ISO 26262 Support in MATLAB and Simulink

The development of high-integrity systems within the automotive industry is characterized by demonstrating compliance with ISO® 26262, an international standard for road vehicle functional safety. ISO 26262 classifies functions in automotive safety integrity levels (ASIL) from A to D – that is, from least to most stringent. OEMs and Tier-1 suppliers are adapting their ECU development processes to use Model-Based Design with ISO 26262.

MATLAB, Simulink, Stateflow, Embedded Coder®, MATLAB and Simulink® verification tools, and Polyspace® code verification tools are certified by TÜV SÜD as qualified tools according to ISO 26262 for ASIL A-D. The qualifications are based on an automated, application-specific verification workflow. It supports back-to-back model and code testing, as highly recommended by ISO 26262-6 for ASILs C and D, using the processor-in-the-loop (PIL) simulation mode in Simulink. As such, engineers can leverage coder and compiler optimizations, including processor-specific code generated by Embedded Coder, to produce the fast and memory-efficient software needed for mass production ECUs. In addition to C code generation, Embedded Coder ISO 26262 tool qualification use cases include its AUTOSAR and C++ code generation capabilities.

HDL Coder™ is also certified by TÜV SÜD to be suitable for use in developing safety related products for all ASILs. HDL Coder generates readable and traceable VHDL and Verilog that can target any FPGA, ASIC and SoC device. It works closely with HDL Verifier to generate testbenches to perform back-to-back testing with HDL simulators and FPGA boards.

The workflow documentation, TÜV SÜD certificates and reports, test suites, and additional certification artifacts are provided in the IEC Certification Kit (for ISO 26262 and IEC 61508). TÜV SÜD additionally conducts yearly audits of the software development and quality engineering processes for tools supported by the IEC Certification Kit.

“Without Model-Based Design, we would have needed at least 30% more time to develop and certify the ESCL application software. We saved time and effort by generating efficient code that satisfied all our speed and memory requirements.”

Cheng Hui, platform and process manager, KOSTAL
Excerpt from ISO 26262-6:2018 showing suitable software design notations

ISO26262:2018 stating Simulink and Stateflow are suitable for Software Architecture and Software Unit Design Notations and as a basis for automatic code generation.