IEC Certification Kit 1
User’s Guide
How to Contact The MathWorks
www.mathworks.
comp.soft-sys.matlab Newsgroup
www.mathworks.com/contact_TS.html Technical Support
suggest@mathworks.com Product enhancement suggestions
bugs@mathwo
doc@mathworks.com Documentation error reports
service@mathworks.com Order status, license renewals, passcodes
info@mathwo
com
rks.com
rks.com
Web
Bug reports
Sales, prici
ng, and general information
508-647-7000 (Phone)
508-647-7001 (Fax)
The MathWorks, Inc.
3 Apple Hill Drive
Natick, MA 01760-2098
For contact information about worldwide offices, see the MathWorks Web site.
IEC Certification Kit U ser’s Guide
© COPYRIGHT 2009–2010 by The MathWorks, Inc.
The software described in this document is furnished under a lic ense agreem ent. The software may be used
or copied only under the terms of the license agreement. No part of this manual may be photocopied or
reproduced in any form without prior written consent from The MathW orks, Inc.
FEDERAL ACQUISITION: This provision applies to all acquisitions of the Program and Documentation
by, for, or through the federal government of the United States. By accepting delivery of the Program
or Documentation, the government hereby agrees that this software or documentation qualifies as
commercial computer software or commercial computer software documentation as such terms are used
or defined in FAR 12.212, DFARS Part 227.72, and DFARS 252.227-7014. Accordingly, the term s and
conditions of this Agreement and only those rights specified in this Agreement, shall pertain to and govern
theuse,modification,reproduction,release,performance,display,anddisclosureoftheProgramand
Documentation by the federal government (or other en ti ty acquiring for or through the federal government)
and shall supersede any conflicting contractual terms or conditions. If this License fails to meet the
government’s needs or is inconsistent in any respect with federal procurement law, the government agrees
to return the Program and Docu mentation, unused, to The MathWorks, Inc.
Trademarks
MATLAB and Simulink are registered trademarks of The MathWorks, Inc. See
www.mathworks.com/trademarks for a list of additional trademarks. O ther product or brand
names may be trademarks or registered trademarks of their respective holders.
Patents
The MathWorks products are protected by one or more U.S. patents. Please see
www.mathworks.com/patents for more information.
Revision History
March 2009 Online only New for Version 1.0 (Applies to Releases 2007a+, 2008a,
September 2009 Online only Revised for Version 1.1 (Applies to Releases 2008a, 2008b,
March 2010 Online only Revised for Version 1.2 (Applies to Release 2010a)
2008b, 2009a)
2009a, 2009a+, 2009b)
Getting Started
1
IEC C ertification Kit Product Overview ............. 1-2
What Is the I EC Certification Kit Product?
What Is IEC 61508?
IEC 61508 Compliance Considerations
IEC 61508 Tool Certification Considerations
What Is ISO 26262?
ISO 26262 Compliance Considerations
ISO 26262 Tool Qualification
IEC Certification Kit Components
Required K nowledge
............................... 1-3
............................... 1-5
........................ 1-7
.................... 1-7
............................... 1-10
Certification Process
............ 1-2
................ 1-4
........... 1-4
................ 1-6
Contents
2
Certification Process Using the IEC Certification Kit
Product
Defining Certification Objectives and Requirem ents
Certifying or Qualifying Software Tools
......................................... 2-2
..... 2-2
............... 2-2
Accessing and M anaging Certification Artifacts
3
Accessing Certification A rtifacts Using the Certification
Artifacts Explorer
Certification Artifacts in the IEC Certification Kit
Product
What Is a Certification Package?
How To Access Certification Artifacts
....................................... 3-2
............................... 3-2
..................... 3-2
................. 3-2
iii
Managing Certification Artifacts Using the Certification
Artifacts Explorer
Managing Certification Artifacts Overview
Supported File Types
Deleting Certification Packages
............................... 3-4
............. 3-4
.............................. 3-5
...................... 3-5
Limitations of the Certification Artifacts Explorer
Supporting Certification-Related Development
Activities
4
Generating
About Trac
Generatin
Prerequis
How to Gene
Adding Co
Require
How To Re
ments for Adding Comments to a Traceability
Matrix
a Traceability Matrix
eability Matrices
g Traceability Matrices Limitations
ites for Generating a Traceability Matrix
rate a Traceability Matrix
mments to a Traceability Matrix
........................................ 4-5
tain Comments
.........................
..........................
...................
..........
......
................
..........
Funct
ion Reference
... 3-6
4-2
4-2
4-3
4-3
4-4
4-5
4-5
iv Contents
5
6
ification Artifacts Management
Cert
tification-Related Development Activities
Cer
nctions — Alphabetical List
Fu
.................
........
5-2
5-2
Getting Started
1
1 Getting Sta rted
IEC Certification Kit Product Overview
In this section...
