iec certification kit user's guide

IEC Certification KitUser's Guide

R2020a

How to Contact MathWorks

Latest news: www.mathworks.com

Sales and services: www.mathworks.com/sales_and_services

User community: www.mathworks.com/matlabcentral

Technical support: www.mathworks.com/support/contact_us

Phone: 508-647-7000

The MathWorks, Inc.1 Apple Hill DriveNatick, MA 01760-2098

IEC Certification Kit User's Guide© COPYRIGHT 2009–2020 by The MathWorks, Inc.The software described in this document is furnished under a license agreement. The software may be used or copiedonly under the terms of the license agreement. No part of this manual may be photocopied or reproduced in any formwithout prior written consent from The MathWorks, Inc.FEDERAL ACQUISITION: This provision applies to all acquisitions of the Program and Documentation by, for, or throughthe federal government of the United States. By accepting delivery of the Program or Documentation, the governmenthereby agrees that this software or documentation qualifies as commercial computer software or commercial computersoftware documentation as such terms are used or defined in FAR 12.212, DFARS Part 227.72, and DFARS 252.227-7014.Accordingly, the terms and conditions of this Agreement and only those rights specified in this Agreement, shall pertainto and govern the use, modification, reproduction, release, performance, display, and disclosure of the Program andDocumentation by the federal government (or other entity acquiring for or through the federal government) and shallsupersede any conflicting contractual terms or conditions. If this License fails to meet the government's needs or isinconsistent in any respect with federal procurement law, the government agrees to return the Program andDocumentation, unused, to The MathWorks, Inc.

TrademarksMATLAB and Simulink are registered trademarks of The MathWorks, Inc. Seewww.mathworks.com/trademarks for a list of additional trademarks. Other product or brand names may betrademarks or registered trademarks of their respective holders.PatentsMathWorks products are protected by one or more U.S. patents. Please see www.mathworks.com/patents formore information.

https://www.mathworks.com

https://www.mathworks.com/sales_and_services

https://www.mathworks.com/matlabcentral

https://www.mathworks.com/support/contact_us

https://www.mathworks.com/trademarks

https://www.mathworks.com/patents

Revision HistoryMarch 2009 Online only New for Version 1.0 (Applies to Releases 2007a+,

2008a, 2008b, 2009a)September 2009 Online only Revised for Version 1.1 (Applies to Releases 2008a,

2008b, 2009a, 2009a+, 2009b)March 2010 Online only Revised for Version 1.2 (Applies to Release 2010a)September 2010 Online only Revised for Version 1.3 (Applies to Releases

2009bSP1, R2010a, 2010b)April 2011 Online only Revised for Version 1.4 (Applies to Releases

2010bSP1, 2011a)September 2011 Online only Revised for Version 2.0 (Applies to Release 2011b)March 2012 Online only Revised for Version 2.1 (Applies to Release 2012a)September 2012 Online only Revised for Version 3.0 (Applies to Releases

2010bSP2, 2012b)March 2013 Online only Revised for Version 3.1 (Applies to Release 2013a)September 2013 Online only Revised for Version 3.2 (Applies to Release 2013b)March 2014 Online only Revised for Version 3.3 (Applies to Release 2014a)October 2014 Online only Revised for Version 3.4 (Applies to Release 2014b)March 2015 Online only Revised for Version 3.5 (Applies to Release 2015a)September 2015 Online only Revised for IEC Certification Kit Version 3.6 (Applies

to Release 2015b)March 2016 Online only Revised for IEC Certification Kit Version 3.7 (Applies

to Release 2016a)September 2016 Online only Revised for IEC Certification Kit Version 3.8 (Applies

to Release 2016b)March 2017 Online only Revised for IEC Certification Kit Version 3.9 (Applies

to Release 2017a)September 2017 Online only Revised for IEC Certification Kit Version 3.10

(Applies to Release 2017b)March 2018 Online only Revised for IEC Certification Kit Version 3.11

(Applies to Release 2018a)September 2018 Revised for IEC Certification Kit Version 3.12

(Applies to Release 2018b)March 2019 Revised for IEC Certification Kit Version 3.13

(Applies to Release 2019a)September 2019 Revised for IEC Certification Kit Version 3.14

(Applies to Release 2019b)March 2020 Revised for IEC Certification Kit Version 3.15

(Applies to Release 2020a)

Getting Started with IEC Certification Kit1

IEC Certification Kit Product Description . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

License Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Required Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6

Overview of the Components in the IEC Certification Kit . . . . . . . . . . . . . 1-7Certificates and Certification Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8Reference Workflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8Conformance Demonstration Templates (CDT) . . . . . . . . . . . . . . . . . . . . . 1-9ISO 26262 Tool Qualification Packages (TQP) . . . . . . . . . . . . . . . . . . . . . . 1-9Test Procedure and Test Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10Model-Based Design Information (By Standard) . . . . . . . . . . . . . . . . . . . 1-10Software Tool Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

Products Supported by IEC Certification Kit . . . . . . . . . . . . . . . . . . . . . . 1-11

Certification Artifacts for Embedded Coder . . . . . . . . . . . . . . . . . . . . . . . 1-14

Certification Artifacts for Simulink PLC Coder . . . . . . . . . . . . . . . . . . . . . 1-15

Certification Artifacts for HDL Coder . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16

Certification Artifacts for Simulink Design Verifier . . . . . . . . . . . . . . . . . 1-17

Certification Artifacts for Simulink Check . . . . . . . . . . . . . . . . . . . . . . . . 1-18

Certification Artifacts for Simulink Coverage . . . . . . . . . . . . . . . . . . . . . . 1-19

Certification Artifacts for Simulink Requirements . . . . . . . . . . . . . . . . . . 1-20

Certification Artifacts for Polyspace Bug Finder and Polyspace Bug FinderServer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21

Certification Artifacts for Polyspace Code Prover and Polyspace CodeProver Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-22

Certification Artifacts for Simulink Test . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23

Support Artifacts for ISO 26262 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24

Support Artifacts for EN 50128 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25

v

Contents

Support Artifacts for IEC 61508 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26

Support Artifacts for IEC 62304 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27

Support Artifacts for ISO 25119 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28

ISO 26262 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29What Is ISO 26262? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29ISO 26262 Compliance Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29ISO 26262 Tool Qualification Considerations . . . . . . . . . . . . . . . . . . . . . . 1-29

IEC 61508 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31What Is IEC 61508? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31IEC 61508 Compliance Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31IEC 61508 Tool Certification Considerations . . . . . . . . . . . . . . . . . . . . . . 1-32

IEC 62304 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-33What Is IEC 62304? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-33IEC 62304 Tool Certification Considerations . . . . . . . . . . . . . . . . . . . . . . 1-33

EN 50128 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-34What Is EN 50128? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-34EN 50128 Software Tool Considerations . . . . . . . . . . . . . . . . . . . . . . . . . 1-34

IEC 61511 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-35What Is IEC 61511? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-35

ISO 25119 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36What Is ISO 25119? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36

Reference Workflows2

IEC Certification Kit Reference Workflow Overview . . . . . . . . . . . . . . . . . . 2-2

Embedded Coder Reference Workflow Overview . . . . . . . . . . . . . . . . . . . . . 2-4

Simulink PLC Coder Reference Workflow Overview . . . . . . . . . . . . . . . . . . 2-6

HDL Coder Reference Workflow Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Simulink Design Verifier Reference Workflow Overview . . . . . . . . . . . . . 2-11

Simulink Check Reference Workflow Overview . . . . . . . . . . . . . . . . . . . . . 2-13

Simulink Coverage Reference Workflow Overview . . . . . . . . . . . . . . . . . . 2-15

Simulink Requirements Reference Workflow Overview . . . . . . . . . . . . . . 2-16

Polyspace Bug Finder and Polyspace Bug Finder Server ReferenceWorkflow Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18

vi Contents

Polyspace Code Prover and Polyspace Code Prover Server ReferenceWorkflow Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20

Simulink Test Reference Workflow Overview . . . . . . . . . . . . . . . . . . . . . . 2-22

Certification Process3

Define Certification Objectives and Requirements . . . . . . . . . . . . . . . . . . . 3-2

Certify or Qualify Software Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Document Evidence of Using Tools Within Referenced Workflows . . . . . . 3-4Tool Certification Artifacts for ISO 26262, EN 50128, and ISO 25119 . . . . 3-4Tool Certification Artifacts for IEC 61508 and IEC 62304 . . . . . . . . . . . . . 3-5

Validate Software Tools4

Software Tool Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

Test Cases and Procedure for Embedded Coder . . . . . . . . . . . . . . . . . . . . . 4-3

Test Cases and Procedure for Simulink Check . . . . . . . . . . . . . . . . . . . . . . 4-4Add Certification Tests for Custom Checks . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Test Cases and Procedure for Simulink Coverage . . . . . . . . . . . . . . . . . . . 4-6

Test Cases and Procedure for Simulink Requirements . . . . . . . . . . . . . . . 4-7

Test Cases and Procedures for Polyspace Bug Finder and Polyspace BugFinder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Execute Tests by Using MATLAB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8Execute Tests from the IEC Certification Kit matlabroot/ Folder . . . . . . . . 4-9

Test Cases and Procedures for Polyspace Code Prover and Polyspace CodeProver Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14

Execute Tests by Using MATLAB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14Execute Tests from the IEC Certification Kit matlabroot/ Folder . . . . . . . 4-15

Test Cases and Procedure for Simulink Test . . . . . . . . . . . . . . . . . . . . . . . 4-20

Test Cases and Procedure for Simulink Design Verifier . . . . . . . . . . . . . . 4-21

vii

Access and Manage Certification Artifacts5

Access Artifacts in the IEC Certification Kit Artifacts Explorer . . . . . . . . 5-2Open the Artifacts Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2Create Certification Packages in the Artifacts Explorer . . . . . . . . . . . . . . . 5-3Delete Certification Packages from Artifacts Explorer . . . . . . . . . . . . . . . . 5-4

Support Certification-Related Development Activities6

Provide Traceability Between Model Objects, Generated Code, and ModelRequirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

Prerequisites for Generating a Traceability Matrix . . . . . . . . . . . . . . . . . . 6-2Generate a Traceability Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3Add Comments to a Traceability Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4Regenerate the Traceability Matrix Spreadsheet to Retain Comments . . . . 6-5Traceability Matrix Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

Functions7

Model Advisor Checks8

IEC Certification Kit Checks for Bug Reports . . . . . . . . . . . . . . . . . . . . . . . 8-2Display bug reports for IEC Certification Kit . . . . . . . . . . . . . . . . . . . . . . . 8-2Display bug reports for Simulink Check . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2Display bug reports for Simulink Coverage . . . . . . . . . . . . . . . . . . . . . . . . 8-3Display bug reports for Simulink Requirements . . . . . . . . . . . . . . . . . . . . 8-4Display bug reports for Simulink Design Verifier . . . . . . . . . . . . . . . . . . . . 8-4Display bug reports for Simulink PLC Coder . . . . . . . . . . . . . . . . . . . . . . . 8-5Display bug reports for HDL Coder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5Display bug reports for Polyspace Bug Finder . . . . . . . . . . . . . . . . . . . . . . 8-6Display bug reports for Polyspace Bug Finder Server . . . . . . . . . . . . . . . . 8-6Display bug reports for Polyspace Code Prover . . . . . . . . . . . . . . . . . . . . . 8-7Display bug reports for Polyspace Code Prover Server . . . . . . . . . . . . . . . 8-8Display bug reports for Embedded Coder . . . . . . . . . . . . . . . . . . . . . . . . . 8-8Display bug reports for AUTOSAR Blockset . . . . . . . . . . . . . . . . . . . . . . . 8-9Display bug reports for Simulink Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9

viii Contents

Apps9

ix

Getting Started with IEC Certification Kit

• “IEC Certification Kit Product Description” on page 1-2• “License Requirements” on page 1-3• “Required Knowledge” on page 1-6• “Overview of the Components in the IEC Certification Kit” on page 1-7• “Products Supported by IEC Certification Kit” on page 1-11• “Certification Artifacts for Embedded Coder” on page 1-14• “Certification Artifacts for Simulink PLC Coder” on page 1-15• “Certification Artifacts for HDL Coder” on page 1-16• “Certification Artifacts for Simulink Design Verifier” on page 1-17• “Certification Artifacts for Simulink Check” on page 1-18• “Certification Artifacts for Simulink Coverage” on page 1-19• “Certification Artifacts for Simulink Requirements” on page 1-20• “Certification Artifacts for Polyspace Bug Finder and Polyspace Bug Finder Server” on page 1-21• “Certification Artifacts for Polyspace Code Prover and Polyspace Code Prover Server”

on page 1-22• “Certification Artifacts for Simulink Test” on page 1-23• “Support Artifacts for ISO 26262” on page 1-24• “Support Artifacts for EN 50128” on page 1-25• “Support Artifacts for IEC 61508” on page 1-26• “Support Artifacts for IEC 62304” on page 1-27• “Support Artifacts for ISO 25119” on page 1-28• “ISO 26262” on page 1-29• “IEC 61508” on page 1-31• “IEC 62304” on page 1-33• “EN 50128” on page 1-34• “IEC 61511” on page 1-35• “ISO 25119” on page 1-36

1

IEC Certification Kit Product DescriptionQualify code generation and verification tools for ISO 26262 and IEC 61508 certification

IEC Certification Kit provides tool qualification artifacts, certificates, and test suites, and generatestraceability matrices. The kit helps you qualify code generation and verification products andstreamline certification of your embedded systems to ISO® 26262, IEC 61508, EN 50128, ISO 25119,and related functional-safety standards such as IEC 62304. Certificates and assessment reports fromthe certification authority TÜV SÜD are included in the kit for the supported products and standardson page 1-11.

IEC Certification Kit provides ISO 26262 tool classification and qualification work products, togetherwith test suites. It includes templates that let you adapt the work products to meet specific projectneeds. You can generate project-specific artifacts, including traceability matrices coveringrequirements, models, and generated code. Project- and product-specific artifacts can be combined toproduce a complete ISO 26262 tool qualification package for embedded system certification.

Key Features• TÜV SÜD certificates and reports for supported Simulink® products• TÜV SÜD certificates and reports for supported Polyspace® products• ISO 26262 tool classification and qualification work products and test suites• Traceability matrix generation covering requirements, models, and generated code• Customizable templates for delivering documentation to certification authorities• Artifacts explorer for navigating and viewing artifacts for each supported product and standard• Checks for tool-associated bug reports

1 Getting Started with IEC Certification Kit

1-2

License RequirementsThe licensing requirements for the IEC Certification Kit are:

• IEC Certification Kit, Version 3.15• MATLAB®, Version 9.8• Simulink, Version 10.1• MATLAB Report Generator™, Version 5.8• Simulink Report Generator, Version 5.8

The licensing requirements for the MathWorks® tools that can be integrated into the IEC CertificationKit Model-Based Design workflow are as follows:

Polyspace Bug Finder™

To use Polyspace Bug Finder with the IEC Certification Kit, install these MathWorks products:

• Polyspace Bug Finder,Version 3.2

Polyspace Bug Finder Server™

To use Polyspace Bug Finder Server with the IEC Certification Kit, install these MathWorks products:

• Polyspace Bug Finder Server,Version 3.2

Polyspace Code Prover™

To use Polyspace Code Prover with the IEC Certification Kit, install these MathWorks products:

• Polyspace Code Prover, Version 10.2• Polyspace Bug Finder, Version 3.2

Polyspace Code Prover Server

To use Polyspace Code Prover Server with the IEC Certification Kit, install these MathWorksproducts:

• Polyspace Code Prover Server, Version 10.2• Polyspace Bug Finder Server,Version 3.2

Embedded Coder®

To use Embedded Coder with the IEC Certification Kit, install these MathWorks products:

• Embedded Coder, Version 7.4• MATLAB Coder™, Version 5.0• Simulink Coder, Version 9.3• (Recommended) Fixed-Point Designer™, Version 7.0• (Recommended) Stateflow®, Version 10..2• (When applicable) AUTOSAR Blockset, Version 2.2

Simulink Check™

License Requirements

1-3

To use Simulink Check with the IEC Certification Kit, install these MathWorks products:

• Simulink Check, Version 4.5• (Recommended) Fixed-Point Designer, Version 7.0• (Recommended) Stateflow, Version 10.2• (Recommended) Embedded Coder, Version 7.4• (Recommended) Simulink Requirements™, Version 1.5

Simulink Coverage™

To use Simulink Coverage with the IEC Certification Kit, install these MathWorks products:

• Simulink Coverage, Version 5.0• Embedded Coder, Version 7.4 (required for code coverage analysis)• MATLAB Coder, Version 5.0• Simulink Coder, Version 9.3• (Recommended) Fixed-Point Designer, Version 7.0• (Recommended) Simulink Design Verifier™, Version 4.3• (Recommended) Stateflow, Version 10.2

Simulink Requirements

To use Simulink Requirements with the IEC Certification Kit, install these MathWorks products:

• Simulink Requirements, Version 1.5• (Recommended) Simulink Test™, Version 3.2

Simulink Design Verifier

To use Simulink Design Verifier with the IEC Certification Kit, install these MathWorks products:

• Simulink Design Verifier, Version 4.3• Simulink Check, Version 4.5• Simulink Coverage, Version 5.0• (Recommended) Fixed-Point Designer, Version 7.0• (Recommended) Stateflow, Version 10.1

Simulink Test

To use Simulink Test with the IEC Certification Kit, install these MathWorks products:

• Simulink Test, Version 3.2• (Recommended) Fixed-Point Designer, Version 7.0

Simulink PLC Coder™

To use Simulink PLC Coder with the IEC Certification Kit, install these MathWorks products:

• Simulink PLC Coder, Version 3.2

HDL Coder™


1-4

To use HDL Coder with the IEC Certification Kit, install these MathWorks products:

• HDL Coder, Version 3.16• Fixed-Point Designer, Version 7.0• MATLAB Coder, Version 5.0• (Recommended) Signal Processing Toolbox™, Version 8.4• (Recommended) DSP System Toolbox™, Version 9.10• (Recommended) HDL Verifier™, Version 6.1

License Requirements

1-5

Required KnowledgeBefore using the IEC Certification Kit product, make sure that you have:

• Knowledge about developing safety-related software.• Knowledge of the applicable safety standard:

• ISO 26262 Road vehicles - Functional safety• IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related

systems• EN 50128 Railway Applications - Communications, Signalling and Processing Systems -

Software for Railway Control and Protection Systems• IEC 61511 Functional safety - Safety Instrumented Systems for the process industry sector• IEC 62304 Medical device software - Software life cycle processes• ISO 25119Tractors and machinery for agriculture and forestry — Safety-related parts of

control systems• If you are using AUTOSAR Blockset with Embedded Coder, also review the following

standards:

• AUTOSAR Classic Platform• AUTOSAR Adaptive Platform• AUTOSAR Foundation

• Experience with MathWorks products that you use to develop, verify, or validate software forsystems that are required to comply with the applicable standard.

