The RXF Certification Package includes the RXF-Cert framework source code, specification and test documents including traceability information. This includes all documents which are usually necessary for a certification on SIL 3 or an equivalent standard. It is geared to IEC 61508.The RXF-Cert is based on the standard RXF but tailored for use in safety critical applications. This means functionality which is not allowed to be used in functional safety areas is removed from code. In addition all necessary documentation (requirements specification, test specification, ...) is contained in the package. Also test routines as described below.

Scope of DeliveryDocuments contained in the Certification PackageManaged in PolarionThese documents will usually be exported from Polarion in PDF format. On request it can be provided as ReqIF. Each document includes traceability information.

User RequirementsSystem SpecificationModule / Operation Specification. This includes information about runtime-constant RXF-Cert data to support Software FMEA (Failure Mode and Effects Analysis) for Static Data.RXF Safety Application Conditions. Rules and conditions which need to be observed when modeling the software in UML and mechanisms of the RXF-Cert to prevent safety critical situations. (Part of the user manual)

Unit and Integration Test specification, using TestConductor(See also „Examples of Documentation“)

Source Code Source code is included for each module. The module sources include references to Polarion specification IDs inside the comment blocks. Runtime-constant data in the RXF-Cert is optimized to enable data-FMEA.

Rhapsody ModelA UML model representing the static architecture and complex design issues. It can be exported as PDF document or delivered as a Rhapsody model.

WordUsers Manual (generated from the official RXF HTML help files).Specification, Model, Source and Test Review ReportsSimplifier? Specification & Test Spec/Report

DatS - RXF Safety Package-V2.0.pages - Version 2.1 Page � / �1 8

RXF Certification Package

Specification and delivery

TraceabilityThe traceability can automatically be generated based on the Polarion link relations between user requirements, system specification and module/operation specification and is included in the documents.Source Code traceability is done by name matching between C modules and names in the Polarion module specification. In addition the source code comments include references to unique Polarion specification IDs.

MISRA ComplianceDocuments describing the MISRA-C 2004 compliancy.

MISRA Compliance Overview (describing process to be MISRA conform)MISRA Compliance Matrix (showing how MISRA rules are being checked) MISRA Deviation Log (documenting all MISRA rule deviations and describing the reasons)MISRA Deviation Procedure (describing the process how deviations are handled)MISRA Manual Procedures (specifying non tool based, manual MISRA check procedures)

Test ConceptRhapsody Based UML ModelUML model addressing the following use cases:1. Testing the best practice usage of UML2. Stress test (uncommon UML modeling in regards of framework borderline situations)

3. Customer specific test cases of the UML. (these parts can be used to address customer specific usage of UML and the framework)

Unit Whitebox TestsWhitebox test cases exist in source code and can be executed to reach condition coverage (C3a). The source of the test-harness is part of the delivery.

Individual Project Specific DeliverablesThe following parts of the RXF-Cert sources and documents need to be adapted individually for each project. The necessary individual work will be charged in addition to the RXF certification package price.

RXF-Cert Target AdaptationThe RXF-Cert does include dependencies to RTOS and compiler specifics and needs to be adapted to the project environment (effort 3-4 days).

User Safety Application ConditionsRXF-Cert sources must be reviewed against using non-ANSI extensions or known compiler errors (based on the Compiler Validation Report) and limitations of the RTOS (based on the RTOS Validation Report). This is usually done by the customer.

Unit Test Target AdaptationUnit test execution may be specific to the actual target and needs to be adapted and executed for the project specific environment. This can be done by the customer.

DatS - RXF Safety Package-V2.0.pages - Version 2.1 Page � / �2 8

Examples of Documentation

DatS - RXF Safety Package-V2.0.pages - Version 2.1 Page � / �3 8

User Requirements

DatS - RXF Safety Package-V2.0.pages - Version 2.1 Page � / �4 8

System Specification

DatS - RXF Safety Package-V2.0.pages - Version 2.1 Page � / �5 8

Module Specification

Source Code

Traceability to Source CodeInside the framework sourcecode references to the unique Polarion ID‘s are added.

DatS - RXF Safety Package-V2.0.pages - Version 2.1 Page � / �6 8

Architectural

Description

Diagrams

DatS - RXF Safety Package-V2.0.pages - Version 2.1 Page � / �7 8

Test Specification & Implementation for Unit White-Box Tests & Test-Result Documentation

Test-Result DocumentationThe automatic generation and content of the Test-Result Documentation depends on the communication possibilities of the used Target Debugger.

DatS - RXF Safety Package-V2.0.pages - Version 2.1 Page � / �8 8

Product:RXF Certification Package

Author:Eike Römer eroemer@willert.de

Andreas Willert awillert@willert.de

Editor:WILLERT SOFTWARE TOOLS GMBHHannoversche Straße 2131675 Bückeburgwww.willert.deinfo@willert.deTel.: +49 5722 9678 - 60

IBM® is a registered trademark of International Machines CorporationRational® is a registered trademark owned byIBMDOORS® is a registered trademark owned by IBMRhapsody® is a registered trademark owned by IBMMS Word® is a registered trademark of Microsoft CorporationPolarion® is a registered trademark of Polarion Software