“What Is the IEC Certification Kit Product?” on page 1-2
“What Is IEC 61508?” on page 1-3
“IEC 61508 Compliance Considerations” on page 1-4
“IEC 61508 Tool Certification Considerations” on page 1-4
“What Is ISO 26262?” on page 1-5
“ISO 26262 Compliance Considerations” on page 1-6
“ISO 26262 Tool Qualification” on page 1-7
“IEC Certification Kit Components” on page 1-7
“Required Knowledge” on page 1-10
What Is the IEC Certification Kit Product?
The IEC Certification Kit product (for IEC 61508 and ISO 26262) is a package
of certification artifacts and tools. The IEC Certification Kit product supports
engineers who use MathWorks™ products to develop, verify, or validate
software for systems that must comply with, or be certified according to IEC
61508 or ISO 26262.
1-2
Note Neither compliance with nor certification to the ap pl icable safety
standard ensure the safety of the software or the system under consideration.
However, the applicable safety standard may be considered a state-of-the-art
or generally accepted rules of technology (GART) fo r the development of
safety-related systems in your industry. A certification might be u sed
as evidence that state-of-the-art procedures were applied during system
development.
To view the certification artifacts that are part of the IEC Certification Kit
product, use the Certification Artifacts Explorer. For more information, see
“Accessing Certification Artifacts Using the Certification Artifacts Exp lore r”
on page 3-2.
IEC Certification Kit Product Overview
For more information on how to leverage the IEC Certification Kit product,
see Chapter 2, “Certification Process”.
What Is IEC 61508?
IEC 61508 is an international, industry-independent safety standard
titled Functional safety of electrical/electronic/programmable electronic
safety-related systems. The seven parts of the standard (referred to as IEC
61508-1 to IEC 61508-7) were published from 1998 through 2000.
IEC 61508-3 Software Requirements concerns software development,
verification, a nd validation. B y constraining the processes used for software
development and quality assurance, the intention of the IEC 61508-3
standard is to:
• Reduce the number of errors introduced during software development.
• Increase the number of errors revealed by verification and v alidation
activities.
IEC 61508 is a prescriptive standard, providing detailed lists of techniques
and measures with recommendations. The required degree of rigor for
software development, verification, and validation varies, depending on how
critical the software is. The standard expresses the degree of rigor in terms of
Safety Integrity Levels (SILs). For example, IEC-61508-3 might recommend
a measure or technique for SIL 1 and 2, and highly recommend it for SIL
3and4.
To help with the selection of techniques and measures appropriate for a
required SIL, annexes A and B of IEC 61508-3 provide 19 software safety
integrity tables. The tables list the techniques and measures recommended
for each SIL. The standard organizes the tables based on the different
software lifecycle phases. IEC 61508-7 Overview of techniques and measures
provides detailed descriptions of selected measures and techniques.
IEC 61508-3 is a generic safety publication first published in 1998. The
standard does not cover advanced software development, verification, and
validation technologies, such as Model-Based Design, code generation, and
abstract interpretation. If developing software using such technologies,
1-3
1 Getting Sta rted
objectives and recommendations of the standard must be mapped to the
processes and tools used.
IEC 61508 Compliance Considerations
IEC 61508 certification confirms that a product or system complies with
objectives set b y the standard.
You can get IEC 61508 compliance certified by an independent, external
certification authority, such as Technischer Überwachungsverein (TÜV) in
Germany. Upon granting certification, the certification authority issues
a certificate and, if applicable, a certificate report. A certificate report
is a technical report that accompanies the certificate. The certificate
report documents details of the certification process and constraints for the
certificate.
An applicant might self-certify a system. Self-certification requires the
applicant to demonstrate IEC 61508 compliance to an internal assessor,
without requiring external certification. In this case, aspects of the standard
might be relaxed or tightened.
1-4
Regardless of how an applicant achieves certification, the applicant shall
document compliance with the relevant set of IEC 61508 requirements. For
software, the applicant typically creates customized instances of software
safety integrity tables. The tables describe how you interpreted and
applied each recommended technique and measure for the software under
development. If not using a highly recommended technique or measure,
the rationale shall be documented and agreed upon with the ce rtification
authority or internal assessor.
The customized software safety integrity tables serve as partial evidence
to demonstrate that the objectives of the standard are met. To facilitate
certification, the applicant should submit an initia l version of the tables early
in the software d ev elo pm ent lifecycle to the certif ica t ion authority or internal
assessor for discussion and approval.
IEC 61508 Tool Certification Considerations
IEC 61508-3 highly recommends certified tools and translators for safety
integrity levels SIL 2 and higher (see IEC 61508-3 clause 7.4.4.3a and ta b le
IEC Certification Kit Product Overview
A.3). According to IEC 61508-7, clause C.4.3, wherever possible, tools should
be certified. The certification of a tool is usually carried out by an independent
body against independently set criteria, such as national or international
standards.
The intention of the IEC 61508 standard is to regulate the development of
safety-related sy stems, not the development of software tools used to design,
verify, and validate these systems. IEC 61508 provides only limited guidance
on how to satisfy the recommendatio n on how to certify tools. As a result,
different tool certification approaches have be en proposed and pursued in
practice.
