Functional safety

Why validating your own toolchain for functional safety is costly and time-consuming

<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Why validating your own toolchain for functional safety is costly and time-consuming</span>

Ensuring functional safety compliance in automotive, industrial automation, medical devices, and aerospace applications requires rigorous toolchain validation. Companies developing safety-critical software must adhere to ISO 26262, IEC 61508, ISO 62304, and similar standards, which demand extensive verification and documentation of the compiler toolchain.

Some organizations consider validating their toolchains, but the reality is that this process is costly, time-consuming, and resource-intensive. While achieving compliance independently is possible, it typically requires 6-12 months of dedicated effort and multiple engineers, making it an expensive and high-risk undertaking.

The reality of toolchain validation

Validating a compiler toolchain for functional safety is not just about confirming that it works. The process involves rigorous testing to verify repeatability, correctness, and reliability under real-world conditions.

As one expert on Stack Overflow explained:

“Part of the process was running a set of validation test suites in which thousands of test programs were compiled and the results compared against expected results. Another part was ISO standard-conformance tests. None of these tests, of course, are exhaustive, but did identify some issues. Yet a third part consisted of running the DejaGNU test suite that comes with GCC itself.”

However, even after extensive testing, validation does not guarantee perfection, only that imperfections are identified, documented, and justified.

“Functional safety does not mean your toolchain is perfect, it only means the known imperfections are clearly documented and that you have a process in place to identify and document imperfections. What you need to do for full validation is to fix or document and justify each and every deviation from expected behavior so there are no known, unjustified deviations.”

Key components of compiler validation

For a compiler to be considered functionally safe, organizations must complete three critical steps:

Extensive testing:

  • Running comprehensive validation test suites where thousands of test programs are compiled and compared against expected results.
  • Conducting ISO standard-conformance tests to ensure adherence to safety regulations.
  • Running regression test suites like DejaGNU, Plum-Hall Validation Suites, or Perennial C/C++ Validation Suite, which helps detect compiler-specific issues.
Documentation:

  • Maintaining comprehensive validation reports that provide traceability of how the compiler was tested.
  • Documenting all deviations from expected behavior, ensuring they are either fixed or justified.
  • Providing evidence of compliance with industry standards through detailed test reports.
Mitigation strategies:

  • Defining workarounds or corrective actions for any identified compiler limitations.
  • Ensuring the compiler can be used safely in production despite any known issues.
  • Creating a long-term support and maintenance plan to manage future compiler updates and re-validation.

Without these three steps, a compiler toolchain cannot be considered functionally safe, and even after validation, it requires ongoing maintenance, documentation, and requalification whenever updates occur.

Certification requires more than just testing

Many assume that validating a compiler is only about testing, but this is just one part of the process. The equally critical aspect is documentation, which ensures traceability and compliance with industry standards. This includes:

  • Creating and maintaining validation reports that track all test results.
  • Providing traceability for how the toolchain was tested and what mitigation measures were applied.
  • Documenting all deviations from expected behavior, ensuring they are either fixed or formally justified.

This documentation-heavy process requires compliance experts, adding significant overhead to an already complex project.

The true cost of certification

  • The cost of validating a compiler for ISO 26262, IEC 61508, ISO 62304, or similar standards varies based on the Safety Integrity Level (SIL) required, but estimates suggest:
  • 6-12 months of engineering effort
  • At least 2-4 full-time engineers
  • Estimated cost: $306,734 to $613,468 (based on average U.S. embedded software engineer salaries of ~$153,367/year
  • Additional costs for external assessments, documentation, and certification audits

These costs do not include the impact of delayed product launches, which can further increase financial risk for companies developing safety-critical applications.

For many companies, the question is no longer “Can we validate our own toolchain?” but rather “Is it worth the effort?”

Why many organizations choose a pre-certified toolchain

Given the extensive time and cost required, most organizations opt for a pre-certified toolchain rather than undertaking the process themselves.

The IAR pre-certified toolchain is TÜV SÜD-certified for ISO 26262, IEC 61508, and ISO 62304, eliminating the need for in-house validation. By using IAR’s pre-certified toolchains, companies can:

  • Save 6-12 months of certification time
  • Avoid costly validation processes
  • Ensure compliance with global safety standards

By leveraging a pre-certified functional safety toolchain, companies can focus on innovation rather than managing compliance overhead.

IAR's platform has functional safety always included

Unlike other solutions that require additional qualification efforts, IAR’s functional safety offering includes Functional Safety as an inbuilt feature. This ensures that development teams can:

  • Leverage TÜV-certified toolchains immediately
  • Eliminate additional tool validation efforts
  • Support multiple architectures (Arm, RISC-V, Renesas RX, RL78, RH850, and more) in one single subscription, ensuring flexibility and efficiency in development.
  • Accelerate time-to-market while maintaining strict safety compliance

For companies developing safety-critical software, IAR provides a cost-effective, ready-to-use solution that eliminates the complexity, time, and costs associated with toolchain validation.

What’s next? Get started today

Achieving functional safety compliance doesn’t have to be a long and expensive process. Learn more at IAR Functional Safety Solutions or request a demo with our technical experts.

References