Motivation
bat365® intends the guidelines for engineers developing models and generating code for high-integrity systems using Model-Based Design with bat365 products. The guidelines provide recommendations for creating Simulink® models that are complete, unambiguous, statically deterministic, robust, and verifiable. The guidelines focus on model settings, block usage, and block parameters that impact simulation behavior or code generated by the Embedded Coder® product.
These guidelines do not assume that you use a particular safety or certification standard. The guidelines reference some safety standards where applicable, including:
DO-178C/DO-331, Software Considerations in Airborne Systems and Equipment Certification
DO-254, Design Assurance Guidance for Airborne Electronic Hardware
IEC 61508, Functional Safety of Electrical/Electronic/Programmable Electronic Safety Related Systems
IEC 62304, Medical Device Software – Software Life Cycle Processes
ISO 26262, Road vehicles — Functional Safety
EN 50128/EN 50657, Railway applications - Communication, Signalling and Processing Systems - Software for Railway Control and Protection Systems
ISO 25119, Tractors And Machinery For Agriculture And Forestry — Safety-Related Parts Of Control Systems
MISRA C, Use of the C Language in Critical Systems
You can use the Model Advisor to support adhering to these guidelines. Each guideline lists the checks that are applicable to that guideline, or to parts of that guideline.
The guidelines do not address model style or development processes. For more information about creating models in a way that improves consistency, clarity, and readability, see the MAB Modeling Guidelines guidelines. Development process guidance and additional information for specific standards is available with the IEC Certification Kit (for ISO 26262 and IEC 61508) and DO Qualification Kit (for DO-178) products.
Disclaimer
While adhering to the recommendations in the guidelines will reduce the risk that an error is introduced during development and not be detected, it is not a guarantee that the system being developed will be safe. Conversely, if some of the recommendations in the guidelines are not followed, it does not mean that the system being developed will be unsafe.