2. Certification scope¶

The core library shall be suitable to be used in safety applications according to following safety standards up to the specified safety level:

Safety Standard	Safety Level
IEC 61508:2010	SIL 2

The core library is evaluated as an “assessment of non-compliant development” (according to Route 3S of IEC 61508:2010 section 7.4.2.12). This assessment targets a full compliance statement to the standards above, as far as it is applicable for a Software Safety Element out of Context.

2.1. Certified version¶

The certified version of the core library is 1.94.0.

2.2. Certified targets¶

The core library is certified only on “certified targets”. Certified targets are like qualified targets, but furthermore ship with a pre-compiled certified core standard library. Each certified target has a qualified “base” target. Refer to Qualified targets for more information about qualified targets.

Warning

Qualified targets are not certified. Subset targets are not certified. Code which wishes to use the certified core library must use a certified target, not a qualified target.

Like qualified targets, only stable releases of certified targets are certified. Other releases, such as beta, should be considered Quality Managed. Such releases can be certified upon request.

The following targets are certified for use with the pre-compiled certified core standard library:

Target	Qualified (Base) target tuple	Certified target tuple
Armv8-A bare-metal	`aarch64-unknown-none`	`aarch64-ferrocene-none`
Armv8-A QNX® Neutrino® 7.1.0	`aarch64-unknown-nto-qnx710`	`aarch64-ferrocene-none`
Armv7E-M bare-metal (soft-float)	`thumbv7em-none-eabi`	`thumbv7em-ferrocene-none-eabi`
Armv7E-M bare-metal (hard-float)	`thumbv7em-none-eabihf`	`thumbv7em-ferrocene-none-eabihf`
x86-64 Linux (glibc)	`x86_64-unknown-linux-gnu`	`x86_64-ferrocene-linux-gnu`

Note

The x86_64-pc-nto-qnx710 target has no certified equivalent. This target remains qualified for use with the Ferrocene compiler, but the core library for this target is not certified.

2.3. Certified subset¶

The certification does not cover the entirety of the core library, but instead a subset. This is to reduce the effort of the certification.

The subset included in the safety certification is defined and documented in the Safety Manual.

2.3.1. Systematic capabilities¶

All public functions of the certified subset are considered “software safety functions” and are going to be certified for all safety standards up to the safety level specified. That means our customers can use all of those functions for use cases up to the highest safety level specified. Since we consider all of them safety relevant we do not consider independence.

The systematic capability of these functions is based on:

The requirements and the documented completeness of these requirements and their implementation in the code and tests
The absence of any undocumented and untested code in the safety certification scope
The required test coverage
The adherence of the code within the safety scope to the Coding Guidelines