A recent approach is in-context certification of tools. In-context certification
is based on a specific workflow or set of workflows to be used when applying
the tool to develop or verify software for IEC 61508 compliant or certified
applications. For an in-context certification, the certification package includes
workflow documentation in addition to a certificate and certificate report. The
applicant must ensure that the tool is used within the workflows referenced
and the constraints specified in their respective certificates.
Regardless of the tool certification, the tool user is and remains fully
responsible for the safety of the system and its embedded software.
What Is ISO 26262?
ISO 2 6262 is an emerging international safety standard titled Road vehicles
— Functional safety. ISO 26262 is a sector-specific standard for the
automotive industry. The intention is to apply the ISO 26262 standard to
safety-related systems. These systems include one or more E/E systems
and are installed in series production passenger cars with a maximum gross
weight of up to 3.5 tons.
®
ISO
published the ISO/DIS 26262 draft international standard in July 2009.
It consists of ten parts, referred to as ISO/DIS 26262-1 to ISO/DIS 26262-10.
1. Systems that consists of electrical and electronic elements, including: programmable
lectronic elements, power supplies, input devices, communication paths, and output
e
devices.
1
,
1-5
1 Getting Sta rted
Part 6 (ISO/DIS 26262-6) Product development: software level pertains to
software development, verification, and validation. It includes guidance for
projects using Model-Based Design
26262-8) Supporting processes addresses multiple cross-functional topics,
including the qualification of software tools.
The required degree of rigor for software development, verification, and
validation varies, depending on how critical the software is. It is expressed in
terms of Automotive Safety Integrity Levels (ASILs) A to D. For example, a
measure or technique listed in ISO 26262 might be recommended for ASIL A
and ASIL B, and highly recommended for ASIL C and ASIL D.
2
and code generation. Part 8 (ISO/DIS
ISO 26262 Compliance Considerations
ISO/DIS 26262 certification confirms that a product or system complies with
the objectives set by the draft international standard. An applicant can
certify a system in two ways:
• Certification by an independent, external certification authority.
1-6
• Self-certification
An independent, external certification authority, such as Technischer
Überwachungsverein (TÜV) in Germany, can certify ISO/DIS 26262
compliance. The certification authority issues a certificate and, if applicable, a
certificate report. The certificate report is a technical report that accompanies
the certificate. The certificate report documents the details of the certification
process and the constraints for the certificate.
An applicant can self-certify a system. Self-certification requires the applicant
to demonstrate ISO/DIS 26262 compliance to an internal assessor, without
requiring external certification. In this case, aspects of the standard might be
relaxed or tightened.
Regardless of how an applicant achieves certification, the applicant shall
document compliance with the applicable set of ISO/DIS 26262 requirements.
2. Referred to as model-based development.
IEC Certification Kit Product Overview
ISO 26262 Tool Qualification
The ISO 26262 standard acknowledges that the use of software tools
simplifies or auto mate s activities and tasks to d ev elop safety-related software.
ISO/DIS 26262-8 provides a framework for software tool qualification to
provide evidence that a software tool is suitable for use when developing
safety-related software. In this way, confidence can be achieved in the correct
execution of the activities and tasks supported by this tool (see ISO/DIS
26262-8, Chapter 11).
To determine the required level of confidence in a software tool, (tool
confidence level, TCL), the applicant shall analyze the use cases for the
software tool. The analysis determines:
• If a malfunctioning software tool and the erroneous output of the tool can
lead to the violation of a safety requirement.
• The probability of preventing or detecting such errors in the output.
The evaluatio n considers tool-internal measures (for example, monitoring), as
well as tool-external measures (for example, guideline s, tests, reviews) that
the applicant imple ments in the development process for the safety-related
software.
The required TCL, together with the ASIL o f the software develo ped using the
tool, allows the selection of the appropriate qualification methods.
If the applicant can demonstrate the qualification requirements for the given
software tool, no further qualification activities are needed. Otherwise, the
applicant must apply the appropriate qualification methods.
Regardless of the tool qualification, the tool user is and remains fully
responsible for the safety of the system and its embedded software.
IEC Certification Kit Components
The IEC Certification Kit product includes the following certification artifacts
and tools:
• Certification and qualification evidence
• Documents and templates
1-7
1 Getting Sta rted
• Tools for certification-related development activities
• Tools for managing certification artif acts
The certification artifacts and tools support you when using the following
MathWorks products in the context of the IEC 61508 and ISO 26262
standards:
• Real-Time Workshop
®
• PolySpace
Specific versions of the preceding MathWorks products have been certified or
qualified by TÜV SÜD, a German-based certification authority.
The IEC Certification Kit product contains certification artifacts to document
compliance with the respective standards. The applicant can submit
certification artifacts, or derivatives thereof, as evidence of compl ia n c e with
IEC 61508-3, ISO/DIS 26262-6, and ISO/DIS 26262-8.
The IEC Certification Kit product provides the following capability to support
certification-related development activities:
Generating traceability matrices for tracing among model objects,
generated code, and model requirements (see “Generating a Traceability
Matrix” on page 4-2).
Note The rights.txt file, located at matlabroot\toolbox\qualkits\iec,
describes allowed uses of the IEC Certification Kit product.
