ISO 26262¶
The iso-26262 pack enforces rules based on ISO 26262 -- Road vehicles: Functional safety software development requirements. It covers defensive programming, banned functions, error handling, memory management, control flow, complexity limits, type safety, timing constraints, and interrupt safety for ASIL A through ASIL D software.
Free tier
This pack is available on all tiers, including the free tier.
Enable¶
Rules¶
The pack includes 23 rules across code enforcement and documentation obligations:
Code rules (19)¶
| ID | Clause | Severity | Description |
|---|---|---|---|
| ISO26262-001 | 6-8.4.4 | medium | Division without zero-check guard risks undefined behavior |
| ISO26262-002 | 6-8.4.4 | high | Pointer access without null validation violates defensive programming requirements |
| ISO26262-003 | 6-8.4.4 | critical | Unsafe string functions (strcpy, strcat, sprintf, gets) risk buffer overflows |
| ISO26262-004 | 6-8.4.4 | medium | Unsafe memory functions (memcpy, memmove, memset) require safety review |
| ISO26262-005 | 6-8.4.4 | high | Empty catch blocks silently discard errors in safety-critical paths |
| ISO26262-006 | 6-8.4.4 | high | Bare 'except Exception' hides errors in automotive software (Python) |
| ISO26262-007 | 6-8.4.4 | high | Catching generic Exception violates error handling and diagnostic requirements (Java) |
| ISO26262-008 | 6-8.4.4 | critical | Dynamic memory allocation is prohibited in ASIL C/D software after initialization |
| ISO26262-009 | 6-8.4.4 | critical | Recursion is banned due to unbounded stack usage and non-deterministic timing |
| ISO26262-010 | 6-8.4.4 | high | goto statements are banned -- they create unstructured control flow |
| ISO26262-011 | 6-8.4.4 | medium | Deeply nested control structures (4+ levels) exceed complexity limits |
| ISO26262-012 | 6-8.4.4 | high | extern mutable global variables create uncontrolled data coupling |
| ISO26262-013 | 6-8.4.4 | medium | C-style casts bypass C++ type checking in safety-critical code |
| ISO26262-014 | 6-8.4.4 | high | void pointer casts bypass type safety in ASIL-rated software |
| ISO26262-015 | 6-8.4.4 | high | Signal handlers are unsafe due to reentrancy issues and undefined behavior |
| ISO26262-016 | 6-8.4.4 | high | Blocking sleep/delay calls can cause missed deadlines in real-time systems |
| ISO26262-017 | 6-8.4.4 | high | Unbounded while(true)/for(;;) loops risk non-termination |
| ISO26262-018 | 6-8.4.4 | medium | TODO/FIXME/HACK comments indicate incomplete work before ASIL qualification |
| ISO26262-019 | 6-8.4.4 | critical | eval()/exec() is prohibited in automotive test tooling and HIL software (Python) |
Documentation obligations (4)¶
| ID | Clause | Description |
|---|---|---|
| ISO26262-DOC-001 | 6-7 | Software safety requirements specification derived from technical safety concept |
| ISO26262-DOC-002 | 6-8 | Software architectural design documenting components, interfaces, and safety mechanisms |
| ISO26262-DOC-003 | 6-10 | Software verification report with test results, coverage metrics, and completeness |
| ISO26262-DOC-004 | 8-7 | Configuration management plan for all software work products |
Use case¶
Automotive OEMs, Tier 1 suppliers, and embedded software teams developing ASIL-rated vehicle software. The pack provides:
- Memory and buffer safety -- Bans dynamic allocation, unsafe string/memory functions, and enforces bounds checking for ASIL C/D compliance
- Deterministic behavior -- Prohibits recursion, unbounded loops, signal handlers, and blocking calls that violate worst-case execution time analysis
- Error handling discipline -- Flags empty catch blocks, generic exception handling, and unchecked pointer access
- Safety lifecycle evidence -- Documentation obligations cover safety requirements, architectural design, verification reports, and configuration management per ISO 26262 Part 6 and Part 8