High Integrity System Modeling Checks

Split Checks for High Integrity Systems Modeling

From R2018b and later, the following checks are not recommended for use. These checks are split into multiple checks that focus on a single action or operation. For more information, see the Split and New Checks table below.

Old Check TitleSplit Check Titles
Check usage of Math Operations blocksCheck usage of Abs blocks
Check usage of Math Function blocks (rem and reciprocal functions)
Check usage of Math Function blocks (log and log10 functions)
Check usage of Assignment blocks
Check usage of Logic and Bit Operations blocksCheck for Relational Operator blocks that equate floating-point types
Check usage of Relational Operator blocks
Check usage of Logical Operator blocks
Check usage of Ports and Subsystems blocksCheck usage of While Iterator blocks
Check sample time-dependent blocks
Check usage of For Iterator blocks
Check usage of If blocks and If Action Subsystem blocks
Check usage Switch Case blocks and Switch Case Action Subsystem blocks
Check safety-related code generation settingsCheck safety-related code generation settings for comments
Check safety-related code generation interface settings
Check safety-related code generation settings for code style
Check safety-related code generation symbols settings
Check usage of Stateflow constructsCheck usage of Stateflow constructs
Check Stateflow charts for ordering of states and transitions
Check Stateflow debugging options
Check Stateflow charts for uniquely defined data objects
Check safety-related optimization settingsCheck safety-related optimization settings for logic signals
Check safety-related block reduction optimization settings
Check safety-related optimization settings for application lifespan
Check safety-related optimization settings for data initialization
Check safety-related optimization settings for data type conversions
Check safety-related optimization settings for division arithmetic exceptions

Check for inconsistent vector indexing methods

Check ID: mathworks.hism.hisl_0021

Identify blocks with inconsistent indexing method.

Description

Using inconsistent block indexing methods can result in modeling errors. You should use a consistent vector indexing method for all blocks. The indexing methods are zero-based, one-based or user-specified.

Blocks that support configurable indexing:

  • Index Vector

  • Multiport Switch

  • Assignment

  • Selector

  • For Iterator

Blocks that support only one-based indexing:

  • Fcn

  • MATLAB Function

  • MATLAB System

  • State Transition Table

  • Test Sequence

  • Truth Table block

  • Stateflow chart with MATLAB action language

  • Truth Table function with MATLAB action language

Blocks that supports only zero-based indexing:

  • Stateflow chart with C action language

  • Truth Table function with C action language

Available with Simulink® Check™.

This check requires a Stateflow® license.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains blocks with inconsistent indexing methods. The indexing methods are zero-based, one-based or user-specified.Modify the model to use a single consistent indexing method.

Capabilities and Limitations

  • Runs on library models.

  • Does not analyze content of library linked blocks.

  • Analyzes content in masked subsystems that have no workspaces and no dialogs.

  • Allows exclusions of blocks and charts.

See Also

Check for root Inports with missing properties

Check ID: mathworks.hism.hisl_0024

Identify root model Inport blocks with missing or inherited sample times, data types or port dimensions.

Description

Using root model Inport blocks that do not have defined sample time, data types or port dimensions can lead to undesired simulation results. Simulink back-propagates dimensions, sample times, and data types from downstream blocks unless you explicitly assign these values. You can specify Inport block properties with block parameters or Simulink signal objects that explicitly resolve to the connected signal lines. When you run the check, a results table provides links to Inport blocks and signal objects that do not pass, along with conditions triggering the warning.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

Missing port dimension — Model contains Inport blocks with inherited port dimensions.

For the listed Inport blocks and Simulink signal objects, specify port dimensions.

Missing signal data type — Model contains Inport blocks with inherited data types.

For the listed Inport blocks and Simulink signal objects, specify data types.

Missing port sample time — Model contains Inport blocks with inherited sample times.

For the listed Inport blocks and Simulink signal objects, specify sample times. The sample times for root Inports with bus type must match the sample times specified at the leaf elements of the bus object.

Implicit resolution to a Simulink signal object — Model contains Inport block signal names that implicitly resolve to a Simulink signal object in the base workspace, model workspace, or Simulink data dictionary.

For the listed Simulink signal objects, in the property dialog, select signal property Signal name must resolve to Simulink signal object. To set this option programmatically, use the port parameter MustResolveToSignalObject.

Capabilities and Limitations

  • Does not run on library models.

  • Allows exclusions of blocks and charts.

Tips

The following configurations pass this check:

  • Configuration Parameters > Solver > Periodic sample time constraint is set to Ensure sample time independent

  • For export-function models, inherited sample time is not flagged.

See Also

Check for root Inports with missing range definitions

Check ID: mathworks.hism.hisl_0025

Identify root level Inport blocks with missing or erroneous minimum or maximum range values.

Description

The check identifies root level Inport blocks with missing or erroneous minimum or maximum range values. You can specify Inport block minimum and maximum values with block parameters or Simulink signal objects that explicitly resolve to the connected signal lines. A results table provides links to Inport blocks and signal objects that do not pass the check, along with conditions triggering the warning.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

Missing range — Model contains Inport blocks with numeric data types that have missing range parameters (minimum and/or maximum).

For the listed Inport blocks and Simulink signal objects, specify scalar minimum and maximum parameters.

Missing range(s) for bus object — Bus objects defining the Inport blocks have leaf elements with missing ranges.

For the listed leaf elements, to specify the model interface range, provide scalar minimum and maximum parameters .

Range specified will be ignored — Minimum or maximum values at Inports or Simulink signal objects are not supported for bus data types. The values are ignored during range checking.

To enable range checking, specify minimum and maximum signal values on the leaf elements of the bus objects defining the data type.

No data type specified — Model contains Inport blocks or Simulink signal objects with inherited data types.

Specify one of the supported data types:

Implicit resolution to a Simulink signal object — Model contains Inport block signal names that implicitly resolve to a Simulink signal object in the base workspace, model workspace, or Simulink data dictionary.

For the listed Simulink signal objects, in the property dialog, select signal property Signal name must resolve to Simulink signal object. To set this option programmatically, use the port parameter MustResolveToSignalObject.

Capabilities and Limitations

  • Does not run on library models.

  • Allows exclusions of blocks and charts.

See Also

Check for root Outports with missing range definitions

Check ID: mathworks.hism.hisl_0026

Identify root level Outport blocks with missing or erroneous minimum or maximum range values.

Description

The check identifies root level Outport blocks with missing or erroneous minimum or maximum range values. You can specify Outport block minimum and maximum values with block parameters or Simulink signal objects that explicitly resolve to the connected signal lines. A results table provides links to Outport blocks that do not pass the check, along with conditions triggering the warning.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

Missing range — Model contains Outport blocks with numeric data types that have missing range parameters (minimum and/or maximum).

For the listed Outport blocks and Simulink signal objects, specify scalar minimum and maximum parameters.

Missing range(s) for bus object — Bus objects defining the Outport blocks have leaf elements with missing ranges.

For the listed leaf elements, to specify the model interface range, provide scalar minimum and maximum parameters.

Range specified at Outport will be ignored — Minimum or maximum values at Outports or Simulink signal objects are not supported for bus data types. The values are ignored during range checking.

To enable range checking, specify minimum and maximum signal values on the leaf elements of the bus objects defining the data type.

No bus data type specified — Model contains Outport block or Simulink signal objects with inherited bus data types.

For the Outport blocks and Simulink signal objects, specify one of the supported data types:

Implicit resolution to a Simulink signal object — Model contains Outport block signal names that implicitly resolve to a Simulink signal object in the base workspace, model workspace, or Simulink data dictionary.

For the listed Simulink signal objects, in the property dialog, select signal property Signal name must resolve to Simulink signal object. To set this option programmatically, use the port parameter MustResolveToSignalObject.

Capabilities and Limitations

  • Does not run on library models.

  • Allows exclusions of blocks and charts.

See Also

Check safety-related diagnostic settings for data store memory

Check ID: mathworks.hism.hisl_0013

Check model configuration for diagnostic settings that apply to data store memory and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to data store memory are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects whether the model attempts to read data from a data store in which it has not stored data in the current time step is set to a value other than Enable all as errors. Reading data before it is written can result in use of stale data or data that is not initialized.Set Detect read before write (Simulink) in the Configuration Parameters dialog box or set the parameter ReadBeforeWriteMsg to Enable all as errors.
The diagnostic that detects whether the model attempts to store data in a data store, after previously reading data from it in the current time step, is set to a value other than Enable all as errors. Writing data after it is read can result in use of stale or incorrect data. Set Detect write after read (Simulink) in the Configuration Parameters dialog box or set the parameter WriteAfterReadMsg to Enable all as errors.
The diagnostic that detects whether the model attempts to store data in a data store twice in succession in the current time step is set to a value other than Enable all as errors. Writing data twice in one time step can result in unpredictable data. Set Detect write after write (Simulink) in the Configuration Parameters dialog box or set the parameter WriteAfterWriteMsg to Enable all as errors.
The diagnostic that detects when one task reads data from a Data Store Memory block to which another task writes data is set to none or warning. Reading or writing data in different tasks in multitask mode can result in corrupted or unpredictable data. Set Multitask data store (Simulink) in the Configuration Parameters dialog box or set the parameter MultiTaskDSMMsg to error.
The diagnostic detects that the parameter Duplicate data store names is not set to error.Set Duplicate data store names in the Configuration Parameters dialog box or set the parameter UniqueDataStoreMsg to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to data store memory and that can impact safety.

Capabilities and Limitations

  • This check does not check the data store reads and writes that occur across model and atomic subsystem boundaries.

  • This check does not check the usage of data stores to write and read data at different rates.

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for data used for debugging

Check ID: mathworks.hism.hisl_0305

Check model configuration for diagnostic settings that apply to data used for debugging and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to debugging are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that enables model verification blocks is set to Use local settings or Enable all. Such blocks should be disabled because they are assertion blocks, which are for verification only. Model developers should not use assertions in embedded code. In the Configuration Parameters dialog box, set Model Verification block enabling (Simulink) or set parameter AssertControl to Disable All.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to data used for debugging and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for parameters

Check ID: mathworks.hism.hisl_0302

Check model configuration for diagnostic settings that apply to parameters and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to parameters are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects when a parameter downcast occurs is set to none or warning. A downcast to a lower signal range can result in numeric overflows of parameters, resulting in unexpected behavior. Set Detect downcast (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter ParameterDowncastMsg to error.
The diagnostic that detects when a parameter underflow occurs is set to none or warning. When the data type of a parameter does not have enough resolution, the parameter value is zero instead of the specified value. This can lead to incorrect operation of generated code. Set Detect underflow (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter ParameterUnderflowMsg to error.
The diagnostic that detects when a parameter overflow occurs is set to none or warning. Numeric overflows can result in unexpected application behavior and should be detected and fixed in safety-related applications. Set Detect overflow (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter ParameterOverflowMsg to error.
The diagnostic that detects when a parameter loses precision is set to none or warning. Not detecting such errors can result in a parameter being set to an incorrect value in the generated code. Set Detect precision loss (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter ParameterPrecisionLossMsg to error.
The diagnostic that detects when an expression with tunable variables is reduced to its numerical equivalent is set to none or warning. This can result in a tunable parameter unexpectedly not being tunable in generated code.Set Detect loss of tunability (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter ParameterTunabilityLossMsg to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to parameters and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related solver settings for solver options

Check ID: mathworks.hism.hisl_0041

Check solver settings in the model configuration that apply to solvers and might impact safety.

Description

This check verifies that the model solver configuration parameters pertaining to solvers are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

The solver setting to specify the type of solver to simulate model is set to Variable-step.

