of well-trusted design principles + + ++ ++ 
1f. Use of unambiguous graphical representation + ++ ++ ++ —

1g. Use of style guides + ++ ++ ++ 

1h. Use of naming conventions ++ ++ ++ ++ 
1i. Concurrency aspects + + + + 

Table 3 — Principles For Software Architectural Design

Table 3 covers architectural design principles recommended for all ASIL levels. You can use Helix QAC to comply with some of
these principles.

For example, it’s highly recommended to restrict the size of software components for all ASIL levels. Helix QAC measures and
reports several different metrics relating to code size.

ASIL
Methods Helix QAC
A B C D

1a. Appropriate hierarchical structure of software components ++ ++ ++ ++ —

1b. Restricted size and complexity of software components ++ ++ ++ ++ 

1c. Restricted size of interfaces + + + ++ 
1d. Strong cohesion within each software component + ++ ++ ++  (C++ only)

1e. Loose coupling between software components + ++ ++ ++ 

1i. Appropriate management of shared resources ++ ++ ++ ++ 

www.perforce.com © Perforce Software, Inc. All trademarks and registered trademarks

are the property of their respective owners. (0220TP22)
WHITE PAPER

4 | How to Comply with the ISO 26262 Standard

Table 6 — Design Principles For Software Unit Design and Implementation

Table 6 covers design principles recommended for all ASIL levels. Helix QAC, combined with a MISRA compliance module,
can be used to comply with these principles.

For example, it’s highly recommended (at all ASIL levels) to have one entry and one exit point in subprograms and functions.

With Helix QAC, you can enforce the following MISRA rules to comply with this design requirement:

MISRA C:2004 Rule 14.4: The goto statement shall not be used.

MISRA C:2004 Rule 14.7: A function shall have a single point of exit at the end of the function.

ASIL
Methods Helix QAC
A B C D

1a. One entry and one exit point in subprograms and functions ++ ++ ++ ++ 
No dynamic objects or variables, or else online test
1b. + ++ ++ ++ 
during their creation

1c. Initialization of variables ++ ++ ++ ++ 

1d. No multiple use of variable names ++ ++ ++ ++ 

1e. Avoid global variables or else justify their usage + + ++ ++ 

1f. Restricted use of pointers + ++ ++ ++ 

1g. No implicit type conversions + ++ ++ ++ 

1h. No hidden data flow or control flow + ++ ++ ++ 

1i. No unconditional jumps ++ ++ ++ ++ 

1j. No recursions + + ++ ++ 

www.perforce.com © Perforce Software, Inc. All trademarks and registered trademarks

are the property of their respective owners. (0220TP22)
WHITE PAPER

5 | How to Comply with the ISO 26262 Standard

Table 7 – Methods for Software Unit Verification

Table 7 covers software unit verification methods. Helix QAC can be used to execute several of these methods.

For example, in addition to basic static code analysis, you can use Helix QAC to automatically perform sophisticated data flow
analysis. Helix QAC will find potential errors for you, so you can verify software design faster.

ASIL
Methods Helix QAC
A B C D

1a. Walk-through ++ + o o 

1b. Pair-programming + + + +

1c. Inspection + ++ ++ ++ 

1d. Semi-formal verification + + ++ ++ 

1e. Formal verification o o ++ ++ —

1f. Control flow analysis + + ++ ++ 

1g. Data flow analysis + + ++ ++ 

1h. Static code analysis ++ ++ ++ ++ 

1i. Static analyses based on abstract interpretation + + + + 

www.perforce.com © Perforce Software, Inc. All trademarks and registered trademarks

are the property of their respective owners. (0220TP22)
WHITE PAPER

6 | How to Comply with the ISO 26262 Standard

Table 10 – Methods for Verification of Software Integration

Table 10 specifies methods for the verification of software integrations. As in Table 7, Helix QAC can be used to execute
several methods.

For example, Helix QAC provides sophisticated dataflow functionality in addition to checking compliance with coding guidelines.

ASIL
Methods Helix QAC
A B C D

1f. Verification of the control flow and data flow + + ++ ++ 

1g. Static code analysis ++ ++ ++ ++


1h. Static analyses based on abstract interpretation + + + + 

Make ISO 26262 Compliance Easy In addition, Helix QAC has been certified for use in
Safety-Related software development by TÜV-SÜD. This
with Helix QAC
includes ISO 26262 compliance for all ASIL levels (A-D).
Helix QAC checks your code against coding rules,
including MISRA and AUTOSAR. This can help you fulfill By using Helix QAC, you can reduce the time and cost of
compliance requirements for all ASIL levels included in compliance.
ISO 26262. Both tools include compliance modules for
MISRA C/C++ and AUTOSAR C++14.

perforce.com/products/qac/free-static-code-analyzer-trial

About Perforce

Perforce powers innovation at unrivaled scale. Perforce solutions future-proof competitive advantage by driving quality, security,
compliance, collaboration, and speed – across the technology lifecycle. We bring deep domain and vertical expertise to every customer,
so nothing stands in the way of success. Privately held and funded by Clearlake Capital and Francisco Partners, our global footprint spans
more than 80 countries and includes over 75% of the Fortune 100. Perforce is trusted by the world’s leading brands to deliver solutions to
even the toughest challenges. Accelerate technology delivery, with no shortcuts. Get the Power of Perforce.

www.perforce.com © Perforce Software, Inc. All trademarks and registered trademarks

are the property of their respective owners. (0220TP22)