Model Checks for DO-178C/DO-331 Standard Compliance

You can check that your model or subsystem complies with selected aspects of the DO-178C safety standard by running the Model Advisor.

To check compliance with DO standards, open the Model Advisor and run the checks in By Task > Modeling Standards for DO-178C/DO-331.

For information on the DO-178C Software Considerations in Airborne Systems and Equipment Certification and related standards, see Radio Technical Commission for Aeronautics (RTCA).

The table lists the DO-178C/DO-331 checks.

DO-178C/DO-331 Check
Display model version information
Check for Discrete-Time Integrator blocks with initial condition uncertainty (Simulink)
Check root model Inport block specifications (Simulink)
Identify unconnected lines, input ports, and output ports (Simulink)
Check usage of tunable parameters in blocks
Check for Strong Data Typing with Simulink I/O
Check for blocks that have constraints on tunable parameters (Simulink Coder)
Identify questionable subsystem settings (Embedded Coder)
Check bus signals treated as vectors
Check for potentially delayed function-call subsystem return values
Check usage of Merge blocks
Check definition of Stateflow data
Check usage of exclusive and default states in state machines
Identify disabled library links
Identify parameterized library links
Identify unresolved library links
Check for model reference configuration mismatch
Check for parameter tunability information ignored for referenced models
Identify requirement links that specify invalid locations within documents
Identify requirement links with missing documents
Identify requirement links with path type inconsistent with preferences
Identify selection-based links having descriptions that do not match their requirements document text
Check sample times and tasking mode
Check solver for code generation
Check the hardware implementation
Display bug reports for DO Qualification Kit
Display bug reports for Embedded Coder
Display bug reports for Polyspace Code Prover
Display bug reports for Polyspace Code Prover Server
Display bug reports for Polyspace Bug Finder
Display bug reports for Polyspace Bug Finder Server
Display bug reports for Simulink Code Inspector
Display bug reports for Simulink Report Generator
Display bug reports for Simulink Check
Display bug reports for Simulink Coverage
Display bug reports for Simulink Design Verifier
Display bug reports for Simulink Test
Display bug reports for Simulink Requirements
Display bug reports for Simulink

The following are the High-Integrity System Modeling checks that are applicable for the DO-178C/DO-331 standards.

Model Checks for High Integrity Systems Modeling

You can check that your model or subsystem complies with selected aspects of the High Integrity System Model safety standard by running the Model Advisor.

To check compliance with High Integrity System Model standards, run the high-integrity checks from these Model Advisor folders:

  • By Task > Modeling Standards for DO-178C/DO-331 > High-Integrity Systems

  • By Task > Modeling Standards for IEC 61508 > High-Integrity Systems

  • By Task > Modeling Standards for IEC 62304 > High-Integrity Systems

  • By Task > Modeling Standards for EN 50128 > High-Integrity Systems

  • By Task > Modeling Standards for ISO 26262 > High-Integrity Systems

For information on the High Integrity System Model Software Considerations in Airborne Systems and Equipment Certification and related standards, see Radio Technical Commission for Aeronautics (RTCA).

The table lists the High Integrity System Model checks and their corresponding modeling guidelines. For more information about the High-Integrity Modeling Guidelines, see High-Integrity System Modeling (Simulink).