In the Configuration Parameters dialog box, set Type (Simulink) or set the parameter SolverType to Fixed-step.

The solver setting to specify the solver to compute the states of the model during simulation or code generation is set to a value other than Discrete(no continuous states).

In the Configuration Parameters dialog box, set Solver (Simulink) to discrete(no continuous states) or set the parameter Solver to FixedStepDiscrete.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to solvers and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

  • Analyzes content in masked subsystems that have no workspace and no dialog boxes.

See Also

Check safety-related solver settings for tasking and sample-time

Check ID: mathworks.hism.hisl_0042

Check solver settings in the model configuration that apply to periodic sample time constraints and might impact safety.

Description

This check verifies that model configuration parameters are set optimally to ensure that the model operates at a specific set of prioritized periodic sample times for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
Configuration parameter Automatically handle rate transition for data transfer is selected.Clear Automatically handle rate transition for data transfer in the Configuration Parameters dialog box or set parameter AutoInsertRateTranBlk to off.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check usage of shift operations for Stateflow data

Check ID: mathworks.hism.hisf_0064

Identify usage of shift operations for Stateflow data that might impact safety.

Description

This check inspects the shift operations that have shift operand values greater than the bit-width of the input or output type or a shift operand that has a negative value.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action

Right-shift operations are greater than the bit-width of the input type.

Explicitly modify the value of the bit-shift operations to be less than the shift operand.

Left-shift operations are greater than the bit-width of the output type.

Explicitly modify the value of the bit-shift operations to be less than the shift operand.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Does not support the shift operation that has the shift size defined as a Simulink signal or a variable.

  • Does not support the shift operations that consist of shift size decided at run time.

See Also

Check usage of Signal Routing blocks

Check ID: mathworks.hism.hisl_0034

Identify usage of Signal Routing blocks that might impact safety.

Description

This check identifies model or subsystem Switch blocks that might generate code with inequality operations (~=) in expressions that contain a floating-point variable or constant.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains a Switch block that might generate code with inequality operations (~=) in expressions where at least one side of the expression contains a floating-point variable or constant. The Switch block might cause floating-point inequality comparisons in the generated code.

For the identified block, do one of the following:

  • For the control input block, change the Data type parameter setting.

  • Change the Switch block Criteria for passing first input parameter setting. This might change the algorithm.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check state machine type of Stateflow charts

Check ID: mathworks.hism.hisf_0001

Identify Stateflow Charts whose State Machine Type differs from the type set in the Model Advisor Configuration Editor.

Description

Compares the state machine type of all Stateflow charts to the type that you specify in the input parameters.

Available with Simulink Check.

This check requires a Stateflow license.

Input Parameters

Classic

Check whether all charts are Classic charts.

Mealy

Check whether all charts are Mealy charts.

Moore

Check whether all charts are Moore charts.

Results and Recommended Actions

ConditionRecommended Action
The input parameter is set to Classic and charts in the model use other state machine types.For each chart, in the Chart Properties dialog box, specify State Machine Type to Classic.
The input parameter is set to Moore and charts in the model use other state machine types.For each chart, in the Chart Properties dialog box, specify State Machine Type to Mealy.
The input parameter is set to Moore and charts in the model use other state machine types.For each chart, in the Chart Properties dialog box, specify State Machine Type to Moore.
The input parameter is set to Mealy and charts in the model use other state machine types.For each chart, in the Chart Properties dialog box, specify State Machine Type to Mealy.

Capabilities and Limitations

  • Runs on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check Stateflow charts for ordering of states and transitions

Check ID: mathworks.hism.hisf_0002

Identify Stateflow charts that have User specified state/transition execution order cleared.

Description

Identify Stateflow charts that have User specified state/transition execution order cleared, and therefore do not use explicit ordering of parallel states and transitions.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
Stateflow charts have User specified state/transition execution order cleared.

For the specified charts, in the Chart Properties dialog box, select User specified state/transition execution order.

To display the transition testing order, select Display > Chart > Transition Execution Order.

Capabilities and Limitations

  • Runs on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

Action Results

Clicking Modify selects User specified state/transition execution order for the specified charts.

See Also

Check Stateflow charts for strong data typing

Check ID: mathworks.hism.hisf_0015

Identify variables and parameters in expressions with different data types in Stateflow objects.

Description

To facilitate strong data typing, this check identifies the variables and parameters in expressions with different data types in Stateflow states and transitions.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
The Stateflow objects have variables and parameters in expressions with different data types.

Explicitly cast variables and parameters in expressions to the same data types. For more information see, cast.

Capabilities and Limitations

  • Does not run on library models.

  • Allows exclusions of blocks and charts.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Does not analyze the type of literals in expressions in Stateflow objects. Explicitly casts types of literals to the intended data type.

  • Does not flag expressions with true and false keywords. For more information, see Reserved Keywords for Code Generation (Embedded Coder).

See Also

Check Stateflow charts for unary operators

Check ID: mathworks.hism.hisf_0211

Identify unary operators in Stateflow charts.

Description

This check identifies the unary minus operators on unsigned data types in Stateflow charts.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
The Stateflow chart consists of a unary minus operator on unsigned data types.Explicitly modify the unary operator on unsigned data types. For more information, see Unary Operations and Actions (Stateflow).

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Does not flag expressions with bitwise and arithmetic operators. For example, -(u1/u2) is not flagged.

See Also

Check Stateflow charts for uniquely defined data objects

Check ID: mathworks.hism.hisl_0061

Identify Stateflow charts that include data objects that are not uniquely defined.

Description

This check searches your model for local data in Stateflow charts that is not uniquely defined.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
The Stateflow chart contains a data object identifier defined in two or more scopes.

For the identified chart, do one of the following:

  • Create a unique data object identifier within each of the scopes.

  • Create a unique data object identifier within the chart, at the parent level.

Capabilities and Limitations

  • Runs on library models.

  • Does not analyze content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Does not allow exclusions of blocks or charts.

See Also

Check Stateflow debugging options

Check ID: mathworks.hism.hisf_0011

Check the Stateflow debugging settings.

Description

Verify the following debugging settings.

  • Wrap on overflow

  • Simulation range checking

  • Detect Cycles

  • Underspecified

  • Overspecified

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action

Any of the following:

  • Wrap on overflow is not set to error.

  • Simulation range checking is not set to error.

  • Detect Cycles is cleared.

In the Configuration Parameters dialog box, set:

In the model window, select:

  • Simulation > Debug > MATLAB & Stateflow Error Checking Options > Detect Cycles.

Capabilities and Limitations

  • Truth tables are not analyzed in this check.

  • Does not run on library models.

  • Does not analyze content of library linked blocks.

  • Allows exclusions of blocks and charts.

Action Results

Clicking Modify selects the specified debugging options.

See Also

Check usage of lookup table blocks

Check ID: mathworks.hism.hisl_0033

Check for lookup table blocks that do not generate out-of-range checking code.

Description

This check verifies that the following blocks generate code to protect against inputs that fall outside the range of valid breakpoint values:

This check also verifies that Interpolation Using Prelookup blocks generate code to protect against inputs that fall outside the range of valid index values.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

The lookup table block does not generate out-of-range checking code.

Change the setting on the block dialog box so that out-of-range checking code is generated.

  • For the 1-D Lookup Table, 2-D Lookup Table, n-D Lookup Table, and Prelookup blocks, clear the check box for Remove protection against out-of-range input in generated code.

  • For the Interpolation Using Prelookup block, clear the check box for Remove protection against out-of-range index in generated code.

Capabilities and Limitations

  • Runs on library models.

  • Does not analyze content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Allows exclusions of blocks and charts.

Action Results

Clicking Modify verifies that lookup table blocks are set to generate out-of-range checking code.

See Also

Check for variant blocks with 'Generate preprocessor conditionals' active

Check ID: mathworks.hism.hisl_0023

Check variant block parameters for settings that might result in code that does not trace to requirements.

Description

This check verifies that variant block parameters for code generation are set to trace to requirements.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The option to generate preprocessor conditionals is selected in one or more variant blocks in the model.In order to simplify the tracing of code to requirements, consider clearing the option to generate preprocessor conditionals in variant blocks.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks.

  • Analyzes content in masked subsystems.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for signal connectivity

Check ID: mathworks.hism.hisl_0306

Check model configuration for diagnostic settings that apply to signal connectivity and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to signal connectivity are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects virtual signals that have a common source signal but different labels is set to none or warning. This diagnostic pertains to virtual signals only and has no effect on generated code. However, signal label mismatches can lead to confusion during model reviews.Set Signal label mismatch (Simulink) on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box or set the parameter SignalLabelMismatchMsg to error.
The diagnostic that detects when the model contains a block with an unconnected input signal is set to none or warning. This must be detected because code is not generated for unconnected block inputs. Set Unconnected block input ports (Simulink) on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box or set the parameter UnconnectedInputMsg to error.
The diagnostic that detects when the model contains a block with an unconnected output signal is set to none or warning. This must be detected because dead code can result from unconnected block output signals. Set Unconnected block output ports (Simulink) on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box or set the parameter UnconnectedOutputMsg to error.
The diagnostic that detects unconnected signal lines and unmatched Goto or From blocks is set to none or warning. This error must be detected because code is not generated for unconnected lines. Set Unconnected line (Simulink) on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box or set the parameter UnconnectedLineMsg to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to signal connectivity and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for bus connectivity

Check ID: mathworks.hism.hisl_0307

Check model configuration for diagnostic settings that apply to bus connectivity and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to bus connectivity are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects whether a Model block's root Outport block is connected to a bus but does not specify a bus object is set to none or warning. For a bus signal to cross a model boundary, the signal must be defined as a bus object for compatibility with higher level models that use a model as a reference model. Set Unspecified bus object at root Outport block (Simulink) on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box or set the parameter RootOutportRequireBusObject to error.
The diagnostic that detects whether the name of a bus element matches the name specified by the corresponding bus object is set to none or warning. This diagnostic prevents the use of incompatible buses in a bus-capable block such that the output names are inconsistent. Set Element name mismatch (Simulink) on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box or set the parameter BusObjectLabelMismatch to error.
The diagnostic that detects when some blocks treat a signal as a mux/vector, while other blocks treat the signal as a bus, is set to none or warning. When the Simulink software automatically converts a muxed signal to a bus, it is possible for an unintended operation or unpredictable behavior to occur.

Set Bus signal treated as vector (Simulink) on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box to error, or the parameter StrictBusMsg to ErrorOnBusTreatedAsVector.

The diagnostic detects that the parameter Non-bus signals treated as bus signals is not set to error.

Set Non-bus signals treated as bus signals on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box, or the parameter NonBusSignalsTreatedAsBus to error.

The diagnostic detects that the parameter Repair bus selections is not set to warn and repair.

Set Repair bus selections on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box, or the parameter BusNameAdapt to warn and repair.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to bus connectivity and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings that apply to function-call connectivity

Check ID: mathworks.hism.hisl_0308

Check model configuration for diagnostic settings that apply to function-call connectivity and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to function-call connectivity are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects incorrect use of a function-call subsystem is set to none or warning. If this condition is undetected, incorrect code might be generated. Set Invalid function-call connection (Simulink) on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box or set the parameter InvalidFcnCallConnMsg to error.
The diagnostic that specifies whether the Simulink software has to compute inputs of a function-call subsystem directly or indirectly while executing the subsystem is set to Use local settings or Disable all. This diagnostic detects unpredictable data coupling between a function-call subsystem and the inputs of the subsystem in the generated code.Set Context-dependent inputs (Simulink) on the Diagnostics > Connectivity pane in the Configuration Parameters dialog box or set the parameter FcnCallInpInsideContextMsg to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to function-call connectivity and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for compatibility

Check ID: mathworks.hism.hisl_0301

Check model configuration for diagnostic settings that affect compatibility and that might impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to compatibility are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects when a block has not been upgraded to use features of the current release is set to none or warning. An S-function written for an earlier version might not be compatible with the current version and generated code could operate incorrectly.Set S-function upgrades needed (Simulink) on the Diagnostics > Compatibility pane in the Configuration Parameters dialog box or set the parameter SFcnCompatibilityMsg to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that affect compatibility and that might impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for model initialization

Check ID: mathworks.hism.hisl_0304

In the model configuration, check diagnostic settings that affect model initialization and might impact safety.

