Download - Qualkitdo Slci Tqp
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 1/33
DO Qualification Kit
Simulink® Code Inspector™ Tool Qualification Plan
R2015b, September 2015
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 2/33
How to Contact MathWorks
Latest news: www.mathworks.com
Sales and services: www.mathworks.com/sales_and_services
User community: www.mathworks.com/matlabcentral
Technical support: www.mathworks.com/support/contact_us
Phone: 508-647-7000
The MathWorks, Inc.
3 Apple Hill Drive Natick, MA 01760-2098
DO Qualification Kit: Simulink ® Code Inspector TM
Tool Qualification Plan
© COPYRIGHT 2012 – 2015 by The MathWorks, Inc.
The software described in this document is furnished under a license agreement. The software may be used or copied only under
the terms of the license agreement. No part of this manual may be photocopied or reproduced in any form without prior written
consent from The MathWorks, Inc.
FEDERAL ACQUISITION: This provision applies to all acquisitions of the Program and Documentation by, for, or through the
federal government of the United States. By accepting delivery of the Program or Documentation, the government hereby agrees
that this software or documentation qualifies as commercial computer software or commercial computer software documentationas such terms are used or defined in FAR 12.212, DFARS Part 227.72, and DFARS 252.227-7014. Accordingly, the terms and
conditions of this Agreement and only those rights specified in this Agreement, shall pertain to and govern the use, modification,
reproduction, release, performance, display, and disclosure of the Program and Documentation by the federal government (or
other entity acquiring for or through the federal government)and shall supersede any conflicting contractual terms or conditions.
If this License fails to meet the government’s needs or is inconsistent in any respect with federal procurement law, the
government agrees to return the Program and Documentation, unused, to The MathWorks, Inc.
Trademarks
MATLAB and Simulink are registered trademarks of The MathWorks, Inc. See www.mathworks.com/trademarks f or a
list of additional trademarks. Other product or brand names may be trademarks or registered trademarks of their respective
holders.
Patents
MathWorks products are protected by one or more U.S. patents. Please see www.mathworks.com/patents f or more
information.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 3/33
Revision History
March 2012 New for Version 1.6 (Applies to Release 2012a)
September 2012 Revised for Version 2.0 (Applies to Release 2012b)
March 2013 Revised for Version 2.1 (Applies to Release 2013a)September 2013 Revised for Version 2.2 (Applies to Release 2013b)
March 2014 Revised for Version 2.3 (Applies to Release 2014a)
October 2014 Revised for Version 2.4 (Applies to Release 2014b)
March 2015 Revised for Version 2.5 (Applies to Release 2015a)
September 2015 Revised for DO Qualification Kit Version 3.0 (Applies to Release 2015b)
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 5/33
v
Contents
1
Introduction ...................................................................................................................................... 1-1
2 Tool Overview and Identification .................................................................................................... 2-1
2.1 Simulink Code Inspector Product Description ........................................................................ 2-2
2.2 Simulink Code Inspector Product Identifier ............................................................................ 2-4
3 Tool Operational Requirements ....................................................................................................... 3-1
4 Certification Considerations ............................................................................................................. 4-1
4.1 Requirements for Qualification ............................................................................................... 4-2
4.2 Certification Credit .................................................................................................................. 4-3
5
Tool Development Life Cycle – Tool Developer ............................................................................. 5-1
6 Tool Development Life Cycle – Tool User ...................................................................................... 6-1
6.1 Planning................................................................................................................................... 6-2
6.2 Requirements ........................................................................................................................... 6-3
6.3 Verification ............................................................................................................................. 6-4
7 Additional Considerations ................................................................................................................ 7-1
7.1 Independence ........................................................................................................................... 7-2
7.2 Customer Bug Reporting Considerations ................................................................................ 7-3
7.3 Protection Mechanisms ........................................................................................................... 7-4
8
Tool Life Cycle Data ........................................................................................................................ 8-1
9 Schedule ........................................................................................................................................... 9-1
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 7/33
1 Introduction
This document comprises the Tool Qualification Plan (Reference DO-330 Section 10.1.2) forthe following capability of the Simulink ® Code Inspector™ verification tool:
Code inspection report
This document is intended for use in the DO-178C and DO-330 tool qualification process for
Criteria 2 TQL-4 tools.
