Check safety-related diagnostic settings for signal data
Check ID:
mathworks.hism.hisl_0314
Check model configuration for diagnostic settings that apply to signal data and that can impact safety.
Description
This check verifies that model diagnostic configuration parameters pertaining to signal data are set optimally for generating code for a safety-related application.
Available with Simulink® Check™.
Results and Recommended Actions
| Condition | Recommended Action |
|---|---|
The diagnostic that specifies how the Simulink software resolves signals associated with Simulink.Signal
objects is set to Explicit and implicit or
Explicit and warn implicit. For
safety-related applications, model developers should be required to
define signal resolution explicitly. (See DO-331, Section MB.6.3.3.b –
Software architecture is consistent.) | Set Signal resolution on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set
the parameter Alternatively, to disable the use of
|
The Product block diagnostic that detects a singular
matrix while inverting one of its inputs in matrix multiplication mode
is set to
none
or warning. Division by a singular matrix can
result in numeric exceptions when executing generated code. This is not
acceptable in safety-related systems. (See DO-331, Section MB.6.3.1.g –
Algorithms are
accurate,
DO-331, Section MB.6.3.2.g – Algorithms are
accurate, and
MISRA C:2012, Dir 4.1.) | Set Division by singular
matrix on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the
parameter CheckMatrixSingularityMsg to
error. |
The diagnostic that detects when the Simulink software cannot infer the data type of a signal during
data type propagation is set to
none
or warning. For safety-related applications,
model developers must verify the data types of signals. (See DO-331,
Section MB.6.3.1.e – High-level requirements conform to standards, and
DO-331, Section MB.6.3.2.e – Low-level requirements conform to
standards.) | Set Underspecified data
types on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the
parameter UnderSpecifiedDataTypeMsg to
error. |
The diagnostic that detects whether the value of a signal is too
large to be represented by the signal data type is set to
none
or warning. Undetected numeric overflows can
result in unexpected application behavior. (See DO-331, Section
MB.6.3.1.g – Algorithms are
accurate,
DO-331, Section MB.6.3.2.g – Algorithms are
accurate, and
MISRA C:2012, Dir 4.1.) | Set Wrap on overflow on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the
parameter IntegerOverflowMsg to
error. |
The diagnostic that detects whether the value of a signal is too
large to be represented by the signal data type, resulting in a
saturation, is set to
none
or warning. Undetected numeric overflows can
result in unexpected application behavior. (See DO-331, Section
MB.6.3.1.g – Algorithms are
accurate,
DO-331, Section MB.6.3.2.g – Algorithms are
accurate, and
MISRA C:2012, Dir 4.1.) | Set Saturate on overflow on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the
parameter IntegerSaturationMsg to
error. |
The diagnostic that detects when the value of a block output signal
is Inf or NaN at the current time
step is set to
none
or warning. When this type of block output
signal condition occurs, numeric exceptions can result, and numeric
exceptions are not acceptable in safety-related applications. (See
DO-331, Section MB.6.3.1.g – Algorithms are
accurate,
DO-331, Section MB.6.3.2.g – Algorithms are
accurate, and
MISRA C:2012, Dir 4.1.) | Set Inf or NaN block output on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the
parameter SignalInfNanChecking to
error. |
The diagnostic that detects Simulink object names that begin with rt is set
to none
or warning. This diagnostic prevents name
clashes with generated signal names that have an rt
prefix. (See DO-331, Section MB.6.3.1.e – High-level requirements
conform to standards, and DO-331, Section MB.6.3.2.e – Low-level
requirements conform to standards.) | Set "rt" prefix
for identifiers on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the
parameter RTPrefix to
error. |
The diagnostic that detects simulation range checking is set to
none
or warning. This diagnostic detects when
signals exceed their specified ranges during simulation. Simulink compares the signal values that a block outputs with the
specified range and the block data type. (See DO-331, Section MB.6.3.1.g
– Algorithms are
accurate,
DO-331, Section MB.6.3.2.g – Algorithms are
accurate, and
MISRA C:2012, Dir 4.1.) | Set Simulation range checking on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the
parameter SignalRangeChecking to
error. |
Action Results
Clicking Modify Settings configures model diagnostic settings that apply to signal data and that can impact safety.
Capabilities and Limitations
Does not run on library models.
Does not allow exclusions of blocks or charts.
See Also
You can also select a web site from the following list:
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)