Description

This check verifies that model diagnostic configuration parameters for initialization are optimally set to generate code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

In the Configuration Parameters dialog box, the Underspecified initialization detection (Simulink) diagnostic is set to Classic, ensuring compatibility with previous releases of Simulink. The Check undefined subsystem initial output (Simulink) diagnostic is cleared. This diagnostic specifies whether Simulink displays a warning if the model contains a conditionally executed subsystem, in which a block with a specified initial condition drives an Outport block with an undefined initial condition. A conditionally executed subsystem could have an output that is not initialized. If undetected, this condition can produce behavior that is nondeterministic.

Do one of the following:

In the Configuration Parameters dialog box, the Underspecified initialization detection (Simulink) diagnostic is set to Classic, ensuring compatibility with previous releases of Simulink. This diagnostic detects potential initial output differences from earlier releases. A conditionally executed subsystem could have an output that is not initialized. If undetected, this condition can produce behavior that is nondeterministic.

Do one of the following:

In the Configuration Parameters dialog box, the Underspecified initialization detection (Simulink) diagnostic is set to Classic, ensuring compatibility with previous releases of Simulink. The Check runtime output of execution context (Simulink) diagnostic is cleared. This diagnostic detects potential output differences from earlier releases. A conditionally executed subsystem could have an output that is not initialized and feeds into a block with a tunable parameter. If undetected, this condition can cause the behavior of the downstream block to be nondeterministic.

Do one of the following:

Action Results

To configure the diagnostic settings that affect model initialization and might impact safety, click Modify Settings.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for saving

Check ID: mathworks.hism.hisl_0036

Check model configuration for diagnostic settings that apply to saving model files

Description

This check verifies that model configuration parameters are set optimally for saving a model for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects whether a model contains disabled library links before the model is saved is set to none or warning. If this condition is undetected, incorrect code might be generated.Set Block diagram contains disabled library links (Simulink) in the Configuration Parameters dialog box or set parameter SaveWithDisabledLinkMsg to error.
The diagnostic that detects whether a model contains library links that are using parameters not in a mask before the model is saved is set to none or warning. If this condition is undetected, incorrect code might be generated.Set Block diagram contains parameterized library links (Simulink) in the Configuration Parameters dialog box or set parameter SaveWithParameterizedLinkMsg to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to saving a model file.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check MATLAB Code Analyzer messages

Check ID: mathworks.hism.himl_0004

Check MATLAB® Functions for %#codegen directive, MATLAB Code Analyzer messages, and justification message IDs.

Description

Verifies %#codegen directive, MATLAB Code Analyzer messages, and justification message IDs for:

  • MATLAB code in MATLAB Function blocks

  • MATLAB functions defined in Stateflow charts

  • Called MATLAB functions

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action

For MATLAB code in MATLAB Function blocks, either of the following:

  • Code lines are not justified with a %#ok comment.

  • Codes lines justified with %#ok do not specify a message id.

  • Implement MATLAB Code Analyzer recommendations.

  • Justify not following MATLAB Code Analyzer recommendations with a %#ok comment.

  • Specify justified code lines with a message id. For example, %#ok<NOPRT>.

For MATLAB functions defined in Stateflow charts, either of the following:

  • Code lines are not justified with a %#ok comment.

  • Codes lines justified with %#ok do not specify a message id.

  • Implement MATLAB Code Analyzer recommendations.

  • Justify not following MATLAB Code Analyzer recommendations with a %#ok comment.

  • Specify justified code lines with a message id. For example, %#ok<NOPRT>.

For called MATLAB functions:

  • Code does not have the %#codegen directive.

  • Code lines are not justified with a %#ok comment.

  • Codes lines justified with %#ok do not specify a message id.

  • Insert %#codegen directive in the MATLAB code.

  • Implement MATLAB Code Analyzer recommendations.

  • Justify not following MATLAB Code Analyzer recommendations with a %#ok comment.

  • Specify justified code lines with a message id. For example, %#ok<NOPRT>.

Capabilities and Limitations

  • This check only analyzes the functions that are directly referenced by the Simulink model.

  • Runs on library models.

  • Does not analyze content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for Merge blocks

Check ID: mathworks.hism.hisl_0303

Check model configuration for diagnostic settings that apply to Merge blocks

Description

This check verifies that model configuration parameters are set optimally for Merge blocks for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects whether a model contains Merge blocks with more than one driving block executing at the same time step is set to none or warning. In the Configuration Parameters dialog box, the Underspecified initialization detection (Simulink) diagnostic is set to Classic.

In the Configuration Parameters dialog box, set Detect multiple driving blocks executing at the same time step (Simulink) or set the parameter MergeDetectMultiDrivingBlocksExec to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to solvers and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for Stateflow

Check ID: mathworks.hism.hisl_0311

Check safety-related diagnostic settings for Stateflow

Description

This check verifies that model configuration parameters are set optimally for Stateflow for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects whether a chart configuration leads to unwanted backtracking during simulation is set to none or warning.

In the Configuration Parameters dialog box, set Unexpected backtracking (Simulink) or set the parameter SFUnexpectedBacktrackingDiag to error.

The diagnostic that detects whether a chart configuration has blocks that connect to chart input ports do not initialize their outputs during initialization is set to none or warning.

In the Configuration Parameters dialog box, set Invalid input data access in chart initialization (Simulink) or set the parameter SFInvalidInputDataAccessInChartInitDiag to error.

The diagnostic that detects whether a chart has an unconditional default transition to a state or a junction is set to none or warning.

In the Configuration Parameters dialog box, set No unconditional default transitions (Simulink) or set the parameter SFNoUnconditionalDefaultTransitionDiag to error.

The diagnostic that detects whether a chart contains a transition that loops outside of the parent state or junction is set to none or warning.

In the Configuration Parameters dialog box, set Transition outside natural parent (Simulink) or set the parameter SFTransitionOutsideNaturalParentDiag to error.

The diagnostic that detects whether a chart is constructed on a valid execution path is set to none or warning.

In the Configuration Parameters dialog box, set Unreachable execution path (Simulink) or set the parameter SFUnreachableExecutionPathDiag to error.

The diagnostic detects that the parameter Undirected event broadcasts is not set to none or warning.Set Undirected event broadcasts in the Configuration Parameters dialog box or set the parameter SFUndirectedBroadcastEventsDiag to error.
The diagnostic detects that the parameter Transition action specified before condition action is not set to none or warning.Set Transition action specified before condition action in the Configuration Parameters dialog box or set the parameter SFTransitionActionBeforeConditionDiag to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to solvers and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check for Strong Data Typing with Simulink I/O

Check ID: mathworks.hism.hisf_0009

Identify usage of Stateflow constructs that might impact safety.

Description

This check identifies instances of Stateflow software being used in a way that can impact an application's safety by using strong data typing.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action

A Stateflow chart is not configured for strong data typing on boundaries between a Simulink model and the Stateflow chart.

In the Chart properties dialog box, select Use Strong Data Typing with Simulink I/O for the Stateflow chart. When you select this check box, the Stateflow chart accepts input signals of any data type that Simulink models support, provided that the type of the input signal matches the type of the corresponding Stateflow input data object.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts. Exclusions will not work for library linked charts.

See Also

Check for MATLAB Function interfaces with inherited properties

Check ID: mathworks.hism.himl_0002

Identify MATLAB Functions that have inputs, outputs or parameters with inherited complexity or data type properties.

Description

The check identifies MATLAB Functions with inherited complexity or data type properties. A results table provides links to MATLAB Functions that do not pass the check, along with conditions triggering the warning.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
MATLAB Functions have inherited interfaces.

Explicitly define complexity and data type properties for inports, outports, and parameters of MATLAB Functions identified in the results.

If applicable, using the MATLAB Function Block Editor (Simulink), make the following modifications in the Ports and Data Manager (Simulink):

  • Change Complexity from Inherited to On or Off.

  • Change Type from Inherit: Same as Simulink to an explicit type.

Capabilities and Limitations

  • This check only analyzes the functions that are directly referenced by the Simulink model.

  • Runs on library models.

  • Does not analyze content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check usage of Abs blocks

Check ID: mathworks.hism.hisl_0001

Identify usage of Math Operation blocks that might impact safety.

Description

This check inspects the usage of the Abs block.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

The model or subsystem contains an Absolute Value block that is operating on one of the following:

  • A boolean or an unsigned input data type. This condition results in unreachable simulation pathways through the model and might result in unreachable code

  • A signed integer value with the Saturate on integer overflow check box not selected. For signed data types, the absolute value of the most negative value is problematic because it is not representable by the data type. This condition results in an overflow in the generated code.

If the identified Absolute Value block is operating on a boolean or unsigned data type, do one of the following:

  • Change the input of the Absolute Value block to a signed input type.

  • Remove the Absolute Value block from the model.

If the identified Absolute Value block is operating on a signed data type, in the Block Parameters > Signal Attributes dialog box, select Saturate on integer overflow.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check usage of Math Function blocks (rem and reciprocal functions)

Check ID: mathworks.hism.hisl_0002

Identify usage of Math Operation blocks that might impact safety.

Description

This check inspects the usage of the Math Function blocks that have remainder after division and reciprocals.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains Math Function - Remainder after division(rem) blocks that might result in non-finite output signals. Non-finite signals are not supported in real-time embedded systems.

When using the Math Function block with a rem function, protect the second input to the block from being equal to zero. Otherwise the output can produce a Inf or -Inf and result in a run-time error in the generated code.

The model or subsystem contains Math Function - Reciprocal (reciprocal) blocks that might result in non-finite output signals. Non-finite signals are not supported in real-time embedded systems.

When using the Math Function block with a reciprocal function, protect the input to the block from being equal to zero. Otherwise the output can produce a Inf or -Inf and result in a run-time error in the generated code.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check usage of Math Function blocks (log and log10 functions)

Check ID: mathworks.hism.hisl_0004

Identify usage of Math Operation blocks that might impact safety.

Description

This check inspects the usage of the Math Function blocks that have Natural logarithm and Common (base 10) logarithms.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains Math Function - Natural logarithm (log) blocks that might result in non-finite output signals. Non-finite signals are not supported in real-time embedded systems.

When using the Math Function block with a log function, protect the input to the block from being less than or equal to zero. Otherwise, the output can produce a NaN or -Inf and result in a run-time error in the generated code.

The model or subsystem contains Math Function - Common (base 10)(base 10 logarithm) blocks that might result in non-finite output signals. Non-finite signals are not supported in real-time embedded systems.

When using the Math Function block with a log10 function, protect the input to the block from being less than or equal to zero. Otherwise, the output can produce a NaN or -Inf and result in a run-time error in the generated code.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check usage of Assignment blocks

Check ID: mathworks.hism.hisl_0029

Identify usage of Math Operation blocks that might impact safety.

Description

This check inspects the usage of the Assignment blocks.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem might contain Assignment blocks with incomplete array initialization (not in the iterator subsystem) that do not have block parameter Action if any output element is not assigned set to Error or Warning.