Additional information about the standards with regard to the IEC Certification Kit is provided in:

• “ISO 26262” on page 1-29• “IEC 61508” on page 1-31• “IEC 62304” on page 1-33• “EN 50128” on page 1-34• “IEC 61511” on page 1-35• “ISO 25119” on page 1-36


1-6

Overview of the Components in the IEC Certification Kit

In this section...“Certificates and Certification Reports” on page 1-8“Reference Workflows” on page 1-8“Conformance Demonstration Templates (CDT)” on page 1-9“ISO 26262 Tool Qualification Packages (TQP)” on page 1-9“Test Procedure and Test Cases” on page 1-10“Model-Based Design Information (By Standard)” on page 1-10“Software Tool Inventory” on page 1-10

The IEC Certification Kit provides components that assist in the qualification of MathWorks productsthat are being used in projects that comply with ISO 26262, IEC 61508, EN 50128, IEC 61511, ISO25119, or IEC 62304 standards. Specially, you can use these artifacts, or derivatives thereof, asevidence of compliance with the standards:

• “Certificates and Certification Reports” on page 1-8• “Reference Workflows” on page 1-8• “Conformance Demonstration Templates (CDT)” on page 1-9• “ISO 26262 Tool Qualification Packages (TQP)” on page 1-9• “Test Procedure and Test Cases” on page 1-10• “Model-Based Design Information (By Standard)” on page 1-10• “Software Tool Inventory” on page 1-10

The IEC Certification Kit artifacts are not accessible from the MathWorks website, they are onlyavailable in the Artifacts Explorer. For more information, see “Access Artifacts in the IEC CertificationKit Artifacts Explorer” on page 5-2.

Additional components in the IEC Certification Kit allow you to:

• Create and manage project-specific certification packages on page 5-2• Generate traceability matrices covering model requirements, model objects, and generated code.

on page 6-2• Use test procedures for automated tool validation.• Review tool-associated bug reports.

Note Neither compliance with nor certification to the applicable safety standard ensure the safety ofthe software or the system under consideration. However, the applicable safety standard may beconsidered a state-of-the-art or generally accepted rules of technology (GART) for the development ofsafety-related systems in your industry. A certification might be used as evidence that state-of-the-artprocedures were applied during system development.

The rights.txt file describes allowed uses of the IEC Certification Kit product. You can find the fileat matlabroot/toolbox/qualkits/iec.


1-7

matlab:certkitiec

Certificates and Certification ReportsCertificates and certification reports are issued by TÜV SÜD, a German-based certification authority,as evidence that the product is suitable for use in development processes which need to comply withIEC 61508, EN 50128, IEC 61511, IEC 62304, ISO 25119, or qualified according to ISO 26262.

Each certificate has a certificate number that is specific to the tool and is referenced by thecertification report. .

The certification report provides results of the audit of the tool by the TÜV SÜD and includes thesesections:

• Purpose and Scope - Provides the purpose and scope of the TÜV SÜD evaluation of the product.TÜV SÜD audits the MathWorks development organization responsible for the product to assesstheir development and quality assurance processes.

• Product Overview - Provides a general description and overview of how the product is used withother products in development processes that must comply with standards.

• Identification - Identifies product releases that are covered by the audit report.• Certification - Provides descriptions of the standards and the basis of the TÜV SÜD certification.• Results - Provides the audit results, including:

• Software development and quality engineering processes.• Customer bug reporting processes.• Requirements on software tools in IEC 61508, ISO 26262, IEC 62304, ISO 25119, and EN

50128.• Tool classification and validation according to IEC 61508, IEC 62304, ISO 25119, and ISO

26262.• General Conditions and Restrictions - Provides conditions and restrictions on the product

suitability for use in development processes that must comply with ISO 26262, IEC 61508, EN50128, IEC 62304, ISO 25119, or IEC 61511.

• Summary and Certificate Number

,

Reference WorkflowsDescribes a reference workflow in which the product is used in Model-Based Design developmentprocesses that must comply with ISO 26262, IEC 61508, EN 50128, IEC 62304, ISO 25119, or IEC61511.

The IEC Certification Kit product follows an in-context approach to tool certification and qualification.This approach is based on the reference workflows used when applying the certified and qualifiedtools to develop or verify software for ISO 26262, IEC 61508, IEC 62304, ISO 25119, and EN 50128applications. You must establish that the tools are used within the referenced workflows andconstraints specified in the Certificate Reports.

The reference workflow:

• Describes activities intended to comply with applicable requirements of the overall software safetylifecycles defined by IEC 61508-3, ISO 26262, IEC 62304, ISO 25119, and EN 50128.


1-8

https://www.tuev-sued.de/company



• Addresses risk levels:

• ASIL A - ASIL D, according to ISO 26262• SIL 1 - SIL 4, according to IEC 61508• Class A - Class C, according to IEC 62304• SIL 0 - SIL 3/4, according to EN 50128• SLR B, 1, 2, 3, according to ISO 25119

Note You can use the conformance demonstration template (CDT) to assess your workflowconformance to ISO 26262, IEC 61508, IEC 62304, ISO 25119, or EN 50128.

Conformance Demonstration Templates (CDT)A template that you can use to demonstrate your workflow conformance to ISO 26262, IEC 61508,IEC 62304, ISO 25119, or EN 50128.

The conformance demonstration template provides checklists with measures and techniques that youcan use to assess your workflow conformance to the standards. The reference workflow describeshow the product is used in Model-Based Design development processes that must comply with thestandards.

For each technique or measure in the checklist, you can state the degree to which you applied thetechnique or measure for application under consideration:

• Used• Used to a limited degree• Not used

Also, you can state how you used the technique or measure in the application under consideration. Ifthe reference workflow includes alternative means for compliance, you can indicate what variant youused.

ISO 26262 Tool Qualification Packages (TQP)Intended for use in the ISO 26262 tool classification and qualification process for software tools, theTQP contains templates for these ISO 26262 tool qualification work products (see ISO 26262-8,Clause 11):

• Software Tool Criteria Evaluation Report documenting the tool classification. The report lists thetool environment, configuration, reference workflow, and tool use cases.

• Software Tool Qualification Report documenting the tool qualification, if required.• Confirmation Review of Tool Classification and Qualification.

ISO 26262-8, Clause 11 provides provisions for software tools that are used to tailor activities ortasks required by ISO 26262. To establish the required confidence in such tools, the standard outlinesa two-step approach:

• Tool classification determines the required Tool Confidence Level (TCL) of the software tool.


1-9

• Depending on the result of the tool classification, you might need to carry out a formal toolqualification.

Test Procedure and Test CasesTest cases and procedures used to support tool validation. Tool validation is a method listed in ISO26262 and IEC 61503–3 for tool qualification. Based on your adherence to the reference workflow,desired certification rigor, or project-specific needs, the tool might require tool qualification.

The detailed test procedure for each tool is specified in the corresponding Execute Validation Testsand Review Test Results for <Product> artifact (certkitiec_<product>_run.mlx). Use thisartifact to execute the test cases and procedure in the installed and configured environment.

Model-Based Design Information (By Standard)Provides suggestions for leveraging MathWorks products to address the techniques, methods, andmeasures requirements that are specified in the standards.

The IEC Certification Kit provides the following Model-Based Design Information artifacts:

• Model-Based Design for ISO 26262• Model-Based Design for EN 50128• Model-Based Design for IEC 61508• Model-Based Design for IEC 62304• Model-Based Design for ISO 25119

Software Tool InventoryA template that you can use to list the software tools you used in your project, along with thecorresponding tool classification, qualification, and certification documentation.


1-10

Products Supported by IEC Certification KitThe following table identifies the products that are supported in the IEC Certification Kit. You can usethe information in the table to determine the products and standards that are supported for eachrelease.

Note The IEC Certification Kit for a release can include certification artifacts for products in aprevious release. This inclusion occurs, for example, when the IEC Certification Kit supports a newstandard or a new product.

Products Supported by IEC Certification Kit

1-11

IEC Certification Kit Support for Standards

SupportedProduct

SupportedProductRelease

IEC Certification Kit ReleaseIEC61508:2010

ISO26262:2018

EN 50128:2011

IEC62304:2015

ISO 25119:2018

IEC61511:2016

EmbeddedCoder

R2011a -R2020a

R2011a -R2020a

R2012a -R2020a

R2012a -R2020a

R2016a -R2020a

R2020a -

AUTOSARBlockset

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2020a -

SimulinkPLC Coder

R2010a -R2020a

R2011a -R2020a

R2018b -R2020a

R2017b -R2020a

R2016a -R2020a

R2020a R2010b -R2020a

HDL Coder R2020a R2020a R2020a R2020a R2020a R2020a SimulinkCheck

R2017b -R2020a

R2017b -R2020a

R2017b -R2020a

R2017b -R2020a

R2017b -R2020a

R2020a -

SimulinkCoverage

R2017b -R2020a

R2017b -R2020a

R2017b -R2020a

R2017b -R2020a

R2017b -R2020a

R2020a -

SimulinkRequirements

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2020a -

SimulinkDesignVerifier

R2011a -R2020a,R2010bSP1a

R2011a -R2020a

R2012a -R2020a

R2012a -R2020a

R2016a -R2020a

R2020a -

PolyspaceBug Finder

R2013b -R2020a

R2013b -R2020a

R2013b -R2020a

R2013b -R2020a

R2016a -R2020a

R2020a -

PolyspaceBug FinderServer

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2020a -

PolyspaceCode Prover

R2013b -R2020a

R2013b -R2020a

R2013b -R2020a

R2013b -R2020a

R2016a -R2020a

R2020a -

PolyspaceCode ProverServer

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2019a -R2020a

R2020a -

SimulinkTest

R2015b -R2020a

R2015b -R2020a

R2015b -R2020a

R2015b -R2020a

R2016a -R2020a

R2020a -

Real-TimeWorkshop®

EmbeddedCoder

R2008a -R2010b,R2009bSP1,R2010bSP1,R2010bSP2b

R2012a -R2012b

R2012a -R2012b

R2012a -R2012b

- - -

SimulinkVerificationandValidation™

R2011a -R2017a,R2010bSP1c

R2011a -R2017a

R2012a -R2017a

R2012a -R2017a

R2016a -R2017a

- -


1-12

SupportedProduct

SupportedProductRelease

IEC Certification Kit ReleaseIEC61508:2010

ISO26262:2018

EN 50128:2011

IEC62304:2015

ISO 25119:2018

IEC61511:2016

PolyspaceClient™ forC/C++ andPolyspaceServer forC/C++

R2008a -R2008b,R2009b -R2013a,R2009a+d

R2011a -R2013a

R2012a -R2013a

R2012a -R2013a

- - -

PolyspaceVerifier forC

R2007a+e R2011a - R2012a - - -

a. Initial Support was R2011a - current releaseb. Initial Support was R2010a - 2012b, R2009a+, R2009b+c. Initial Support was R2011a - R2017ad. Initial Support was R2010a - R2013a, R2009b+e. Initial Support was R2009a+

Products Supported by IEC Certification Kit

1-13

Certification Artifacts for Embedded CoderTÜV SÜD has certified specific versions of Embedded Coder for use in development processes thatare required to comply with ISO 26262, IEC 61508, IEC 62304, ISO 25119, or EN 50128. Theseproduct versions are also prequalified according to ISO 26262-8 for Automotive Safety IntegrityLevels ASIL A through ASIL D.

Note AUTOSAR Blockset is certified for use with Embedded Coder.

The IEC Certification Kit contains certification artifacts for:

• Embedded Coder, version 7.4 (R2020a)• (when applicable) AUTOSAR Blockset, version 2.2 (R2020a)

Note Embedded Coder was not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certification artifacts. The certification artifacts are locatedin Embedded Coder.

Details on the certification artifacts are in the certificate reports.

Component File“Certificates and Certification Reports” on page 1-8 certkitiec_ecoder_certificate.pdf

certkitiec_ecoder_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_ecoder_workflow.pdf“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_ecoder_cdt.docx/.pdf

“ISO 26262 Tool Qualification Packages (TQP)” onpage 1-9

certkitiec_ecoder_tqp.docx/.pdf

“Test Procedure and Test Cases” on page 1-10 certkitiec_ecoder_tests.mcertkitiec_ecoder_modelList.m/tests/*/outputs/*/baseline/*


1-14

matlab:certkitiec

Certification Artifacts for Simulink PLC CoderTÜV SÜD certified specific versions of Simulink PLC Coder for use in development processes that arerequired to comply with ISO 26262, IEC 61508, IEC 62304, IEC 61511, ISO 25119,or EN 50128.These product versions are also prequalified according to ISO 26262-8 for Automotive SafetyIntegrity Levels ASIL A through ASIL D.


• Simulink PLC Coder, version 3.2 (R2020a)

Note Simulink PLC Coder was not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certification artifacts. The certification artifacts are locatedin Simulink PLC Coder.


Component File“Certificates and Certification Reports” on page 1-8 certkitiec_plccoder_certificate.pdf

certkitiec_plccoder_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_plccoder_workflow.pdf“ISO 26262 Tool Qualification Packages (TQP)” onpage 1-9

certkitiec_plccoder_tqp.docx/.pdf

“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_plccoder_cdt.docx/.pdf

Certification Artifacts for Simulink PLC Coder

1-15

matlab:certkitiec

Certification Artifacts for HDL CoderTÜV SÜD certified specific versions of HDL Coder for use in development processes that are requiredto comply with ISO 26262, IEC 61508, IEC 62304, IEC 61511, ISO 25119, or EN 50128. Theseproduct versions are also prequalified according to ISO 26262-8 for Automotive Safety IntegrityLevels ASIL A through ASIL D.


• HDL Coder, version 3.16 (R2020a)

Note HDL Coder was not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certification artifacts. The certification artifacts are locatedin HDL Coder.


Component File“Certificates and Certification Reports” on page 1-8 certkitiec_hdlcoder_certificate.pdf

certkitiec_hdlcoder_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_hdlcoder_workflow.pdf“ISO 26262 Tool Qualification Packages (TQP)” onpage 1-9

certkitiec_hdlcoder_tqp.docx/.pdf

“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_hdlcoder_cdt.docx/.pdf


1-16

matlab:certkitiec

Certification Artifacts for Simulink Design VerifierTÜV SÜD has certified specific versions of Simulink Design Verifier for use in development processesthat are required to comply with ISO 26262, IEC 61508, IEC 62304, , ISO 25119, or EN 50128. Theseproduct versions are also prequalified according to ISO 26262-8 for Automotive Safety IntegrityLevels ASIL A through ASIL D.


• Simulink Design Verifier, version 4.3 (R2020a)

Note Simulink Design Verifier was not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certifications. The certification artifacts are located inSimulink Design Verifier.


Component File“Certificates and Certification Reports” on page 1-8 certkitiec_sldv_certificate.pdf

certkitiec_sldv_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_sldv_workflow.pdf“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_sldv_cdt.docx/.pdf


certkitiec_sldv_tqp.docx/.pdf

“Test Procedure and Test Cases” on page 1-10 certkitiec_sldv_rs.rpt/tests/*/expected_results/*

Certification Artifacts for Simulink Design Verifier

1-17

matlab:certkitiec

Certification Artifacts for Simulink CheckTÜV SÜD has certified specific versions of Simulink Check for use in development processes that arerequired to comply with ISO 26262, IEC 61508, IEC 62304, ISO 25119, or EN 50128. These productversions are also prequalified according to ISO 26262-8 for Automotive Safety Integrity Levels ASIL Athrough ASIL D.


• Simulink Check, version 4.5 (R2020a)

Note Simulink Check was not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certification artifacts. The certification artifacts are locatedin Simulink Check.


Component File“Certificates and Certification Reports” on page 1-8 certkitiec_slchk_certificate.pdf

certkitiec_slchk_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_slchk_workflow.pdf“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_slchk_cdt.docx/.pdf/.pdf


certkitiec_slchk_tqp.docx/.pdf

“Test Procedure and Test Cases” on page 1-10 certkitiec_slchk_tests.rpt/.xls/tests/*/expected_results/*


1-18

matlab:certkitiec

Certification Artifacts for Simulink CoverageTÜV SÜD has certified specific versions of Simulink Coverage for use in development processes thatare required to comply with ISO 26262, IEC 61508, IEC 62304, ISO 25119, or EN 50128. Theseproduct versions are also prequalified according to ISO 26262-8 for Automotive Safety IntegrityLevels ASIL A through ASIL D.


• Simulink Coverage, version 5.0 (R2020a)

Note Simulink Coverage was not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certification artifacts. The certification artifacts are locatedin Simulink Coverage.


Component File“Certificates and Certification Reports” on page 1-8 certkitiec_slcov_certificate.pdf

certkitiec_slcov_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_slcov_workflow.pdf“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_slcov_cdt.docx/.pdf


certkitiec_slcov_tqp.docx/.pdf

“Test Procedure and Test Cases” on page 1-10 certkitiec_slcov_cc.rpt/.xlscertkitiec_slcov_dv.rpt/.xlscertkitiec_slcov_lut.rpt/.xlscertkitiec_slcov_sf.rpt/.xlscertkitiec_slcov_sl.rpt/.xlscertkitiec_slcov_sr.rpt/.xls/tests/*/expected_results/*

Certification Artifacts for Simulink Coverage

1-19

matlab:certkitiec

Certification Artifacts for Simulink RequirementsTÜV SÜD has certified specific versions of Simulink Requirements for use in development processesthat are required to comply with ISO 26262, IEC 61508, IEC 62304, ISO 25119, or EN 50128. Theseproduct versions are also prequalified according to ISO 26262-8 for Automotive Safety IntegrityLevels ASIL A through ASIL D.