See also the DO Qualification Kit User's Guide, R2015b.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 9/33
2 Tool Overview and Identification
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 10/33
2-2
2.1 Simulink Code Inspector Product DescriptionAutomate source code reviews for safety standards
Simulink ® Code Inspector ™ automatically compares generated code with its source model to
satisfy code-review objectives in DO-178 and other high-integrity standards. The code inspector
systematically examines blocks, state diagrams, parameters, and settings in a model to determinewhether they are structurally equivalent to operations, operators, and data in the generated code.
Simulink Code Inspector provides detailed model-to-code and code-to-model traceability
analysis. It generates structural equivalence and traceability reports that you can submit tocertification authorities to satisfy DO-178 software coding verification objectives.
Key Features
Structural equivalence analysis and reports
Bidirectional traceability analysis and reports
Compatibility checker to restrict model, block, state diagrams, and coder usage to operationstypically used in high-integrity applications
Tool independence from Simulink ® code generators
Simulink Code Inspector carries out translation validation. Inputs to the Code Inspector are a
Simulink model and the C source code generated by the Embedded Coder ® code generator forthe model. The Code inspector processes these two inputs into internal representations (IRs),
called model IR and code IR. These IRs are transformed into normalized representation’s tofacilitate further analysis. In this process, the model IR represents the expected pattern, and the
code IR constitutes the actual pattern to be verified. To verify the generated code, the Code
Inspector attempts to match the normalized model IR with the normalized code IR.
Figure 1 shows the architecture of Simulink Code Inspector.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 11/33
2-3
Figure 1: Simulink Code Inspector Architecture
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 12/33
2-4
2.2 Simulink Code Inspector Product Identifier
Software Tool Version (Release) Tool Vendor
Simulink Code Inspector Version 2.4 (R2015b) The MathWorks, Inc.3 Apple Hill Drive
Natick, MA, 01760-2098 USADO Qualification Kit Version 3.0 (R2015b)
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 13/33
3 Tool Operational Requirements
The Tool Operational Requirements for the Simulink ® Code Inspector™ code inspection reportare documented in:
Simulink Code Inspector Tool Operational Requirements
To access the tool operational requirements document, on the MATLAB ® command line, type
qualkitdo to open the Artifacts Explorer. The document is in Simulink Code Inspector.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 15/33
4 Certification Considerations
This section provides the certification considerations for the following capabilities of theSimulink ® Code Inspector™ verification tool:
Code inspection report
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 16/33
4-2
4.1 Requirements for QualificationTo determine whether a tool must be qualified, you must answer the following questions. If you
answer yes to all three questions, you must qualify the tool.
Question Code InspectionReport
Can the tool insert an error into the airborne software or fail to detect an existing
error in the software within the scope of its intended usage?
Yes1
Will the output of the tool not be verified as specified in Section 6 of DO-178C,
DO-278A, DO-331, DO-332 or DO-333?
Yes
Are processes of DO-178C, DO-278A, DO-331, DO-332 or DO-333 eliminated,
reduced, or automated by the use of the tool? Will you use output from the tool tomeet an objective or replace an objective of DO-178C, DO-278A, DO-331, DO-
332 or DO-333, Annex A or Annex C?
Yes
1 The code inspection report might fail to detect an error.
Given that the answer to all the preceding questions is yes, the Simulink Code Inspector code
inspection report must be qualified.