Set block parameter Action if any output element is not assigned to one of the recommended values:

  • Error

  • Warning

The model or subsystem might contain Assignment blocks in the iterator subsystem and the parameterAction if any output element is not assigned is not set to Error.Set block parameter Action if any output element is not assigned to Error.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check safety-related optimization settings for data type conversions

Check ID: mathworks.hism.hisl_0053

Check model configuration for optimization settings that can impact safety.

Description

This check verifies that model optimization configuration parameters are set optimally for generating code for a safety-related application. Although highly optimized code is desirable for most real-time systems, some optimizations can have undesirable side effects that impact safety.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The optimization that suppresses generation of code resulting from floating-point to integer conversions that wrap out-of-range values is cleared. You must avoid overflows for safety-related code. When this optimization is off and your model includes blocks that disable the Saturate on overflow parameter, the code generator wraps out-of-range values for those blocks. This can result in unreachable and, therefore, untestable code. If you have a Simulink Coder™ license, select Configuration Parameter Remove code from floating-point to integer conversions that wraps out-of-range values (Simulink Coder) or set the parameter EfficientFloat2IntCast to on.

Action Results

Clicking Modify Settings configures model optimization settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related optimization settings for data initialization

Check ID: mathworks.hism.hisl_0052

Check model configuration for optimization settings that can impact safety.

Description

This check verifies that model optimization configuration parameters are set optimally for generating code for a safety-related application. Although highly optimized code is desirable for most real-time systems, some optimizations can have undesirable side effects that impact safety.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The optimization that suppresses the generation of initialization code for root-level inports and outports that are set to zero is selected. For safety-related code, you should explicitly initialize all variables.If you have an Embedded Coder® license and are using an ERT-based system target file, clear Configuration Parameter Remove root level I/O zero initialization (Simulink Coder) or set the parameter ZeroExternalMemoryAtStartup to on. Alternatively, integrate external, handwritten code that initializes all I/O variables to zero explicitly.
The optimization that suppresses the generation of initialization code for internal work structures, such as block states and block outputs that are set to zero, is selected. For safety-related code, you should explicitly initialize every variable.If you have an Embedded Coder license and are using an ERT-based system target file, clear Configuration Parameter Remove internal data zero initialization (Simulink Coder) or set the parameter ZeroInternalMemoryAtStartup to on. Alternatively, integrate external, handwritten code that initializes every state variable to zero explicitly.

Action Results

Clicking Modify Settings configures model optimization settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related optimization settings for application lifespan

Check ID: mathworks.hism.hisl_0048

Check model configuration for optimization settings that can impact safety.

Description

This check verifies that model optimization configuration parameters are set optimally for generating code for a safety-related application. Although highly optimized code is desirable for most real-time systems, some optimizations can have undesirable side effects that impact safety.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model includes blocks that depend on elapsed or absolute time and is configured to minimize the amount of memory allocated for the timers. Such a configuration limits the number of days the application can execute before a timer overflow occurs. Many aerospace products are powered on continuously and timers should not assume a limited lifespan. Set Configuration Parameter Application lifespan (days) (Simulink) or set the parameter LifeSpan to inf.

Action Results

Clicking Modify Settings configures model optimization settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related block reduction optimization settings

Check ID: mathworks.hism.hisl_0046

Check model configuration for optimization settings that can impact safety.

Description

This check verifies that model optimization configuration parameters are set optimally for generating code for a safety-related application. Although highly optimized code is desirable for most real-time systems, some optimizations can have undesirable side effects that impact safety.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
Block reduction optimization is selected. This optimization can remove blocks from generated code, resulting in requirements without associated code and violations for traceability requirements. Clear Configuration Parameter Block reduction (Simulink) or set parameter BlockReduction to off.

Action Results

Clicking Modify Settings configures model optimization settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related optimization settings for logic signals

Check ID: mathworks.hism.hisl_0045

Check model configuration for optimization settings that can impact safety.

Description

This check verifies that model optimization configuration parameters are set optimally for generating code for a safety-related application. Although highly optimized code is desirable for most real-time systems, some optimizations can have undesirable side effects that impact safety.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
Implementation of logic signals as Boolean data is cleared. Strong data typing is recommended for safety-related code. Select Configuration Parameter Implement logic signals as boolean data (vs. double) (Simulink) or set the parameter BooleanDataType to on.

Action Results

Clicking Modify Settings configures model optimization settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related optimization settings for division arithmetic exceptions

Check ID: mathworks.hism.hisl_0054

Check model configuration for optimization settings that can impact safety.

Description

This check verifies that model optimization configuration parameters are set optimally for generating code for a safety-related application. Although highly optimized code is desirable for most real-time systems, some optimizations can have undesirable side effects that impact safety.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The optimization that suppresses generation of code that guards against division by zero for fixed-point data is selected. You must avoid division-by-zero exceptions in safety-related code.If you have an Embedded Coder license and are using an ERT-based system target file, clear Configuration Parameter Remove code that protects against division arithmetic exceptions (Simulink Coder) or set the parameter NoFixptDivByZeroProtection to off.

Action Results

Clicking Modify Settings configures model optimization settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check usage of Logical Operator blocks

Check ID: mathworks.hism.hisl_0018

Identify usage of Logical Operator blocks that might impact safety.

Description

This check inspects the usage of Logical Operator blocks.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains a Logical Operator block that has inputs or outputs that are not Boolean inputs or outputs. The block might result in floating-point equality or inequality comparisons in the generated code.
  • Modify the Logical Operator block so that all inputs and outputs are Boolean. On the Block Parameters > Signal Attributes pane, consider selecting Require all inputs to have the same data type and setting Output data type to boolean.

  • In the Configuration Parameters dialog box, consider selecting the Implement logic signals as boolean data (vs. double).

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check for Relational Operator blocks that equate floating-point types

Check ID: mathworks.hism.hisl_0016

Description

This check inspects the usage of:

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains a block computing a relational operator that uses the == or ~= operator to compare floating-point signals. The use of these operators on floating-point signals is unreliable and unpredictable because of floating-point precision issues. These operators can lead to unpredictable results in the generated code.

For the identified block, do one of the following:

  • Change the signal data type.

  • Rework the model to eliminate using == or ~= operators on floating-point signals.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check usage of Relational Operator blocks

Check ID: mathworks.hism.hisl_0017

Description

This check inspects the usage of blocks that compute relational operators, including Relational Operator, Compare To Constant, Compare To Zeroand, Detect Change blocks.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains a block computing a relational operator that is operating on different data types. The condition can lead to unpredictable results in the generated code. For the identified blocks, use common data types as inputs. You can use Data Type Conversion blocks to change input data types.
The model or subsystem contains a block computing a relational operator that does not have Boolean output. The condition can lead to unpredictable results in the generated code. For the specified blocks, on the Block Parameters > Signal Attributes pane, set the Output data type to boolean.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check usage of Switch Case blocks and Switch Case Action Subsystem blocks

Check ID: mathworks.hism.hisl_0011

Description

This check inspects the usage of Switch Case blocks

The check flags Switch Case blocks that do not use integer data types or enumeration values for inputs. To comply with hisl_0011: Usage of Switch Case blocks and Action Subsystem blocks (Simulink) – C, use an integer data type or an enumeration value for the inputs to Switch Case blocks.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains an Switch Case block without a default case.In the Switch Case block Block Parameters dialog box, select Show default case. Connect the resulting default output port to a Switch Case Action Subsystem block.
The model or subsystem contains a Switch Case block with an output port that does not connect to a Switch Case Action Subsystem block.Verify that output ports of the Switch Case blocks connect to Switch Case Action Subsystem blocks.
The model or subsystem contains an Switch Case block with non-integer or non-enum input port data types.Make sure that input data type of the Switch Case blocks is integer or enum.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check usage of If blocks and If Action Subsystem blocks

Check ID: mathworks.hism.hisl_0010

Description

This check inspects the usage of If blocks.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains an If block using Elseif expressions without an Else condition.In the If block Block Parameters dialog box, select Show else condition. Connect the resulting Else output port to an If Action Subsystem block.
The model or subsystem contains an If block with output ports that do not connect to If Action Subsystem blocks.Verify that output ports of the If block connect to If Action Subsystem blocks.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check usage of For Iterator blocks

Check ID: mathworks.hism.hisl_0008

Description

This check inspects the usage of For Iterator blocks.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains a For Iterator block that has variable iterations. This condition can lead to unpredictable execution times or infinite loops in the generated code.

For the identified For Iterator blocks, do one of the following:

  • Set the Iteration limit source parameter to internal.

  • If the Iteration limit source parameter must be external, use a Constant, Probe, or Width block as the source.

  • Clear the Set next i (iteration variable) externally check box.

  • Consider selecting the Show iteration variable check box and observe the iteration value during simulation.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check usage of For and While Iterator subsystems

Check ID: mathworks.hism.hisl_0007

Description

This check inspects the usage of time-dependent blocks in a For Iterator or While Iterator subsystem.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

The model or subsystem contains one of the following time-dependent blocks in a For Iterator or While Iterator subsystem:

  • Discrete State-Space

  • Discrete-Time Integrator

  • Discrete FIR Filter

  • Discrete Filter

  • Discrete Transfer Fcn

  • Discrete Zero-Pole

  • Transfer Fcn First Order

  • Transfer Fnc Real Zero

  • Transfer Fcn Lead or Lag

  • Discrete Transfer Function with Initial Outputs

  • Discrete Transfer Function with Initial States

  • Discrete Zero-Pole with Initial Outputs

  • Discrete Zero-Pole with Initial States

  • Discrete Derivative

In the model or subsystem, consider removing the time-dependent blocks.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check usage of While Iterator blocks

Check ID: mathworks.hism.hisl_0006

Description

This check inspects the usage of While Iterator blocks.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains a While Iterator block that has unlimited iterations. This condition can lead to infinite loops in the generated code. mo

For the identified While Iterator blocks:

  • Set the Maximum number of iterations (-1 for unlimited) parameter to a positive integer value.

  • Consider selecting the Show iteration number port check box and observe the iteration value during simulation.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check safety-related code generation settings for comments

Check ID: mathworks.hism.hisl_0038

Check model configuration for code generation settings that can impact safety.

Description

This check verifies that model configuration parameters for code generation are set optimally for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The option to include comments in the generated code is cleared. Comments provide good traceability between the code and the model.Select Include comments (Simulink Coder) on the Code Generation > Comments pane in the Configuration Parameters dialog box or set the parameter GenerateComments to on.
The option to include comments that describe the code for blocks is cleared. Comments provide good traceability between the code and the model. Select Simulink block comments (Simulink Coder) on the Code Generation > Comments pane in the Configuration Parameters dialog box or set the parameter SimulinkBlockComments to on.
The option to include comments that describe the code for blocks eliminated from a model is cleared. Comments provide good traceability between the code and the model. Select Show eliminated blocks (Simulink Coder) on the Code Generation > Comments pane in the Configuration Parameters dialog box or set the parameter ShowEliminatedStatement to on.
The option to include the names of parameter variables and source blocks as comments in the model parameter structure declaration in model_prm.h is cleared. Comments provide good traceability between the code and the model. Select Verbose comments for 'Model default' storage class (Simulink Coder) on the Code Generation > Comments pane in the Configuration Parameters dialog box or set the parameter ForceParamTrailComments to on.
The option to include requirement descriptions assigned to Simulink blocks as comments is cleared. Comments provide good traceability between the code and the model. Select Requirements in block comments (Simulink Coder) on the Code Generation > Custom comments pane in the Configuration Parameters dialog box or set the parameter ReqsInCode to on.

Action Results

Clicking Modify Settings configures model code generation settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related code generation interface settings

Check ID: mathworks.hism.hisl_0039

Check model configuration for code generation settings that can impact safety.

