1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationFunctional safety of electrical/electronic/programmable electronic safety-related systemsPart 3: Software requirementsBS EN 61508-3:2010National forewordThis British Standard is
2、the UK implementation of EN 61508-3:2010. It isidentical to IEC 61508-3:2010. It supersedes BS EN 61508-3:2002 which iswithdrawn.The UK participation in its preparation was entrusted by Technical CommitteeGEL/65, Measurement and control, to Subcommittee GEL/65/1, System considerations.A list of orga
3、nizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisions of acontract. Users are responsible for its correct application. BSI 2010ISBN 978 0 580 56235 8ICS 13.260; 25.040.40; 29.020; 35.080Compliance
4、with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of the StandardsPolicy and Strategy Committee on 3 Ju 2010.Amendments issued since publicationAmd. No. Date Text affectedBRITISH STANDARDBS EN 61508-3:2010ne0EUROPEAN STANDARD
5、 EN 61508-3 NORME EUROPENNE EUROPISCHE NORM May 2010 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Management Centre: Avenue Marnix 17, B - 1000 Brussels 2010 CENELEC - All rights of ex
6、ploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 61508-3:2010 E ICS 25.040.40 Supersedes EN 61508-3:2001English version Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3: Software requirements (IEC 61508-3:20
7、10) Scurit fonctionnelle des systmes lectriques/lectroniques/lectroniques programmables relatifs la scurit - Partie 3: Exigences concernant les logiciels (CEI 61508-3:2010) Funktionale Sicherheit sicherheitsbezogener elektrischer/elektronischer/programmierbarer elektronischer Systeme - Teil 3: Anfor
8、derungen an Software (IEC 61508-3:2010) This European Standard was approved by CENELEC on 2010-05-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteratio
9、n. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by transl
10、ation under the responsibility of a CENELEC member into its own language and notified to the Central Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Est
11、onia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. BS EN 61508-3:2010EN 61508-3:2010 - 2 - Foreword The text of docu
12、ment 65A/550/FDIS, future edition 2 of IEC 61508-3, prepared by SC 65A, System aspects, of IEC TC 65, Industrial-process measurement, control and automation, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as EN 61508-3 on 2010-05-01. This European Standard supersedes EN 6
13、1508-3:2001. It has the status of a basic safety publication according to IEC Guide 104. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent rights.
14、The following dates were fixed: latest date by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2011-02-01 latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2013-05-01 Annex ZA h
15、as been added by CENELEC. _ Endorsement notice The text of the International Standard IEC 61508-3:2010 was approved by CENELEC as a European Standard without any modification. In the official version, for Bibliography, the following notes have to be added for the standards indicated: 1 IEC 61511 ser
16、ies NOTE Harmonized in EN 61511 series (not modified). 2 IEC 62061 NOTE Harmonized as EN 62061. 3 IEC 61800-5-2 NOTE Harmonized as EN 61800-5-2. 4 IEC 61508-5:2010 NOTE Harmonized as EN 61508-5:2010 (not modified). 5 IEC 61508-6:2010 NOTE Harmonized as EN 61508-6:2010 (not modified). 6 IEC 61508-7:2
17、010 NOTE Harmonized as EN 61508-7:2010 (not modified). 7 IEC 60601 series NOTE Harmonized in 60601 series (partially modified). 8 IEC 61131-3 NOTE Harmonized as EN 61131-3. _ BS EN 61508-3:2010- 3 - EN 61508-3:2010 Annex ZA (normative) Normative references to international publications with their co
18、rresponding European publications The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. NOTE When an in
19、ternational publication has been modified by common modifications, indicated by (mod), the relevant EN/HD applies. Publication Year Title EN/HD Year IEC 61508-1 2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements EN 61508-1 20
20、10 IEC 61508-2 2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems EN 61508-2 2010IEC 61508-4 2010 Functional safety of electrical/electronic/programmable electr