Client™ for C/C++; PolySpace®Server™ for C/C++
®
Embedded Coder™
1-8
Certification Artifacts for the Real-Time Workshop Embedded
Coder Product
TÜV SÜD has certified specific versions of the Real-Time Workshop
Embedded Coder product for use in dev elopment processes that are required
to comply with IEC 61508 or ISO/DIS 26262. These product versions are
also qualified according to ISO/DIS 26262-8 for Automotive Safety Integrity
Levels ASIL A through ASIL D.
IEC Certification Kit Product Overview
The IEC Certification Kit prod u c t contains certification artifacts for the
following versions of the Real-Time Workshop Embedded Coder product:
Version 5.5 (R2010a)
Previous releases of the Real-Time Workshop Embedded Coder product are
certified or qualified. For supporting certification artifacts, see previous
releases of the IEC Certification Kit product.
Note The Real-Time Workshop Embedded Coder product was not developed
using an IEC 61508 certified process.
Certification artifacts for the Real-Time Workshop Embedded Coder product
are in the following folder:
matlabroot\toolbox\qualkits\iec\rtwec\r2010a\
Details on the certification artifacts are in the certificate reports.
Component
Certificate
Certificate Report
Workflow Documentation
Compliance Demonstration Template
ISO 26262 Tool Q ualification Package
Certification Artifacts for the PolySpace Client for C/C++ and
PolySpace Server for C/C++ Products
TÜV SÜD certified specific versions ofthePolySpaceClientforC/C++and
the PolySpace Server for C/C++ products for use in development processes
that are required to comply with IEC 61508, EN 50128, or ISO/DIS 26262.
These product versions are also qualified according to ISO/DIS 26262-8 for
Automotive Safety Integrity Levels ASIL A through ASIL D .
File
Cert_Z10090667052002.pdf
CR_MN72051C.pdf
certkitiec_rtwec_workflow.pdf
certkitiec_rtwec_cdt.rtf
certkitiec_rtwec_cdt.pdf
certkitiec_rtwec_tqp.rtf
certkitiec_rtwec_tqp.pdf
1-9
1 Getting Sta rted
The IEC Certification Kit prod u c t contains certification artifacts for the
following versions of the PolySpace Client for C/C++ and the PolySpace
Server for C/C++ products:
Version 7.2 (R2010a)
Previous releases of the PolySpace
For supporting certification artifacts, see previous releases of the IEC
Certification Kit product.
Note The PolySpace Client for C/C++ and the PolySpace Server for C/C++
products were not developed using an IEC 61508 certified process.
Certification artifacts for the PolySpace Client for C/C + + and PolySpace
Server for C/C++ products are in the following folder:
matlabroot\toolbox\qualkits\iec\polyspace\r2010a\
Component
Certificate
Certificate Report
Workflow Documentation
Required Knowledge
Before using the IEC Certification Kit product, make sure that you have:
®
products are certified or qualified.
File
Cert_Z10090767052003.pdf
CR_MN74651C.pdf
certkitiec_polyspace_workflow.pdf
1-10
• Knowledg e about developing safety-related software.
• Knowledg e of the applicable safety standard:
- IEC 61508 Functional safety of electrical/electronic/programmable
electronic safety-related systems
- ISO 26262 Road vehicles — Functional safety
- EN 50128 Railway Applications - Communications, Signalling and
Processing Systems - Software for Railway Control and Protection
Systems
IEC Certification Kit Product Overview
• Experience with MathWorks products that you use to develop, v erify ,
or validate software for systems that are required to comply with the
applicable standard.
Also, review the following information:
• Technical Solution 1-32COJP on the MathWorks Web site, which offers
recommendations on how to apply Simulink
®
, Real-Time Workshop
Embedded Coder, and other products for Model-Based Design in the
context of IEC 61508.
• If you have a Real-Time Workshop Embedded Coder license,“Developing
Models and Code That Comply with the IEC 61508 Standard” in the
Real-Time Workshop Embedded Coder documentation.
1-11
1 Getting Sta rted
1-12
Certification Process
2
2 Certification Process
Certification Process Using the IEC Certification Kit Product
In this section...
“Defining Certification Objectives and Requirements” on page 2-2
“Certifying or Quali fying Software Tools” on page 2-2
Defining Certification Objectives a nd Requirements
Before using the IEC Certification Kit product, define your certification
objectives and requirements.
• Identify the scope of your certification activities, such as the applicant
and the application to certify.
• Decide on the applicable safety standards and the required Safety Integrity
Level (SIL) or Automotive Safety Integrity Level (ASIL).
• Determine the software development processes and software tool chain to
use.
2-2
• Define tool certification or qualification requirements. For example, the
tools and versions to certify or qualify.
Certifying or Qualifying Software Tools
The IEC 61508 and ISO 26262 standards include requirements or
recommendations to use certified or qualified tools. You can use tool
certification evidence from the IEC Certification Kit product to document
compliance with the requirements or recommendations concerning tool
certification or qualification.
Note Using certified or qualified tools does not ensure the safety of the
application under development.