Description

This check verifies that model configuration parameters for code generation are set optimally for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The option to generate nonfinite data and operations is selected. Support for nonfinite numbers is inappropriate for real-time embedded systems. Clear Support: non-finite numbers (Simulink Coder) on the Code Generation > Interface pane in the Configuration Parameters dialog box or set the parameter SupportNonFinite to off.
The option to generate and maintain integer counters for absolute and elapsed time is selected. Support for absolute time is inappropriate for real-time safety-related systems. Clear Support: absolute time (Simulink Coder) on the Code Generation > Interface pane in the Configuration Parameters dialog box or set the parameter SupportAbsoluteTime to off.
The option to generate code for blocks that use continuous time is selected. Support for continuous time is inappropriate for real-time safety-related systems. Clear Support: continuous time (Simulink Coder) on the Code Generation > Interface pane in the Configuration Parameters dialog box or set the parameter SupportContinuousTime to off.
The option to generate code for noninlined S-functions is selected. This option requires support of nonfinite numbers, which is inappropriate for real-time safety-related systems.Clear Support: non-inlined S-functions (Simulink Coder) in the Configuration Parameters dialog box or set the parameter SupportNonInlinedSFcns to off.
The option to generate model function calls compatible with the main program module of the pre-R2012a GRT target is selected. This option is inappropriate for real-time safety-related systems.Clear Classic call call interface (Simulink Coder) on the Code Generation > Interfacepane in the Configuration Parameters dialog box or set the parameter GRTInterface to off.
The option to generate the model_update function is cleared. Having a single call to the output and update functions simplifies the interface to the real-time operating system (RTOS) and simplifies verification of the generated code.Select Single output/update function (Simulink Coder) on the Code Generation > Interfacepane in the Configuration Parameters dialog box or set the parameter CombineOutputUpdateFcns to on.
The option to generate the model_terminate function is selected. This function deallocates dynamic memory, which is unsuitable for real-time safety-related systems. Clear Terminate function (Simulink Coder) on the Code Generation pane in the Configuration Parameters dialog box or set the parameter IncludeMdlTerminateFcn to off.
The option to log or monitor error status is cleared. If you do not select this option, the Simulink Coder product generates extra code that might not be reachable for testing. Select Remove error status field in real-time model data structure (Simulink Coder) on the Code Generation > Interface pane in the Configuration Parameters dialog box or set the parameter SuppressErrorStatus to on.
MAT-file logging is selected. This option adds extra code for logging test points to a MAT-file, which is not supported by embedded targets. Use this option only in test harnesses. Clear MAT-file logging (Simulink Coder) in the Configuration Parameters dialog box or set the parameter MatFileLogging to off.

Action Results

Clicking Modify Settings configures model code generation settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related code generation settings for code style

Check ID: mathworks.hism.hisl_0047

Check model configuration for code generation settings that can impact safety.

Description

This check verifies that model configuration parameters for code generation are set optimally for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The option that specifies the style for parenthesis usage is set to Minimum (Rely on C/C++ operators precedence) or to Nominal (Optimize for readability). For safety-related applications, explicitly specify precedence with parentheses. Set parameter ParenthesesLevel to Maximum (Specify precedence with parentheses).
The option that specifies whether to preserve operand order is cleared. This option increases the traceability of the generated code.Set parameter PreserveExpressionOrder to on.
The option that specifies whether to preserve empty primary condition expressions in if statements is cleared. This option increases the traceability of the generated code.Set parameter PreserveIfCondition to on.

Action Results

Clicking Modify Settings configures model code generation settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related code generation symbols settings

Check ID: mathworks.hism.hisl_0049

Check model configuration for code generation settings that can impact safety.

Description

This check verifies that model configuration parameters for code generation are set optimally for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The minimum number of characters specified for generating name mangling strings is less than four. You can use this option to minimize the likelihood that parameter and signal names will change during code generation when the model changes. Use of this option assists with minimizing code differences between file versions, decreasing the effort to perform code reviews. Set Minimum mangle length (Simulink Coder) on the Code Generation > Symbols pane in the Configuration Parameters dialog box or the parameter MangleLength to a value of 4 or greater.

Action Results

Clicking Modify Settings configures model code generation settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for model referencing

Check ID: mathworks.hism.hisl_0310

Check model configuration for diagnostic settings that apply to model referencing and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to model referencing are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects a mismatch between the version of the model that creates or refreshes a Model block and the current version of the referenced model is set to error or warning. The detection occurs during load and update operations. When you get the latest version of the referenced model from the software configuration management system, rather than an older version that was used in a previous simulation, if this diagnostic is set to error, the simulation is aborted. If the diagnostic is set to warning, a warning message is issued. To resolve the issue, the user must resave the model being simulated, which may not be the desired action. Set Model block version mismatch (Simulink) on the Diagnostics > Model Referencing pane in the Configuration Parameters dialog box or set the parameter ModelReferenceVersionMismatchMessage to none.
The diagnostic that detects port and parameter mismatches during model loading and updating is set to none or warning. If undetected, such mismatches can lead to incorrect simulation results because the parent and referenced models have different interfaces.Set Port and parameter mismatch (Simulink) on the Diagnostics > Model Referencing pane in the Configuration Parameters dialog box or set the parameter ModelReferenceIOMismatchMessage to error.
The diagnostic that detects invalid internal connections to the current model's root-level Inport and Outport blocks is set to none or warning. When this condition is detected, the Simulink software might automatically insert hidden blocks into the model to fix the condition. The hidden blocks can result in generated code without traceable requirements. Setting the diagnostic to error forces model developers to fix the referenced models manually. Set Invalid root Inport/Outport block connection (Simulink) on the Diagnostics > Model Referencing pane in the Configuration Parameters dialog box or set the parameter ModelReferenceIOMessage to error.
The diagnostic that detects whether To Workspace or Scope blocks are logging data in a referenced model is set to none or warning. Data logging is not supported for To Workspace and Scope blocks in referenced models. Set Unsupported data logging (Simulink) on the Diagnostics > Model Referencing pane in the Configuration Parameters dialog box or set the parameter ModelReferenceDataLoggingMessage to error.
To log data, remove the blocks and log the referenced model signals. For more information, see Logging Referenced Model Signals (Simulink).

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to model referencing and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related diagnostic settings for sample time

Check ID: mathworks.hism.hisl_0044

Check model configuration for diagnostic settings that apply to sample time and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to sample times are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic for detecting when a source block, such as a Sine Wave block, inherits a sample time (specified as -1) is set to none or warning. The use of inherited sample times for a source block can result in unpredictable execution rates for the source block and blocks connected to it. For safety-related applications, source blocks should have explicit sample times to prevent incorrect execution sequencing. Set Source block specifies -1 sample time (Simulink) on the Diagnostics > Sample Time pane in the Configuration Parameters dialog box or set the parameter InheritedTslnSrcMsg to error.
The diagnostic for detecting invalid rate transitions between two blocks operating in multitasking mode is set to none or warning. Such rate transitions should not be used for embedded real-time code. Set Multitask rate transition (Simulink) on the Diagnostics > Sample Time pane in the Configuration Parameters dialog box or set the parameter MultiTaskRateTransMsg to error.
The diagnostic for detecting subsystems that can cause data corruption or nondeterministic behavior is set to none or warning. This diagnostic detects whether conditionally executed multirate subsystems (enabled, triggered, or function-call subsystems) operate in multitasking mode. Such subsystems can corrupt data and behave unpredictably in real-time environments that allow preemption. Set Multitask conditionally executed subsystem (Simulink) on the Diagnostics > Sample Time pane in the Configuration Parameters dialog box or set the parameter MultiTaskCondExecSysMsg to error.
The diagnostic for checking sample time consistency between a Signal Specification block and the connected destination block is set to none or warning. An over-specified sample time can result in an unpredictable execution rate. Set Enforce sample times specified by Signal Specification blocks (Simulink) on the Diagnostics > Sample Time pane in the Configuration Parameters dialog box or set the parameter SigSpecEnsureSampleTimeMsg to error.
The diagnostic detects that the parameter Single task rate transition is not set to error.Set Single task rate transition in the Configuration Parameters dialog box or set the parameter SingleTaskRateTransMsg to error.
The diagnostic detects that the parameter Tasks with equal priority is not set to error.Set Tasks with equal priority in the Configuration Parameters dialog box or set the parameter TasksWithSamePriorityMsg to error.
The diagnostic for detecting whether a model contains an S-function that has not been specified explicitly to inherit sample time is set to none or warning. These settings can result in unpredictable behavior. A model developer needs to know when such an S-function exists in a model so it can be modified to produce predictable behavior. Set Unspecified inheritability of sample time (Simulink) in the Configuration Parameters dialog box or set parameter UnknownTsInhSupMsg to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to sample time and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check MATLAB Function metrics

Check ID: mathworks.hism.himl_0003

Display complexity and code metrics for MATLAB Functions. Report metric violations.

Description

This check provides complexity and code metrics for MATLAB Functions. The check additionally reports metric violations. A results table provides links to MATLAB Functions that violate the complexity input parameters.

Available with Simulink Check.

This check requires a Stateflow license.

Input Parameters

Maximum effective lines of code per function

Provide the maximum effective lines of code per function. Effective lines do not include empty lines, comment lines, or lines with a function end keyword.

Minimum density of comments

Provide minimum density of comments. Density is ratio of comment lines to total lines of code.

Maximum cyclomatic complexity per function

Provide maximum cyclomatic complexity per function. Cyclomatic complexity is the number of linearly independent paths through the source code.

Results and Recommended Actions

ConditionRecommended Action
MATLAB Function violates the complexity input parameters.

For the MATLAB Function:

  • If effective lines of code is too high, further divide the MATLAB Function.

  • If comment density is too low, add comment lines.

  • If cyclomatic complexity per function is too high, further divide the MATLAB Function.

Capabilities and Limitations

  • This check only analyzes the functions that are directly referenced by the Simulink model.

  • Runs on library models.

  • Does not analyze content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check safety-related diagnostic settings for type conversions

Check ID: mathworks.hism.hisl_0309

Check model configuration for diagnostic settings that apply to type conversions and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to type conversions are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that detects Data Type Conversion blocks when the type conversion is set to none. The Simulink software might remove unnecessary Data Type Conversion blocks from generated code, which might result in requirements without corresponding code. The removal of these blocks needs to be identified so model developers can explicitly remove the unnecessary blocks . Set the Unnecessary type conversions (Simulink) Configuration Parameter orUnnecessaryDatatypeConvMsg parameter to warning.
The diagnostic that detects vector-to-matrix or matrix-to-vector conversions at block inputs is set to none or warning. When the Simulink software automatically converts between vector and matrix dimensions, unintended operations or unpredictable behavior can occur.Set the Vector/matrix block input conversion (Simulink) Configuration Parameter or VectorMatrixConversionMsg parameter to error
The diagnostic that detects when a 32-bit integer value is converted to a floating-point value is set to none. This type of conversion can result in a loss of precision due to truncation of the least significant bits for large integer values. Set the 32-bit integer to single precision float conversion (Simulink) Configuration Parameter or Int32ToFloatConvMsg parameter to warning.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to type conversions and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related solver settings for simulation time

Check ID: mathworks.hism.hisl_0040

Check solver settings in the model configuration that apply to simulation time and might impact safety.

Description

This check verifies that the model solver configuration parameters pertaining to simulation time are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

The solver setting to specify the start time for the simulation or generated code is set to a value other than 0.0.

In the Configuration Parameters dialog box, set Start time (Simulink) or set the parameter StartTime to 0.0.