21、onic safety-related systems - Part 4: Definitions and abbreviations EN 61508-4 2010IEC Guide 104 1997 The preparation of safety publications and the use of basic safety publications and group safety publications - - ISO/IEC Guide 51 1999 Safety aspects - Guidelines for their inclusion in standards -
22、 - BS EN 61508-3:2010 2 61508-3 IEC:2010 CONTENTS INTRODUCTION.7 1 Scope.9 2 Normative references .12 3 Definitions and abbreviations13 4 Conformance to this standard.13 5 Documentation .13 6 Additional requirements for management of safety-related software .13 6.1 Objectives .13 6.2 Requirements13
23、7 Software safety lifecycle requirements14 7.1 General .14 7.1.1 Objective .14 7.1.2 Requirements 14 7.2 Software safety requirements specification21 7.2.1 Objectives .21 7.2.2 Requirements 21 7.3 Validation plan for software aspects of system safety24 7.3.1 Objective .24 7.3.2 Requirements 24 7.4 S
24、oftware design and development.25 7.4.1 Objectives .25 7.4.2 General requirements 26 7.4.3 Requirements for software architecture design 29 7.4.4 Requirements for support tools, including programming languages30 7.4.5 Requirements for detailed design and development software system design .33 7.4.6
25、Requirements for code implementation34 7.4.7 Requirements for software module testing .35 7.4.8 Requirements for software integration testing 35 7.5 Programmable electronics integration (hardware and software).36 7.5.1 Objectives .36 7.5.2 Requirements 36 7.6 Software operation and modification proc
26、edures .37 7.6.1 Objective .37 7.6.2 Requirements 37 7.7 Software aspects of system safety validation.37 7.7.1 Objective .37 7.7.2 Requirements 38 7.8 Software modification 39 7.8.1 Objective .39 7.8.2 Requirements 39 7.9 Software verification41 7.9.1 Objective .41 7.9.2 Requirements 41 8 Functional
27、 safety assessment.44 BS EN 61508-3:201061508-3 IEC:2010 3 Annex A (normative) Guide to the selection of techniques and measures.46 Annex B (informative) Detailed tables 55 Annex C (informative) Properties for software systematic capability.60 Annex D (normative) Safety manual for compliant items ad
28、ditional requirements for software elements.97 Annex E (informative) Relationships between IEC 61508-2 and IEC 61508-3.100 Annex F (informative) Techniques for achieving non-interference between software elements on a single computer .102 Annex G (informative) Guidance for tailoring lifecycles assoc
29、iated with data driven systems 107 Bibliography111 Figure 1 Overall framework of the IEC 61508 series 11 Figure 2 Overall safety lifecycle .12 Figure 3 E/E/PE system safety lifecycle (in realisation phase)16 Figure 4 Software safety lifecycle (in realisation phase).16 Figure 5 Relationship and scope
30、 for IEC 61508-2 and IEC 61508-3 .17 Figure 6 Software systematic capability and the development lifecycle (the V-model) 17 Figure G.1 Variability in complexity of data driven systems 108 Table 1 Software safety lifecycle overview 18 Table A.1 Software safety requirements specification 47 Table A.2
31、Software design and development software architecture design.48 Table A.3 Software design and development support tools and programming language.49 Table A.4 Software design and development detailed design .50 Table A.5 Software design and development software module testing and integration 51 Table
32、 A.6 Programmable electronics integration (hardware and software)51 Table A.7 Software aspects of system safety validation .52 Table A.8 Modification .52 Table A.9 Software verification 53 Table A.10 Functional safety assessment 54 Table B.1 Design and coding standards .55 Table B.2 Dynamic analysis
33、 and testing.56 Table B.3 Functional and black-box testing56 Table B.4 Failure analysis57 Table B.5 Modelling .57 Table B.6 Performance testing.58 Table B.7 Semi-formal methods .58 Table B.8 Static analysis59 Table B.9 Modular approach 59 Table C.1 Properties for systematic safety integrity Software
34、 safety requirements specification .64 BS EN 61508-3:2010 4 61508-3 IEC:2010 Table C.2 Properties for systematic safety integrity Software design and development software Architecture Design 67 Table C.3 Properties for systematic safety integrity Software design and development support tools and pro
35、gramming language76 Table C.4 Properties for systematic safety integrity Software design and development detailed design (includes software system design, software module design and coding) .77 Table C.5 Properties for systematic safety integrity Software design and development software module testi