The IEC Certification Kit product provides tool certification and qualification
evidence for the following MathWorks products:
• Real-Time Workshop Embedded Coder
Certification Process Using the IEC Certification Kit Product
• PolySpace Client for C/C++ ; PolySpace Server for C/C++
The IEC Certification Kit product follows an in-context approach to tool
certification and qualification. Thi s approach is based on specific workflows
to be used when applying the certified and qualified tools to develop or
verify software for IEC 61508 and ISO 26262 applications. The applicant
must ensure that the tools are used within the referenced workflows and
constraints specified in the certificates.
The IEC Certification Kit product provides support for creating the following
artifacts related to tool certification and qualification.
Tool Certification Artifac ts for IEC 61508 A p p lic ati ons
Products
Real-Time Workshop
Embedded C oder
Purpose
Tool Certif ica tion
Evidence for code
generator
Documentation of
Translation validation
workflow
Evidence for using
the code generator
within the referenced
workflows and within
the constraints
specified in its
certificate
References Artifacts and
1
• IEC 6 1508-3 Clause
7.4.4.3a
• IEC 61508-3
Table A-3
Documents
• Certificate Z10 09
06 67052 002
• Certification report
MN72051C
Technique/Measure
5a "Certificated
Translator"
N/A Application-Specific
Verification and
Validation of Models
and Generated Code
N/A Customized
and completed
Conformance
Demonstration
Template
2-3
2 Certification Process
Tool Certification Artifacts for IEC 61508 Applications (Continued)
Products
Purpose
References Artifacts and
Documents
PolySpace Client for
C/C++; PolySpace
Server for C/C++
Tool Certif ica tion
Evidence for code
verification tool
IEC 61508-3,
Table A-3,
Technique/Measure
4a "Certificated Tool"
Documentation of
N/A Verification of C
Code verification
workflow
1
For file names and locations, see “IEC Certification Kit Co mponents” on page 1-7.
• Certificate Z10 09
07 67052 003
• Certificate Report
MN74651C
and C++ Code Us in g
PolySpace Products
1
2-4
Certification Process Using the IEC Certification Kit Product
Tool Qualific ation Artifacts for ISO 26262 Applicatio ns
Products
Real-Time Workshop
Embedded C oder
Purpose
Software Tool
Qualification Plan
Software Tool
Documentation
References Artifacts and
1
• ISO 26262-8, 11.4.2
• ISO 26262-8, 11.4.4
Documents
Customized and
completed Chapter
2, Software Tool
Qualification Plan
of the ISO 26262
Real-Time Workshop
Embedded Coder
Qualification Package
template
ISO 262 6 2-8 , 11.4.2.2 • Customized and
completed Chapter
3, Software Tool
Documentation
of the ISO
26262 Real-Time
Workshop
Embedded Coder
Qualification
Package template
• Documentation set
for the Real-Time
Workshop
Embedded Coder
product
Software Tool
Classification
Analysis
ISO 26262-8, 11.4.2,
11.4.3
• Installation Guide
Customized and
completed Chapter
4, Tool Classification
of the ISO 26262
Real-Time Workshop
Embedded Coder
Qualification Package
template
2-5
2 Certification Process
Tool Qualificati on Artifacts for ISO 26262 Applications (Continued)
Products
Real-Time Workshop
Embedded C oder
Purpose
Software Tool
Qualification Report
Documentation of
Translation validation
workflow
Evidence for using
the code generator
within the referenced
workflows and within
the constraints
specified in its
certificate
References Artifacts and
Documents
ISO 26262-8, 11.4.3,
11.4.4, 11.4.5, 11.4.6,
11.4.7, 11.4.8
N/A Application-Specific
N/A Customized
• Customized
and completed
Chapter 5, Tool
Qualification
Documentation
of the ISO
26262 Real-Time
Workshop
Embedded Coder
Qualification
Package template
• Certificate Z10 09
06 67052 002
• Certification report
MN72051C
Verification and
Validation of Models
and Generated Code
and completed
Conformance
Demonstration
Template
1
2-6
Certification Process Using the IEC Certification Kit Product
Tool Qualificati on Artifacts for ISO 26262 Applications (Continued)
Products
Purpose
References Artifacts and
Documents
PolySpace Client for
C/C++; PolySpace
Server for C/C++
Software Tool
Qualification Report
ISO 26262-8, 11 • Certificate Z10 09
07 67052 003
• Certificate Report
MN74651C
Documentation of
Code verification
workflow
N/A Verification of C
and C++ Code Us in g
PolySpace Products
documentation
1
For file names and locations, see “IEC Certification Kit Co mponents” on page 1-7.
Note Some safety standards, including IEC 61508, do not have a formal
concept of certification credits. The amount of credit for the use of certified
or qualified tools is dependent on the applicant’s development, verification
and validation processes, and how the applicant uses the tools within those
processes. The applicant should propose and discuss an initial version of the
compliance package, including tool qualification data, to the certification
authority or internal assessor early in the development lifecycle.