The solver setting to specify the stop time for the simulation or generated code is set to a negative value or a positive value greater than the value of Application lifespan (days) (Simulink). By default, Application lifespan (days) (Simulink) is auto. If you do not change this setting, any positive value for Stop time (Simulink) is valid.

In the Configuration Parameters dialog box, set Stop time (Simulink) or set the parameter StopTime to a positive value that is less than the value of Application lifespan (days) (Simulink).

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to solvers and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

  • Analyzes content in masked subsystems that have no workspace and no dialog boxes.

See Also

Check safety-related diagnostic settings for solvers

Check ID: mathworks.hism.hisl_0043

Check model configuration for diagnostic settings that apply to solvers and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to solvers are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic for detecting automatic breakage of algebraic loops is set to none or warning. The breaking of algebraic loops can affect the predictability of the order of block execution. For safety-related applications, a model developer needs to know when such breaks occur.Set Algebraic loop (Simulink) on the Diagnostics > Solver pane in the Configuration Parameters dialog box or set the parameter AlgebraicLoopMsg to error. Consider breaking such loops explicitly with Unit Delay blocks so that the execution order is predictable. At a minimum, verify that the results of loops breaking automatically are acceptable.
The diagnostic for detecting automatic breakage of algebraic loops for Model blocks, atomic subsystems, and enabled subsystems is set to none or warning. The breaking of algebraic loops can affect the predictability of the order of block execution. For safety-related applications, a model developer needs to know when such breaks occur.Set Minimize algebraic loop (Simulink) on the Diagnostics > Solver pane in the Configuration Parameters dialog box or set the parameter ArtificialAlgebraicLoopMsg to error. Consider breaking such loops explicitly with Unit Delay blocks so that the execution order is predictable. At a minimum, verify that the results of loops breaking automatically are acceptable.
The diagnostic for detecting potential conflict in block execution order is set to none or warning. For safety-related applications, block execution order must be predictable. A model developer needs to know when conflicting block priorities exist. Set Block priority violation (Simulink) on the Diagnostics > Solver pane in the Configuration Parameters dialog box or set the parameter BlockPriorityViolationMsg to error.
The diagnostic for detecting whether the Simulink software automatically modifies the solver, step size, or simulation stop time is set to none or warning. Such changes can affect the operation of generated code. For safety-related applications, it is better to detect such changes so a model developer can explicitly set the parameters to known values. Set Automatic solver parameter selection (Simulink) on the Diagnostics > Solver pane in the Configuration Parameters dialog box or set the parameter SolverPrmCheckMsg to error.
The diagnostic for detecting when a name is used for more than one state in the model is set to none. State names within a model should be unique. For safety-related applications, it is better to detect name clashes so a model developer can fix them. Set State name clash (Simulink) on the Diagnostics > Solver pane in the Configuration Parameters dialog box or set the parameter StateNameClashWarn to warning.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to solvers and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check safety-related model referencing settings

Check ID: mathworks.hism.hisl_0037

Check model configuration for model referencing settings that can impact safety.

Description

This check verifies that model configuration parameters for model referencing are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The referenced model is configured such that its target is rebuilt whenever you update, simulate, or generate code for the model, or if the Simulink software detects changes in known dependencies. These configuration settings can result in unnecessary regeneration of the code, resulting in changing only the date of the file and slowing down the build process when using model references. Set Rebuild (Simulink) on the Model Referencing pane in the Configuration Parameters dialog box or set the parameter UpdateModelReferenceTargets to Never or If any changes detected.
The diagnostic that detects whether a target needs to be rebuilt is set to None or Warn if targets require rebuild. For safety-related applications, an error should alert model developers that the parent and referenced models are inconsistent. This diagnostic parameter is available only if Rebuild is set to Never.Set the configuration parameter Never rebuild diagnostics (Simulink) on the Model Referencing pane in the Configuration Parameters dialog box or set the parameter CheckModelReferenceTargetMessage to error.
The ability to pass scalar root input by value is off. This capability should be off because scalar values can change during a time step and result in unpredictable data. This parameter is only available when the config parameter Total number of instances allowed per top model is set to One or Multiple (ModelReferenceNumInstancesAllowed is single or multi).Set Pass fixed-size scalar root inputs by value for code generation (Simulink) on the Model Referencing pane in the Configuration Parameters dialog box or set the parameter ModelReferencePassRootInputsByReference to off.
The model is configured to minimize algebraic loop occurrences. This configuration is incompatible with the recommended setting of Single output/update function for embedded systems code. In the Configuration Parameters dialog box, set Minimize algebraic loop occurrences (Simulink) or set parameter ModelReferenceMinAlgLoopOccurrences to off.

Action Results

Clicking Modify Settings configures model referencing settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check Stateflow charts for transition paths that cross parallel state boundaries

Check ID: mathworks.hism.hisf_0013

Identify transition paths that cross parallel state boundaries in Stateflow charts.

Description

Identify transition paths that cross parallel state boundaries in Stateflow charts. This check identifies transition paths that cross parallel state boundaries in Stateflow charts.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
The Stateflow charts have transition paths that cross parallel state boundaries.Modify the Stateflow charts so that transitions do not cross parallel state boundaries. For more information see, Design Considerations for Defining Transitions Between States (Stateflow).

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

  • Analyzes content in all masked subsystems.

See Also

Check assignment operations in Stateflow Charts

Check ID: mathworks.hism.hisf_0065

Identify assignment operations in Stateflow objects.

Description

This check identifies the assignment operations in Stateflow objects that implicitly cast integer and fixed-point arithmetic calculations to wider data types than the input data types.

This check identifies only the assignments with arithmetic operations.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
The Stateflow object consists of assignment operations that cast integer and fixed-point calculations to wider data types than the input data types.Explicitly replace assignment operator (=) to := operator in Stateflow objects.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check usage of bit operation blocks

Check ID: mathworks.hism.hisl_0019

Identify bit operation blocks with signed data types as inputs

Description

This check identifies the use of the Bitwise Operations for the input and output data types. The check also looks at other bit operations blocks as following:

  • Bit Clear

  • Bit Set

  • Bitwise operator

  • Extract Bits

  • Shift Arithmentic

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
Bitwise Operations are not used with signed data types.Use signed data type for Bitwise operations.

Capabilities and Limitations

  • Allows exclusions of blocks and charts.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

See Also

Check data types for blocks with index signals

Check ID: mathworks.hism.hisl_0022

Description

This check Identifies the blocks with index signals that have data types other than integers or enum and are within the range of indexed values.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
One or more Simulink blocks in the model have index signals that have data types other than integer or enum.Change the data type of block index signals to an integer or enum data type that covers the range of indexed values.
One or more MATLAB Function blocks have index variables with inappropriate data types.Change the data type of index variables to an integer or enum data type that covers the range of indexed values.
One or more Stateflow charts in the model have index variables that have data types other than integer or enum.Change the data type of index signals of the blocks to an integer or enum data type that covers the range of indexed values.

Capabilities and Limitations

  • This check does not support dialog set indices.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to graphical.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • Allows exclusions of blocks and charts.

See Also

Check model file name

Check ID: mathworks.hism.hisl_0031

Description

This check inspects the model file name to ensure that the name complies with the recommended guidelines.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The file name contains illegal characters. Rename the file. Allowed characters are a–z, A–Z, 0–9, and underscore (_).
The file name starts with a number.Make sure that the file name does not start with a number.
The file name starts with an underscore ("_"). Make sure that the file name does not start with a underscore ("_").
The file name ends with an underscore ("_"). Make sure that the file name does not end with a underscore ("_").
The file extension contains one or more underscores. Change the file extension.
The file name has consecutive underscores. Rename the file to eliminate trailing underscore`.
The file name contains more than one dot ("."). Make sure that the file name does not have more than one dot (".").
the file name is a C/C++ or MATLAB keyword or built in functionRename the file.

Capabilities and Limitations

  • Runs on library models.

See Also

Check if/elseif/else patterns in MATLAB Function blocks

Check ID: mathworks.hism.himl_0006

Description

This check identifies the if/elseif/else patterns without appropriate else conditions in embedded MATLAB code.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
Inappropriate if/elseif/else patterns are present in the embedded MATLAB code.For every if/elseif/else pattern, add an else statement that includes at least one meaningful comment.

Capabilities and Limitations

  • This check only analyzes the functions that are directly referenced by the Simulink model.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

See Also

Check switch statements in MATLAB Function blocks

Check ID: mathworks.hism.himl_0007

Description

This check identifies the switch/case/otherwise statements without appropriate conditions in embedded MATLAB code.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
Switch statement does not have any otherwise condition.Make sure that the switch statement has an otherwise condition.
Otherwise statement is left blank with no comments.Make sure that the otherwise statement has at least one meaningful comment.
Switch statement has only one case statement.Make sure that the switch statement has at least two case statements.

Capabilities and Limitations

  • This check excludes a single case statement with a cell array of two or more elements.

  • This check only analyzes the functions that are directly referenced by the Simulink model.

  • Runs on library models.

  • You can configure the check to run on referenced MATLAB files using the input parameter Check .m files referenced in the model in the Configuration Editor. By default this parameter is selected.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • Allows exclusions of blocks and charts.

See Also

Check global variables in graphical functions

Check ID: mathworks.hism.hisl_0062

Description

This check Identifies the expressions that read and write to the same global data in a Stateflow.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
One or more expressions operate on graphical functions and global variables used within graphical functions.Remodel the expressions so that the functions and the global variables are not used in the same expression.

Capabilities and Limitations

  • Runs on library models.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • Allows exclusions of blocks and charts.

See Also

Check for length of user-defined object names

Check ID: mathworks.hism.hisl_0063

Description

This check inspects the length of the names of these user-defined objects against the Maximum Identifier length parameter in configuration setttings:

  • Subsystems with function name options set to User-specified.

  • Data objects described in the guideline.

  • Signal and parameter objects.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
Length of the function name in a subsystem greater than the set threshold.Change the function name in the Subsystem blocks to have a length less than the set threshold.
Data object names have a length greater than threshold.Change the function name in the Subsystem blocks to have a length less than the set threshold.

Capabilities and Limitations

  • This check do not flag the signals that do not resolve to objects.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

See Also

Check usage of Merge blocks

Check ID: mathworks.hism.hisl_0015

Description

This check identifies the Merge blocks that are not directly connected to a conditionally executed subsystem and have the Allow unequal port widths parameter set to on.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
Merge block is not connected directly to a conditionally executed subsystem.Remodel so that the Merge blocks are connected directly to conditionally executed subsystems.
The Merge block parameter Allow unequal port widths is set to on.Set the Merge block parameter Allow unequal port widths to off
Multiple subsystem executes during a time step in conditionally executed subsystems.Specify execution of the conditionally executed subsystems such that only one subsystem executes during a time step.
The Outport block parameter Output when disabled is not set to held for any conditionally executed subsystems in the model.Set the Outport block parameter Output when disabled to held for each conditionally executed subsystem being merged.

Capabilities and Limitations

  • Does not run on library models.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

See Also

Check usage of conditionally executed subsystems

Check ID: mathworks.hism.hisl_0012

Description

This check identifies the blocks with incorrect sample times in conditionally executed subsystems and asynchronously executed sample time dependent blocks.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

Sample time for the blocks is not set to -1 in a conditionally executed subsystem:

  • If Action

  • Switch Case Action

  • Function-Call

  • Triggered

  • Enabled

Change the sample time for the blocks to be -1.

