![Page 1: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/1.jpg)
1 © 2012 The MathWorks, Inc.
Production Code Generation and
Verification for Industry Standards
Sang-Ho Yoon
Senior Application Engineer
![Page 2: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/2.jpg)
2
High-Integrity Applications
Definition: cf. Buncefield Investigation Glossary
www.buncefieldinvestigation.gov.uk/glossary.htm
Software-based systems that are designed and maintained so that
they have a high probability of carrying out their intended function
Often Require
Certification
![Page 3: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/3.jpg)
3
DO-178C “Airborne Software - Functional Safety”
Functional safety standard for airborne software
– Concerned with production of software that performs its intended
function with a level of confidence in safety that complies with
airworthiness requirements
Facilitates modern software
concepts through supplements:
– Model-Based Design
– Object Oriented Techniques
– Formal Methods
![Page 4: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/4.jpg)
4
ISO 26262 “Road Vehicles - Functional Safety”
Functional safety standard for passenger cars
– Concerned with avoidance of unreasonable
risks due to hazards caused by malfunctioning
E/E systems
Facilitates modern software engineering
concepts such as
– Modeling and simulation
– Early verification / validation
– Code generation
![Page 5: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/5.jpg)
5
IEC 61508 “Industrial Equipment - Functional
Safety”
Functional safety standard for Industrial Equipment
– Concerned with avoidance of unreasonable
risks due to hazards caused by malfunctioning
E/E systems
Serves as an umbrella standard for industry
specific adaptions:
– EN 50128 - Rail
– IEC 62304 - Medical
– IEC 61511 - Process Control
– Other standards and industries
![Page 6: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/6.jpg)
6
Model-Based Design for Certified Systems
Workflow
Tools
Support
Understand workflow to meet
the standard
Learn to use to software
tools effectively
Demonstrate compliance and
manage safety cases
#1
#2
#3
![Page 7: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/7.jpg)
7
High Integrity Workflows
OEM Supplier
Exemplary verification and validation processes for safety-related software
created using Model-Based Design and production code generation
![Page 8: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/8.jpg)
8
With MathWorks Tools
Simulink Design Verifier Simulink Verification and Validation
Embedded Coder
Simulink
Code Inspector
High Integrity Workflows
![Page 9: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/9.jpg)
9
Demo: Code Generation using Embedded
Coder
![Page 10: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/10.jpg)
10
Simulink Code Inspector Automate DO-178 Code Reviews
Independently verify that
Embedded Coder generated
code traces to and complies
with low-level requirements
Demonstrate that model and
source code match structurally
Provide modelcode
traceability data
Eliminate / reduce manual code
reviews for DO-178B software
Same certification credits as
qualified code generator
Embedded
Coder
Code
verification
Code traceability
Source code Model
![Page 11: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/11.jpg)
11
Simulink Code Inspector Overview
Independent code inspection
Code
inspection
report
?
Model and code development
Normalized
Model IR Normalized
Code IR
Model IR Code IR
IR transformations
Matching
Embedded
Coder
C source
code
Simulink
Model
Static verification tool, that checks
the generated code against model
Automates DO-178 Source Coder
verification activities
Traceability
report
![Page 12: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/12.jpg)
12
Demo: Code Verification using Simulink Code
Inspector
![Page 13: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/13.jpg)
13
Meeting DO-178 Objectives Anticipated Certification Credits
for Simulink Code Inspector with
other code verification products
Embedded
Coder
Code verification:
Simulink Code Inspector
Code traceability:
Simulink Code Inspector
Source code Model
Code
conformance:
Polyspace
Annex A
Table
Objective DO-178B
Ref.
Software
Levels
Anticipated Certification Credit [Tool(s)]
A-5 (1) Source Code complies
with low-level requirements
Section
6.3.4a
A, B, C Full
[Simulink Code Inspector]
A-5 (2) Source Code complies
with software architecture
Section
6.3.4b
A, B, C Full
[Simulink Code Inspector]
A-5 (3) Source Code is
verifiable
Section
6.3.4c
A, B Full
[Simulink Code Inspector]
A-5 (4) Source Code conforms
to standards
Section
6.3.4d
A, B, C Full
[Polyspace MISRA-AC ACG rules checker]
A-5 (5) Source Code is
traceable to low-level
requirements
Section
6.3.4e
A, B, C Full
[Simulink Code Inspector]
A-5 (6) Source Code is accurate
and consistent
Section
6.3.4f
A, B, C Full (for source code based criteria)
[Simulink Code Inspector, Polyspace verifier]
![Page 14: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/14.jpg)
14
Simulink Code Inspector, Simulink Design
Verifier, Simulink Report Generator, Simulink
Verification and Validation, and Polyspace are
qualifiable to DO-178 for all safety levels
Note: Simulink and Polyspace products were not developed using certified processes.
MathWorks Support
DO Tool Qualification Kits (for DO-178)
www.mathworks.com/products/do-178
![Page 15: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/15.jpg)
15
Embedded Coder, Simulink Design Verifier,
Simulink Verification and Validation, and
Polyspace are pre-qualified by TÜ V SÜ D to
ISO 26262 for all ASILs
Note: Simulink and Polyspace products were not developed using certified processes.
MathWorks Support
IEC Certification Kit (for ISO 26262, IEC 61508, EN 50128)
www.mathworks.com/products/iec-61508
Validation
test suite
Tool validation
report
Tool qualification
work products
![Page 16: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/16.jpg)
16
Demo: Using Cert and Qual Kits
![Page 17: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/17.jpg)
17
Objectives
Identify gaps in current processes
Provide a roadmap to an optimized DO-178 process
Assist with deployment of that roadmap
Educate on the DO-178 standard
MathWorks Support
DO-178 Process Deployment Advisory Service
www.mathworks.com/services/consulting/areas/do-process-deployment.html
Consulting services to quickly adopt Model-Based Design for DO-178
![Page 18: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/18.jpg)
18
Objectives
Identify gaps in current processes
Provide a roadmap to an optimized ISO 26262 process
Assist with deployment of that roadmap
Educate on the ISO 26262 standard
MathWorks Support
ISO 26262 Process Deployment Advisory Service
www.mathworks.com/services/consulting/areas/iso26262-process-deployment.html
Consulting services to quickly adopt Model-Based Design for ISO 26262
![Page 19: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/19.jpg)
19
Model-Based Design for Industry Standards
Summary
MathWorks is committed to supporting industry standards
We look forward to collaborating with you to accelerate
the transition towards certification compatible processes
and tool chains for Model-Based Design
Reference workflows for using Model-
Based Design in context of standards
Code generation and verification tools
Tool qualification kits
Process deployment advisory services
...
Workflow
Tools
Support
![Page 20: Production Code Generation and Verification for Industry ... · A-5 (3) Source Code is verifiable Section 6.3.4c A, B Full [Simulink Code Inspector] A-5 (4) Source Code conforms to](https://reader033.vdocuments.us/reader033/viewer/2022051911/60015511f74cf33e9a4880b5/html5/thumbnails/20.jpg)
20 © 2012 The MathWorks, Inc.
Questions?