1
2-7
2 Certification Process
2-8
Accessing and M anaging Certification Artifacts
• “Accessing Certification Artifacts Using the Certification Artifacts
Explorer” on page 3-2
• “Managing Certification Artifacts Using the Certification Artifacts
Explorer” on page 3-4
• “Limitations of the Certification Artifacts Explorer” on page 3-6
3
3 Accessing and Managing Certification Artifacts
Accessing Certification Artifacts Using the Certification
Artifacts Explorer
In this section...
“Certification Artifacts in the IEC Certification Kit Product” on page 3-2
“What Is a Certification Package?” on page 3-2
“How To Access Certification Artifacts” on page 3-2
Certification Artifacts in the IEC Certification Kit Product
The IEC Certification Kit product includes the following certification artifacts:
• Certification and qualification evidence
• Documents and templates
3-2
For more information about the certification artifacts that are part of the IEC
Certification Kit product, see “IEC Cer ti fi cation Kit Components” on page 1-7.
For more information about certifying or qualifying software tools, see
“Certification Process Using the IEC Certification Kit Product” on page 2-2.
What Is a Certification Package?
A certification package is a group of certification artifacts that you use to
certify your project. The Certification Artifacts Explorer displays:
• The certification artifacts that are part of th e IEC Certification Kit product.
• Certification packages that you create.
How To Access Certification Artifacts
You can use the Certification Artifacts Explorer to access ce rtif ica tion
artifacts. To start the Certification Artifacts Explorer, use one of the following
methods.
Accessing Certification Artifacts Using the Certification Artifacts Explorer
To start the Certification Artifacts
Do th is:
Explorer...
From the MATLAB®Start menu Select Start > Simulink > IEC
Certification Kit > Certification
Artifacts Explorer.
Enter
From the MATLAB command line
certkitiec.
In the Certification Artifacts Explorer window, in the left pane, you see
the certification artifacts that are available with the IEC Certification Kit
product. If the IEC Certification Kit product contains artifacts for more
than one release, the Certification Artifacts Explorer lists the artifacts f or
each release. Selecting an item in the left pane displays information about
the item in the right pane.
3-3
3 Accessing and Managing Certification Artifacts
Managing Certification Artifacts Using the Certification
Artifacts Explorer
In this section...
“Managing C ertification Artifacts Overview” on page 3-4
“Supported File Types” on page 3-5
“Deleting Certification Packages” on page 3-5
Managing Certification Artifacts Overview
To m anage certification artifacts u s in g the Certification Artifacts Explorer:
1 Create a new certif ica tion package.
2 Name the certification package.
3 Define the location where the Certification Artifacts Explorer stores the
certification package.
3-4
4 Save the certification package. The saved package has a KIT extension.
5 Copy the certification artifacts for the product of interest into the
certification package.
6 Delete certification artifacts that are not required for your project.
7 Optionally, add related files to the certification package using a file browser
such as Microsoft
the Certification Artifacts Explorer, see “SupportedFileTypes”onpage3-5.
8 Use the Certification Artifacts Explorer to access certification artifacts. For
a lis t of arti fac ts that you might need to access and modify, see “Certifying
or Qualifying Software Tools” on page 2-2
When you create and save new certification packages, the Certification
Artifacts Explorer displays them in the left pane. Th e certification packages
that are listed remain visible u nl ess you delete them from the Certification
Artifacts Explorer.
®
Windows®Explorer. F or the types of files supported in
Managing Certification Artifacts Using the Certification Artifacts Explorer
Supported File T
You can add any fi
Artifacts Explo
• PDF files
• Worksheets, s
• Documents, su
• Hypertext do
To view othe
right pane,
the folder t
Tip When yo
File > Refr
you see all of the files in the package. You can click the link to
hatcontainsthefilestoaccessthefiles.
esh.
Deleting
The Cert
you crea
Artifac
on your
Explor
ification Artifacts Explo r er displays all certification packages that
te or open. If you delete a certification package from the Certification
ts Explorer, the files associated with the package are still available
computer. To delete the files, use a file browser such as Windows
er.
le to a certification package. However, the Certification
rer displays only the following types of files in the left pane:
uch as
ch as
cuments, such as
r types of files, select the folder that contains the files. In the
u add other types of files, to refresh the file list, use
Certification Packages
ypes
XLS and XLSX
DOC, DOCX, RTF and TXT
HTM and HTML
3-5
3 Accessing and Managing Certification Artifacts
Limitations of the Certification Artifacts Explorer
The Certification Artifacts Explorer has the following limitations:
• The Certification Artifacts Explorer works in Microsoft Windows platforms
only.
• For optimal performance, ensure that Microsoft Internet Explorer
available on your machine. Internet Explorer does not have to be your
default web browser.
®
is
3-6
Supporting Certification-Related Development Activities
• “Generating a Traceability Matrix” on page 4-2
• “Adding Comments to a Traceability Matrix” on page 4-5
4
4 Supporting Certification-Related Development Activities
Generating a Traceability Matrix
In this section...
