Professional Documents
Culture Documents
www.mathworks.com
www.mathworks.com/sales_and_services
User community:
www.mathworks.com/matlabcentral
Technical support:
www.mathworks.com/support/contact_us
Phone:
508-647-7000
Revision History
March 2012
September 2012
March 2013
September 2013
March 2014
October 2014
March 2015
September 2015
Contents
1 Introduction ...................................................................................................................................... 1-1
2 Tool Overview and Identification .................................................................................................... 2-1
2.1 Simulink Code Inspector Product Description ........................................................................ 2-2
2.2 Simulink Code Inspector Product Identifier ............................................................................ 2-4
3 Tool Operational Requirements ....................................................................................................... 3-1
4 Certification Considerations ............................................................................................................. 4-1
4.1 Requirements for Qualification ............................................................................................... 4-2
4.2 Certification Credit .................................................................................................................. 4-3
5 Tool Development Life Cycle Tool Developer ............................................................................. 5-1
6 Tool Development Life Cycle Tool User ...................................................................................... 6-1
6.1 Planning................................................................................................................................... 6-2
6.2 Requirements........................................................................................................................... 6-3
6.3 Verification ............................................................................................................................. 6-4
7 Additional Considerations ................................................................................................................ 7-1
7.1 Independence........................................................................................................................... 7-2
7.2 Customer Bug Reporting Considerations ................................................................................ 7-3
7.3 Protection Mechanisms ........................................................................................................... 7-4
8 Tool Life Cycle Data ........................................................................................................................ 8-1
9 Schedule ........................................................................................................................................... 9-1
vi
1 Introduction
This document comprises the Tool Qualification Plan (Reference DO-330 Section 10.1.2) for
the following capability of the Simulink Code Inspector verification tool:
Code inspection report
This document is intended for use in the DO-178C and DO-330 tool qualification process for
Criteria 2 TQL-4 tools.
See also the DO Qualification Kit User's Guide, R2015b.
1-2
Simulink Code Inspector automatically compares generated code with its source model to
satisfy code-review objectives in DO-178 and other high-integrity standards. The code inspector
systematically examines blocks, state diagrams, parameters, and settings in a model to determine
whether they are structurally equivalent to operations, operators, and data in the generated code.
Simulink Code Inspector provides detailed model-to-code and code-to-model traceability
analysis. It generates structural equivalence and traceability reports that you can submit to
certification authorities to satisfy DO-178 software coding verification objectives.
Key Features
2-2
2-3
Version (Release)
Tool Vendor
DO Qualification Kit
2-4
3-2
4 Certification Considerations
This section provides the certification considerations for the following capabilities of the
Simulink Code Inspector verification tool:
Code inspection report
Code Inspection
Report
Can the tool insert an error into the airborne software or fail to detect an existing
error in the software within the scope of its intended usage?
Yes1
Will the output of the tool not be verified as specified in Section 6 of DO-178C,
DO-278A, DO-331, DO-332 or DO-333?
Yes
Yes
Given that the answer to all the preceding questions is yes, the Simulink Code Inspector code
inspection report must be qualified.
To determine the qualification type (Criteria 1, Criteria 2, or Criteria 3), answer the following
questions about the tool:
Question
Code Inspection
Report
1.
No
2.
Is the tool output part of the airborne software, such that the output can insert
an error into the software?
Could the tool fail to detect an error in the airborne software and is the tool
also used to justify the elimination or reduction of either of the following:
3.
Yes
Yes
Because the answer to the preceding first question is no and the second question is yes, the
Simulink Code Inspector code inspection report must be qualified as a Criteria 2 tool following
the DO-330 tool qualification for process for TQL-4.
4-2
DO-331
Reference
Software or
Assurance
Levels
Credit Taken
(in conjunction with other
tools)
Table
MB.A-5
MB.C-5
Source code
complies with lowlevel requirement
Section MB.6.3.4.a
A, B, C
AL1, AL2, AL3
Full.
Table
MB.A-5
MB.C-5
Table
MB.A-5
MB.C-5
Table
MB.A-5
MB.C-5
Source code
Section MB.6.3.4.b
complies with
software architecture
Source code is
Section MB.6.3.4.c
verifiable
A, B, C
AL1, AL2, AL3
Full.
A, B
AL1, AL2
Full.
Source code is
Section MB.6.3.4.e
traceable to low-level
requirements
A, B, C
AL1, AL2, AL3
Table
MB.A-5
MB.C-5
Source code is
accurate and
consistent
A, B, C
AL1, AL2, AL3
Section MB.6.3.4.f
4-3
4-4
for MathWorks tools being qualified to TQL-4, as defined in DO-178C and DO-330. The DO
Qualification Kit: Tool Life Cycle Process document provides information about the tool
development life cycle, including:
5-2
6.1 Planning
The Plan for Software Aspects of Certification (PSAC) or Plan for Software Aspects of
Approval designates that the Simulink Code Inspector code inspection report will be qualified as
a Criteria 2 TQL-4 tool, as defined in DO-178C.
