Klocwork 2016.1 ISO 26262 and IEC 61508 certification
ISO 26262 is a Functional Safety standard published by the International Organization for Standardization (ISO) and is targeted at road vehicle safety. The standard is based heavily on the Functional Safety standard IEC 61508 for Automotive Electric/Electronic Systems, and covers numerous activities and processes in the software development lifecycle.
Developers can use the certified set of Klocwork checkers to find and fix security vulnerabilities and critical defects with confidence, knowing they have been designed, developed, tested and released in an audited and certified manner. Klocwork also provides guidance to ensure that developers use our static analysis tool in a functionally safe way that supports their own application for ISO 26262 certification.
While software verification tools cannot, on their own, ensure compliance with ISO 26262, they can aid developers looking to demonstrate process compliance. Static Code Analysis tools can either fully or partially address many of the requirements found in Part 6 of the standard. This section covers “Product Development at the Software Level” for the functional safety of road vehicles and examines correctness of software design and implementation. Klocwork’s full-featured source code analysis solution helps developers find and fix security vulnerabilities and critical defects the moment they’re introduced. MISRA-C and MISRA-C++ coding standard violations can be reported automatically at the developer desktop, integration build, continuous integration build, and through the code review tool.
What do you need to know?
The Klocwork certification is documented in the Functional Safety Manual for Klocwork and related documents. These documents describe the conditions under which the use of Klocwork supports functional safety.
The qualification pack, as described in the Functional Safety Manual for Klocwork, is available from your account executive. The Qualification Pack test procedures check the requirements under normal operating conditions. Each procedure provides input data that generates a validated pass/fail report for each checker. The tool is deterministic in its execution and generates the same output results for a given set of input data parameters. To validate that you have the currently supported Qualification Pack for Klocwork 2016.1, you can compare the MD5 checksum, which should be d71756200cc9e91487e543544a8d643f.
Checkers added between Klocwork 2016 and 2016.1
|HCC||Implements CWE-798: Use of Hard-coded Credentials; identifies the use of both hard-coded passwords and usernames.|
|HCC.PWD||Implements CWE-798: Use of Hard-coded Credentials; identifies the use of hard-coded passwords.|
|HCC.USER||Implements CWE-798: Use of Hard-coded Credentials; identifies the use of hard-coded usernames.|
|MISRA.BITS.NOT_UNSIGNED.PREP||Operand of bitwise operation is not unsigned integer.|
|MISRA.FILE_PTR.DEREF.2012||A pointer to a FILE object shall not be dereferenced.|
|MISRA.FILE_PTR.DEREF.CAST.2012||An object cast to a FILE pointer shall not be dereferenced.|
|MISRA.FILE_PTR.DEREF.INDIRECT.2012||A pointer to a FILE object shall not be indirectly dereferenced by a system function.|
|MISRA.FILE_PTR.DEREF.RETURN.2012||A pointer to a FILE object (returned by a function) shall not be dereferenced.|
|MISRA.FUNC.UNUSEDRET.2012||The value returned by a function having non-void return type shall be used.|
|RCA.HASH.SALT.EMPTY||Implements CWE-759: Use of a One-Way Hash without a Salt.|
Checkers modified between Klocwork 2016 and 2016.1
|ABV.GENERAL||Fewer false positives are expected.|
|CWARN.MEMSET.SIZEOF.PTR||Fewer false positives are expected.|
|MISRA.ADDR.REF.PARAM||New defects detected.|
|MISRA.ADDR.REF.PARAM.PTR||New defects detected.|
|MISRA.CVALUE.IMPL.CAST||New defects detected.|
|MISRA.INCL.BAD||Fewer false positives are expected.|
|MISRA.LITERAL.NULL.INT||New defects detected.|
|MLK.MUST||New defects detected.|
|RH.LEAK||New defects detected.|
|SV.TAINTED.INDEX_ACCESS||New defects detected.|