“About Traceability Matrices” on page 4-2
“Generating Traceability Matrices L imitations” on page 4-3
“Prerequisites for Generating a Traceability Matrix” on pa ge 4-3
“How to Generate a Traceability Matrix” on page 4-4
About Traceability Matrices
When y ou use M odel-Based Design and production code generation to develop
application software components, you can generate a traceability matrix.The
traceability matrix provides traceability among model objects, generated code,
and model requirements. You can add co mments to the generated traceability
matrix. If you change the model and regenerate the traceability matrix, the
software retains your comments.
4-2
For a given model, the generated traceability matrix can provide information
about:
• Model objects that are traceable between the model and generated code,
such as Simulink blocks, Stateflow
scripts.
• Model objects that are untraceable between the model and generated code,
such as elim in ate d and virtual blocks.
• Requirements documents that you link to model objects using the Simulink
Verification and Validation™ Requirements Management Interface (RMI).
Generate the traceability matrix using the
The function creates an XLS file that contains the following worksheets:
• Report — Traceability information for each model object, including model,
generated code, and requirements. Each row in the worksheet pertains to a
single occurrence of a model object. The information for a model object is
inmorethanonerowiftheobject:
®
objects,andEmbeddedMATLAB
iec.ExportTraceReport function.
®
- Appears more than once in the generated code.
®
Generating a Traceability Matrix
- Links to more than one requirement.
• Model Information — Summary of the model configuration and
checksum. The summary includes the model name, version, author,
creation date, last saved by, last updated date, checksum, and the selection
of T raceability Report Contents parameters.
• Code Files — File folders and names of the generated code files.
Generating Traceability Matrices Limitations
The iec.Exp ortT raceReport function that you use to generate traceability
matrices has the following limitations:
• The
• The
• In most cases, the
iec.ExportTraceReport function does not support generating a
traceability matrix for referenced models. When you generate a traceability
matrix for a model that contains referenced models, the traceability matrix
contains information about the Model block only. The traceability matrix
does not contain information about the contents of the referenced model. If
your model contains referenced models, generate a traceability matrix for
the top-level model and each referenced m odel separately.
iec.ExportTraceReport function works with the Microsoft Windows
platform only.
iec.ExportTraceReport function identifies comments
that you add to the traceability matrix. When the function cannot identify
comments, the traceability matrix includes the text:
Row is not unique:
comment
Prerequisites for Generating a Traceability Matrix
Before generating a traceability matrix for model objects, generated code, a nd
model requirements, perform the following steps:
1 Optionally, attach requirements documents. For more information, see
“Requirements Linking and Traceability” in the Simulink Verification and
Validation documentation.
2 In the Configuration Parameters dialog box, on the Real-Time
Workshop > Report pane, select:
a “Create code generation report”
4-3
4 Supporting Certification-Related Development Activities
b At least one of the following Traceability Report Contents
parameters:
• “Eliminated / virtual blocks”
• “Traceable Simulink blocks”
• “Traceable Stateflow objects”
• “Traceable Embedded MATLAB functions”
3 Generate code for the model.
Tip You do not have to build an executable to generate a traceability
matrix. To generate code only, on the Real-Time Workshop > General
pane, select Generate code only.
How to Generate a Traceability Matrix
To generate a traceability matrix:
4-4
1 Open the model.
2 Ensure that you have completed the “Prerequisites for Generating a
Traceability Matrix” on page 4-3.
3 In the MATLAB Command Window, enter the following command to
generate the traceability matrix, where
model_name is the name of the
model:
iec.ExportTraceReport('model_name')
The software generates the traceability matrix.
4 Review the traceability matrix and add comments in new columns. For
more information, see “Adding Comments to a Traceability Matrix” on
page 4-5.
Adding Comments to a Traceability Matrix
Adding Comments to a Traceability Matrix
In this section...
“Requirements for Adding Comments to a Traceability Matrix” on page 4-5
“How To Retain Comments” on page 4-5
Requirements for Adding Comments to a Traceability Matrix
You can add comments to the traceability matrix that you generated using
the
iec.ExportTraceReport function.
To add comments to the traceability matrix, you must:
• Create new columns for your comments.
• Use unique column headings. All columns that you add must have
headings.
• Add at least one entry to the column, other than the column heading.
• Retain the following columns:
- Code File Name
- Code Function
- Requirements Source
- Model Object SID
- Code Comment Checksum
Note All comments must resolve to a text string. For example, a link to an
image reso lves to a text string, but a copy of the image does not.
How To Retain Comments
To regenerate a traceability matrix and retain your comments:
4-5
4 Supporting Certification-Related Development Activities
1 Navigate to the working folder of the model.
2 Optionally, regenerate code for your model. Regenerating code before
generating the traceability matrix ensures that you have the latest
model-to-code traceability information.
3 In the MATLAB Command Window, enter the following command.
file_name is the name of the existing traceability matrix that you are
regenerating. If the existing traceability matrix is in a different folder,
include the full path to that folder in
iec.ExportTraceReport('model_name', 'file_name', 'path')
The traceability matrix regenerates.
path.
4-6
Function Reference
5
Certification Artifacts Management
(p. 5-2)
Certification-Related Development
Activities (p. 5-2)
Manage certification artifacts.