• Simulink Requirements, version 1.5 (R2020a)

Note Simulink Requirements was not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certification artifacts. The certification artifacts are locatedin Simulink Requirements.


Component File“Certificates and Certification Reports” on page 1-8 certkitiec_slreq_certificate.pdf

certkitiec_slreq_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_slreq_workflow.pdf“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_slreq_cdt.docx/.pdf


certkitiec_slreq_tqp.docx/.pdf

“Test Procedure and Test Cases” on page 1-10 certkitiec_slreq_rs.rptcertkitiec_slreq_trace.xlsx/tests/*/expected_results/*


1-20

matlab:certkitiec

Certification Artifacts for Polyspace Bug Finder and PolyspaceBug Finder Server

TÜV SÜD certified specific versions of Polyspace Bug Finder and Polyspace Bug Finder Server for usein development processes that are required to comply with ISO 26262, IEC 61508, IEC 62304, ISO25119, or EN 50128. These product versions are also prequalified according to ISO 26262-8 forAutomotive Safety Integrity Levels ASIL A through ASIL D.


• Polyspace Bug Finder, version 3.2 (R2020a)• Polyspace Bug Finder Server, version 3.2 (R2020a)

Note These products were not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certification artifacts. The certification artifacts are locatedin Polyspace Bug Finder.

Component File“Certificates and Certification Reports” on page 1-8 certkitiec_bugfinder_certificate.pdf

certkitiec_bugfinder_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_bugfinder_workflow.pdf“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_bugfinder_cdt.docx/.pdf


certkitiec_bugfinder_tqp.docx/.pdf

“Test Procedure and Test Cases” on page 1-10 Polyspace Bug Finder

/tests/* (including /tests/certkitiec_bugfinder_tests.bat/.sh)/tests/<execution-folder-bug-finder>/*/expected_results/reporting-bug-finder/*Polyspace Bug Finder Server

/tests/* (including /tests/certkitiec_bugfinderserver_tests.bat/.sh)/tests/execution-folder-bug-finder-server/*/expected_results/reporting-bug-finder-server/*

Software Quality Objectives for Source Code certkitiec_bugfinder_sqo.pdf

Certification Artifacts for Polyspace Bug Finder and Polyspace Bug Finder Server

1-21

matlab:certkitiec

Certification Artifacts for Polyspace Code Prover andPolyspace Code Prover Server

TÜV SÜD certified specific versions of Polyspace Code Prover and Polyspace Code Prover Server foruse in development processes that are required to comply with ISO 26262, IEC 61508, IEC 62304,ISO 25119, or EN 50128. These product versions are also prequalified according to ISO 26262-8 forAutomotive Safety Integrity Levels ASIL A through ASIL D.


• Polyspace Code Prover, version 10.2 (R2020a)• Polyspace Code Prover Server, version 10.2 (R2020a)

Note These products were not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certification artifacts. The certification artifacts are locatedin Polyspace Code Prover.

Component File“Certificates and Certification Reports” on page 1-8 certkitiec_codeprover_certificate.pdf

certkitiec_codeprover_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_codeprover_workflow.pdf“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_codeprover_cdt.docx/.pdf


certkitiec_codeprover_tqp.docx/.pdf

“Test Procedure and Test Cases” on page 1-10 Polyspace Bug Finder

/tests/* (including /tests/certkitiec_codeprover_tests.bat/.sh)/tests/execution-folder-code-prover/*/expected_results/reporting-code-prover/*Polyspace Code Prover Server

/tests/* (including /tests/certkitiec_codeproverserver_tests.bat/.sh)/tests/execution-folder-code-prover-server/*/expected_results/reporting-code-prover-server/*

Software Quality Objectives for Source Code certkitiec_codeprover_sqo.pdf


1-22

matlab:certkitiec

Certification Artifacts for Simulink TestTÜV SÜD has certified specific versions of Simulink Test for use in development processes that arerequired to comply with ISO 26262, IEC 61508, IEC 62304, ISO 25119, or EN 50128. These productversions are also prequalified according to ISO 26262-8 for Automotive Safety Integrity Levels ASIL Athrough ASIL D.


• Simulink Test, version 3.2 (R2020a)

Note Simulink Test was not developed using an IEC 61508 certified process.

Open the Artifacts Explorer to access the certification artifacts. The certification artifacts are locatedin Simulink Test.


Component File“Certificates and Certification Reports” on page 1-8 certkitiec_sltest_certificate.pdf

certkitiec_sltest_certreport.pdf“Reference Workflows” on page 1-8 certkitiec_sltest_workflow.pdf“Conformance Demonstration Templates (CDT)” onpage 1-9

certkitiec_sltest_cdt.docx/.pdf


certkitiec_sltest_tqp.docx/.pdf

“Test Procedure and Test Cases” on page 1-10 certkitiec_sltest_rs.rpt/tests/*/expected_results/*

Certification Artifacts for Simulink Test

1-23

matlab:certkitiec

Support Artifacts for ISO 26262The following table identifies the artifacts in theIEC Certification Kit that support ISO 26262compliance.

Open the Artifacts Explorer to access the certification artifacts.

Component FileModel-Based Design for ISO 26262 on page 1-10 certkitiec_mbd_iso26262.docx/.pdf“Software Tool Inventory” on page 1-10 certkitiec_tools.docx/.pdf“Reference Workflows” on page 1-8 certkitiec_workflow.pdf


1-24

matlab:certkitiec

Support Artifacts for EN 50128The following table identifies the artifacts in the IEC Certification Kit that support EN 50128compliance.


Component FileModel-Based Design for EN 50128 on page 1-10 certkitiec_mbd_en50128.docx/.pdf“Software Tool Inventory” on page 1-10 certkitiec_tools.docx/.pdf“Reference Workflows” on page 1-8 certkitiec_workflow.pdf

Support Artifacts for EN 50128

1-25

matlab:certkitiec

Support Artifacts for IEC 61508The following table identifies the artifacts in the IEC Certification Kit that support IEC 61508compliance:


Component FileModel-Based Design for IEC 61508 on page 1-10 certkitiec_mbd_iec61508.docx/.pdf“Software Tool Inventory” on page 1-10 certkitiec_tools.docx/.pdf“Reference Workflows” on page 1-8 certkitiec_workflow.pdf


1-26

matlab:certkitiec

Support Artifacts for IEC 62304The following table identifies the artifacts in the IEC Certification Kit that support IEC 62304compliance:


Component FileModel-Based Design for IEC 62304 on page 1-10 certkitiec_mbd_iec62304.docx/.pdf“Software Tool Inventory” on page 1-10 certkitiec_tools.docx/.pdf“Reference Workflows” on page 1-8 certkitiec_workflow.pdf

Support Artifacts for IEC 62304

1-27

matlab:certkitiec

Support Artifacts for ISO 25119The following table identifies the artifacts in the IEC Certification Kit that support ISO 25119compliance:


Component FileModel-Based Design for ISO 25119 on page 1-10 certkitiec_mbd_iso25119.docx/.pdf“Software Tool Inventory” on page 1-10 certkitiec_tools.docx/.pdf“Reference Workflows” on page 1-8 certkitiec_workflow.pdf


1-28

matlab:certkitiec

ISO 26262

What Is ISO 26262?ISO 26262 is an international functional safety standard titled Road vehicles — Functional safety. ISO26262 is the adaptation of IEC 61508 to comply with needs specific to the application sector of E/Esystems1 within road vehicles.

ISO published the ISO 26262 standard in 2011. It consists of ten parts, referred to as ISO 26262-1 toISO 26262-10. The standards were revised in 2018.

Part 2 (ISO 26262-2) Management of functional safety specifies the requirements on functional safetymanagement for automotive applications. Part 5 (ISO 26262-5) : Product Development at theHardware Level specifies the architecture, verification, and testing for hardware implementation.Part 6 (ISO 26262-6) Product development: software level pertains to software development,verification, and validation. It includes guidance for projects using Model-Based Design and codegeneration. Part 8 (ISO 26262-8) Supporting processes addresses multiple cross-functional topics,including the classification and qualification of software tools. Part 11 (ISO 26262-11) Guidelines onapplication of ISO 26262 to semiconductor specifies measures to avoid systematic failures for PLCusers.

The required degree of rigor for software development, verification, and validation varies, dependingon how critical the software is. It is expressed in terms of Automotive Safety Integrity Levels (ASILs)A to D. For example, a measure or technique listed in ISO 26262 might be recommended for ASIL Aand ASIL B, and highly recommended for ASIL C and ASIL D.

ISO 26262 Compliance ConsiderationsISO 26262-2 lays out confirmation measures to be carried out in order to claim compliance with thestandard.

ISO 26262 Tool Qualification ConsiderationsISO 26262-8 provides a framework for software tool classification and qualification to provideevidence that a software tool is suitable for use when developing safety-related software. In this way,confidence can be achieved in the correct execution of the activities and tasks supported by this tool(see ISO 26262-8, Clause 11).

To determine the required level of confidence in a software tool (tool confidence level, TCL), theapplicant shall analyze the use cases for the software tool. The analysis determines:

• If a malfunctioning software tool and the erroneous output of the tool can lead to the violation of asafety requirement.

• The probability of preventing or detecting such errors in the output.

The evaluation considers tool-internal measures (for example, monitoring), as well as tool-externalmeasures (for example, guidelines, tests, reviews) that the applicant implements in the developmentprocess for the safety-related software.

1. Systems that consists of electrical and electronic elements, including: programmable electronic elements, powersupplies, input devices, communication paths, and output devices.

ISO 26262

1-29

The required TCL, together with the ASIL of the software developed using the tool, determineswhether the tool must be qualified and allows the selection of relevant qualification methods.

Regardless of the tool qualification, the tool user is and remains fully responsible for the safety of thesystem and its embedded software.


1-30

IEC 61508

What Is IEC 61508?IEC 61508 is an international, industry-independent functional safety standard, titled Functionalsafety of electrical/electronic/programmable electronic safety-related systems. The seven parts of thestandard (referred to as IEC 61508-1 to IEC 61508-7) were published in 2010.

IEC 61508-3 Software Requirements concerns software development, verification, and validation. Byconstraining the processes used for software development and quality assurance, the intention of theIEC 61508-3 standard is to:

• Reduce the number of errors introduced during software development.• Increase the number of errors revealed by verification and validation activities.

IEC 61508 is a prescriptive standard, providing detailed lists of techniques and measures withrecommendations. The required degree of rigor for software development, verification, and validationvaries, depending on how critical the software is. The standard expresses the degree of rigor in termsof Safety Integrity Levels (SILs). For example, IEC-61508-3 might recommend a measure ortechnique for SIL 1 and 2, and highly recommend it for SIL 3 and 4.

Note IEC 61508 recommends the avoidance of SIL 4 safety functions; it is the responsibility of thetool user to check measures like use of diverse tools for the same purpose, other risk reductionmeasures, etc.

To help with the selection of techniques and measures relevant for a required SIL, annexes A and B ofIEC 61508-3 provide software safety integrity tables. The tables list the techniques and measuresrecommended for each SIL. The standard organizes the tables based on the different softwarelifecycle phases. IEC 61508-7 Overview of techniques and measures provides detailed descriptions ofselected measures and techniques.

IEC 61508 Compliance ConsiderationsIEC 61508 certification confirms that a product or system complies with objectives set by thestandard.

You can get IEC 61508 compliance certified by an independent, external certification authority, suchas Technischer Überwachungsverein (TÜV) in Germany. Upon granting certification, the certificationauthority issues a certificate and, if applicable, a certificate report. A certificate report is a technicalreport that accompanies the certificate. The certificate report documents details of the certificationprocess and constraints for the certificate.

An applicant might self-certify a system. Self-certification requires the applicant to demonstrate IEC61508 compliance to an internal assessor, without requiring external certification. In this case,aspects of the standard might be relaxed or tightened.

Regardless of how an applicant achieves certification, the applicant shall document compliance withthe relevant set of IEC 61508 requirements. For software, the applicant typically creates customizedinstances of software safety integrity tables. The tables describe how you interpreted and appliedeach recommended technique and measure for the software under development. If a highly

IEC 61508

1-31

recommended technique or measure is not used, the rationale shall be documented and agreed uponwith the certification authority or internal assessor.

The customized software safety integrity tables serve as partial evidence to demonstrate that theobjectives of the standard are met. To facilitate certification, the applicant should submit an initialversion of the tables early in the software development lifecycle to the certification authority orinternal assessor for discussion and approval.

IEC 61508 Tool Certification ConsiderationsThe intention of the IEC 61508 standard is to regulate the development of safety-related systems, notthe development of software tools used to design, verify, and validate these systems. However, IEC61508 includes some requirements on the usage of software tools. In particular, IEC 61508-3, clause7.4.4 provides requirements for tools used to develop safety-related software, including a toolclassification scheme and requirements for tool validation.

IEC 61508-3, table A.3 highly recommends certified tools and translators for safety integrity levelsSIL 2 and higher.

Different tool certification approaches have been proposed and pursued in practice. A recentapproach is in-context certification of tools. In-context certification is based on a specific workflow orset of workflows to be used when applying the tool to develop or verify software for IEC 61508compliant or certified applications. For an in-context certification, the certification package includes areference workflow document in addition to a certificate and certificate report. The applicant shallensure the tool is used within the workflows referenced and the constraints specified in theirrespective certificates.

Regardless of the tool certification, the tool user is and remains fully responsible for the safety of thesystem and its embedded software.


1-32

IEC 62304

What Is IEC 62304?IEC 62304 is an international safety standard, titled Medical device software – Software life cycleprocesses. The standard, first published in 2006 and followed with Amendment 1 in 2015, describesthe software development and maintenance processes required for medical device software. Therequired processes, tasks, and activities are impacted by the hazard (risk to patient, caregiver, orenvironment) level of the device software. The hazard levels are divided into 3 safety classes:

• Class A - No injury or damage to health is possible• Class B - Non-serious injury is possible• Class C - Death or serious injury is possible

IEC 62304 Tool Certification ConsiderationsIEC 62304 does not directly address software tool qualification. However, IEC 62304 C.1 states thatIEC 61508-7 can be looked to as a source of methods, tools and techniques that can be used toimplement the requirements in IEC 62304. IEC 62304 C.7 provides the relationship to IEC 61508.

IEC 62304

1-33

EN 50128

What Is EN 50128?EN 50128 is a European safety standard titled Railway applications - Communications, signalling andprocessing systems - Software for railway control and protection systems. The standard specifiesprocedures and technical requirements for the development of programmable electronic systems foruse in railway control and protection applications. EN 50128, developed by the European Committeefor Electrotechnical Standardization (CENELEC), is part of a series of standards that represent therailway application-specific interpretation of the IEC 61508 standard series.

EN 50128 Software Tool ConsiderationsRequirements for support tools are specified in clause 6.7 of the EN 50128 standard. The objective ofthis clause is “to provide evidence that potential failures of tools do not adversely affect theintegrated tool set output in a safety related manner that is undetected by technical and/ororganizational measures outside the tool.” (EN 50128:2011).


1-34

IEC 61511

What Is IEC 61511?IEC 61511 is an international functional safety standard titled Functional safety - SafetyInstrumented Systems for the process industry sector. IEC 61511 has been developed as a processsector implementation of IEC 61508. The standard consists of three parts, referred to as IEC 61511-1to IEC 61511-3. Part 1 (IEC 61511-1) covers framework, definitions, and system, hardware, andsoftware requirements.

IEC 61511

1-35

ISO 25119

What Is ISO 25119?ISO 25119 is an international functional safety standard titled Tractors and machinery for agricultureand forestry — Safety-related parts of control systems. The standard specifies procedures andtechnical requirements for the development of electrical and/or electronic and/or programmableelectronic systems (E/E/PES) on tractors used in agriculture and forestry, and on self-propelled ride-on machines and mounted, semi-mounted and trailed machines used in agriculture.

The required degree of rigor for software development, verification, and validation varies, dependingon how critical the software is. It is expressed in terms of Software Requirement Levels (SRLs) B, 1,2, and 3.


1-36

Reference Workflows

2

IEC Certification Kit Reference Workflow OverviewThe IEC Certification Kit Reference Workflow describes the software development and verificationactivities that are part of the IEC Certification Kit Model-Based Design workflow.

The following figure shows a typical software development process using Simulink family of products,and indicates the model evolution phase with an ellipse (…). The solid line arrows show theprogression of the development and implementation activities. As depicted by the blue boxes, thesoftware development activities include:

• Requirements authoring by using Simulink Requirements• Modeling by using Simulink, Stateflow, and Fixed-Point Designer• Code generation by using Embedded Coder• Compilation

Software Development Processes

The following figure illustrates the verification and validation activities, as depicted using dashedlines, in the IEC Certification Kit Model-Based Design workflow. Depending on the tools you use, theverification and validation activities can include:

• Processor-in-the-loop testing by using Simulink Test• Model analysis by using Simulink Check, Simulink Coverage, and Simulink Design Verifier• Static code analysis by using Polyspace Bug Finder, Polyspace Bug Finder Server, Polyspace Code

Prover, and Polyspace Code Prover Server• Prevention of unintended functionality by using the IEC Certification Kit, Simulink Coverage, and

Simulink Code Inspector™• Verification linking between tests and requirements by using Simulink Requirements

2 Reference Workflows

2-2

Verification and Validation Processes in the Model-Based Design Workflow

To access the IEC Certification Kit Reference Workflow document, open the Artifacts Explorer. UnderSupporting Artifacts, open the certkitiec_workflow.pdf file.