This document provides the Tool Qualification Plan for the Simulink Code Inspector code
inspection report.
6-2
6.2 Requirements
Tool Operational Requirements for the Simulink Code Inspector are in:
Simulink Code Inspector Tool Operational Requirements, R2015b
qualkitdo_slci_tor_tr_trace.xlsx
Review the Tool Operational Requirements for applicability to the project under
consideration.
Configure the Tool Operational Requirements in a configuration management system.
User information for the Simulink Code Inspector code inspection report can be found in
Code Inspections Reports in the Simulink Code Inspector Users Guide, R2015b.
User information about Simulink Code Inspector model configuration, block, Stateflow, and
MATLAB function constraints can be found in the following sections in the Simulink Code
Inspector Reference, R2015b:
-
To access the requirements documents, traceability matrix and user information, on the
MATLAB command line, type qualkitdo to open the Artifacts Explorer. The documents
are in Simulink Code Inspector.
Instructions for installing the Simulink Code Inspector product are at the MathWorks
Documentation Center, R2015b:
Installation
6-3
6.3 Verification
Requirements-based test cases and procedures will be developed from the:
Simulink Code Inspector Tool Operational Requirements, R2015b
Simulink Code Inspector Tool Requirements, R2015b
The test cases and procedures will be developed in the form of Simulink models and code files
that exercise the Simulink Code Inspector code inspection report.
The test cases and procedures are documented in:
Simulink Code Inspector Test Cases and Procedures, R2015b
qualkitdoSlciRunTests.xls
To access the documents, on the MATLAB command line, type qualkitdo to open the
Artifacts Explorer. The document is in Simulink Code Inspector.
The applicant will:
Review the test cases and procedures for applicability to the project under consideration.
Configure the test cases and procedures in a configuration management system.
Execute the test cases and procedures in the installed environment.
Executing the MATLAB file listed in the following table opens the corresponding Simulink
Report Generator report file, which generates tool verification results in the specified test
reports.
Test Files
Test Report
qualkitdoSlciRunTests.m
qualkitdoSlciRunTests.rpt
qualkitdoSlciQualificationReport_*.html
6-4
7 Additional Considerations
7.1 Independence
The Simulink Code Inspector is used to verify the output of an unqualified development tool,
Embedded Coder. Therefore, for Simulink Code Inspector qualification, the developer needs to
demonstrate the independence of Simulink Code Inspector and Embedded Coder development.
Reference DO-330, FAQ D.7.
The DO Qualification Kit: Simulink Code Inspector Independence Analysis document provides
an independence analysis, including:
7-2
7-3
7-4
The following table shows the life cycle data for the Simulink Code Inspector code inspection
report. The table maps the documents and artifacts to DO-330 life cycle data items.
Simulink Code Inspector Code Inspection Report Life Cycle Data
Data
Available/
Submit
DO-330
Reference
Documents/Artifacts
Section 10.1.1
Section 10.1.2
Available
Section 10.1.3
Available
Section 10.1.4
Tool Configuration
Available
Management Plan
Tool Quality Assurance Plan Available
Section 10.1.5
Section 10.1.7
Section 10.1.8
Section 10.1.9
Section 10.1.6
Section 10.1.10 Simulink Code Inspector Tool Configuration Index. For more
information, contact MathWorks.
Section 10.1.11 Simulink Code Inspector Tool Configuration Index. For more
information, contact MathWorks.
Section 10.1.12 MathWorks bug report system at
www.mathworks.com/support/bugreports.
Available
Tool Configuration
Management Records
Tool Quality Assurance
Records
Tool-Specific Information in
SECI
Tool Requirements
Available
Available
Available
Available
Section 10.2.1
Available
Section 10.2.2
Available
Section 10.2.3
Section 10.2.4
8-2
Data
Available/
Submit
DO-330
Reference
Documents/Artifacts
Tool Operational
Requirements
Available
Section 10.3.1
Submit
Available
Section
10.3.2
Section 10.3.3
10.2.5
Trace Data
Available
Available
Section 10.3.4
10.2.6
qualkitdoSlciQualificationReport_*.html
Section
10.2.7
qualkitdoSlciRunTests.xlsx
qualkitdo_slci_tor_trace.xlsx
Compatibility_checks_tests_tracematrix.xlsx
Robustness_Testing_trace_to_tr.xlsx
Available
Software Accomplishment
Submit
Summary (SAS)
Tool Qualification
Submit
Accomplishment Summary
Notes:
** To be created by applicant
FAQ D.7
The applicant must deliver data marked Submit to the certification authorities. Data marked Available
must be available at the applicants or tool vendors site for inspection by the certification authorities.
8-3
8-4
9 Schedule
<Insert tool schedule in this section.>