Klocwork 2016.3 ISO 26262 and IEC 61508 certification

Klocwork 2016.3 is ISO 26262 and IEC 61508 certified.

ISO 26262 is a Functional Safety standard published by the International Organization for Standardization (ISO) and is targeted at road vehicle safety. The standard is based heavily on the Functional Safety standard IEC 61508 for Automotive Electric/Electronic Systems, and covers numerous activities and processes in the software development lifecycle.

Developers can use the certified set of Klocwork checkers to find and fix security vulnerabilities and critical defects with confidence, knowing they have been designed, developed, tested and released in an audited and certified manner. Klocwork also provides guidance to ensure that developers use our static analysis tool in a functionally safe way that supports their own application for ISO 26262 certification.

While software verification tools cannot, on their own, ensure compliance with ISO 26262, they can aid developers looking to demonstrate process compliance. Static Code Analysis tools can either fully or partially address many of the requirements found in Part 6 of the standard. This section covers “Product Development at the Software Level” for the functional safety of road vehicles and examines correctness of software design and implementation. Klocwork’s full-featured source code analysis solution helps developers find and fix security vulnerabilities and critical defects the moment they’re introduced. MISRA-C and MISRA-C++ coding standard violations can be reported automatically at the developer desktop, integration build, continuous integration build, and through the code review tool.

What do you need to know?

The Klocwork certification is documented in the Functional Safety Manual for Klocwork and related documents. These documents describe the conditions under which the use of Klocwork supports functional safety.

Qualification pack

The qualification pack, as described in the Functional Safety Manual for Klocwork, is available from your account executive. The Qualification Pack test procedures check the requirements under normal operating conditions. Each procedure provides input data that generates a validated pass/fail report for each checker. The tool is deterministic in its execution and generates the same output results for a given set of input data parameters. To validate that you have the currently supported Qualification Pack for Klocwork 2016.3, you can compare the MD5 checksum, which should be e10167b0461c89ba5aa56f319f23d710.

Checkers added between Klocwork 2016.1 and 2016.3

MISRA.ARRAY.VAR_LENGTH.2012Implements MISRA C 2012 Rule 18.8: Variable-length array types shall not be used.
MISRA.IDENT.DISTINCT.C90.2012, MISRA.IDENT.DISTINCT.C99.2012Implements MISRA C 2012 Rule 5.2: Identifiers declared in the same scope and name space shall be distinct.
MISRA.LITERAL.NULL.PTR.CONST.2012Implements MISRA C 2012 Rule 11.9: The macro NULL shall be the only permitted form of integer null pointer constant.
MISRA.MEMB.FLEX_ARRAY.2012Implements MISRA C 2012 Rule 18.7: Flexible array members shall not be declared.
MISRA.STDLIB.BSEARCH.2012Implements MISRA C 2012 Rule 21.9: The library functions bsearch and qsort of <stdlib.h> shall not be used.
MISRA.FUNC.UNUSEDPAR.2012Implements MISRA C 2012 Rule 2.7: There should be no unused parameters in functions.
MISRA.TYPE.RESTRICT.QUAL.2012Implements MISRA C 2012 Rule 8.14: The restricttype qualifier shall not be used.
MISRA.ASSIGN.SUBEXPR.2012Implements MISRA C 2012 Rule 13.4: The result of an assignment operator should not be used.
MISRA.DEFINE.SHARP.ORDER.2012Implements MISRA C 2012 Rule 20.11: A macro parameter immediately following a # operator shall not immediately be followed by a ## operator.
MISRA.DEFINE.SHARP.REPLACE.2012Implements MISRA C 2012 Rule 20.12: A macro parameter used as an operand to the # or ## operators, which is itself subject to further macro replacement, shall only be used as an operand to these operators.
MISRA.INCL.TGMATH.2012Implements MISRA C 2012 Rule 21.11: The standard header file <tgmath.h> shall not be used.
MISRA.INCL.SIGNAL.2012Implements MISRA C 2012 Rule 21.5: The standard header file<signal.h>shall not be used.
MISRA.DEFINE.STDIO.WCHAR.2012, MISRA.INCL.STDIO.2012, and MISRA.STDLIB.STDIO.WCHAR.2012Implements MISRA C 2012 Rule 21.6: The Standard Library input/output functions shall not be used.
MISRA.INCL.TIME.2012, MISRA.DEFINE.WCSFTIME.2012, and MISRA.STDLIB.WCSFTIME.2012Implements MISRA C 2012 Rule 21.10: The Standard Library time and date functions shall not be used.
RABV.CHECKSuspicious use of index before boundary check.

Checkers modified between Klocwork 2016.1 and 2016.3

ABV.GENERALFewer false positives are expected.
ABV.TAINTEDFewer false positives are expected.
MISRA.CHAR.NOT_CHARACTERNew defects detected.
MISRA.EXPR.PARENS.REDUNDANTFewer false positives are expected.
SV.FMTSTR.GENERICFewer false positives are expected.
UNINIT.STACK.MUSTFewer false positives are expected.
UNREACH.GENFewer false positives are expected.
UNREACH.RETURNFewer false positives are expected.
VA_UNUSED.INITFewer false positives are expected.
MISRA.ETYPE.CATEGORY.DIFFERENT.2012Fewer false positives are expected.
MISRA.VAR.NEEDS.CONSTFewer false positives are expected.
MISRA.USE.UNKNOWNDIRNew defects detected.
MLK.MUSTNew defects detected.
SV.FMT_STR.SCAN_FORMAT_MISMATCH.BADNew defects detected and fewer false positives are expected.
UNUSED.FUNC.GENNew defects detected.