IEC Certification Kit Reference Workflow Overview

2-3

matlab:certkitiec

Embedded Coder Reference Workflow OverviewThe Embedded Coder Reference Workflow describes a workflow for application-specific verificationand validation of models and generated C and C++ code developed using Model-Based Design withproduction code generation. Users of the Embedded Coder software shall carry out this workflow aspart of the overall ISO 26262, IEC 61508, IEC 62304, ISO 25119, or EN 50128 software safetylifecycle. Model-Based Design enables automatic generation of production-quality code fromexecutable graphical models that you can deploy onto embedded systems. Simulink products fromMathWorks have become an accepted standard for Model-Based Design. “Simulink”, “Fixed-PointDesigner”, and “Stateflow” software support graphical modeling with time-based block diagrams andevent-based state machines. “Embedded Coder” supports code generation for embedded systems.

If generated C or C++ code is being deployed in safety-related applications, modeling and codegeneration are to be complemented by measures and techniques to verify and validate the model andthe generated C or C++ code. Applying these measures and techniques in an application-specificmanner serves the purpose of translation validation.2 A successful translation validation provides ahigh degree of confidence that, for the design instance under consideration, the output of the codegenerator, compiler, and linker tool chain exhibits equivalent input-output behavior as the model usedfor production code generation.

The workflow presented in the Embedded Coder Reference Workflow describes a translationvalidation process intended to comply with applicable requirements of the overall software safetylifecycle defined by ISO 26262-6, IEC 61508-3, IEC 62304, and EN 50128 respectively, as they relateto verification and validation of models and generated code. The workflow addresses risk levels ASILA – ASIL D according to ISO 26262, SIL 1 – SIL 4 according to IEC 61508, Class A – Class Caccording to IEC 62304, SRL B, 1, 2, 3 according to ISO 25119, and SIL 0 – SIL 4 according to EN50128.


Completing the verification and validation workflow is considered to be equivalent to the use of acertified code generation tool chain consisting of a code generator, compiler, and linker to developthe application under consideration (justification specified in IEC 61508-3 clause 7.4.4.3).

To fulfill objectives of ISO 26262-6, IEC 61508-3, IEC 62304, ISO 25119, or EN 50128 related tosoftware development processes, verifying and validating the application software underdevelopment (translation validation) is required regardless of the tool chain you use.

The workflow for application-specific verification and validation of models and generated C and C++code outlined in the Embedded Coder Reference Workflow divides the translation validation processinto two steps:

1 Design verification: Demonstrate that the model used for production code generation behaves asspecified in its requirements.

2 Code verification: Demonstrate equivalence between the model and the corresponding objectcode.

2. A. Pnueli, M. Siegel, E. Singerman: Translation Validation. Lecture Notes in Computer Science, Vol. 1384, pp. 151-166.Springer, 1998


2-4

The first step combines suitable verification and validation techniques at the model level. The secondstep relies mainly on behavioral and structural comparison between the model and the generatedcode. With this two-step approach, you can complete verification and validation activities, mostly atthe model level. You can reuse model-level tests that are required to verify the generated code.

The responsibility for carrying out this workflow can rest with multiple parties, e.g., can be sharedbetween an OEM and its supplier. The division of responsibility shall be documented.

The following image illustrates the integration of Embedded Coder into the IEC Certification KitModel-Based Design workflow.

Verification and Validation of Models and Generated C and C++ Code in the Model-Based DesignWorkflow

To access the Embedded Coder Reference Workflow document, open the Artifacts Explorer. UnderEmbedded Coder, open the certkitiec_ecoder_workflow.pdf file.

Embedded Coder Reference Workflow Overview

2-5

matlab:certkitiec

Simulink PLC Coder Reference Workflow OverviewThe Simulink PLC Coder Reference Workflow describes a workflow for application-specificverification and validation of models and structured text or ladder diagram code developed usingModel-Based Design with PLC code generation. Users of the Simulink PLC Coder software shall carryout this workflow as part of the overall ISO 26262, IEC 61508, IEC 62304, IEC 61511, ISO 25119, orEN 50128 safety lifecycle. Model-Based Design enables automatic generation of IEC 61131-3:2013structured text or ladder diagram code from executable graphical models that can be deployed ontoProgrammable Logic Controllers (PLCs). Simulink products from MathWorks have become anaccepted standard for Model-Based Design. “Simulink” and “Stateflow” software support graphicalmodeling with time-based block diagrams and event-based state machines. The MATLAB Functionblock allows including MATLAB algorithms in Simulink models.“Simulink PLC Coder” softwaresupports the generation of IEC 61131 compliant structured text or ladder diagram code based onSimulink models and Stateflow charts.

If generated structured text or ladder diagram code is being deployed in safety-related applications,modeling and PLC code generation are to be complemented by measures and techniques to verify andvalidate the model and the generated PLC code. Applying these measures and techniques in anapplication-specific manner serves the purpose of translation validation.3 A successful translationvalidation provides a high degree of confidence that — for the design instance under consideration —the output of the code generator and programmable logic controller integrated developmentenvironment (PLC IDE) tool chain exhibits equivalent input-output behavior as the model used forPLC code generation.

The Simulink PLC Coder Reference Workflow describes a translation validation process intended tocomply with applicable requirements of the overall safety lifecycle defined by ISO 26262-6, IEC61508-3, IEC 62304, IEC 61511, ISO 25119, and EN 50128 as they relate to verification andvalidation of models and generated structured text or ladder diagram code. The workflow addressesrisk levels SIL 1 - SIL 4 according to IEC 61511.

Note IEC 61511 does not address SIL 4 application programming. If your risk level is SIL 4,development shall follow IEC 61508-3. However, IEC 61508 recommends the avoidance of SIL 4safety functions; it is the responsibility of the tool user to check measures like use of diverse tools forthe same purpose, other risk reduction measures, etc.

Completing the verification and validation workflow is considered to be equivalent to the use of acertified PLC code generation tool chain to develop the application under consideration (IEC 61508-3,clause 7.4.4.10).

Fulfilling the objectives of ISO 26262-6, IEC 61508-3, IEC 61511-1, IEC 62304, ISO 25119, and EN50128 related to software development processes requires verifying and validating the PLCapplication software under development (translation validation).

The workflow for application-specific verification and validation of models and generated PLC codeoutlined in the Simulink PLC Coder Reference Workflow divides the translation validation processinto two steps:




2-6

2 PLC code verification: Demonstrate equivalence between the model and the generated PLC code.

The first step combines suitable verification and validation techniques at the model level. The secondstep relies mainly on comparing the model and the generated PLC code. With this two-step approach,you can complete verification and validation activities, mostly at the model level. Reuse model-leveltests when verifying the generated PLC code.

Overview of the Workflow for Application-Specific Verification and Validation of Models andGenerated PLC Code

To access the Simulink PLC Coder Reference Workflow document, open the Artifacts Explorer. UnderSimulink PLC Coder, open the certkitiec_plccoder_workflow.pdf file.

Simulink PLC Coder Reference Workflow Overview

2-7

matlab:certkitiec

HDL Coder Reference Workflow OverviewModel-Based Design enables automatic generation of HDL code from executable graphical modelsthat can be used for FPGA (field-programmable gate array) programming or ASIC (application-specific integrated circuit) prototyping and design. Simulink products from MathWorks have becomean accepted standard for Model-Based Design. Simulink and Stateflow software support graphicalmodeling with time-based block diagrams and event-based state machines. The MATLAB Functionblock allows you to including MATLAB algorithms in Simulink models. HDL Coder supports thegeneration of HDL code based on Simulink models, including Stateflow charts and MATLABfunctions.

If generated HDL code is being deployed in safety-related applications, modeling and HDL codegeneration are to be complemented by measures and techniques to verify and validate the model andthe generated HDL code. Applying these measures and techniques in an application-specific mannerserves the purpose of translation validation.1 A successful translation validation provides a highdegree of confidence that — for the design instance under consideration — the output of the codegenerator and HDL development tool chain exhibits equivalent input-output behavior as the modelused for HDL code generation.

The HDL Coder Reference Workflow describes a translation validation process intended to complywith applicable requirements of the overall safety lifecycle defined by ISO 26262-5, ISO 26262-6, ISO26262-11, IEC 61508-2, IEC 62304, ISO 25119, and EN 50128 as they relate to verification andvalidation of models and generated HDL code.

Note ISO 26262-5 Product development at the hardware level references ISO 26262-11 forprogrammable hardware elements such as ASIC and FPGA. ISO 26262-11 references ISO 26262-6 formodel-based design development aspects.

4

The workflow addresses safety risk levels ASIL A – ASIL D according to ISO 26262, SIL 1 - SIL 4according to IEC 61508, Class A – Class C according to IEC 62304, SRL B, 1, 2, 3 according to ISO25119, and SIL 0 – SIL 4 according to EN 50128.


Completing the verification and validation workflow is considered to be equivalent to the use of acertified HDL code generation tool chain to develop the application under consideration (IEC61508-3, clause 7.4.4.10).

Fulfilling the objectives of ISO 26262-6, IEC 61508-3, IEC 61511-1, IEC 62304, ISO 25119, and EN50128 related to software development processes requires verifying and validating the HDLapplication software under development (translation validation).



2-8

The workflow for application-specific verification and validation of models and generated HDL codeoutlined in the HDL Coder Reference Workflow divides the translation validation process into twosteps:


2 HDL code verification: Demonstrate equivalence between the model and the generated HDLcode.

The first step combines suitable verification and validation techniques at the model level. The secondstep relies mainly on comparing the model and the generated HDL code. With this two-step approach,you can complete verification and validation activities, mostly at the model level. Reuse model-leveltests when verifying the generated HDL code.

Overview of the Workflow for Application-Specific Verification and Validation of Models andGenerated HDL Code

HDL Coder Reference Workflow Overview

2-9

To access the HDL Coder Reference Workflow document, open the Artifacts Explorer. Under HDLCoder, open the certkitiec_hdlcoder_workflow.pdf file.


2-10

matlab:certkitiec

Simulink Design Verifier Reference Workflow Overview“Simulink Design Verifier” uses formal methods to identify hidden design errors in models. It detectsblocks in the model that result in integer overflow, dead logic, array access violations, and division byzero. It can formally verify that the design meets functional requirements. For each design error orrequirements violation, it generates a simulation test case for debugging.

Simulink Design Verifier generates test cases for model coverage and custom objectives to extendexisting requirements-based test cases. These test cases drive your model to satisfy condition,decision, modified condition/decision (MCDC), and custom coverage objectives. In addition tocoverage objectives, you can specify custom test objectives to automatically generate requirements-based test cases.

The Simulink Design Verifier Reference Workflow provides a reference workflow for Simulink DesignVerifier. In particular, it describes how to:

• Leverage the test case generation and design error detection capabilities of Simulink DesignVerifier in the Model-Based Design workflow

• Facilitate seamless functioning of the test case generation capability of the Simulink DesignVerifier tool.

• Assess the completeness and adequacy of the generated test cases.

When using the Simulink Design Verifier software to leverage the certification or qualification creditafforded by the IEC Certification Kit, you shall carry out this workflow as part of the overall ISO26262, IEC 61508, EN 50128, ISO 25119, or IEC 62304 software safety lifecycle.

The Simulink Design Verifier Reference Workflow describes the test case generation and design errordetection capabilities of Simulink Design Verifier as part of a Model-Based Design process. You canuse the test case generation capability to generate test cases for the executable specification, themodel used for production code generation, or any other interim model created during the modelingphase. You can use the generated test cases to stimulate the executable specification or another stageof the Model-Based Design workflow. You can use the design error detection capability to detect deadlogic, integer or fixed-point data overflow, division by zero, and violations of specified intermediateminimum and maximum values.

The following image illustrates the integration of Simulink Design Verifier into the IEC CertificationKit Model-Based Design workflow.

Simulink Design Verifier Reference Workflow Overview

2-11

Simulink Design Verifier in the Model-Based Design Workflow

To access the Simulink Design Verifier Reference Workflow document, open the Artifacts Explorer.Under Simulink Design Verifier, open the certkitiec_sldv_workflow.pdf file.


2-12

matlab:certkitiec

Simulink Check Reference Workflow Overview“Simulink Check” provides industry-recognized checks and metrics that identify standard andguideline violations during development. Supported high-integrity software development standardsinclude DO-178, ISO 26262, IEC 61508, IEC 62304, and MathWorks Advisory Board (MAB)guidelines. Edit-time checks identify compliance issues as you edit. You can create custom checks tocomply with your own standards or guidelines.

Simulink Check provides metrics such as size and complexity that you can use to evaluate yourmodel’s architecture and compliance to standards. A consolidated metrics dashboard lets you assessdesign status and quality. Automatic model refactoring lets you replace duplicate design elements,reduce design complexity, and identify reusable content. The Model Slicer tool isolates problematicbehavior in a model and generates a simplified model for debugging.

.

The Simulink Check Reference Workflow provides a reference workflow for Simulink Check. Inparticular, it describes how to:

• Leverage the model compliance checking capability of Simulink Checkin the Model-Based Designworkflow

• Check that this capability is functioning as expected

When using the Simulink Check software to leverage the certification or qualification credit affordedby the IEC Certification Kit, you shall carry out this workflow as part of the overall ISO 26262, IEC61508, EN 50128, ISO 25119, or IEC 62304 software safety lifecycle.

You can use the model compliance checking capabilities of Simulink Check to verify or validate theexecutable specification, the model used for production code generation, or other interim modelscreated during the modeling phase. After model compliance checking, Simulink Check automaticallyfixes the reported issues. The fixes are applied to the model being checked initially.

The following image illustrates the integration of Simulink Check into the IEC Certification Kit Model-Based Design workflow.

Simulink Check Reference Workflow Overview

2-13

Model Compliance Checking in the Model-Based Design Workflow

To access the Simulink Check Reference Workflow document, open the Artifacts Explorer. UnderSimulink Check, open the certkitiec_slchk_workflow.pdf file.


2-14

matlab:certkitiec

Simulink Coverage Reference Workflow OverviewSimulink Coverage allows you to identify untested portions of models and source code usingstructural coverage metrics.

The Simulink Coverage Reference Workflow provides a reference workflow for Simulink Coverage. Inparticular, it describes how to:

• Leverage the model and code coverage analysis capability of Simulink Coverage in the Model-Based Design workflow

• Check that these capabilities are functioning as expected

When using the Simulink Coverage software to leverage the certification or qualification creditafforded by the IEC Certification Kit, you shall carry out this workflow as part of the overall ISO26262, IEC 61508, EN 50128, ISO 25119, or IEC 62304 software safety lifecycle.

You can use the model and code coverage analysis capabilities of Simulink Coverage to verify thecompleteness of the test cases, using model and code coverage to indicate untested model and codeelements.

The following image illustrates the integration of Simulink Coverage into the IEC Certification KitModel-Based Design workflow.

Model and Code Coverage Analysis in the Model-Based Design Workflow

To access the Simulink Coverage Reference Workflow document, open the Artifacts Explorer. UnderSimulink Coverage, open the certkitiec_slcov_workflow.pdf file.

Simulink Coverage Reference Workflow Overview

2-15

matlab:certkitiec

Simulink Requirements Reference Workflow OverviewSimulink Requirements allows you to author and manage requirements and requirement links, reviewrequirements implementation and verification status, and track changes of requirement links.

The Simulink Requirements Reference Workflow provides a reference workflow for SimulinkRequirements. In particular, it describes how to:

• Leverage the requirements authoring, managing, and reviewing capabilities of SimulinkRequirements in a Model-Based design workflow


When using the Simulink Requirements software to leverage the certification or qualification creditafforded by the IEC Certification Kit, you shall carry out this workflow as part of the overall ISO26262, IEC 61508, EN 50128, ISO 25119, or IEC 62304 software safety lifecycle.

You can use Simulink Requirementsto author textual requirements and add bidirectional linksbetween requirements, model elements, source code and tests. Simulink Requirements alsogenerates implementation and verification status metrics, which can be used to assess completenessof requirements, software architecture and design and coverage of requirements by tests. SimulinkRequirements tracks changes to requirements links, ensuring consistency of requirements, design,code and tests.

The following image illustrates the integration of Simulink Requirements into the IEC CertificationKit Model-Based Design workflow.


2-16

Simulink Requirements in the Model-Based Design Workflow

To access the Simulink Requirements Reference Workflow document, open the Artifacts Explorer.Under Simulink Requirements, open the certkitiec_slreq_workflow.pdf file.

Simulink Requirements Reference Workflow Overview

2-17

matlab:certkitiec

Polyspace Bug Finder and Polyspace Bug Finder ServerReference Workflow Overview

“Polyspace Bug Finder” identifies run-time errors, concurrency issues, security vulnerabilities, andother defects in C and C++ embedded software. Using static analysis, including semantic analysis,Polyspace Bug Finder analyzes software control, data flow, and interprocedural behavior. Byhighlighting defects as soon as they are detected, it lets you triage and fix bugs early in thedevelopment process.Polyspace Bug Finder checks compliance with coding rule standards such asMISRA C®, MISRA C++, JSF++, CERT® C, CERT C++, and custom naming conventions. It generatesreports consisting of bugs found, code-rule violations, and code quality metrics, including cyclomaticcomplexity.

“Polyspace Bug Finder Server” is a static analysis engine that identifies common classes of bugs in Cand C++, including run-time errors, concurrency issues, and other coding defects. Polyspace BugFinder Server also checks source code for adherence to coding rules (MISRA C, MISRA C++, JSF++), security rules (CWE, CERT-C, CERT-C++, ISO/IEC 17961), and custom rules. With Polyspace BugFinder Server you can monitor code metrics including cyclomatic complexity, stack usage, and HISmetrics at the project, file, and function levels. You can configure the server for use with variouscompilers, target processors, and RTOS environments, and automate execution with continuousintegration systems using tools such as Jenkins.