36、ng and integration .79 Table C.6 Properties for systematic safety integrity Programmable electronics integration (hardware and software)81 Table C.7 Properties for systematic safety integrity Software aspects of system safety validation82 Table C.8 Properties for systematic safety integrity Software
37、 modification 83 Table C.9 Properties for systematic safety integrity Software verification 85 Table C.10 Properties for systematic safety integrity Functional safety assessment86 Table C.11 Detailed properties Design and coding standards87 Table C.12 Detailed properties Dynamic analysis and testing
38、 .89 Table C.13 Detailed properties Functional and black-box testing.90 Table C.14 Detailed properties Failure analysis 91 Table C.15 Detailed properties Modelling92 Table C.16 Detailed properties Performance testing .93 Table C.17 Detailed properties Semi-formal methods94 Table C.18 Properties for
39、systematic safety integrity Static analysis .95 Table C.19 Detailed properties Modular approach.96 Table E.1 Categories of IEC 61508-2 requirements100 Table E.2 Requirements of IEC 61508-2 for software and their typical relevance to certain types of software.100 Table F.1 Module coupling definition
40、of terms .104 Table F.2 Types of module coupling.105 BS EN 61508-3:201061508-3 IEC:2010 7 INTRODUCTION Systems comprised of electrical and/or electronic elements have been used for many years to perform safety functions in most application sectors. Computer-based systems (generically referred to as
41、programmable electronic systems) are being used in all application sectors to perform non-safety functions and, increasingly, to perform safety functions. If computer system technology is to be effectively and safely exploited, it is essential that those responsible for making decisions have suffici
42、ent guidance on the safety aspects on which to make these decisions. This International Standard sets out a generic approach for all safety lifecycle activities for systems comprised of electrical and/or electronic and/or programmable electronic (E/E/PE) elements that are used to perform safety func
43、tions. This unified approach has been adopted in order that a rational and consistent technical policy be developed for all electrically-based safety-related systems. A major objective is to facilitate the development of product and application sector international standards based on the IEC 61508 s
44、eries. NOTE 1 Examples of product and application sector international standards based on the IEC 61508 series are given in the bibliography (see references 1, 2 and 3). In most situations, safety is achieved by a number of systems which rely on many technologies (for example mechanical, hydraulic,
45、pneumatic, electrical, electronic, programmable electronic). Any safety strategy must therefore consider not only all the elements within an individual system (for example sensors, controlling devices and actuators) but also all the safety-related systems making up the total combination of safety-re
46、lated systems. Therefore, while this International Standard is concerned with E/E/PE safety-related systems, it may also provide a framework within which safety-related systems based on other technologies may be considered. It is recognized that there is a great variety of applications using E/E/PE
47、safety-related systems in a variety of application sectors and covering a wide range of complexity, hazard and risk potentials. In any particular application, the required safety measures will be dependent on many factors specific to the application. This International Standard, by being generic, wi
48、ll enable such measures to be formulated in future product and application sector international standards and in revisions of those that already exist. This International Standard considers all relevant overall, E/E/PE system and software safety lifecycle phases (for example, from initial concept, t
49、hrough design, implementation, operation and maintenance to decommissioning) when E/E/PE systems are used to perform safety functions; has been conceived with a rapidly developing technology in mind; the framework is sufficiently robust and comprehensive to cater for future developments; enables product and applicatio
