Documentation

Stateflow Chart Considerations

hisf_0064: Shift operations for Stateflow data to improve code compliance

ID: Title	hisf_0064: Shift operations for Stateflow^® data to improve code compliance
Description	To improve code compliance of the generated code with Stateflow bit-shifting operations, do not perform:
	A	Right-shift operations greater than the bit-width of the input type, or by a negative value.
	B	Left-shift operations greater than the bit-width of the output type, or by a negative value.
Note	If you follow this and other modeling guidelines, you increase the likelihood of generating code that complies with the coding standards.
Rationale	To avoid shift operations in the generated code that might be a coding standard violation.
Model Advisor Checks	By Task > Modeling Standards for DO-178C/DO-331 > High-Integrity Systems > Stateflow > Check usage of shift operations for Stateflow data By Task > Modeling Standards for IEC 61508 > High-Integrity Systems > Stateflow > Check usage of shift operations for Stateflow data By Task > Modeling Standards for IEC 62304 > High-Integrity Systems > Stateflow > Check usage of shift operations for Stateflow data By Task > Modeling Standards for EN 50128 > High-Integrity Systems > Stateflow > Check usage of shift operations for Stateflow data By Task > Modeling Standards for ISO 26262 > High-Integrity Systems > Stateflow > Check usage of shift operations for Stateflow data For check details, see Check usage of shift operations for Stateflow data (Simulink Check).
References	DO-331 Section MB.6.3.1.b 'High-level requirements are accurate and consistent' DO-331 Section MB.6.3.2.b 'Low-level requirements are accurate and consistent' IEC 61508–3, Table A.3 (2) Strongly typed programming language IEC 61508–3, Table A.4 (3) Defensive programming IEC 62304, 5.5.3 - Software Unit acceptance criteria ISO 26262-6, Table 1 (1b) Use of language subsets ISO 26262-6, Table 1 (1c) Enforcement of strong typing ISO 26262-6, Table 1 (1d) Use of defensive implementation techniques EN 50128, Table A.4 (8) Strongly Typed Programming Language EN 50128, Table A.3 (1) Defensive Programming
Prerequisites	hisl_0060: Configuration parameters that improve MISRA C:2012 compliance
Last Changed	R2017b

hisf_0065: Type cast operations in Stateflow to improve code compliance

ID: Title	hisf_0065: Type cast operations in Stateflow to improve code compliance
Description	In Stateflow charts that use the C action language, use the `:=` notation to protect against Stateflow casting integer and fixed-point calculations to wider data types than the input data types.
Note	If you follow this and other modeling guidelines, you increase the likelihood of generating code that complies with the coding standards.
Rationale	To avoid implicit casts in the generated code that might violate coding standards.
Model Advisor Checks	By Task > Modeling Standards for DO-178C/DO-331 > High-Integrity Systems > Stateflow > Check assignment operations in Stateflow Charts By Task > Modeling Standards for IEC 61508 > High-Integrity Systems > Stateflow > Check assignment operations in Stateflow Charts By Task > Modeling Standards for IEC 62304 > High-Integrity Systems > Stateflow > Check assignment operations in Stateflow Charts By Task > Modeling Standards for EN 50128 > High-Integrity Systems > Stateflow > Check assignment operations in Stateflow Charts By Task > Modeling Standards for ISO 26262 > High-Integrity Systems > Stateflow > Check assignment operations in Stateflow Charts For check details, see Check assignment operations in Stateflow Charts (Simulink Check).
References	DO-331 Section MB.6.3.1.b 'High-level requirements are accurate and consistent' DO-331 Section MB.6.3.2.b 'Low-level requirements are accurate and consistent' IEC 61508–3, Table A.3 (2) Strongly typed programming language IEC 61508–3, Table A.4 (3) Defensive programming IEC 62304, 5.5.3 - Software Unit acceptance criteria ISO 26262-6, Table 1 (1b) Use of language subsets ISO 26262-6, Table 1 (1c) Enforcement of strong typing ISO 26262-6, Table 1 (1d) Use of defensive implementation techniques EN 50128, Table A.4 (8) Strongly Typed Programming Language EN 50128, Table A.3 (1) Defensive Programming
Prerequisites	hisl_0060: Configuration parameters that improve MISRA C:2012 compliance
Last Changed	R2017b

hisf_0211: Protect against use of unary operators in Stateflow Charts to improve code compliance

