Professional Documents
Culture Documents
www.mathworks.com
www.mathworks.com/sales_and_services
User community:
www.mathworks.com/matlabcentral
Technical support:
www.mathworks.com/support/contact_us
Phone:
508-647-7000
Revision History
March 2012
September 2012
March 2013
September 2013
March 2014
October 2014
March 2015
September 2015
Contents
1 Model-Based Design for ISO 26262 ................................................................................................ 1-1
2 ISO 262626: Applicable Model-Based Design Tools and Processes ............................................. 2-1
2.1 Initiation of Product Development at the Software Level ....................................................... 2-2
Table 1 Topics To Be Covered By Modeling and Coding Guidelines ................................. 2-2
2.2 Software Architectural Design ................................................................................................ 2-3
Table 2 Notations for Software Architectural Design .......................................................... 2-3
Table 3 Principles for Software Architectural Design .......................................................... 2-3
Table 4 Mechanisms for Error Detection at the Software Architectural Level .................... 2-5
Table 5 Mechanisms for Error Handling at the Software Architectural Level ..................... 2-5
Table 6 Methods for Verification of Software Architectural Design ................................... 2-6
2.3 Software Unit Design and Implementation ............................................................................. 2-8
Table 7 Notations for Software Unit Design ........................................................................ 2-8
Table 8 Design Principles for Software Unit Design and Implementation........................... 2-9
Table 9 Methods for Verification of Software Unit Design and Implementation .............. 2-12
2.4 Software Unit Testing ........................................................................................................... 2-15
Table 10 Methods for Software Unit Testing ..................................................................... 2-15
Table 11 Methods for Deriving Test Cases for Software Unit Testing .............................. 2-17
Table 12 Structural Coverage Metrics at the Software Unit Level..................................... 2-17
2.5 Software Integration and Testing .......................................................................................... 2-19
Table 13 Methods for Software Integration Testing........................................................... 2-19
Table 14 Methods for Deriving Test Cases for Software Integration Testing .................... 2-21
Table 15 Structural Coverage Metrics at the Software Architectural Level ....................... 2-21
3 ISO 262628: Applicable Model-Based Design Tools and Processes ............................................. 3-1
3.1 Confidence in the Use of Software Tools ................................................................................ 3-2
Table 4 Qualification of Software Tools Classified TCL3 ................................................... 3-2
Table 5 Qualification of Software Tools Classified TCL2 ................................................... 3-3
vi
1-2
2 ISO 262626:
Applicable Model-Based Design
Tools and Processes
1a
1b
1c
1d
1e
1f
1g
1h
Enforcement of low
complexity
Use of language subsets
Enforcement of strong
typing
Use of defensive
implementation
techniques
Use of established design
principles
Use of unambiguous
graphical representation
Use of style guides
Use of naming
conventions
ASIL
A
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
++
+
++
++
++
++
++
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
Simulink Modeling
Guidelines
Polyspace Bug Finder,
Polyspace Code Prover
Coding Rules Checks
2-2
1a
Informal notations
ASIL
A
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
1b
Semiformal notations
++
++
++
1c
Formal notations
Simulink
Stateflow
1a
Hierarchical structure
of software
components
ASIL
A
++
++
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
Stateflow
Simulink Model Dependency
Viewer
Embedded Coder
2-3
Methods
1b
Restricted size of
software components
ASIL
A
Applicable Model-Based
Design Tools and
Processes
++
++
++
++
Simulink
Comments
Stateflow
Embedded Coder
Simulink Verification and
Validation ISO 26262 checks
Restricted size of
interfaces
1f
++
++
++
++
++
++
++
++
++
++
Simulink
1g
Restricted use of
interrupts
++
Embedded Coder
Configuration
2-4
1a
ASIL
A
Applicable Model-Based
Design Tools and
Processes
++
++
++
++
Simulink
Stateflow
Simulink Design Verifier
1b
Plausibility
++
1c
Detection of data
errors
Stateflow
Simulink
1d
External monitoring
facility
Control flow
monitoring
Diverse software
design
++
++
++
++
Comments
Stateflow
1e
1f
Simulink
Stateflow
Fixed-Point Designer
ASIL
A
Applicable Model-Based
Design Tools and