The Polyspace Bug Finder and Polyspace Bug Finder Server Reference Workflow provides a referenceworkflow for the Polyspace Bug Finder and Polyspace Bug Finder Server products. In particular, itdescribes how to:

• Leverage the coding standard compliance analysis, code size and complexity metricsdetermination, and software quality metrics determination capabilities of Polyspace Bug Finderand Polyspace Bug Finder Server in the software life cycle


The reference workflow presented in Polyspace Bug Finder and Polyspace Bug Finder ServerReference Workflow describes activities intended to comply with applicable requirements of theoverall software safety lifecycles defined by IEC 61508-3, ISO 26262-6, EN 50128, IEC 62304, ISO25119, respectively, as they relate to verification and analysis of handwritten, generated, or mixedsource code. The workflow addresses risk levels ASIL A - ASIL D according to ISO 26262, SIL 1 - SIL4 according to IEC 61508, Class A – Class C according to IEC 62304, SRL B, 1, 2, 3 according to ISO25119, and SIL 0 - SIL 4 according to EN 50128.


You can use Polyspace Bug Finder and Polyspace Bug Finder Server for:

• Analyzing compliance to code standards• Code size and complexity metrics determination• Software quality metrics determination

The following image illustrates the integration of Polyspace Bug Finder and Polyspace Bug FinderServer into the IEC Certification Kit Model-Based Design workflow. Solid arrows in the figure indicate


2-18

the succession of software development activities. Models used for production code generation cancontain handwritten source code. For example, C code contained in user S-functions. For example, Ccode contained in user S-functions. This mixed-code use case is indicated by the dashed arrowbetween the handwritten C/C++ code and model used for production code generation boxes.

Source Code Analysis Using Polyspace Bug Finder and Polyspace Bug Finder Server in the Model-Based Design Workflow

To access the Polyspace Bug Finder and Polyspace Bug Finder Server Reference Workflow document,open the Artifacts Explorer. Under Polyspace Bug Finder, open thecertkitiec_bugfinder_workflow.pdf file.

Polyspace Bug Finder and Polyspace Bug Finder Server Reference Workflow Overview

2-19

matlab:certkitiec

Polyspace Code Prover and Polyspace Code Prover ServerReference Workflow Overview

“Polyspace Code Prover” is a sound static analysis tool that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and other run-time errors in C and C++ source code. It producesresults without requiring program execution, code instrumentation, or test cases. Polyspace CodeProver uses semantic analysis and abstract interpretation based on formal methods to verify softwareinterprocedural, control, and data flow behavior. You can use it to verify handwritten code, generatedcode, or a combination of the two. Each code statement is color-coded to indicate whether it is free ofrun-time errors, proven to fail, unreachable, or unproven.Polyspace Code Prover displays rangeinformation for variables and function return values, and can prove which variables exceed specifiedrange limits. Code verification results can be used to track quality metrics and check conformancewith your software quality objectives. Polyspace Code Prover can be used with the Eclipse™ IDE toverify code on your desktop.

“Polyspace Code Prover Server” is a sound static analysis engine that proves the absence of overflow,divide-by-zero, out-of-bounds, array access, and certain other run-time errors in C and C++ code. Itperforms interprocedural analysis of all possible control and data flows, including multi-threadedcode, to identify each operation as always safe, always faulty, unreachable, or vulnerable. PolyspaceCode Prover Server identifies code segments that are free of run-time errors, proven to fail,unreachable, or unproven. Polyspace Code Prover Server can run on a server-class machine and canbe integrated into build and continuous integration systems for automated verification using toolssuch as Jenkins.

The Polyspace Code Prover and Polyspace Code Prover Server Reference Workflow provides areference workflow for Polyspace Code Prover and Polyspace Code Prover Server products. Inparticular, it describes how to:

• Leverage the code verification, unreachable code analysis, call tree computation, global variableusage analysis, and quality metrics reporting capabilities of Polyspace Code Prover and PolyspaceCode Prover Server in the software life cycle


The reference workflow presented in this document describes activities intended to comply withapplicable requirements of the overall software safety lifecycles defined by IEC 61508-3, ISO26262-6, EN 50128, IEC 62304, ISO 25119, respectively, as they relate to verification and analysis ofhandwritten, generated, or mixed source code. The workflow addresses risk levels ASIL A - ASIL Daccording to ISO 26262, SIL 1 - SIL 4 according to IEC 61508, Class A – Class C according to IEC62304, SRL B, 1, 2, 3 according to ISO 25119, and SIL 0 - SIL 4 according to EN 50128.


You can use Polyspace Code Prover and Polyspace Code Prover Server for:

• Verifying code• Analyzing unreachable code• Call tree computation


2-20

• Analyzing global variable usage• Software quality metrics determination

The following image illustrates the integration of Polyspace Code Prover and Polyspace Code ProverServer into the IEC Certification Kit Model-Based Design workflow. Solid arrows in the figure indicatethe succession of software development activities. Models used for production code generation cancontain handwritten source code. For example, C code contained in user S-functions. For example, Ccode contained in user S-functions. This mixed-code use case is indicated by the dashed arrowbetween the handwritten C/C++ code and model used for production code generation boxes.

Source Code Analysis and Verification Using Polyspace Code Prover and Polyspace Code ProverServer

To access the Polyspace Code Prover Polyspace Code Prover Server Reference Workflow document,open the Artifacts Explorer. Under Polyspace Code Prover, open thecertkitiec_codeprover_workflow.pdf file.

Polyspace Code Prover and Polyspace Code Prover Server Reference Workflow Overview

2-21

matlab:certkitiec

Simulink Test Reference Workflow OverviewSimulink Test provides tools for authoring, managing, and executing systematic, simulation-basedtests of models, generated code, and simulated or physical hardware. It includes simulation, baseline,and equivalence test templates that let you perform functional, unit, regression, and back-to-backtesting using software-in-the-loop (SIL), processor-in-the-loop (PIL), and real-time hardware-in-the-loop (HIL) modes. With Simulink Test you can create nonintrusive test harnesses to isolate thecomponent under test. You can define requirements-based assessments using a text-based language,and specify test input, expected outputs, and tolerances in a variety of formats, including Microsoft®

Excel®. Simulink Test includes a Test Sequence block that lets you construct complex test sequencesand assessments, and a test manager for managing and executing tests. Observer blocks let youaccess any signal or state in the design without changing the model or the model interface. Largesets of tests can be organized and executed in parallel or on continuous integration systems.

The reference workflow presented in Simulink® Test™ Reference Workflow describes activitiesintended to comply with applicable requirements of the overall software safety lifecycles defined byIEC 61508-3, ISO 26262-6, IEC 62304, ISO 25119, and EN 50128 as they relate to verification andanalysis of hand-written, generated, or mixed source code. The workflow addresses risk levels ASIL A- ASIL D according to ISO 26262, SIL 1 - SIL 4 according to IEC 61508, Class A - Class C according toIEC 62304, SRL B, 1, 2, 3 according to ISO 25119, and SIL 0 - SIL 4 according to EN 50128.


You can use the Simulink Test capabilities to test:

• Models for production code generation• Interim models created during the modeling phase• Executable object code using the software-in-the-loop (SIL) and processor-in-the-loop (PIL)

features of Simulink

In addition, you can use Simulink Test to:

• Compare simulation and object code test results to expected results.• Generate reports containing simulation and test results, including requirement traceability.

The following image illustrates the integration of Simulink Test into the IEC Certification Kit Model-Based Design workflow.


2-22

Simulink Test in the Model-Based Design Workflow

To access the Simulink Test Reference Workflow document, open the Artifacts Explorer. UnderSimulink Test, open the certkitiec_sltest_workflow.pdf file.

Simulink Test Reference Workflow Overview

2-23

matlab:certkitiec

Certification Process

• “Define Certification Objectives and Requirements” on page 3-2• “Certify or Qualify Software Tools” on page 3-3• “Document Evidence of Using Tools Within Referenced Workflows” on page 3-4

3

Define Certification Objectives and RequirementsBefore using the IEC Certification Kit product, define your certification objectives and requirements.

• Identify the scope of your certification activities, such as the application to certify.• Decide on the applicable safety standards and the required Safety Integrity Level (SIL),

Automotive Safety Integrity Level (ASIL), or Software Requirement Level (SRL).• Determine the software development processes and software tool chain to use.• Define tool certification or qualification requirements, including the tools and versions to certify or

qualify.

3 Certification Process

3-2

Certify or Qualify Software ToolsThe ISO 26262, IEC 61508, IEC 62304, ISO 25119, and EN 50128 standards include requirements orrecommendations to use certified or qualified tools. You can use tool certification or prequalificationevidence from the IEC Certification Kit product to document compliance with the requirements orrecommendations concerning tool certification or qualification.

Note Using certified or qualified tools does not ensure the safety of the application underdevelopment.

The IEC Certification Kit provides tool certification and prequalification evidence for the supportedproducts. To review the products that are supported in the current version of the IEC CertificationKit, see “Products Supported by IEC Certification Kit” on page 1-11,

The IEC Certification Kit product follows an in-context approach to tool certification and qualification.This approach is based on specific workflows to be used when applying the certified and qualifiedtools to develop or verify software for ISO 26262, IEC 61508, IEC 62304, ISO 25119, and EN 50128applications. The applicant must ensure that the tools are used within the referenced workflows andconstraints specified in the certificates.

Certify or Qualify Software Tools

3-3

Document Evidence of Using Tools Within ReferencedWorkflows

Use IEC Certification Kit artifact templates to document evidence of using MathWorks tools withinreferenced workflows and with the constraints specified in the corresponding certificate. Thedocumentation activities for each tool can include the following:

• Customize and complete the “Conformance Demonstration Templates (CDT)” on page 1-9 providedfor the tool.

• For ISO 26262 tool qualification, review the “ISO 26262 Tool Qualification Packages (TQP)” onpage 1-9 template provided for the tool for applicability to the application under consideration,and tailor and complete the information.

Note Some safety standards, including IEC 61508 and IEC 62304, do not have a formal concept ofcertification credits. The amount of credit for the use of certified or qualified tools depends on theapplicant's development, verification and validation processes, and how the applicant uses the toolswithin those processes. The applicant should propose and discuss an initial version of the compliancepackage, including tool qualification data, with the certification authority or internal assessor early inthe development lifecycle.

Tool certification artifacts are available in the Artifacts Explorer. To review the tool-specific filenames for the artifacts, see:

• “Certification Artifacts for Embedded Coder” on page 1-14 (includes AUTOSAR when applicable)• “Certification Artifacts for Simulink PLC Coder” on page 1-15• “Certification Artifacts for HDL Coder” on page 1-16• “Certification Artifacts for Simulink Design Verifier” on page 1-17• “Certification Artifacts for Simulink Check” on page 1-18• “Certification Artifacts for Simulink Coverage” on page 1-19• “Certification Artifacts for Simulink Requirements” on page 1-20• “Certification Artifacts for Polyspace Bug Finder and Polyspace Bug Finder Server” on page 1-21• “Certification Artifacts for Polyspace Code Prover and Polyspace Code Prover Server” on page 1-

22• “Certification Artifacts for Simulink Test” on page 1-23

Tool Certification Artifacts for ISO 26262, EN 50128, and ISO 25119The IEC Certification Kit provides support for creating tool-specific qualification artifacts that can beused as evidence of compliance to ISO 26262, EN 50128, and ISO 25119 functional safety standards.

To review a list of tools that are certified for use in the current version of the IEC Certification Kit,see “Products Supported by IEC Certification Kit” on page 1-11.

For information about the standards, see:

• “ISO 26262” on page 1-29

3 Certification Process

3-4

matlab:certkitiec

• “EN 50128” on page 1-34• “ISO 25119” on page 1-36

Tool Certification Artifacts for IEC 61508 and IEC 62304The IEC Certification Kit provides support for creating tool-specific qualification artifacts that can beused as evidence of compliance to IEC 61508 and IEC 62304 standards.

Note IEC 62304 does not directly address software tool qualification. However, IEC 62304 C.1 statesthat IEC 61508-7 can be looked to as a source of methods, tools, and techniques that can be used toimplement the requirements in IEC 62304. IEC 62304 C.7 provides the relationship to IEC 61508.

To review a list of tools that are certified for use in the current version of the IEC Certification Kit,see “Products Supported by IEC Certification Kit” on page 1-11.

For information about the standards, see:

• “IEC 61508” on page 1-31• “IEC 62304” on page 1-33

Purpose Standards References Certification ArtifactsTool certification evidence for codegenerator

• IEC 61508-3 Clause 7.4.4• IEC 61508-3 Table A-3 (4a)"Certified tools and certifiedtranslators"

“Certificates and CertificationReports” on page 1-8

Documentation of referenceworkflow

N/A “Reference Workflows” on page 1-8

Evidence for using the codegenerator within the referencedworkflows and within theconstraints specified in itscertificate

N/A Customized and completed“Conformance DemonstrationTemplates (CDT)” on page 1-9

Documentation for tool criteriaevaluation, classification, andqualification

N/A “ISO 26262 Tool QualificationPackages (TQP)” on page 1-9

Document Evidence of Using Tools Within Referenced Workflows

3-5

Validate Software Tools

• “Software Tool Validation” on page 4-2• “Test Cases and Procedure for Embedded Coder” on page 4-3• “Test Cases and Procedure for Simulink Check” on page 4-4• “Test Cases and Procedure for Simulink Coverage” on page 4-6• “Test Cases and Procedure for Simulink Requirements” on page 4-7• “Test Cases and Procedures for Polyspace Bug Finder and Polyspace Bug Finder Server”

on page 4-8• “Test Cases and Procedures for Polyspace Code Prover and Polyspace Code Prover Server”

on page 4-14• “Test Cases and Procedure for Simulink Test” on page 4-20• “Test Cases and Procedure for Simulink Design Verifier” on page 4-21

4

Software Tool ValidationSome safety standards recommend the validation of software tools, using application-independenttest cases, to:

• Demonstrate that a software tool complies with its specified requirements.• Examine the reaction of the software tool to anomalous operating conditions.

The IEC Certification Kit product provides test cases and test procedures that you can use toautomate tool validation for the products which require validation as described in the tool’s ToolQualification Package documents. To review a list of these products, see “Products Supported by IECCertification Kit” on page 1-11.

Review the test cases to assess their applicability to your tool usage. Based on your tool usage,additional test cases might be required to support tool validation. You can modify and add to theexiting test cases to provide test suites that cover the requirements that are relevant for yourapplication, your specific tool configuration, and operating environment.

Test cases are available in the Artifacts Explorer.

Note MATLAB acknowledges the Automotive Code Validation Suite (AVS) as the initial test suiteused with Embedded Coder.

To execute the product-specific test procedure, see:

• “Test Cases and Procedure for Embedded Coder” on page 4-3• “Test Cases and Procedure for Simulink Check” on page 4-4• “Test Cases and Procedure for Simulink Coverage” on page 4-6• “Test Cases and Procedure for Simulink Requirements” on page 4-7• “Test Cases and Procedures for Polyspace Bug Finder and Polyspace Bug Finder Server” on page

4-8• “Test Cases and Procedures for Polyspace Code Prover and Polyspace Code Prover Server” on

page 4-14• “Test Cases and Procedure for Simulink Test” on page 4-20• “Test Cases and Procedure for Simulink Design Verifier” on page 4-21

Note Changing the tool installation can affect tool behavior, therefore requiring you to revalidate thetool. When you install a release update or a patch to address issues in the Bug Report, you mustrepeat these steps to verify that the tool satisfies the requirements.

4 Validate Software Tools

4-2

matlab:certkitiec

Test Cases and Procedure for Embedded CoderBased on your adherence to the Embedded Coder Reference workflow, desired certification rigor orproject-specific needs, the tool confidence level may be TCL2 or higher and require tool qualification.You can use the test cases and procedures to support tool validation, a method listed in ISO 26262 fortool qualification. You might need additional test cases, based on your tool usage, to validateEmbedded Coder, Stateflow and Simulink.

The procedure for validating Embedded Coder is available in the Execute Validation Tests and ReviewTest Results for Embedded Coder artifact. This artifact provides:

• Software requirements to execute the test procedure• Configuration steps• How to execute the test procedure• A list of generated test reports and how to review the test results

Note MathWorks acknowledges the Automotive Code Validation Suite (AVS) as the initial test suiteused with Embedded Coder.

Use one of these methods to open Execute Validation Tests and Review Test Results for EmbeddedCoder :

• In the Simulink toolstrip, open the IEC Certification Kit app and select Embedded Coder fromthe Run Validation Tests options.

• In the Artifacts Explorer, open Embedded Coder > certkitiec_ecoder_run.mlx.

The document opens in MATLAB. Follow the workflow to configure and execute the test procedureand review the results. Where applicable, you find interactive links that execute commands. Forexample, to execute the test procedure, select the (Click here to execute the command) link. Thescript executes the command and runs the tests.

Test Cases and Procedure for Embedded Coder

4-3

matlab:certkitiec

Test Cases and Procedure for Simulink CheckThe test cases are templates that you can modify and extend to create test suites that cover therequirements that are relevant for your application, your specific tool configuration, and operatingenvironment. You might need additional test cases, based on your tool usage, to support toolvalidation.

The procedure for validating Simulink Check is available in the Execute Validation Tests and ReviewTest Results for Simulink Check artifact. This artifact provides:


Use one of these methods to open Execute Validation Tests and Review Test Results for SimulinkCheck:

• In the Simulink toolstrip, open the IEC Certification Kit app and select Simulink Check fromthe Run Validation Tests options.

• In the Artifacts Explorer, open Simulink Check > certkitiec_slchk_run.mlx.

The .mlx file opens in MATLAB. Follow the workflow to configure and execute the test procedure andreview the results. Where applicable, you find interactive links that execute commands. For example,to execute the test procedure .rpt file, select the (Ctrl+Click here to execute the command)link. The script executes the command and runs the tests.

Add Certification Tests for Custom ChecksFor custom checks, you must add certification tests, execute these tests, and verify that the resultsare as expected.

To add certification tests for custom checks:

1 Create a new certification package and copy the matlabroot/toolbox/qualkits/iec/slchkfolder and sub folders to a location where you have write access. For more information, see“Create Certification Packages in the Artifacts Explorer” on page 5-3.