To determine the qualification type (Criteria 1, Criteria 2, or Criteria 3), answer the following
questions about the tool:
Question Code InspectionReport
1. Is the tool output part of the airborne software, such that the output can insert
an error into the software?
No
2. Could the tool fail to detect an error in the airborne software and is the toolalso used to justify the elimination or reduction of either of the following:
Verification processes other than that automated by the tool.
Development processes that could have an impact on the airbornesoftware.
Yes
3. Could the tool fail to detect an error in the airborne software? Yes
Because the answer to the preceding first question is no and the second question is yes, the
Simulink Code Inspector code inspection report must be qualified as a Criteria 2 tool following
the DO-330 tool qualification for process for TQL-4.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 17/33
4-3
4.2 Certification CreditThe following table shows the certification credit (see DO-331 Annex A or Annex C Objectives)
being taken for the Simulink Code Inspector code inspection report. DO-331 references are prefaced with MB for the table and section numbers.
Certification Credit for Simulink Code Inspector Code Inspection Report withRespect to DO-331 Objectives
Annex Aor CTable
Objective DO-331Reference
Software orAssuranceLevels
Credit Taken
(in conjunction with othertools)
Table
MB.A-5MB.C-5
Source code
complies with low-level requirement
Section MB.6.3.4.a A, B, C
AL1, AL2, AL3
Full.
TableMB.A-5MB.C-5
Source codecomplies withsoftware architecture
Section MB.6.3.4.b A, B, CAL1, AL2, AL3
Full.
TableMB.A-5
MB.C-5
Source code isverifiable
Section MB.6.3.4.c A, BAL1, AL2
Full.
TableMB.A-5
MB.C-5
Source code istraceable to low-level
requirements
Section MB.6.3.4.e A, B, CAL1, AL2, AL3
Full – Simulink Code Inspector provides traceability data to
demonstrate traceability between the Simulink modeland the generated C code(automatic analysis).
TableMB.A-5
MB.C-5
Source code isaccurate and
consistent
Section MB.6.3.4.f A, B, CAL1, AL2, AL3
Partial – Simulink CodeInspector can detect
uninitialized or unusedvariables or constants in thegenerated C code. Other
issues, such as stack usage,overflows, resource contention,worst case execution time,
exception handling, and datacorruption, must be assessed
by other means.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 19/33
5 Tool Development Life Cycle – Tool Developer
The DO Qualification Kit: Tool Life Cycle Process document comprises the:
Tool Development Plan (DO-330, Section 10.1.3)
Tool Verification Plan (DO-330, Section 10.1.4)
Tool Configuration Management Plan (DO-330, Section 10.1.5)
Tool Quality Assurance Plan (DO-330, Section 10.1.6)
for MathWorks tools being qualified to TQL-4, as defined in DO-178C and DO-330. The DOQualification Kit: Tool Life Cycle Process document provides information about the tool
development life cycle, including:
Development and verification activities
Organizational responsibilities, configuration management and quality assurance
processes
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 21/33
6 Tool Development Life Cycle – Tool User
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 22/33
6-2
6.1 PlanningThe Plan for Software Aspects of Certification (PSAC) or Plan for Software Aspects of
Approval designates that the Simulink Code Inspector code inspection report will be qualified asa Criteria 2 TQL-4 tool, as defined in DO-178C.
This document provides the Tool Qualification Plan for the Simulink Code Inspector code
inspection report.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 23/33
6-3
6.2 Requirements
Tool Operational Requirements for the Simulink Code Inspector are in:
Simulink Code Inspector Tool Operational Requirements, R2015b
qualkitdo_slci_tor_tr_trace.xlsx
Tool Requirements for the Simulink Code Inspector are in:
Simulink Code Inspector Tool Requirements, R2015b
The applicant will:
- Review the Tool Operational Requirements for applicability to the project underconsideration.
- Configure the Tool Operational Requirements in a configuration management system.