Document generated code
5 Function Reference
Certification Artifacts Management
certkitiec
Open Certif ica tion Artifacts Explorer
Certification-Related Development Activities
iec.ExportTraceReport
Generate XLS file that contains
traceability matrix
5-2
Functions — Alphabetical List
6
certkitiec
Purpose Open Certification Artifacts Explorer
Syntax certkitiec
Description certkitiec opens the Certification Artifacts Explorer.
Tips • The certkitiec function works in Microsoft Windows platforms only.
• For optimal performance, ensure that Microsoft Internet Explorer
is available on your machine. Internet Explorer does not have to be
your default web browser.
Alternatives Open the Certification Artifacts Explorer by selecting
Start > Simulink > IEC Certification Kit > Certification
Artifacts Explorer.
How To • Chapter 3, “Accessing and Managing Certification Artifacts”
• “Certification Process Using the IEC Certification Kit Product” on
page 2-2
6-2
iec.ExportTraceReport
Purpose Generate XLS file that contains traceability matrix
Syntax iec.ExportTraceReport('model_name')
iec.ExportTraceReport('model_name', 'file_name')
iec.ExportTraceReport('model_name', 'file_name', 'path')
Description iec.ExportTraceReport('model_name') generates an XLS file that
contains a “Traceability Matrix” on page 6-4.
the model.
iec.ExportTraceReport('model_name', 'file_name') generates an
XLS file that contains a “Traceability Matrix” on page 6-4.
a s tring that specifies the name of the file. The first time that you call
iec.ExportTraceReport, file_name is optional. If you do not provide
file_name, the function names the file using the following convention.
modelUpdate is the date and time that you last updated the model:
model_name_Trace_modelUpdate.xls
To regenerate the traceability matrix, you must specify file_name.
model_name isthenameof
file_name is
iec.ExportTraceReport('model_name', 'file_name', 'path')
generates an XLS file that contains a “Traceability Matrix” on page 6-4.
path is an optional string that specifies the full path to the location
whereyouwantthesoftwaretosavethefile.
Tips • The iec.ExportTraceReport function works in Microsoft Windows
platforms only.
• To include requirements documentation in the traceability
matrix, attach requirements documents to the model before using
iec.ExportTraceReport.
• You must generate a code generation traceability report (requires a
Real-Time Workshop Embedded Coder license) for your model before
using
iec.ExportTraceReport.
• The
iec.ExportTraceReport function does not support generating
a traceability matrix for referenced models. When you generate a
traceability matrix for a model that contains referenced models,
6-3
iec.ExportTraceReport
the traceability matrix contains information about the Model block
only. The traceability matrix does not contain information about the
contents of the referenced model. If your model contains referenced
models, generate a traceability matrix for the top-level model and
each referenced model separately.
• In most cases, the
iec.ExportTraceReport function identifies
comments that you add to the traceability matrix. When the function
cannot identify comments, the traceability matrix includes the text:
Row is n ot unique:
comment
For more information, see “Prerequisites for Generating a Traceability
Matrix” on page 4-3.
Definitions Traceability Matrix
A traceability matrix provides traceability among model objects,
generated code, and model requirements. You can add comments to the
generated traceability matrix. If you change the model and regenerate
the traceability matrix, the software retains your comments.
Examples Generate a traceability matrix with traceability between model objects
and g enerated code for the
Note This example requires a Real-Time Workshop Embedded Coder
license.
% Open the model.
open_system('rtwdemo_hyperlinks');
% Generate code only.
set_param('rtwdemo_hyperlinks', 'GenCodeOnly', 'on');
% Initiate the build process.
rtwbuild('rtwdemo_hyperlinks');
% Generate a traceability matrix.
iec.ExportTraceReport('rtwdemo_hyperlinks');
rtwdemo_hyperlinks model:
6-4
iec.ExportTraceReport
Generate a traceability matrix with traceability among model
objects, generated c ode, and model requirements for the
slvnvdemo_fuelsys_docreq model:
Note This example requires a Simulink Verification and Validation
license.
% Open the model.
open_system('slvnvdemo_fuelsys_docreq');
% Select the code generation report and traceability report parameters.
set_param('slvnvdemo_fuelsys_docreq', 'GenerateReport', 'on');
set_param('slvnvdemo_fuelsys_docreq', 'GenerateTraceReport', 'on');
set_param('slvnvdemo_fuelsys_docreq', 'GenerateTraceReportSl', 'on');
set_param('slvnvdemo_fuelsys_docreq', 'GenerateTraceReportSf', 'on');
set_param('slvnvdemo_fuelsys_docreq', 'GenerateTraceReportEml', 'on');
% Generate code only.
set_param('slvnvdemo_fuelsys_docreq', 'GenCodeOnly', 'on');
% Initiate the build process.
rtwbuild('slvnvdemo_fuelsys_docreq');
% Generate a traceability matrix.
iec.ExportTraceReport('slvnvdemo_fuelsys_docreq');
How To • “Generating a Traceability Matrix” on page 4-2
• “Adding Comments to a Traceability Matrix” on page 4-5
• “Traceability for Production Code Generation”
• “Requirements Linking and Traceability”
6-5
Loading...