2 Create a set of test models to exercise the check capability and save them in the tests subfolder. At a minimum, test models should include a:

• Model that passes the custom check• Model that does not pass the check

Note Depending on the scope of the custom check, additional test models may be required toexercise combinations of check capabilities. For example, check Check safety-relateddiagnostic settings for Merge blocks (ID mathworks.iec61508.hisl_0303) requires thefollowing three test models to fully test values that can be set for model configuration parameterDetect multiple driving blocks executing at the same time step(MergeDetectMultiDrivingBlocksExec):


4-4

matlab:certkitiec

• do178c_hisl_0303_pass_test.slx with parameter set to error (check passes)• do178c_hisl_0303_warn_test1.slx with parameter set to warning (check does not

pass)• do178c_hisl_0303_warn_test2.slx with parameter set to none (check does not pass)

3 Add traceability information for the custom checks to the trace matrix documentcertkitiec_slchk_trace.xls. On the Trace Data tab, add a row for each custom check andinclude information as provided for the other checks. Use commas to separate multiple items,such as test models or expected results. For information on adding comments to a traceabilitymatrix, see “Add Comments to a Traceability Matrix” on page 6-4.

4 Execute certification tests using the updated artifacts. Review the generated results to ensurethey are as expected and include the added custom checks.

Test Cases and Procedure for Simulink Check

4-5

Test Cases and Procedure for Simulink CoverageThe test cases are templates that you can modify and extend to create test suites that cover therequirements that are relevant for your application, your specific tool configuration, and operatingenvironment. You might need additional test cases, based on your tool usage, to support toolvalidation.

The procedure for validating Simulink Coverageis available in the Execute Validation Tests andReview Test Results for Simulink Coverage artifact. This artifact provides:


Use one of these methods to open Execute Validation Tests and Review Test Results for SimulinkCoverage:

• In the Simulink toolstrip, open the IEC Certification Kit app and select Simulink Coveragefrom the Run Validation Tests options.

• In the Artifacts Explorer, open Simulink Coverage > certkitiec_slcov_run.mlx.

The .mlx file opens in MATLAB. Follow the workflow to configure and execute the test procedure andreview the results. Where applicable, you find interactive links that execute commands. For example,to execute the test procedure .rpt file, select the (Click here to execute the command) link. Thescript executes the command and runs the tests.


4-6

matlab:certkitiec

Test Cases and Procedure for Simulink RequirementsThe test cases are templates that you can modify and extend to create test suites that cover therequirements that are relevant for your application, your specific tool configuration, and operatingenvironment. You might need additional test cases, based on your tool usage, to support toolvalidation.

The procedure for validating Simulink Requirements is available in the Execute Validation Tests andReview Test Results for Simulink Requirements artifact. This artifact provides:


Use one of these methods to open Execute Validation Tests and Review Test Results for SimulinkRequirements:

• In the Simulink toolstrip, open the IEC Certification Kit app and select SimulinkRequirements from the Run Validation Tests options.

• In the Artifacts Explorer, open Simulink Requirements > certkitiec_slreq_run.mlx.


Test Cases and Procedure for Simulink Requirements

4-7

matlab:certkitiec

Test Cases and Procedures for Polyspace Bug Finder andPolyspace Bug Finder Server

The test cases are templates that you can modify and extend to create test suites that cover therequirements that are relevant for your application, your specific tool configuration, and operatingenvironment. You might need additional test cases, based on your tool usage, to support toolvalidation.

There are two methods you can use for executing the test procedure:

• “Execute Tests by Using MATLAB” on page 4-8• “Execute Tests from the IEC Certification Kit matlabroot/ Folder” on page 4-9 (for Polyspace

users who do not use MATLAB)

These licenses are required to execute the IEC Certification Kit test procedure for Polyspace BugFinder:

• IEC Certification Kit• MATLAB• Polyspace Bug Finder

These licenses are required to execute the IEC Certification Kit test procedure for Polyspace BugFinder Server:

• IEC Certification Kit• MATLAB• Polyspace Bug Finder Server

Execute Tests by Using MATLABTo use MATLAB to configure, execute, and review the validation tests for Polyspace Bug Finder andPolyspace Bug Finder Server, see Execute Validation Tests and Review Test Results for Polyspace BugFinder and Polyspace Bug Finder Server. This artifact provides:


Use one of these methods to open Execute Validation Tests and Review Test Results for Polyspace BugFinder and Bug Finder Server:

• In the Simulink toolstrip, open the IEC Certification Kit app and select Polyspace BugFinder from the Run Validation Tests options.

• In the Artifacts Explorer, open Polyspace Bug Finder > certkitiec_bugfinder_run.mlx.• In matlabroot/toolbox/qualkits/iec/bugfinder/, open

certkitiec_bugfinder_run.mlx.

The .mlx file opens in MATLAB. Follow the workflow to configure and execute the test procedure andreview the results. Where applicable, you find interactive links that execute commands. For example,


4-8

matlab:certkitiec

to execute the test procedure .bat file, select the (Click here to execute the command) link. Thescript executes the command and runs the tests.

Execute Tests from the IEC Certification Kit matlabroot/ Folder

Note These steps are for Polyspace users that do not use MATLAB to execute the IEC CertificationKit tests for Polyspace Bug Finder or Polyspace Bug Finder Server. The steps are the same as inExecute Validation Tests and Review Test Results for Polyspace Bug Finder and Polyspace Bug FinderServer, however, the interactive MATLAB commands are removed.

Set up the Tests

Before executing the test procedure, copy the matlabroot/toolbox/qualkits/iec/bugfinder/folder and sub folders to a location where you have write access. You execute the tests from thislocation.

Note The file path length is limited to 259 characters. Take this into consideration when executingtests; the following error occurs when the total length of the file path for the results exceeds themaximum character limit. Path name <filepath> must not exceed 259 characters. Usea shorter results folder or source file name and try again. Exiting

License File Management

Designated Computer Licenses (DC)

Before executing the test procedure, you need to copy the MATLAB license to the Polyspace licensefolder without erasing the Polyspace license.

• For Polyspace Bug Finder, copy <MATLAB install folder>\licenses\*.lic next to<Polyspace install folder>\licenses\

• For Polyspace Bug Finder Server, copy <MATLAB install folder>\licenses\*.lic nextto <Polyspace Server install folder>\licenses\

Concurrent License

The MATLAB license and Polyspace licenses are managed through the FLEXlm® server.

Execute the Tests

To execute the tests:

1 Change to the matlabroot/toolbox/qualkits/iec/bugfinder/tests folder.2 Execute the tests using the steps for your platform:

Windows® ─ In a DOS command window, change the folder to the current location and executethe product-specific command:

• For Polyspace Bug Finder, enter certkitiec_bugfinder_tests.bat• For Polyspace Bug Finder Server, enter certkitiec_bugfinderserver_tests.bat

Test Cases and Procedures for Polyspace Bug Finder and Polyspace Bug Finder Server

4-9

Note If the system variable PATH does not include the Polyspace Bug Finder or Polyspace BugFinder Server executable folder, error polyspace-<product> not found or perl.exe isnot recognized as an internal or external command can occur. In this case, open thecertkitiec_<product>_tests.bat file and update the path to the executable folder for thePolyspace product you are qualifying by using the POLYSPACE_C environment variable. Save thefile.

The default Polyspace executable directories are:

• C:\Program Files\<Polyspace_Bug_Finder_root>\• C:\Program Files\<Polyspace_Bug_Finder_Server_root>\

For example, set POLYSPACE_C=C:\Program Files\Polyspace\2019a\polyspace\bin).

Linux® ─ In a UNIX command window, change directory to the current location and execute theproduct-specific command:

• For Polyspace Bug Finder, enter certkitiec_bugfinder_tests.sh• For Polyspace Bug Finder Server, enter certkitiec_bugfinderserver_tests.sh

Note If the system variable PATH does not include the Polyspace Bug Finder, Polyspace BugFinder Server, or Perl executable folder, error polyspace-<product> not found or perl:Command not found can occur. In this case, update the system variable PATH to include theexecutable folders of Perl and the Polyspace product that you are qualifying. Save the file.

The default Polyspace executable folders are:

• /usr/local/<Polyspace_Bug_Finder_root>/• /usr/local/<Polyspace_Bug_Finder_Server_root>/

For example, execute command setenv PATH ${PATH}:"/usr/local/Polyspace/2019a/polyspace/bin".

3 Follow the instructions in the command line to execute specific group of tests or all tests.

Note Do not modify the test scripts to change target compilers or target processors. The testprocedure will automatically configure and execute test cases for all supported compilers and targetprocessors.

Review the Test Results (all but Report Generator)

Executing the test procedure generates these reports that identifies the PASSED/FAILED result foreach test case. These reports are stored in /bugfinder/outputs.

Summary validation reports for Polyspace Bug Finder include:

• certkitiec_bugfinder_qualificationreport_checks.txt, which provides the results forthe tests in the code defects test suite.

• certkitiec_bugfinder_qualificationreport_code_metrics.txt, which provides theresults for the tests in the code metric test suite.


4-10

• certkitiec_bugfinder_qualificationreport_misrac_2004.txt, which provides theresults for the tests in the MISRA C:2004 coding standards test suite.

• certkitiec_bugfinder_qualificationreport_misrac_2012.txt, which provides theresults for the tests in the MISRA C:2012 (Amendment 1: 2016) coding standards test suite.

• certkitiec_bugfinder_qualificationreport_misracpp_2008.txt, which provides theresults for the tests in the MISRA C++ coding standards test suite.

• certkitiec_bugfinder_qualificationreport_options_api.txt, which provides theresults for the tests in the API options test suite.

• certkitiec_bugfinder_qualificationreport_programming_-languages.txt, whichprovides the results for the tests in the programming languages test suite.

• certkitiec_bugfinder_qualificationreport_reporting.txt, which provides the resultsfor the tests in the tool interfaces test suite.

Summary validation reports for Polyspace Bug Finder Server include:

• certkitiec_bugfinder_server_qualificationreport_checks.txt, which provides theresults for the tests in the code defects test suite.

• certkitiec_bugfinder_server_qualificationreport_code_metrics.txt, whichprovides the results for the tests in the code metric test suite.

• certkitiec_bugfinder_server_qualificationreport_misrac_2004.txt, whichprovides the results for the tests in the MISRA C:2004 coding standards test suite.

• certkitiec_bugfinder_server_qualificationreport_misrac_2012.txt, whichprovides the results for the tests in the MISRA C:2012 (Amendment 1: 2016) coding standards testsuite.

• certkitiec_bugfinder_server_qualificationreport_misracpp_2008.txt, whichprovides the results for the tests in the MISRA C++ coding standards test suite.

• certkitiec_bugfinder_server_qualificationreport_options_api.txt, whichprovides the results for the tests in the API options test suite.

• certkitiec_bugfinder_server_qualificationreport_programming_-languages.txt,which provides the results for the tests in the programming languages test suite.

• certkitiec-bugfinder_server-qualificationreport-reporting.txt, which providesthe results for the tests in the tool interfaces test suite.

To review the test results:

1 Confirm that the test reports are generated without errors or warnings.2 Review the summary validation reports and confirm that the test results have a PASSED status.

When the actual results match the expected results, the test cases pass.3 For any test cases with a FAILED status, manually review the test results corresponding to the

failed test cases.

a Obtain the expected results from the REF section of the source code file associated with thetest case (i.e. <IEC Bug Finder Test Folder>/tests/<test suite>/*.c).

b Verify that the expected results match the actual result provided in either of these files:

For Polyspace Bug Finder:

• <IEC Bug Finder Test Folder>/tests/bug-finder-results/<test suite>/<sub-family test suite>/<test case>/Verification.log


4-11

• <IEC Bug Finder Test Folder>/tests/bug-finder-results/<test suite>/<sub-family test suite>/<test case>/Polyspace-Doc/Results_list.txt

For Polyspace Bug Finder Server:

• <IEC Bug Finder Test Folder>/tests/bug-finder-server-results/<testsuite>/<sub-family test suite>/<test case>/Verification.log

• <IEC Bug Finder Test Folder>/tests/bug-finder-server-results/<testsuite>/<sub-family test suite>/<test case>/Polyspace-Doc/Results_list.txt

c If the expected and actual results do not match, evaluate the impact of the mismatch withrespect to the software life cycle activities performed by using the tool. For additionalinformation, contact MathWorks.

Note When the language on your computer is not English, auto comparison of expected resultsagainst actual results can fail because the expected results, which are generated by MathWorks,are in English and your actual results are in the language defined locally on your computer. Ifthis occurs, you should manually review the results.

4 Configure the content of matlabroot/toolbox/qualkits/iec/bugfinder in a configurationmanagement system.

Review the Report Generator Test Results

The method for reviewing the Report Generator test results is different depending on the format ofthe reports.

When the format is .html, automatic comparison of the reports is supported. Review the PASSED/FAILED result for each test case as presented in the summary validation report. These reports arestored in /bugfinder/outputs:

• For Polyspace Bug Finder, the file is certkitiec-bug-finder-qualificationreport-reporting.txt.

• For Polyspace Bug Finder Server, the file is certkitiec-bug-finder-server-qualificationreport-reporting.txt.

When the format is .pdf and .docx, automated comparison of the reports is NOT supported. Youmust manually compare the actual results to the expected results. To PASS, the content of the actualand expected results should be equal.

For Polyspace Bug Finder:

• Actual Results: <IEC Bug Finder Test Folder>/tests/bug-finder-results/reporting/<template test suite>/Polyspace-Doc/*.docx or *.pdf

• Expected Results: <IEC Bug Finder Test Folder>/expected_results/reporting-bug-finder/<template test suite>/*.docx or *.pdf

For Polyspace Bug Finder Server:

• Actual Results: <IEC Bug Finder Test Folder>/tests/bug-finder-server-results/reporting/<template test suite>/Polyspace-Doc/*.docx or *.pdf

• Expected Results: <IEC Bug Finder Test Folder>/expected_results/reporting-bug-finder-server/<template test suite>/*.docx or *.pdf


4-12

Note When comparing the reports, environment-specific content (such as timestamps or testduration time) can differ between the actual and expected results.


4-13

Test Cases and Procedures for Polyspace Code Prover andPolyspace Code Prover Server

The test cases are templates that you can modify and extend to create test suites that cover therequirements that are relevant for your application, your specific tool configuration, and operatingenvironment. You might need additional test cases, based on your tool usage, to support toolvalidation.

There are two methods you can use for running the test procedure:

• “Execute Tests by Using MATLAB” on page 4-14• “Execute Tests from the IEC Certification Kit matlabroot/ Folder” on page 4-15 (for Polyspace

users who do not use MATLAB)

These licenses are required to execute the IEC Certification Kit test procedure for Polyspace CodeProver:

• IEC Certification Kit• MATLAB• Polyspace Code Prover• Polyspace Bug Finder

These licenses are required to execute the IEC Certification Kit test procedure for Polyspace CodeProver Server:

• IEC Certification Kit• MATLAB• Polyspace Code Prover Server• Polyspace Bug Finder Server

Execute Tests by Using MATLABTo use MATLAB to configure, execute, and review the validation tests for Polyspace Code Prover andPolyspace Code Prover Server, see Execute Validation Tests and Review Test Results for PolyspaceCode Prover and Polyspace Code Prover Server. This artifact provides:


Use one of these methods to open Execute Validation Tests and Review Test Results for PolyspaceCode Prover and Polyspace Code Prover Server:

• In the Simulink toolstrip, open the IEC Certification Kit app and select Polyspace CodeProver from the Run Validation Tests options.

• In the Artifacts Explorer, open Polyspace Code Prover > certkitiec_codeprover_run.mlx.• In matlabroot/toolbox/qualkits/iec/codeprover/, open

certkitiec_codeprover_run.mlx.


4-14

matlab:certkitiec

The .mlx file opens in MATLAB. Follow the workflow to configure and execute the test procedure andreview the results. Where applicable, you find interactive links that execute commands. For example,to execute the test procedure .bat file, select the (Click here to execute the command) link. Thescript executes the command and runs the tests.

Execute Tests from the IEC Certification Kit matlabroot/ Folder

Note These steps are for Polyspace users that do not use MATLAB to execute the IEC CertificationKit test for Polyspace Code Prover and Polyspace Code Prover Server. The steps are the same as inExecute Validation Tests and Review Test Results for Polyspace Code Prover and Polyspace CodeProver Server, however, the interactive MATLAB commands are removed.

Set up the Tests

Before executing the test procedure, copy the matlabroot/toolbox/qualkits/iec/codeprover/ folder and sub folders to a location where you have write access. You execute the testsfrom this location.

Note The file path length is limited to 259 characters. Take this into consideration when executingtests; the following error occurs when the total length of the file path for the results exceeds themaximum character limit. Path name <filepath> must not exceed 259 characters. Usea shorter results folder or source file name and try again. Exiting

License File Management

Designated Computer Licenses (DC)

Before executing the test procedure, you need to copy the MATLAB license to the Polyspace licensefolder without erasing the Polyspace license.

• For Polyspace Code Prover, copy <MATLAB install folder>\licenses\*.lic next to<Polyspace install folder>\licenses\

• For Polyspace Code Prover Server, copy <MATLAB install folder>\licenses\*.lic nextto <Polyspace Server install folder>\licenses\

Concurrent License

The MATLAB license and Polyspace licenses are managed through the FLEXlm server.

Execute the Tests

To execute the tests:

1 Change to the matlabroot/toolbox/qualkits/iec/codeprover/tests folder.2 Execute the tests using the steps for your platform:

Windows ─ In a DOS command window, change directory to the current location and execute theproduct-specific command:

• For Polyspace Code Prover, enter certkitiec_codeprover_tests.bat

Test Cases and Procedures for Polyspace Code Prover and Polyspace Code Prover Server

4-15

• For Polyspace Code Prover Server, enter certkitiec_codeproverserver_tests.bat

Note If the system variable PATH does not include the Polyspace Code Prover or Polyspace CodeProver Server executable folder, error polyspace-<product> not found or perl.exe isnot recognized as an internal or external command can occur. In this case, open thecertkitiec_<product>_tests.bat and update the path to the executable folder for thePolyspace product you are qualifying by using the POLYSPACE_C environment variable. Save thefile.

The default Polyspace executable folders are:

• C:\Program Files\<Polyspace_Code_Prover_root>\• C:\Program Files\<Polyspace_Code_Prover_Server_root>\

For example, set POLYSPACE_C=C:\Program Files\Polyspace\2019a\polyspace\bin).