The model contains asynchronously executed sample time dependent blocks:

  • Discrete State-Space

  • Discrete-Time Integrator

  • Discrete FIR Filter

  • Discrete Filter

  • Discrete Transfer Fcn

  • Discrete Zero-Pole

  • Transfer Fcn First Order

  • Transfer Fnc Real Zero

  • Transfer Fcn Lead or Lag

  • Discrete Transfer Function with Initial Outputs

  • Discrete Transfer Function with Initial States

  • Discrete Zero-Pole with Initial Outputs

  • Discrete Zero-Pole with Initial States

  • Discrete Derivative

Remodel to remove the sample time dependent blocks.

Capabilities and Limitations

  • The asynchronously executed sample-time dependent blocks are flagged only if Triggered and Function-call blocks are present.

  • Does not run on library models.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

See Also

Check usage of standardized MATLAB function headers

Check ID: mathworks.hism.himl_0001

Description

This check inspects all MATLAB functions in the model, local functions, and referenced MATLAB files for standardized function headers and checks for these details:

  • Function name

  • Function description

  • Description of input variables

  • Description of output variables

Following is an example of how to define function headers:

%<Function Name> - Description of the function

%<Input variable 1> - Description of input variable 1

%<Input variable 2> - Description of input variable 2

%<Output variable 1> - Description of output variable 1

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
MATLAB functions use nonstandard function headers.

Consider adding a function header to the functions according to these guidelines:

  • Must be a valid MATLAB comment.

  • Must immediately follow the function signature.

  • Must have a "Function Description" section.

  • Must have an "Inputs Description" section.

  • Must have an "Outputs Description" section.

Capabilities and Limitations

  • This check only analyzes the functions that are directly referenced by the Simulink model.

  • You can configure the check to run on referenced MATLAB files using the input parameter Check .m files referenced in the model in the Configuration Editor. By default this parameter is selected.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • Allows exclusions of blocks and charts.

See Also

Check usage of relational operators in MATLAB Function blocks

Check ID: mathworks.hism.himl_0008

Description

This check inspects all MATLAB functions in the model, local functions, and referenced MATLAB files for the relational operator statements which operate on operands of different data types.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
Relational operators in the function blocks operating on operands of different data types.Type-cast the operands to be of the same data type.

Capabilities and Limitations

  • This check only analyzes the functions that are directly referenced by the Simulink model.

  • Does not run on library models.

  • You can configure the check to run on referenced MATLAB files using the input parameter Check .m files referenced in the model in the Configuration Editor. By default this parameter is selected.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • Allows exclusions of blocks and charts.

See Also

Check usage of equality operators in MATLAB Function blocks

Check ID: mathworks.hism.himl_0009

Description

This check inspects the use of equality operators with floating-point operands in MATLAB Function blocks.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
One or more MATLAB functions have equality operators with floating-point operands.Consider comparing ranges instead of direct comparison.

Capabilities and Limitations

  • This check only analyzes the functions that are directly referenced by the Simulink model.

  • Does not run on library models.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • You can configure the check to run on referenced MATLAB files using the input parameter Check .m files referenced in the model in the Configuration Editor. By default this parameter is selected.

  • Allows exclusions of blocks and charts.

See Also

Check usage of logical operators and functions in MATLAB Function blocks

Check ID: mathworks.hism.himl_0010

Description

This check identifies the logical operators and functions operating on operands with numeric data types in MATLAB Function blocks.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
Logical operators or functions used on operands with numeric data types.Type-cast the operands to be of a logical data type.

Capabilities and Limitations

  • This check only analyzes the functions that are directly referenced by the Simulink model.

  • Does not run on library models.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • You can configure the check to run on referenced MATLAB files using the input parameter Check .m files referenced in the model in the Configuration Editor. By default this parameter is selected.

  • Allows exclusions of blocks and charts.

See Also

Check naming of ports in Stateflow charts

Check ID: mathworks.hism.hisf_0016

Description

This check identifies the mismatches between names of Stateflow ports and associated signals. The reusable Stateflow blocks can have different port names.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
Names of the input and output ports of Stateflow charts are not the same as the names of the signals connected.Make sure that the names of the input and output ports of Stateflow charts are same as the names of the signals connected.

Capabilities and Limitations

  • This check does not analyze port names of Stateflow Truth Tables or Stateflow State Transition Tables.

  • This check considers reusable Stateflow charts as library linked charts and are not flagged.

  • This check does not flag signals without names.

  • Does not analyze content of library-linked blocks.

  • Does not analyze content in masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check scoping of Stateflow data objects

Check ID: mathworks.hism.hisf_0017

Description

This check identifies the Stateflow data objects with local scope that are not scoped at the chart level or below.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
One or more Stateflow data objects with local scope are not defined at the chart level or below.Make sure to define all the Stateflow data objects with local scope at the chart level or below.

Capabilities and Limitations

  • Does not analyze content of library linked blocks.

  • Does not analyze content in masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check usage of Gain blocks

Check ID: mathworks.hism.hisl_0066

Description

This check identifies the Gain blocks with value that resolves to 1, an identity matrix, or a matrix of ones.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
One or more Gain blocks in the model resolve to 1 or an identity matrix.Remodel the Gain blocks so that the gain value does not resolve to 1, an identity matrix, or a matrix of ones.

Capabilities and Limitations

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • Allows exclusions of blocks and charts.

See Also

Check data type of loop control variables

Check ID: mathworks.hism.hisl_0102

Description

This check identifies loop control variables using non-integer data types on the following:

  • For iterator blocks.

  • For loops in MATLAB function blocks.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
One or more For Iterator blocks are using non-integer data type for loop control counter variable.Set the data type of loop control counter variable to an integer data type.
One or more For loops are using non-integer data type for loop control counter variable in MATLAB Function blocks.Set the data type of loop control counter variable to an integer data type.

Capabilities and Limitations

  • This check does not look at loop control variables inside Stateflow charts.

  • Does not run on library models.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Allows exclusions of blocks and charts.

See Also

Check for inappropriate use of transition paths

Check ID: mathworks.hism.hisf_0014

Description

This check inspects the use of junctions inside states and identifies the junctions that lie on a path that goes in and out of a state.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
One or more transition paths in the model traverses through a state without ending on a substate. Remodel the junctions to avoid transition paths that go into and out of a state without ending on a substate.

Capabilities and Limitations

  • Runs on library models.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content of library-linked blocks. By default, the input parameter Follow links is set to on.

  • Allows exclusions of charts. You cannot exclude a Stateflow element directly.

See Also

Check usage of bitwise operations in Stateflow charts

Check ID: mathworks.hism.hisf_0003

Description

Identifies the usage of signed integer operands to bitwise operators in Stateflow charts with C action language.

Available with Simulink Check.

This check requires a Stateflow license.

Results and Recommended Actions

ConditionRecommended Action
One or more Stateflow objects in the model use signed integer operands with bitwise operators.Make sure to not use signed integer operands with bitwise operators.

Capabilities and Limitations

  • The following MATLAB bit wise operations are not flagged with this check

    • swapbytes

    • bitset

    • bitget

    • bitcmp

  • Does not run on library models.

  • Analyzes content of library linked blocks. By default, the input parameter Follow links is set to on.

  • Analyzes content in masked subsystems. By default, the input parameter Look under masks is set to all.

  • Analyzes content in all masked subsystems.

See Also

Check safety-related diagnostic settings for signal data

Check ID: mathworks.hism.hisl_0314

Check model configuration for diagnostic settings that apply to signal data and that can impact safety.

Description

This check verifies that model diagnostic configuration parameters pertaining to signal data are set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The diagnostic that specifies how the Simulink software resolves signals associated with Simulink.Signal objects is set to Explicit and implicit or Explicit and warn implicit. For safety-related applications, model developers should be required to define signal resolution explicitly. (See DO-331, Section MB.6.3.3.b – Software architecture is consistent.)

Set Signal resolution (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter SignalResolutionControl to Explicit only. This provides predictable operation by requiring users to define each signal and block setting that must resolve to Simulink.Signal objects in the workspace.

Alternatively, to disable the use of Simulink.Signal objects, set the configuration parameter to None.

The Product block diagnostic that detects a singular matrix while inverting one of its inputs in matrix multiplication mode is set to none or warning. Division by a singular matrix can result in numeric exceptions when executing generated code. This is not acceptable in safety-related systems. (See DO-331, Section MB.6.3.1.g – Algorithms are accurate, DO-331, Section MB.6.3.2.g – Algorithms are accurate, and MISRA C:2012, Dir 4.1.)Set Division by singular matrix (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter CheckMatrixSingularityMsg to error.
The diagnostic that detects when the Simulink software cannot infer the data type of a signal during data type propagation is set to none or warning. For safety-related applications, model developers must verify the data types of signals. (See DO-331, Section MB.6.3.1.e – High-level requirements conform to standards, and DO-331, Section MB.6.3.2.e – Low-level requirements conform to standards.)Set Underspecified data types (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter UnderSpecifiedDataTypeMsg to error.
The diagnostic that detects whether the value of a signal is too large to be represented by the signal data type is set to none or warning. Undetected numeric overflows can result in unexpected application behavior. (See DO-331, Section MB.6.3.1.g – Algorithms are accurate, DO-331, Section MB.6.3.2.g – Algorithms are accurate, and MISRA C:2012, Dir 4.1.)Set Wrap on overflow (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter IntegerOverflowMsg to error.
The diagnostic that detects whether the value of a signal is too large to be represented by the signal data type, resulting in a saturation, is set to none or warning. Undetected numeric overflows can result in unexpected application behavior. (See DO-331, Section MB.6.3.1.g – Algorithms are accurate, DO-331, Section MB.6.3.2.g – Algorithms are accurate, and MISRA C:2012, Dir 4.1.)Set Saturate on overflow (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter IntegerSaturationMsg to error.
The diagnostic that detects when the value of a block output signal is Inf or NaN at the current time step is set to none or warning. When this type of block output signal condition occurs, numeric exceptions can result, and numeric exceptions are not acceptable in safety-related applications. (See DO-331, Section MB.6.3.1.g – Algorithms are accurate, DO-331, Section MB.6.3.2.g – Algorithms are accurate, and MISRA C:2012, Dir 4.1.)Set Inf or NaN block output (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter SignalInfNanChecking to error.
The diagnostic that detects Simulink object names that begin with rt is set to none or warning. This diagnostic prevents name clashes with generated signal names that have an rt prefix. (See DO-331, Section MB.6.3.1.e – High-level requirements conform to standards, and DO-331, Section MB.6.3.2.e – Low-level requirements conform to standards.)Set "rt" prefix for identifiers (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter RTPrefix to error.
The diagnostic that detects simulation range checking is set to none or warning. This diagnostic detects when signals exceed their specified ranges during simulation. Simulink compares the signal values that a block outputs with the specified range and the block data type. (See DO-331, Section MB.6.3.1.g – Algorithms are accurate, DO-331, Section MB.6.3.2.g – Algorithms are accurate, and MISRA C:2012, Dir 4.1.)Set Simulation range checking (Simulink) on the Diagnostics > Data Validity pane in the Configuration Parameters dialog box or set the parameter SignalRangeChecking to error.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to signal data and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check for model elements that do not link to requirements

Check ID: mathworks.hism.hisl_0070

Check whether Simulink model elements link to a requirements document.

Description

This check verifies whether model objects link to a document containing engineering requirements for traceability.

Available with Simulink Check.

This check requires a Simulink Requirements™ license.

Results and Recommended Actions

ConditionRecommended Action
Blocks do not link to a requirements document.Link to requirements document.

Capabilities and Limitations

  • Runs on library models.

  • Analyzes the content of library linked blocks. By default, the input parameter Follow links is set to off.

  • Analyzes content in masked subsystems that have no workspaces and no dialogs. By default, the input parameter Look under masks is set to graphical.

  • Allows exclusions of blocks and charts.