ID: Title	hisf_0211: Protect against use of unary operators in Stateflow Charts to improve code compliance
Description	To improve code compliance of the generated code:
Description	A	Do not use unary minus operators on unsigned data types.
Note	The MATLAB^® and C action languages do not restrict the use of unary minus operators on unsigned expressions.
Rationale	Improve code compliance of the generated code.
Model Advisor Checks	By Task > Modeling Standards for DO-178C/DO-331 > High-Integrity Systems > Stateflow > Check Stateflow charts for unary operators By Task > Modeling Standards for IEC 61508 > High-Integrity Systems > Stateflow > Check Stateflow charts for unary operators By Task > Modeling Standards for IEC 62304 > High-Integrity Systems > Stateflow > Check Stateflow charts for unary operators By Task > Modeling Standards for EN 50128 > High-Integrity Systems > Stateflow > Check Stateflow charts for unary operators By Task > Modeling Standards for ISO 26262 > High-Integrity Systems > Stateflow > Check Stateflow charts for unary operators For check details, see Check Stateflow charts for unary operators (Simulink Check).
References	DO-331 Section MB.6.3.1.b 'High-level requirements are accurate and consistent' DO-331 Section MB.6.3.2.b 'Low-level requirements are accurate and consistent' IEC 61508–3, Table A.3 (2) Strongly typed programming language IEC 61508–3, Table A.4 (3) Defensive programming IEC 62304, 5.5.3 - Software Unit acceptance criteria ISO 26262-6, Table 1 (1b) Use of language subsets ISO 26262-6, Table 1 (1c) Enforcement of strong typing ISO 26262-6, Table 1 (1d) Use of defensive implementation techniques EN 50128, Table A.4 (8) Strongly Typed Programming Language EN 50128, Table A.3 (1) Defensive Programming MISRA C:2012, Rule 10.1
Last Changed	R2017b

hisf_0213: Protect against divide-by-zero calculations in Stateflow charts to improve MISRA C:2012 compliance

ID: Title	hisf_0213: Protect against divide-by-zero calculations in Stateflow charts to improve MISRA C:2012 compliance
Description	To improve MISRA C:2012 compliance of the generated code for floating point and integer-based operations, do one of the following:
	A	Perform static analysis of the model to prove that division by zero is not possible
	B	Provide run-time error checking in the generated C code by explicitly modeling the error checking in Stateflow
	C	Modify the code generation process using Code Replacement Libraries (CRLs) to protect against division by zero
	D	For integer-based operations, clear configuration parameter Remove code that protects against division arithmetic exceptions
Note	Using run-time error checking introduces additional computational and memory overhead in the generated code. Therefore, it is preferable to use static analysis tools to limit errors in the generated code. You can use the design error detection functionality in Simulink^® Design Verifier™ to perform the static analysis. For more information, see Static Run-Time Error Detection (Simulink Design Verifier). Alternatively, if you have a Simulink Design Verifier license, you can use Model Advisor check Detect Division by Zero to identify division-by-zero errors in your model. If static analysis determines that sections of the code can have a division by zero, then add run-time protection into that section of the model (see example). Using a modified CRL or selecting the parameter Remove code that protects against division arithmetic exceptions protects division operations against divide-by-zero operations. However, this action does introduce additional computational and memory overhead. Use only one of the run-time protections (B, C or D) in a model. Using more than one option can result in redundant protection operations.
Rationale	A,B, C,D	Improve MISRA C:2012 compliance of the generated code
References	MISRA C:2012, Dir 4.1
See Also	What Is Code Replacement? (Simulink Coder) and Code Replacement Libraries (Simulink Coder) hisl_0002: Usage of Math Function blocks (rem and reciprocal) hisl_0005: Usage of Product blocks hisl_0054: Configuration Parameters > Code Generation > Optimization > Remove code that protects against division arithmetic exceptions Detect Division by Zero
Last Changed	R2018a
Example	Run-time divide by zero protection can be realized using a graphical function. Unique functions should be provided for each data type.

Simulink Documentation

Support