Linux ─ In a UNIX command window, change directory to the current location and execute theproduct-specific command:

• For Polyspace Code Prover, enter certkitiec_codeprover_tests.sh• For Polyspace Code Prover Server, enter certkitiec_codeproverserver_tests.sh

Note If the system variable PATH does not include the Polyspace Code Prover, Polyspace CodeProver Server, or Perl executable directory, error polyspace-<product> not found or perl:Command not found can occur. In this case, update the system variable PATH to includeexecutable directories of Perl and the Polyspace product that you are qualifying. Save the file.

The default Polyspace executable directories are:

• /usr/local/<Polyspace_Code_Prover_root>/• /usr/local/<Polyspace_Code_Prover_Server_root>/

For example, execute command setenv PATH ${PATH}:"/usr/local/Polyspace/2019a/polyspace/bin".

3 Follow the instructions in the command line to execute specific group of tests or all tests.

Note Do not modify the test scripts to change target compilers or target processors. The testprocedure will automatically configure and execute test cases for all supported compilers and targetprocessors.

Review the Test Results (all but Report Generator)

Executing the test procedure generates these reports that identifies the PASSED/FAILED result foreach test case. These reports are stored in /codeprover/outputs.

Summary validation reports for Polyspace Code Prover include:

• certkitiec_codeprover_qualificationreport_checks.txt, which provides the resultsfor the tests in the code defects test suite.


4-16

• certkitiec_codeprover_qualificationreport_code-metrics.txt, which provides theresults for the tests in the code metric test suite.

• certkitiec_codeprover_qualificationreport_misrac-2004.txt, which provides theresults for the tests in the MISRA C:2004 coding standards test suite.

• certkitiec_codeprover_qualificationreport_misrac-2012.txt, which provides theresults for the tests in the MISRA C:2012 (Amendment 1: 2016) coding standards test suite.

• certkitiec_codeprover_qualificationreport_misracpp-2008.txt, which provides theresults for the tests in the MISRA C++: 2008 coding standards test suite.

• certkitiec_codeprover_qualificationreport_options-api.txt, which provides theresults for the tests in the API options test suite.

• certkitiec_codeprover_qualificationreport_programming-languages.txt, whichprovides the results for the tests in the programming languages test suite.

• certkitiec_codeprover_qualificationreport_reporting.txt, which provides theresults for the tests in the tool interfaces test suite.

Summary validation reports for Polyspace Code Prover Server include:

• certkitiec_codeprover_server_qualificationreport_checks.txt, which provides theresults for the tests in the code defects test suite.

• certkitiec_codeprover_server_qualificationreport_code-metrics.txt, whichprovides the results for the tests in the code metric test suite.

• certkitiec_codeprover_server_qualificationreport_misrac-2004.txt, whichprovides the results for the tests in the MISRA C:2004 coding standards test suite.

• certkitiec_codeprover_server_qualificationreport_misrac-2012.txt, whichprovides the results for the tests in the MISRA C:2012 (Amendment 1: 2016) coding standards testsuite.

• certkitiec_codeprover_server_qualificationreport_misracpp-2008.txt, whichprovides the results for the tests in the MISRA C++: 2008 coding standards test suite.

• certkitiec_codeprover_server_qualificationreport_options-api.txt, whichprovides the results for the tests in the API options test suite.

• certkitiec_codeprover_server_qualificationreport_programming-languages.txt,which provides the results for the tests in the programming languages test suite.

• certkitiec_codeprover_server_qualificationreport_reporting.txt, which providesthe results for the tests in the tool interfaces test suite.

To review the test results:

1 Confirm that the test reports are generated without errors or warnings.2 Review the summary validation reports and confirm that the test results have a PASSED status.

When the actual results match the expected results, the test cases pass.3 For any test cases with a FAILED status, manually review the test results corresponding to the

failed test cases.

a Obtain the expected results from the REF section of the source code file associated with thetest case (i.e. <IEC Code Prover Test Folder>/tests/<test suite>/*.c).

b Verify that the expected results match the actual result provided in either of these files:

For Polyspace Code Prover:


4-17

• <IEC Code Prover Test Folder>/tests/code-prover-results/<testsuite>/<sub-family test suite>/<test case>/Verification.log

• <IEC Code Prover Test Folder>/tests/code-prover-results/<testsuite>/<sub-family test suite>/<test case>/Polyspace-Doc/Results_list.txt

For Polyspace Code Prover Server:

• <IEC Code Prover Test Folder>/tests/code-prover-server-results/<testsuite>/<sub-family test suite>/<test case>/Verification.log

• <IEC Code Prover Test Folder>/tests/code-prover-server-results/<testsuite>/<sub-family test suite>/<test case>/Polyspace-Doc/Results_list.txt

c If the expected and actual results do not match, evaluate the impact of the mismatch withrespect to the software life cycle activities performed by using the tool. For additionalinformation, contact MathWorks.

Note When the language on your computer is not English, auto comparison of expected resultsagainst actual results can fail because the expected results, which are generated by MathWorks,are in English and your actual results are in the language defined locally on your computer. Ifthis occurs, you should manually review the results.

4 Configure the content of matlabroot/toolbox/qualkits/iec/codeprover in aconfiguration management system.

Review the Report Generator Test Results

The method for reviewing the Report Generator test results is different depending on the format ofthe reports.

When the format is .html, automatic comparison of the reports is supported. Review the PASSED/FAILED result for each test case as presented in the summary validation report. These reports arestored in /codeprover/outputs:

• For Polyspace Bug Finder, the file is certkitiec-code-prover-qualificationreport-reporting.txt.

• For Polyspace Bug Finder Server, the file is certkitiec-code-prover-server-qualificationreport-reporting.txt.

When the format is .pdf and .docx, automated comparison of the reports is NOT supported. Youmust manually compare the actual results to the expected results. To PASS, the content of the actualand expected results should be equal.

For Polyspace Code Prover:

• Actual Results: <IEC Code Prover Test Folder>/tests/code-prover-results/reporting/<template test suite>/Polyspace-Doc/*.docx or *.pdf

• Expected Results: <IEC Code Prover Test Folder>/expected_results/reporting-code-prover/<template test suite>/*.docx or *.pdf

For Polyspace Code Prover Server:


4-18

• Actual Results: <IEC Code Prover Test Folder>/tests/ecode-prover-server-results/reporting/<template test suite>/Polyspace-Doc/*.docx or *.pdf

• Expected Results: <IEC Code Prover Test Folder>/expected_results/reporting-code-prover-server/<template test suite>/*.docx or *.pdf

Note When comparing the reports, environment-specific content (such as timestamps or testduration time) can differ between the actual and expected results.


4-19

Test Cases and Procedure for Simulink TestThe test cases are templates that you can modify and extend to create test suites that cover therequirements that are relevant for your application, your specific tool configuration, and operatingenvironment. You might need additional test cases, based on your tool usage, to support toolvalidation.

The procedure for validating Simulink Test is available in the Execute Validation Tests and ReviewTest Results for Simulink Test artifact. This artifact provides:


Use one of these methods to open Execute Validation Tests and Review Test Results for Simulink Test:

• In the Simulink toolstrip, open the IEC Certification Kit app and select Simulink Test fromthe Run Validation Tests options.

• In the Artifacts Explorer, open Simulink Test > certkitiec_sltest_run.mlx.

The .mlx file opens in MATLAB. Follow the workflow to configure and execute the test procedure andreview the results. Where applicable, you find interactive links that execute commands. For example,to execute the test procedure .rpt file, select the (Ctrl+Click here to execute the command)link. The script executes the command and runs the tests.


4-20

matlab:certkitiec

Test Cases and Procedure for Simulink Design VerifierThe test cases are templates that you can modify and extend to create test suites that cover therequirements that are relevant for your application, your specific tool configuration, and operatingenvironment. You might need additional test cases, based on your tool usage, to support toolvalidation.

The procedure for validating Simulink Design Verifier is available in the Execute Validation Tests andReview Test Results for Simulink Design Verifier artifact. This artifact provides:


Use one of these methods to open Execute Validation Tests and Review Test Results for SimulinkDesign Verifier:

• In the Simulink toolstrip, open the IEC Certification Kit app and select Simulink DesignVerifier from the Run Validation Tests options.

• In the Artifacts Explorer, open Simulink Design Verifier > certkitiec_sldv_run.mlx.


Test Cases and Procedure for Simulink Design Verifier

4-21

matlab:certkitiec

Access and Manage CertificationArtifacts

5

Access Artifacts in the IEC Certification Kit Artifacts ExplorerThe IEC Certification Kit Artifacts Explorer includes a built-in certification package that containscertification artifacts for all products that are supported by the IEC Certification Kit. You can use theArtifacts Explorer to customize and manage certification packages for your projects underconsideration.

To review the product-specific certification artifacts, see:

• “Certification Artifacts for Embedded Coder” on page 1-14• “Certification Artifacts for Simulink PLC Coder” on page 1-15• “Certification Artifacts for HDL Coder” on page 1-16• “Certification Artifacts for Simulink Design Verifier” on page 1-17• “Certification Artifacts for Simulink Check” on page 1-18• “Certification Artifacts for Simulink Coverage” on page 1-19• “Certification Artifacts for Simulink Requirements” on page 1-20• “Certification Artifacts for Polyspace Bug Finder and Polyspace Bug Finder Server” on page 1-21• “Certification Artifacts for Polyspace Code Prover and Polyspace Code Prover Server” on page 1-

22• “Certification Artifacts for Simulink Test” on page 1-23

For more information about certifying or qualifying software tools, see “Process for StandardCompliance or Certification”.

Open the Artifacts ExplorerYou can use the Artifacts Explorer to access certification artifacts. To open the Certification ArtifactsExplorer, use one of the following methods:

• From the Simulink Toolstrip ─ Open the IEC Certification Kit app and select Artifacts Explorer.• From the MATLAB Toolstrip ─ In the Apps tab, under Code Verification, select IEC/ISO Artifacts

Explorer• From the MATLAB command line ─ Enter certkitiec.

The Artifacts Explorer window displays the certification artifacts that are available with the IECCertification Kit. If the IEC Certification Kit product contains artifacts for more than one release, inthe window the artifacts for each release are displayed. As you select folders and files, relevantinformation about the current selection is dynamically displayed in the status bar. To displayproperties of a certification package, such as name, description and root folder, right-click thepackage name and select Properties.

Artifacts Explorer on Linux and Mac Platforms

You can use the Certification Artifacts Explorer to access certification artifacts on Linux and Macplatforms.

5 Access and Manage Certification Artifacts

5-2

matlab: certkitiec

Platform Artifacts of file type Software That Certification ArtifactsExplorer opens

Linux PDF Ghostview

If you are not able to open or view a PDF,use Document Viewer to open the file.

Microsoft Word .doc, .docx or .rtf OpenOffice

If you encounter formatting issues:

1 Save the file as an OpenDocumentText (.odt) file. Use Microsoft Wordon a Windows platform.

2 Open the OpenDocument Text (.odt)version of the artifact. UseOpenOffice on a Linux platform.

Formatting issues can include pagebreaks, tables, or line breaks.

Microsoft Excel .xls or .xlsx OpenOfficeHTML MATLAB web browser

Mac PDF Preview

Files opened with Preview are read-only.Microsoft Word .doc or .docx • Microsoft Word for Mac

• TextEdit, if Microsoft Word for Mac isnot installed.

.rtf TextEditMicrosoft Excel .xls or .xlsx • Microsoft Excel for Mac

• Preview, if Microsoft Excel for Mac isnot installed. Files opened withPreview are read-only.

HTML MATLAB web browser

Create Certification Packages in the Artifacts ExplorerYou can create certification packages in the Artifacts Explorer that are customized for your project.

1 Open the Artifacts Explorer that is part of the IEC Certification Kit.2 Select FileNew. A new, empty, certification package is created3 Right-click the certification package and select Properties. In the fields:

• Name the certification package.• Define the location where the Artifacts Explorer saves the new certification package.• Provide a description of the certification package.

4 Save the new certification package. The saved package has a KIT extension.

Access Artifacts in the IEC Certification Kit Artifacts Explorer

5-3

matlab:certkitiec

5 Copy the tool qualification artifacts and paste them into the new certification package:

• Select the product folder or specific artifacts and click Edit > Copy.• Select the new certification package and click Edit > Paste.

6 Delete qualification artifacts that are not required for your project.7 Save the certification package to preserve your changes to the qualification artifacts. To access

tool qualification artifacts, use the Artifacts Explorer.

You can add related files to the certification package top-level folders by using a file browser, such asMicrosoft Windows Explorer. When you add files, to refresh the file list, use File > Refresh.

Certification packages are available in the Artifacts Explorer until you delete them. For moreinformation, see “Delete Certification Packages from Artifacts Explorer” on page 5-4.

Delete Certification Packages from Artifacts ExplorerThe Artifacts Explorer displays certification packages that you create or open. If you delete acertification package from the Certification Artifacts Explorer, the files associated with the packageare still available on your computer. To delete the files, use a file browser such as Windows FileExplorer.

5 Access and Manage Certification Artifacts

5-4

Support Certification-RelatedDevelopment Activities

6

Provide Traceability Between Model Objects, Generated Code,and Model Requirements

When you use Model-Based Design and production code generation to develop application softwarecomponents, you can generate a traceability matrix. The traceability matrix provides traceabilitybetween model objects, generated code, and model requirements. You can add comments to thegenerated traceability matrix. If you change your model and regenerate the traceability matrix, thematrix retains your comments.

For a model, the generated traceability matrix provides information about:

• Model objects that are traceable between the model and generated code, such as Simulink blocks,Stateflow objects, and MATLAB functions.

• Model objects that are untraceable between the model and generated code, such as eliminatedand virtual blocks.

• Requirements documents that you link to model objects by using Simulink Requirements.

When you generate a traceability matrix, an XLS file is created. This file contains these worksheets:

• Model Information ─ Summary of the model configuration and checksum. The summary includesthe model name, version, author, creation date, last saved by identifier, last updated date,checksum, and the selection of traceability report parameters.

• Code Interface ─ Information about the generated code interface, such as function prototype andtiming information for the model initialize and step functions.

• Code Files ─ File folders and names of the generated code files.• Report ─ Traceability information for each model object, including model name, generated code,

and requirements. Each row in the worksheet pertains to a single occurrence of a model object.The information for a model object is listed in more than one row if the object:

• Appears more than once in the generated code.• Links to more than one requirement.

Prerequisites for Generating a Traceability MatrixBefore generating a traceability matrix for model objects, generated code, and model requirements,perform these steps:

1 (Optional) Attach requirements documents. For more information, see “RequirementsTraceability” (Simulink Requirements).

2 In the Configuration Parameters dialog box, select:

• “Create code generation report” (Simulink Coder)• At least one of the following parameters, which define the contents of the traceability report:

• “Eliminated / virtual blocks” (Embedded Coder)• “Traceable Simulink blocks” (Embedded Coder)• “Traceable Stateflow objects” (Embedded Coder)• “Traceable MATLAB functions” (Embedded Coder)

6 Support Certification-Related Development Activities

6-2

• (Optional) To display the code generation report automatically, select “Open reportautomatically” (Simulink Coder)

3 Generate code for the model. An Embedded Coderlicense is required to generate the code.

Tip You do not have to build an executable to generate a traceability matrix. To generate codeonly, in the Configuration Parameters dialog box, select Generate code only.

Generate a Traceability Matrix1 Open the model if it is not already open.2 Check that you have completed the “Prerequisites for Generating a Traceability Matrix” on page

6-2 .3 Generate the traceability matrix by using one of these methods:

• In the code generation report for your model, click the Traceability Report Contents item. Inthe traceability report, click Generate Traceability Matrix.

• On the Simulink toolstrip, open the IEC Certification Kit app and select TraceabilityMatrix.

• Programmatically using the iec.ExportTraceReport function.4 To specify a new matrix file that you want to create or to browse to an existing matrix file that

you want to update, use the Generate Traceability Matrix box. Select and order the columnsthat appear in the generated matrix. To create or update the specified report, click OK.

Provide Traceability Between Model Objects, Generated Code, and Model Requirements

6-3

Add Comments to a Traceability MatrixYou can add comments to the traceability matrix that you generated for your model. To add commentsto the traceability matrix, you must:

• Create columns for your comments.• Use unique column headings. Columns that you add must have headings.• Add at least one entry to each column, other than the column heading.• Retain the following columns:

• Model Object Name• Model Object Path• Model Object Subsystem• Code File Location• Code File Name• Code Function• Code Line Number• Model Object Unique ID

6 Support Certification-Related Development Activities

6-4

• Model Object Optimized• Code Comment Checksum

Note Comments must resolve to a text string. For example, a link to an image resolves to a textstring, but a copy of the image does not.

Regenerate the Traceability Matrix Spreadsheet to Retain Comments1 Open an existing or generate a new traceability matrix. See “Generate a Traceability Matrix” on

page 6-3.2 In the Excel file field, browse to and select the traceability matrix spreadsheet that you want to

replace.3 The software regenerates the traceability matrix spreadsheet and makes these changes:

• The previously generated traceability matrix spreadsheet is renamed<FileName>_Trace_BAK.xlsx

• The new traceability matrix spreadsheet is saved as <FileName>_Trace_.xlsx

Verify that the newly saved traceability matrix spreadsheet, <FileName>_Trace_.xlsx,includes your comments.

Traceability Matrix LimitationsTraceability matrix generation has these limitations:

• Works with only the Microsoft Windows platform.• Does not support referenced models. When you generate a traceability matrix for a model that

contains referenced models, the traceability matrix contains information about the Model blockonly. The traceability matrix does not contain information about the contents of the referencedmodel. If your model contains referenced models, generate a traceability matrix for the top-levelmodel and each referenced model separately.

• Does not support models that use the model configuration option Classic call interface(GRTInterface).

• In most cases, identifies comments that you add to the traceability matrix, but when commentscannot be identified, the traceability matrix includes the text: Row is not unique: comment.