User information for the Simulink Code Inspector code inspection report can be found in
“Code Inspections Reports” in the Simulink Code Inspector User’s Guide, R2015b.
User information about Simulink Code Inspector model configuration, block, Stateflow, and
MATLAB function constraints can be found in the following sections in the Simulink Code Inspector Reference, R2015b:
- “Model Configuration Constraint”
- “Block Constraints”
-
“Stateflow
®
Constraints” - “MATLAB Function Block Constraints”
To access the requirements documents, traceability matrix and user information, on the
MATLAB® command line, type qualkitdo to open the Artifacts Explorer. The documents
are in Simulink Code Inspector.
Instructions for installing the Simulink Code Inspector product are at the MathWorksDocumentation Center, R2015b:
Installation
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 24/33
6-4
6.3 VerificationRequirements-based test cases and procedures will be developed from the:
Simulink Code Inspector Tool Operational Requirements, R2015b
Simulink Code Inspector Tool Requirements, R2015b
The test cases and procedures will be developed in the form of Simulink models and code filesthat exercise the Simulink Code Inspector code inspection report.
The test cases and procedures are documented in:
Simulink Code Inspector Test Cases and Procedures, R2015b
qualkitdoSlciRunTests.xls
To access the documents, on the MATLAB command line, type qualkitdo to open the
Artifacts Explorer. The document is in Simulink Code Inspector.
The applicant will:
Review the test cases and procedures for applicability to the project under consideration.
Configure the test cases and procedures in a configuration management system.
Execute the test cases and procedures in the installed environment.
Executing the MATLAB® file listed in the following table opens the corresponding Simulink ®
Report Generator™ re port file, which generates tool verification results in the specified test
reports.
Test Files Test Report
qualkitdoSlciRunTests.mqualkitdoSlciRunTests.rpt
qualkitdoSlciQualificationReport_*.html
The applicant will:
Review the test results. Configure the test results in a configuration management system.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 25/33
7 Additional Considerations
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 26/33
7-2
7.1 IndependenceThe Simulink Code Inspector is used to verify the output of an unqualified development tool,
Embedded Coder ®. Therefore, for Simulink Code Inspector qualification, the developer needs todemonstrate the independence of Simulink Code Inspector and Embedded Coder development.
Reference DO-330, FAQ D.7.
The DO Qualification Kit: Simulink Code Inspector Independence Analysis document providesan independence analysis, including:
Development team independence
Requirements, design and code independence
Dissimilarities in technical approaches
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 27/33
7-3
7.2 Customer Bug Reporting ConsiderationsMathWorks reports known critical bugs brought to its attention on its bug report system at
www.mathworks.com/support/bugreports . The bug reports are an integral part of thedocumentation for each release.
The bug report system provides an interface for customers to view and submit bug reports. Users
can track the status of open bugs. Users can choose to receive notifications for new or updated bug reports. The bug reports on this web site include internally and externally nominated bugs.
If applicable, bug reports include provisions for known workarounds or file replacements.Customers can use the bug report mechanism to nominate bugs. These nominations are
processed and evaluated by The MathWorks, Inc. development organization.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 28/33
7-4
7.3 Protection MechanismsThe Simulink Code Inspector is not a multi-function tool, as defined in DO-330 Section 11.1.
The user does not have the ability to disable any functionality of the Simulink Code Inspector,and all functions execute during the inspection.
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 29/33
8 Tool Life Cycle Data
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 30/33
8-2
The following table shows the life cycle data for the Simulink Code Inspector code inspection
report. The table maps the documents and artifacts to DO-330 life cycle data items.
Simulink Code Inspector—
Code Inspection Report Life Cycle Data
Data Available/Submit
DO-330Reference
Documents/Artifacts
Plan for Software Aspects ofCertification (PSAC) or
Plan for Software Aspects of
Approval (PSAA)
Submit Section 10.1.1 <Insert PSAC or PSAA** reference here.>
Tool Qualification Plan Submit Section 10.1.2 Simulink Code Inspector
Tool Qualification Plan (this document)
Tool Development Plan Available Section 10.1.3 DO Qualification Kit: Tool Life Cycle Process document.