High Integrity Systems Modeling Checks

High Integrity System Model CheckApplicable High-Integrity System Modeling Guidelines
Check usage of lookup table blocks hisl_0033: Usage of Lookup Table blocks (Simulink)
Check for inconsistent vector indexing methodshisl_0021: Consistent vector indexing method (Simulink)
Check for variant blocks with 'Generate preprocessor conditionals' activehisl_0023: Verification of model and subsystem variants (Simulink)
Check for root Inports with missing propertieshisl_0024: Inport interface definition (Simulink)
Check for Relational Operator blocks that equate floating-point typeshisl_0017: Usage of blocks that compute relational operators (2) (Simulink)
Check usage of Relational Operator blockshisl_0016: Usage of blocks that compute relational operators (Simulink)
Check usage of Logical Operator blockshisl_0018: Usage of Logical Operator block (Simulink)
Check usage of While Iterator blockshisl_0006: Usage of While Iterator blocks (Simulink)
Check sample time-dependent blockshisl_0007: Usage of For Iterator or While Iterator subsystems (Simulink)
Check usage of For Iterator blockshisl_0008: Usage of For Iterator Blocks (Simulink)
Check usage of If blocks and If Action Subsystem blockshisl_0010: Usage of If blocks and If Action Subsystem blocks (Simulink)
Check usage Switch Case blocks and Switch Case Action Subsystem blockshisl_0011: Usage of Switch Case blocks and Action Subsystem blocks (Simulink)
Check safety-related optimization settings for logic signalshisl_0045: Configuration Parameters > Math and Data Types > Implement logic signals as Boolean data (vs. double) (Simulink)
Check safety-related block reduction optimization settingshisl_0046: Configuration Parameters > Simulation Target > Block reduction (Simulink)
Check safety-related optimization settings for application lifespanhisl_0048: Configuration Parameters > Math and Data Types > Application lifespan (days) (Simulink)
Check safety-related optimization settings for data initializationhisl_0052: Configuration Parameters > Code Generation > Optimization > Data initialization (Simulink)
Check safety-related optimization settings for data type conversionshisl_0053: Configuration Parameters > Code Generation > Optimization > Remove code from floating-point to integer conversions that wraps out-of-range values (Simulink)
Check safety-related optimization settings for division arithmetic exceptionshisl_0054: Configuration Parameters > Code Generation > Optimization > Remove code that protects against division arithmetic exceptions (Simulink)
Check safety-related code generation settings for commentshisl_0038: Configuration Parameters > Code Generation > Comments (Simulink)
Check safety-related code generation interface settingshisl_0039: Configuration Parameters > Code Generation > Interface (Simulink)
Check safety-related code generation settings for code stylehisl_0047: Configuration Parameters > Code Generation > Code Style (Simulink)
Check safety-related code generation identifier settingshisl_0049: Configuration Parameters > Code Generation > Identifiers (Simulink)
Check usage of Abs blockshisl_0001: Usage of Abs block (Simulink)
Check usage of Math Function blocks (rem and reciprocal functions)hisl_0002: Usage of Math Function blocks (rem and reciprocal) (Simulink)
Check usage of Math Function blocks (log and log10 functions)hisl_0004: Usage of Math Function blocks (natural logarithm and base 10 logarithm) (Simulink)
Check usage of Assignment blockshisl_0029: Usage of Assignment blocks (Simulink)
Check usage of Signal Routing blockshisl_0034: Usage of Signal Routing blocks (Simulink)
Check for root Inports with missing range definitionshisl_0025: Design min/max specification of input interfaces (Simulink)
Check for root Outports with missing range definitionshisl_0026: Design min/max specification of output interfaces (Simulink)
Check state machine type of Stateflow chartshisf_0001: State Machine Type (Simulink)
Check Stateflow charts for transition paths that cross parallel state boundarieshisf_0013: Usage of transition paths (crossing parallel state boundaries) (Simulink)
Check Stateflow charts for ordering of states and transitionshisf_0002: User-specified state/transition execution order (Simulink)
Check Stateflow debugging optionshisf_0011: Stateflow debugging settings (Simulink)
Check Stateflow charts for uniquely defined data objectshisl_0061: Unique identifiers for clarity (Simulink)
Check Stateflow charts for strong data typinghisf_0015: Strong data typing (casting variables and parameters in expressions) (Simulink)
Check usage of shift operations for Stateflow datahisf_0064: Shift operations for Stateflow data to improve code compliance (Simulink)
Check assignment operations in Stateflow chartshisf_0065: Type cast operations in Stateflow to improve code compliance (Simulink)
Check Stateflow charts for unary operatorshisf_0211: Protect against use of unary operators in Stateflow Charts to improve code compliance (Simulink)
Check for Strong Data Typing with Simulink I/Ohisf_0009: Strong data typing (Simulink and Stateflow boundary) (Simulink)
Check for MATLAB Function interfaces with inherited propertieshiml_0002: Strong data typing at MATLAB function boundaries (Simulink)
Check MATLAB Function metricshiml_0003: Limitation of MATLAB function complexity (Simulink)
Check MATLAB Code Analyzer messageshiml_0004: MATLAB Code Analyzer recommendations for code generation (Simulink)
Check safety-related model referencing settingshisl_0037: Configuration Parameters > Model Referencing (Simulink)
Check safety-related diagnostic settings for solvershisl_0043: Configuration Parameters > Diagnostics > Solver (Simulink)