  • Does not allow the exclusion of Stateflow elements.

Tip

Run this check from the top model or subsystem that you want to check.

See Also

  • hisl_0070: Placement of requirement links in a model

  • hisl_0070: Placement of requirement links in a model

  • Requirements Traceability in Simulink (Simulink)

  • Requirements Traceability and Consistency (Simulink Requirements)

  • Find Model Elements in Simulink Models (Simulink)

  • DO-331, Section MB.6.3.1.f - High-level requirements trace to system requirements

  • DO-331, Section MB.6.3.2.f - Low-level requirements trace to high-level requirements

  • IEC 61508-3, Table A.2 (12) - Computer-aided specification and design tools, Table A.2 (9) - Forward traceability between the software safety requirements specification and software architecture, Table A.2 (10) - Backward traceability between the software safety requirements specification and software architecture, Table A.4 (8) - Forward traceability between the software safety requirements specification and software design, Table A.8 (1) - Impact analysis

  • IEC 62304, 5.2 - Software requirements analysis, 7.4.2 - Analyze impact of software changes on existing risk control measures

  • ISO 26262-6, Table 8 (1a) - Documentation of the software unit design in natural language, ISO 26262-6: 7.4.2.a - The verifiability of the software architectural design, ISO 26262-8: 8.4.3 Change request analysis

  • EN 50128, Table A.3 (23) - Modeling supported by computer aided design and specification tools, Table D.58 - Traceability, Table A.10 (1) - Impact Analysis

Check safety-related optimization settings for Loop unrolling threshold

Check ID: mathworks.hism.hisl_0051

Check optimization settings in the model configuration that apply to Loop unrolling threshold and might impact safety.

Description

This check verifies that the model optimization configuration parameters pertaining to the minimum signal or parameter width for which a for loop is generated is set optimally for generating code for a safety-related application.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

The optimization setting to specify the minimum signal or parameter width for which a for loop is generated is set to a value less than 2.

In the Configuration Parameters dialog box, set Loop unrolling threshold or set the parameter RollThreshold to a value equal to or greater than 2.

Action Results

Clicking Modify Settings configures model diagnostic settings that apply to solvers and that can impact safety.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

  • Analyzes content in masked subsystems that have no workspace and no dialog boxes.

See Also

Check safety-related optimization settings for specified minimum and maximum values

Check ID: mathworks.hism.hisl_0056

Check model configuration for optimization settings that can impact safety.

Description

This check verifies that model optimization configuration parameters are set optimally for generating code for a safety-related application. Although highly optimized code is desirable for most real-time systems, some optimizations can have undesirable side effects that impact safety.

Available with Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
The optimization that uses the specified minimum and maximum values for signals and parameters to optimize the generated code is selected. This might result in requirements without traceable code. (See DO-331 Section MB.6.3.4.e - Source code is traceable to low-level requirements.)If you have an Embedded Coder license and are using an ERT-based system target file, clear Configuration Parameter Optimize using the specified minimum and maximum values (Simulink Coder), or parameter UseSpecifiedMinMax to off.

Action Results

Clicking Modify Settings configures model optimization settings that can impact safety.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

  • Does not run on library models.

  • Does not allow exclusions of blocks or charts.

See Also

Check model object names

Check ID: mathworks.hism.hisl_0032

Check model object names.

Description

This check verifies that the following model object names comply with your own modeling guidelines or the high-integrity modeling guidelines. The check also verifies that the model object does not use a reserved name.

  • Blocks

  • Signals

  • Parameters

  • Buses

  • Stateflow objects

Reserved names:

  • MATLAB keywords

  • Reserved keywords for C, C++, and code generation. For a complete list, see Reserved Keywords (Simulink Coder)

  • int8 , uint8

  • int16, uint16

  • int32, uint32

  • inf, Inf

  • NaN, nan

  • eps

  • intmin, intmax

  • realmin, realmax

  • pi

  • infinity

  • Nil

Note

In some cases, the Model Advisor reports an issue in multiple subchecks of this check.

Available with Simulink Check.

Input Parameters

To specify the naming standard and model object names that the check flags, use the Model Advisor Configuration Editor.

  1. Open the Model Configuration Editor and navigate to Check model object names. In the Input Parameters pane, for each of the model objects, select one of the following:

    • MAAB to use the MAAB naming standard. When you select MAAB, the check uses the regular expression (^.{32,}$)|([^a-zA-Z_0-9])|(^\d)|(^ )|(__)|(^_)|(_$) to verify that names:

      • Use these characters: a-z, A-Z, 0-9, and the underscore (_).

      • Do not start with a number.

      • Do not use underscores at the beginning or end of a string.

      • Do not use more than one consecutive underscore.

      • Use strings that are less than 32 characters.

    • Custom to use your own naming standard. When you select Custom, you can enter your own Regular expression for prohibited <model object> names. For example, if you want to allow more than one consecutive underscore, enter (^.{32,}$)|([^a-zA-Z_0-9])|(^\d)|(^ )|(^_)|(_$)

    • None if you do not want the check to verify the model object name

  2. Click Apply.

  3. Save the configuration. When you run the check using this configuration, the check uses the input parameters that you specified.

Results and Recommended Actions

ConditionRecommended Action
The model object names do not comply with the naming standard specified in the input parameters.Update the model object names to comply with your own guidelines or the high-integrity guidelines.

Capabilities and Limitations

  • Does not run on library models.

  • Does not analyze content of library linked blocks.

  • Does not analyze content in all masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check for blocks not recommended for C/C++ production code deployment

Check ID: mathworks.hism.hisl_0020

Identify blocks not supported by code generation or not recommended for C/C++ production code deployment.

Description

This check partially identifies model constructs that are not recommended for C/C++ production code generation as identified in the Simulink Block Support (Simulink Coder) tables for Simulink Coder and Embedded Coder. If you are using blocks with support notes for code generation, review the information and follow the given advice.

Available with Simulink Check and Embedded Coder.

Results and Recommended Actions

ConditionRecommended Action
The model or subsystem contains blocks that should not be used for production code deployment.Consider replacing the blocks listed in the results. Click an element from the list of questionable items to locate condition.

Capabilities and Limitations

  • Runs on library models.

  • Analyzes content of library linked blocks.

  • Analyzes content in all masked subsystems.

  • Allows exclusions of blocks and charts.

See Also

Check configuration parameters for MISRA C:2012

Check ID: mathworks.misra.CodeGenSettings

Identify configuration parameters that can impact MISRA C:2012 compliant code generation.

Description

Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications.

Available with Embedded Coder and Simulink Check.

Results and Recommended Actions

ConditionRecommended Action
Math and Data Types
Configuration parameter Use division for fixed-point net slope computation is not set to On or Use division for reciprocals of integers only .Set Use division for fixed-point net slope computation to On or Use division for reciprocals of integers only.
Inf or NaN block output is set to None Set Inf or NaN block output to warning or error.
Configuration parameter Model Verification block enabling is set to Use local settings or Enable All.Set Model Verification block enabling to Disable All.
Configuration parameter Undirected event broadcasts is set to none or warning.Set Undirected event broadcasts to error.
Configuration parameter Wrap on overflow is set to NoneSet configuration parameter Wrap on overflow to warning or error.
Hardware Implementation
Configuration parameter Production hardware signed integer division rounds to is set to UndefinedSet Production hardware signed integer division rounds to to Zero or Floor.
Configuration parameter Shift right on a signed integer as arithmetic shift is selected.Clear Shift right on a signed integer as arithmetic shift .
Simulation Target
Configuration parameter Compile-time recursion limit for MATLAB functions is set to a value other than 0 .Set Compile-time recursion limit for MATLAB functions to 0 .
Configuration parameter Dynamic memory allocation in MATLAB functions is selected.Clear Dynamic memory allocation in MATLAB functions.
Configuration parameter Enable run-time recursion for MATLAB functions is selected.Clear Enable run-time recursion for MATLAB functions.
Code Generation

Configuration parameter Bitfield declarator type specifier is set to uchar_T when any of these parameters are selected:

  • Pack Boolean data into bitfields

  • Use bitsets for storing state configuration

  • Use bitsets for storing Boolean data

Set Bitfield declarator type specifier to uint_T.
Configuration parameter Casting Modes is not set to Standards Compliant.Set Casting Modes to Standards Compliant.
Configuration parameter Code replacement libraryis not set to None or AUTOSAR 4.0.

Set Code replacement library to None or AUTOSAR 4.0

Configuration parameter External mode is selected.Clear External mode.
Configuration parameter Generate shared constants is selected.Clear Generate shared constants.

Configuration parameter Include commentsis cleared.

Select Include comments.
Configuration parameter MAT-file logging is selected.

Clear MAT-file logging

For ERT-based target systems, configuration parameter MATLAB user comments is cleared.Select MATLAB user comments.
A value for configuration parameter Maximum identifier length is not provided.Set the value to the implementation-dependent limit. The default is 31.
Configuration parameter Parenthesis level is not set to Maximum (Specify precedence with parentheses).Set Parentheses level to Maximum (Specify precedence with parentheses).

For ERT-based target systems, configuration parameter Preserve static keyword in function declarations is cleared when File packaging format is set to or CompactCompactWithDataFile

Select Preserve static keyword in function declarations.
Configuration parameter Replace multiplications by powers of two with signed bitwise shifts is selected.Clear Replace multiplications by powers of two with signed bitwise shifts.
Configuration parameter Shared code placement is set to Auto.

Set Shared code placement to Shared location

For ERT-based target systems, configuration parameter Support continuous time is selected Clear Support continuous time.
Configuration parameter Support non-finite numbers is selected.

Clear Support non-finite numbers

For ERT-based target systems, configuration parameter Support non-inlined S-functions is selected Clear Support non-inlined S-functions.
Configuration parameter System-generated identifiers is set to Classic.Set System-generated identifiers to Shortened.
Configuration parameter System target file is set to a GRT-based target.Set System target file to an ERT-based target.
Configuration parameter Use dynamic memory allocation for model initialization is selected when Code Interface Packaging is set to Reusable Function.

Clear Use dynamic memory allocation for model initialization.

Select only when Code Interface Packaging is set to Reusable Function.

Action Results

Clicking Modify All changes the parameter values to the recommended values.

Subchecks depend on the results of the subchecks noted with D in the results table in the Model Advisor window.

Capabilities and Limitations

This check does not review referenced models.

See Also

Check for blocks not recommended for MISRA C:2012

Check ID: mathworks.misra.BlkSupport

Identify blocks that are not supported or recommended for MISRA C:2012 compliant code generation.

Description

Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications.

Available with Embedded Coder and Simulink Check.

Results and Recommended Actions

ConditionRecommended Action

Lookup Table blocks using cubic spline interpolation or extrapolation methods were found in the model or subsystem. Specific blocks are:

Consider other interpolation and extrapolation methods for the Lookup Table blocks.

Deprecated Lookup Table blocks were found in the model or subsystem. Specific blocks are:

  • Lookup Table

  • Lookup Table (2-D)

Consider replacing the deprecated Lookup Table blocks.
S-Function Builder blocks were found in the model or subsystem.Consider replacing the S-Function Builder blocks with blocks recommended for production.
From Workspace blocks were found in the model or subsystemConsider replacing the From Workspace blocks with blocks recommended for production.

String blocks were found in the model or subsystem. Specific blocks are:

Consider replacing the String blocks with blocks recommended for production.

Capabilities and Limitations

You can:

  • Run this check on your library models.

  • Analyzes content of library linked blocks.

  • Analyzes content in masked subsystems.

  • Exclude blocks and charts from this check if you have a Simulink Check license.

Edit-Time Checking.  This check is supported by edit-time checking.

See Also