For more information, contact MathWorks.
Tool Verification Plan Available Section 10.1.4 DO Qualification Kit: Tool Life Cycle Process document.
For more information, contact MathWorks.
Tool ConfigurationManagement Plan
Available Section 10.1.5 DO Qualification Kit: Tool Life Cycle Process document.For more information, contact MathWorks.
Tool Quality Assurance Plan Available Section 10.1.6 DO Qualification Kit: Tool Life Cycle Process document.
For more information, contact MathWorks.
Tool Requirements Standards N/A for TQL-4 Section 10.1.7 N/A for TQL-4
Tool Design Standards N/A for TQL-4 Section 10.1.8 N/A for TQL-4
Tool Code Standards N/A for TQL-4 Section 10.1.9 N/A for TQL-4
Tool Life Cycle Environment
Configuration Index
Available Section 10.1.10 Simulink Code Inspector Tool Configuration Index. For more
information, contact MathWorks.
Tool Configuration Index Submit Section 10.1.11 Simulink Code Inspector Tool Configuration Index. For moreinformation, contact MathWorks.
Tool Problem Reports Available Section 10.1.12 MathWorks bug report system atwww.mathworks.com/support/bugreports.
Tool ConfigurationManagement Records
Available Section 10.1.13 Records. For more information, contact MathWorks.
Tool Quality Assurance
Records
Available Section 10.1.14 Reports. For more information, contact MathWorks.
Tool-Specific Information in
SECI
Available Section 10.1.17 <Insert Software Life Cycle Environment Configuration
Index** reference here>
Tool Requirements Available Section 10.2.1 Simulink Code Inspector Tool Requirements
Tool Design Description Available Section 10.2.2 Simulink Code Inspector Tool Architecture document. For
more information, contact MathWorks.
Tool Source Code Available Section 10.2.3 N/A for TQL-4
Tool Executable Object Code Available Section 10.2.4 Provided as part of R2015b
8/20/2019 Qualkitdo Slci Tqp
http://slidepdf.com/reader/full/qualkitdo-slci-tqp 31/33
8-3
Data Available/Submit
DO-330Reference
Documents/Artifacts
Tool Operational
Requirements
Available Section 10.3.1 Simulink Code Inspector
Tool Operational Requirements
Tool Installation Report Submit Section
10.3.2
< Insert reference to ** here.>
Test Cases and Procedures Available Section 10.3.3
10.2.5
Simulink Code Inspector Test Cases and Procedures
qualkitdoSlciRunTests.mqualkitdoSlciRunTests.rptqualkitdoSlciRunTests.xlsx
Test Case Review Checklist . For more information, contactMathWorks.
Test Results Available Section 10.3.4
10.2.6
qualkitdoSlciQualificationReport_*.html
Test Result Review Checklist . For more information, contactMathWorks.
Trace Data Available Section
10.2.7
qualkitdoSlciRunTests.xlsxqualkitdo_slci_tor_trace.xlsx
Compatibility_checks_tests_tracematrix.xlsx Robustness_Testing_trace_to_tr.xlsx
Tool Independence Data Available FAQ D.7 Simulink Code Inspector Independence Analysis Document .For more information, contact MathWorks.
Software AccomplishmentSummary (SAS)
Submit Section 10.1.16 < Insert reference to SAS** here.>
Tool Qualification
Accomplishment Summary
Submit Section 10.1.15 Simulink Code Inspector Tool Qualification Accomplishment
Summary**. For more information, contact MathWorks.
Notes:** To be created by applicant
The applicant must deliver data marked “Submit” to the certification authorities. Data marked “Available”
must be available at the applicant’s or tool vendor’s site for inspection by the certification authorities.