Check safety-related solver settings for simulation timehisl_0040: Configuration Parameters > Solver > Simulation time (Simulink)
Check safety-related solver settings for solver optionshisl_0041: Configuration Parameters > Solver > Solver options (Simulink)
Check safety-related solver settings for tasking and sample-timehisl_0042: Configuration Parameters > Solver > Tasking and sample time options (Simulink)
Check safety-related diagnostic settings for sample timehisl_0044: Configuration Parameters > Diagnostics > Sample Time (Simulink)
Check safety-related diagnostic settings for parametershisl_0302: Configuration Parameters > Diagnostics > Data Validity > Parameters (Simulink)
Check safety-related diagnostic settings for data used for debugginghisl_0305: Configuration Parameters > Diagnostics > Data Validity > Debugging (Simulink)
Check safety-related diagnostic settings for data store memoryhisl_0013: Usage of data store blocks (Simulink)
Check safety-related diagnostic settings for type conversionshisl_0309: Configuration Parameters > Diagnostics > Type Conversion (Simulink)
Check safety-related diagnostic settings for signal connectivityhisl_0306: Configuration Parameters > Diagnostics > Connectivity > Signals (Simulink)
Check safety-related diagnostic settings for bus connectivityhisl_0307: Configuration Parameters > Diagnostics > Connectivity > Buses (Simulink)
Check safety-related diagnostic settings that apply to function-call connectivityhisl_0308: Configuration Parameters > Diagnostics > Connectivity > Function calls (Simulink)
Check safety-related diagnostic settings for compatibilityhisl_0301: Configuration Parameters > Diagnostics > Compatibility (Simulink)
Check safety-related diagnostic settings for model initializationhisl_0304: Configuration Parameters > Diagnostics > Data Validity > Model initialization (Simulink)
Check safety-related diagnostic settings for model referencinghisl_0310: Configuration Parameters > Diagnostics > Model Referencing (Simulink)
Check safety-related diagnostic settings for savinghisl_0036: Configuration Parameters > Diagnostics > Saving (Simulink)
Check safety-related diagnostic settings for Merge blockshisl_0303: Configuration Parameters > Diagnostics > Data Validity > Merge blocks (Simulink)
Check safety-related diagnostic settings for Stateflowhisl_0311: Configuration Parameters > Diagnostics > Stateflow (Simulink)
Check safety-related optimization settings for Loop unrolling thresholdhisl_0051: Configuration Parameters > Code Generation > Optimization > Loop unrolling threshold (Simulink)
Check model object nameshisl_0032: Model object names (Simulink)
Check for model elements that do not link to requirementshisl_0070: Placement of requirement links in a model (Simulink)
Check for inappropriate use of transition pathshisf_0014: Usage of transition paths (passing through states) (Simulink)
Check usage of Bitwise Operator blockhisl_0019: Usage of bitwise operations (Simulink)
Check data types for blocks with index signalshisl_0022: Data type selection for index signals (Simulink)
Check model file namehisl_0031: Model file names (Simulink)
Check if/elseif/else patterns in MATLAB Function blockshiml_0006: MATLAB code if / elseif / else patterns (Simulink)
Check switch statements in MATLAB Function blockshiml_0007: MATLAB code switch / case / otherwise patterns (Simulink)
Check global variables in graphical functionshisl_0062: Global variables in graphical functions (Simulink)
Check for length of user-defined object nameshisl_0063: Length of user-defined object names to improve MISRA C:2012 compliance (Simulink)
Check usage of Merge blockshisl_0015: Usage of Merge blocks (Simulink)
Check usage of conditionally executed subsystemshisl_0012: Usage of conditionally executed subsystems (Simulink)
Check usage of standardized MATLAB function headershiml_0001: Usage of standardized MATLAB function headers (Simulink)
Check usage of relational operators in MATLAB Function blockshiml_0008: MATLAB code relational operator data types (Simulink)
Check usage of equality operators in MATLAB Function blockshiml_0009: MATLAB code with equal / not equal relational operators (Simulink)
Check usage of logical operators and functions in MATLAB Function blockshiml_0010: MATLAB code with logical operators and functions (Simulink)
Check type and size of conditional expressionshiml_0011: Data type and size of condition expressions (Simulink)
Check naming of ports in Stateflow chartshisf_0016: Stateflow port names (Simulink)
Check scoping of Stateflow data objectshisf_0017: Stateflow data object scoping (Simulink)
Check usage of Gain blockshisl_0066: Usage of Gain blocks (Simulink)
Check usage of bitwise operations in Stateflow chartshisf_0003: Usage of bitwise operations (Simulink)
Check data type of loop control variableshisl_0102: Data type of loop control variables to improve MISRA C:2012 compliance (Simulink)
Check configuration parameters for MISRA C:2012hisl_0060: Configuration parameters that improve MISRA C:2012 compliance (Simulink)

Check for blocks not recommended for C/C++ production code deployment

Check for blocks not recommended for MISRA C:2012

hisl_0020: Blocks not recommended for MISRA C:2012 compliance (Simulink)

Check safety-related optimization settings for specified minimum and maximum values

hisl_0056: Configuration Parameters > Code Generation > Optimization > Optimize using the specified minimum and maximum values (Simulink)

Related Topics

Simulink Check Documentation
Support
Automating Verification and Validation with Simulink

Automating Verification and Validation with Simulink

Get resources