Contenuto principale

Check safety-related diagnostic settings for signal data

mathworks.hism.hisl_0314

Dependencies: Simulink® Check™

Usage: High-Integrity System Modeling

Guideline: hisl_0314: Configuration Parameters > Diagnostics > Data Validity > Signals

Description

Use this check to verify that model diagnostic configuration parameters pertaining to signal data are set optimally for generating code for a safety-related application.

Recommended Actions and Results

Review the violations that are flagged by the check and the recommended action for fixing the issue. After applying the changes, save the model and rerun the check analysis.

You can use the Fix button to allow the Model Advisor to fix flagged violations. For this check, the Model Advisor configures diagnostic settings that apply to Stateflow® and that can impact safety.

Modeling ConditionRecommended Action
The diagnostic that specifies how the Simulink software resolves signals associated with Simulink.Signal objects is set to Explicit and implicit or Explicit and warn implicit. For safety-related applications, model developers should be required to define signal resolution explicitly. (See DO-331, Section MB.6.3.3.b – Software architecture is consistent.)

Set Signal resolution on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter SignalResolutionControl to Explicit only. This provides predictable operation by requiring users to define each signal and block setting that must resolve to Simulink.Signal objects in the workspace.

Alternatively, to disable the use of Simulink.Signal objects, set the configuration parameter to None.

The diagnostic that detects whether the value of a signal is too large to be represented by the signal data type is set to none or warning. Undetected numeric overflows can result in unexpected application behavior. (See DO-331, Section MB.6.3.1.g – Algorithms are accurate, DO-331, Section MB.6.3.2.g – Algorithms are accurate, and MISRA C:2012, Dir 4.1.)Set Wrap on overflow on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter IntegerOverflowMsg to error.
The diagnostic that detects whether the value of a signal is too large to be represented by the signal data type, resulting in a saturation, is set to none or warning. Undetected numeric overflows can result in unexpected application behavior. (See DO-331, Section MB.6.3.1.g – Algorithms are accurate, DO-331, Section MB.6.3.2.g – Algorithms are accurate, and MISRA C:2012, Dir 4.1.)Set Saturate on overflow on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter IntegerSaturationMsg to error.
The diagnostic that detects when the value of a block output signal is Inf or NaN at the current time step is set to none or warning. When this type of block output signal condition occurs, numeric exceptions can result, and numeric exceptions are not acceptable in safety-related applications. (See DO-331, Section MB.6.3.1.g – Algorithms are accurate, DO-331, Section MB.6.3.2.g – Algorithms are accurate, and MISRA C:2012, Dir 4.1.)Set Inf or NaN block output on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter SignalInfNanChecking to error.
The diagnostic that detects Simulink object names that begin with rt is set to none or warning. This diagnostic prevents name clashes with generated signal names that have an rt prefix. (See DO-331, Section MB.6.3.1.e – High-level requirements conform to standards, and DO-331, Section MB.6.3.2.e – Low-level requirements conform to standards.)Set "rt" prefix for identifiers on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter RTPrefix to error.
The diagnostic that detects simulation range checking is set to none or warning. This diagnostic detects when signals exceed their specified ranges during simulation. Simulink compares the signal values that a block outputs with the specified range and the block data type. (See DO-331, Section MB.6.3.1.g – Algorithms are accurate, DO-331, Section MB.6.3.2.g – Algorithms are accurate, and MISRA C:2012, Dir 4.1.)Set Simulation range checking on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter SignalRangeChecking to error.

Capabilities and Limitations

  • Does not run on library models

  • Does not allow exclusions of blocks or charts

  • Does not require model compilation

Version History

Introduced in R2018a