Processes
1a
Static recovery
mechanism
Simulink
1b
Graceful degradation
++
++
Stateflow
Stateflow
1c
Independent parallel
redundancy
Correcting codes for
data
++
1d
Comments
2-5
1a
1b
Walkthrough of the
design
Inspection of the
design
ASIL
A
Applicable Model-Based
Design Tools and
Processes
++
Simulink
++
++
++
1c
Simulation of dynamic
parts of the design
++
Simulink
Stateflow
Simulink Test
1d
Prototype generation
++
Simulink Coder
Embedded Coder
Simulink 3D Animation
Gauges Blockset
Comments
2-6
Methods
1e
Formal verification
ASIL
A
Applicable Model-Based
Design Tools and
Processes
Comments
++
++
1g
++
++
Simulink Diagnostics
Stateflow Diagnostics
Polyspace Code Prover
Global variable usage analysis,
Code verification
2-7
1a
1b
Natural language
Informal notations
ASIL
A
++
++
++
++
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
1c
Semiformal notations
++
++
++
1d
Formal notations
Simulink
Stateflow
2-8
1a
ASIL
A
++
++
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
Simulink Modeling
guidelines
1b
No dynamic objects or
variables, or else online
test during their creation
++
++
++
Embedded Coder
Configuration
Polyspace Bug Finder
MISRA C checker
1c
Initialization of variables
++
++
++
++
Simulink IC block,
diagnostics
Embedded Coder
Configuration
2-9
Methods
1d
No multiple use of
variable names
ASIL
A
Applicable Model-Based
Design Tools and
Processes
++
++
++
Simulink Diagnostics
++
++
Simulink
Embedded Coder
Configuration
Polyspace Code Prover
Global variable usage
analysis
Polyspace Bug Finder
MISRA C checker
1f
++
Embedded Coder
Configuration
Comments
2-10
Methods
ASIL
A
Applicable Model-Based
Design Tools and
Processes
Comments
1g
++
++
++
1h
++
++
++
2-11
Methods
ASIL
A
Applicable Model-Based
Design Tools and
Processes
Comments
1i
No unconditional
jumps
++
++
++
++
1j
No recursions
++
++
Simulink Modeling
guidelines
1a
Walkthrough
ASIL
A
Applicable Model-Based
Design Tools and
Processes
++
Simulink
Simulink Report Generator
Web View, System Design
Description (SDD) report
Embedded Coder Code
generation report
1b
Inspection
++
++
++
Simulink
Simulink Report Generator
Web View, System Design
Description (SDD) report
Comments
2-12
Methods
ASIL
A
Applicable Model-Based
Design Tools and
Processes
Comments
1c
Semiformal
verification
++
++
Simulink Test
1d
Formal verification
1e
++
++
2-13
Methods
1f
ASIL
A
Applicable Model-Based
Design Tools and
Processes
++
++
Simulink Diagnostics
Stateflow Diagnostics
Polyspace Code Prover Code
verification
1g
1h
Semantic code
analysis
++
++
++
Comments
Clause
8.4.5
b)
Comments
2-14
1a
Requirements-based
test
ASIL
A
++
++
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
Simulink Test
1b
Interface test
++
++
++
++
1c
++
Simulink
Stateflow
2-15
Methods
ASIL
A
Applicable Model-Based
Design Tools and
Processes
++
1e
Back-to-back test
between model and
code, if applicable
++
++
Simulink
Comments
Stateflow
2-16
Table 11 Methods for Deriving Test Cases for Software Unit Testing
Methods
1a
Analysis of
requirements
ASIL
A
++
++
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
Simulink Test
1b
Generation and
analysis of
equivalence classes
++
++
++
1c
Analysis of boundary
values
++
++
++
1d
Error guessing
ASIL
A
Applicable Model-Based
Design Tools and
Processes
Comments
1a
Statement coverage
++
++
1b
Branch coverage
++
++
++
2-17
Methods
ASIL
A
Applicable Model-Based
Design Tools and
Processes
Comments
1c
MC/DC (Modified
Condition/Decision
Coverage)
++
2-18
1a
Requirements-based
test
ASIL
A
++
++
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
Simulink Test
1b
Interface test
++
++
++
++
1c
++
++
Simulink
Stateflow
2-19
Methods
ASIL
A
Applicable Model-Based
Design Tools and
Processes
++
1e
Back-to-back test
between model and
code, if applicable
++
++
Simulink
Stateflow
Comments
2-20
Table 14 Methods for Deriving Test Cases for Software Integration Testing
Methods
1a
Analysis of
requirements
ASIL
A
++
++
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
Simulink Test
1b
Generation and
analysis of
equivalence classes
++
++
++
1c
Analysis of boundary
values
++
++
++
1d
Error guessing
ASIL
A
Applicable Model-Based
Design Tools and
Processes
Comments
1a
Function coverage
++
++
1b
Call coverage
++
++
2-21
2-22
3 ISO 262628:
Applicable Model-Based Design
Tools and Processes
1a
1b
1c
1d
ASIL
A
Increased confidence
from use in
accordance with 11.4.7
Evaluation of the tool
development process
in accordance with
11.4.8
Validation of the
software tool in
accordance with 11.4.9
++
++
++
++
++
++
Development in
accordance with a
safety standard
++
++
Applicable Model-Based
Design Tools and
Processes
Comments
3-2
1a
1b
1c
1d
ASIL
A
Increased confidence
from use in
accordance with 11.4.7
Evaluation of the tool
development process
in accordance with
11.4.8
Validation of the
software tool in
accordance with 11.4.9
++
++
++
++
++
++
++
Development in
accordance with a
safety standard
++
Applicable Model-Based
Design Tools and
Processes
Comments
3-3