• If a requirement is linked to an annotation not contained in a DocBlock block, the traceabilitymatrix does not contain the requirement link. To generate a traceability report containing arequirement link to an annotation, put the annotation in a DocBlock block.

Provide Traceability Between Model Objects, Generated Code, and Model Requirements

6-5

Functions

7

certkitiecOpen Certification Artifacts Explorer for IEC Certification Kit

Syntaxcertkitiec

Descriptioncertkitiec opens the Certification Artifacts Explorer and displays certification artifacts.

Alternatives• From the Simulink toolstrip, open the IEC Certification Kit app and select Artifacts Explorer.• From the MATLAB Toolstrip, click the Apps tab. Under the Code Verification category, select

IEC/ISO Artifacts Explorer.

Introduced in R2010a

7 Functions

7-2

iec.ExportTraceReportGenerate XLS file that contains traceability matrix

DescriptionInstances of iec.ExportTraceReport generate an XLS file that contains a traceability matrix. Atraceability matrix provides traceability between model objects, generated code, and modelrequirements. For more information, see “Provide Traceability Between Model Objects, GeneratedCode, and Model Requirements” on page 6-2.

Before generating a report by using iec.ExportTraceReport:

• Generate the code and a code generation traceability report for your model. You must have anEmbedded Coder license

• Deselect (off) configuration option Classic call interface (GRTInterface).• To include requirements documentation in the traceability matrix, first attach requirements

documents to the model.

For more information, see “Prerequisites for Generating a Traceability Matrix” on page 6-2 and“Traceability Matrix Limitations” on page 6-5.

PropertiesModel — Model namecharacter vector | string scalar

Name of model for which the traceability matrix XLS file is generated.Data Types: char

Name — XML file namecharacter vector | string scalar

Name of XML file that contains the traceability matrix.

The first time you call iec.ExportTraceReport, name is optional. However, to regenerate thetraceability matrix, you must specify name.

If you do not provide name, the function names the file by using the following convention, where<DateTimeStamp> is the date and time that you last updated the model:<Model>_Trace_<DateTimeStamp>.xls

Data Types: char

Path — XML file locationcharacter vector | string scalar

(Optional) Full path to the location where you want to save the XML file. If the location is notspecified, the XML file is saved to the location specified in MATLAB.

iec.ExportTraceReport

7-3

colHead — XML columns in the traceability matrix reportcharacter vector | string scalar

(Optional) Specifies the order in which the columns are presented in the traceability matrix report,which is available under the Report tab in the XML file. Columns in the report can include:

• Model Object Name• Model Object Optimized• Model Object Path• Model Object Subsystem• Code File Location• Code File Name• Code Function• Code Line Number• Model Object Type• Requirements Source• Requirements Location• Model Object Unique ID• Model Optimization Rationale• Code Comment Checksum

Examples

Generate a Traceability Matrix

Generate an XML spreadsheet that provides the traceability matrix between model objects andgenerated code in the rtwdemo_hyperlinks model.

To open the rtwdemo_hyperlinks model and generate the code, use these functions:

• open_system ─ Opens the model.• set_param ─ Set configuration parameter GenCodeOnly to On, which specifies that the build

process generates code and a makefile.• rtwbuild ─ Generates code from a model based on the current model configuration parameter

settings.

% Open the model.open_system('rtwdemo_hyperlinks');% Generate code only.set_param('rtwdemo_hyperlinks', 'GenCodeOnly', 'on');% Initiate the build process.rtwbuild('rtwdemo_hyperlinks');

Generate a traceability spreadsheet for the model by using the iec.ExportTraceReport function.

% Generate a traceability spreadsheet.iec.ExportTraceReport('rtwdemo_hyperlinks');

7 Functions

7-4

You can specify the file name for the traceability matrix spreadsheet and designate the location whereto save the spreadsheet. Doing so is not required for the initial generation of the traceabilityspreadsheet, however, this information must be included if you want to regenerate a new traceabilitymatrix to replace an existing one.

If you do not specify the file name or location, the software applies the default file namertwdemo_hyperlinks_Trace_<DateTimeStamp>.xlsx and saves the spreadsheet to the locationspecified in MATLAB.

% Generate a traceability spreadsheet.iec.ExportTraceReport('rtwdemo_hyperlinks','rtwdemo_hyperlinks_Trace_ProjectXYZ','C:\temp');

The software generates traceability matrix spreadsheetrtwdemo_hyperlinks_Trace_ProjectXYZ.xlsx and saves the file to the C:\temp folder.

Generate a Traceability Matrix That Includes Requirements Documents

Generate an XML spreadsheet that provides the traceability matrix between model objects, generatedcode, and model requirements in the slvnvdemo_fuelsys_docreq model.

To open the slvnvdemo_fuelsys_docreq model, specify the report parameters, and generate thecode, use these functions:

• open_system ─ Opens the model• set_param ─ Use configuration parameter GenerateReport to create the code generation

report. Use GenerateTraceReport to generate the traceability report. Configuration parameterGenCodeOnly specifies that the build process generates code and a makefile.

• rtwbuild ─ Generates code from a model based on the current model configuration parametersettings.

% Open the model.open_system('slvnvdemo_fuelsys_docreq');% Select the code generation report and traceability report parameters.set_param('slvnvdemo_fuelsys_docreq', 'GenerateReport', 'on');set_param('slvnvdemo_fuelsys_docreq', 'GenerateTraceReport', 'on');set_param('slvnvdemo_fuelsys_docreq', 'GenerateTraceReportSl', 'on');set_param('slvnvdemo_fuelsys_docreq', 'GenerateTraceReportSf', 'on');set_param('slvnvdemo_fuelsys_docreq', 'GenerateTraceReportEml', 'on');% Generate code only.set_param('slvnvdemo_fuelsys_docreq', 'GenCodeOnly', 'on');% Initiate the build process.rtwbuild('slvnvdemo_fuelsys_docreq');

Generate a traceability spreadsheet for the model by using function iec.ExportTraceReport.

% Generate a traceability spreadsheet.iec.ExportTraceReport('slvnvdemo_fuelsys_docreq');

The software generates traceability matrix spreadsheetslvnvdemo_fuelsys_docreq_Trace_<DateTimeStamp>.xlsx. Open the traceabilityspreadsheet and review the Report tab. The content is specific for docreq.


7-5

Add Comments and Regenerate the Traceability Matrix

Add comments to the traceability matrix spreadsheet that was generated for modelrtwdemo_hyperlinks, and then regenerate the spreadsheet.

Generate traceability matrix spreadsheet rtwdemo_hyperlinks_Trace_ProjectXYZ.xlsx.model = 'rtwdemo_hyperlinks';

% Open the model.open_system(model);% Generate code only.set_param(model, 'GenCodeOnly', 'on');% Initiate the build process.rtwbuild(model);% Generate a traceability spreadsheet.iec.ExportTraceReport('rtwdemo_hyperlinks','rtwdemo_hyperlinks_Trace_ProjectXYZ_withComments');

Open traceability matrix spreadsheetrtwdemo_hyperlinks_Trace_ProjectXYZ_withComments.xlsx.

In the Report tab, create a column for your comments that has a unique column heading. Add atleast one entry to the comments column, other than the column heading.

Note Comments must resolve to a text string. For example, a link to an image resolves to a textstring, but a copy of the image does not.

In the spreadsheet, retain the following columns:

• Model Object Name• Model Object Path• Model Object Subsystem• Code File Location• Code File Name• Code Function• Code Line Number• Model Object Unique ID• Model Object Optimized• Code Comment Checksum

Save and close the spreadsheet, rtwdemo_hyperlinks model, and code generation report.

(Optional) To include the latest model-to-code traceability information, regenerate and reinspect thecode for the rtwdemo_hyperlinks model before generating the traceability matrix.

Note If you regenerate the code in the same file location, delete the slprj andrtwdemo_hyperlinks_ert_rtw folders.

model = 'rtwdemo_hyperlinks';

% Open the model.open_system(model);

7 Functions

7-6

% Generate code only.set_param(model, 'GenCodeOnly', 'on');% Initiate the build process.rtwbuild(model);

To regenerate the traceability matrix spreadsheet, use function iec.ExportTraceReport. The path'C:\temp' is specified as the location where the traceability matrix is saved.% Generate a traceability spreadsheet.iec.ExportTraceReport('rtwdemo_hyperlinks','rtwdemo_hyperlinks_Trace_ProjectXYZ_withComments','C:\temp');

The software regenerates the traceability matrix spreadsheet and makes these:

• The previously generated traceability matrix spreadsheet is renamedrtwdemo_hyperlinks_Trace_ProjectXYZ_withComments_BAK.xlsx.

• The new traceability matrix spreadsheet is saved asrtwdemo_hyperlinks_Trace_ProjectXYZ_withComments.xlsx.

Verify that the newly saved traceability matrix spreadsheet,rtwdemo_hyperlinks_Trace_ProjectXYZ_withComments.xlsx, includes your comments.

When you change the model and regenerate the traceability matrix, the iec.ExportTraceReportfunction identifies comments that you add to the traceability matrix.

Customize the Columns in a Traceability Matrix

Specify the order of the columns on the Report tab in the XML traceability spreadsheet.

To open the rtwdemo_hyperlinks model and generate the code, use these functions:

model = 'rtwdemo_hyperlinks';

% Open the model.open_system(model);% Generate code only.set_param(model, 'GenCodeOnly', 'on');% Initiate the build process.rtwbuild(model);

Using colHead, specify the order of the columns. Generate the traceability matrix spreadsheet byusing the iec.ExportTraceReport function.

colHead = { 'Code Line Number'; 'Model Object Type'; 'Requirements Source'; 'Requirements Location'; 'Model Object Unique ID'; 'Code Comment Checksum'; 'Model Object Optimized'; 'Model Object Path'; 'Model Object Subsystem'; };rname = [model,'_Trace_',datestr(now,30)];rpath = pwd;iec.ExportTraceReport(model, rname, rpath, colHead);


7-7

The software generates traceability matrix spreadsheetrtwdemo_hyperlinks_Trace_<DateTime>.xlsx. The order of the columns on the Report tab inthe traceability matrix spreadsheet are the same as specified in the code. Remaining columns whoseorder is not specified in the code are listed after the defined columns.

See Alsoopen_system | rtwbuild | set_param

Topics“Provide Traceability Between Model Objects, Generated Code, and Model Requirements” on page 6-2“Code Tracing” (Embedded Coder)“Requirements Traceability” (Simulink)

Introduced in R2010a

7 Functions

7-8

Model Advisor Checks

8

IEC Certification Kit Checks for Bug ReportsThe IEC Certification Kit provides a set of Model Advisor checks that you can use to display bugreports for supported MathWorks products. Reports generated by these checks may be used asartifacts in the compliance demonstration process.

To use the IEC Certification Kit Model Advisor checks to view bug reports, from the Simulinktoolstrip:

1 Open the IEC Certification Kit app and select Bug Reports. The Model Advisor opens.2 In the IEC Certification Kit folder, run the check for the product whose bug report you would

like to view.

Alternatively, you can use the bug reports section of the MathWorks website www.mathworks.com/support/bugreports to view and report bugs related to MathWorks products.

Display bug reports for IEC Certification KitDisplay bug reports for the IEC Certification Kit.

Description

Run this check to display the bug reports for IEC Certification Kit that are available atwww.mathworks.com/support/bugreports.

Note This check does not determine whether your model might be affected by these bugs.

Available with the IEC Certification Kit.

Input Parameters

To display bug reports modified after a certain date, use the Only show bug reports modified afterdate (mm/dd/yyyy) field.

Results and Recommended Actions

Condition Recommended ActionThere are bug reports for the IEC Certification Kitproduct.

Review the bug report descriptions and workaroundsprovided in the links listed in the ID column of theModel Advisor window.

See Also

• IEC Certification Kit (for ISO 26262 and IEC 61508)

Display bug reports for Simulink CheckDisplay bug reports for the Simulink Check.

8 Model Advisor Checks

8-2

https://www.mathworks.com/support/bugreports



Description

Run this check to display the bug reports for Simulink Check that are available atwww.mathworks.com/support/bugreports.



Input Parameters



Condition Recommended ActionThere are bug reports for the Simulink Check product. Review the bug report descriptions and workarounds

provided in the links listed in the ID column of theModel Advisor window.

See Also

• Simulink Check

Display bug reports for Simulink CoverageDisplay bug reports for the Simulink Coverage.

Description

Run this check to display the bug reports for Simulink Coverage that are available atwww.mathworks.com/support/bugreports.



Input Parameters



Condition Recommended ActionThere are bug reports for the Simulink Coverageproduct.


IEC Certification Kit Checks for Bug Reports

8-3



See Also

• Simulink Coverage

Display bug reports for Simulink RequirementsDisplay bug reports for the Simulink Requirements.

Description

Run this check to display the bug reports for Simulink Requirements that are available atwww.mathworks.com/support/bugreports.



Input Parameters



Condition Recommended ActionThere are bug reports for the Simulink Requirementsproduct.


See Also

• Simulink Requirements

Display bug reports for Simulink Design VerifierDisplay bug reports for the Simulink Design Verifier.

Description

Run this check to display the bug reports for Simulink Design Verifier that are available atwww.mathworks.com/support/bugreports.



Input Parameters



8-4




Condition Recommended ActionThere are bug reports for the Simulink Design Verifierproduct.


See Also

• Simulink Design Verifier

Display bug reports for Simulink PLC CoderDisplay bug reports for the Simulink PLC Coder.

Description

Run this check to display the bug reports for Simulink PLC Coder that are available atwww.mathworks.com/support/bugreports.



Input Parameters



Condition Recommended ActionThere are bug reports for the Simulink PLC Coderproduct.


See Also

• Simulink PLC Coder

Display bug reports for HDL CoderDisplay bug reports for the HDL Coder.

Description

Run this check to display the bug reports for HDL Coder that are available at www.mathworks.com/support/bugreports.



8-5





Input Parameters



Condition Recommended ActionThere are bug reports for the HDL Coder product. Review the bug report descriptions and workarounds


See Also

• HDL Coder

Display bug reports for Polyspace Bug FinderDisplay bug reports for the Polyspace Bug Finder.

Description

Run this check to display the bug reports for Polyspace Bug Finder that are available atwww.mathworks.com/support/bugreports.



Input Parameters



Condition Recommended ActionThere are bug reports for the Polyspace Bug Finderproduct.


See Also

• Polyspace Bug Finder

Display bug reports for Polyspace Bug Finder ServerDisplay bug reports for the Polyspace Bug Finder Server.


8-6


Description

Run this check to display the bug reports for Polyspace Bug Finder Server that are available atwww.mathworks.com/support/bugreports.



Input Parameters



Condition Recommended ActionThere are bug reports for the Polyspace Bug FinderServer product.


See Also

• Polyspace Bug Finder Server

Display bug reports for Polyspace Code ProverDisplay bug reports for the Polyspace Code Prover.

Description

Run this check to display the bug reports for Polyspace Code Prover that are available atwww.mathworks.com/support/bugreports.



Input Parameters



Condition Recommended ActionThere are bug reports for the Polyspace Code Proverproduct.



8-7



See Also

• Polyspace Code Prover

Display bug reports for Polyspace Code Prover ServerDisplay bug reports for the Polyspace Code Prover Server.

Description

Run this check to display the bug reports for Polyspace Code Prover Server that are available atwww.mathworks.com/support/bugreports.



Input Parameters



Condition Recommended ActionThere are bug reports for the Polyspace Code ProverServer product.


See Also

• Polyspace Code Prover Server

Display bug reports for Embedded CoderDisplay bug reports for the Embedded Coder.

Description

Run this check to display the bug reports for Embedded Coder that are available atwww.mathworks.com/support/bugreports.



Input Parameters



8-8




Condition Recommended ActionThere are bug reports for the Embedded Coderproduct.


See Also

• Embedded Coder

Display bug reports for AUTOSAR BlocksetDisplay bug reports for the AUTOSAR Blockset.

Description

Run this check to display the bug reports for AUTOSAR Blockset that are available atwww.mathworks.com/support/bugreports.



Input Parameters



Condition Recommended ActionThere are bug reports for the AUTOSAR Blocksetproduct.


See Also

• AUTOSAR Blockset

Display bug reports for Simulink TestDisplay bug reports for the Simulink Test.

Description

Run this check to display the bug reports for Simulink Test that are available at www.mathworks.com/support/bugreports.



8-9





Input Parameters



Condition Recommended ActionThere are bug reports for the Simulink Test product. Review the bug report descriptions and workarounds


See Also

• Simulink Test

See Also

More About• “Check Your Model Using the Model Advisor” (Simulink)


8-10

Apps

9

IEC Certification KitStreamline certification of embedded systems to ISO 26262, IEC 61508, IEC 62304, IEC 61511, EN50128, ISO 25119, and related functional-safety standards

DescriptionUse the IEC Certification Kit app to qualify the code generation and verification tools in yourembedded systems to produce a complete certification package for ISO 26262, IEC 61508, IEC62304, IEC 61511, ISO 25119, EN 50128, and related functional-safety standards.

• Access the tool qualification artifacts by clicking the Artifacts Explorer tab.• To open the Model Advisor and run a tool-specific bug report check, click Bug Reports.• Click an option from the Run Validation Tests tab for instructions on executing the test

procedure for the tool.• Generate a Traceability Matrix by clicking Traceability Matrix.

Open the IEC Certification Kit AppIn the Apps gallery, under Code generation, click IEC Certification Kit.

Examples• “Access Artifacts in the IEC Certification Kit Artifacts Explorer” on page 5-2• “IEC Certification Kit Checks for Bug Reports” on page 8-2• “Software Tool Validation” on page 4-2• “Provide Traceability Between Model Objects, Generated Code, and Model Requirements” on

page 6-2

See AlsoFunctionscertkitiec | iec.ExportTraceReport

Topics“Access Artifacts in the IEC Certification Kit Artifacts Explorer” on page 5-2“IEC Certification Kit Checks for Bug Reports” on page 8-2“Software Tool Validation” on page 4-2“Provide Traceability Between Model Objects, Generated Code, and Model Requirements” on page 6-2

Introduced in R2019b

9 Apps

9-2