You can check that your model or subsystem has a likelihood of generating MISRA C:2012 compliant code.
Qualified Model Advisor Checks (IEC Certification Kit)
Qualified Model Advisor Checks (DO Qualification Kit)
Check ID: mathworks.misra.AssignmentBlocks
Identify Assignment blocks that do not have block parameter Action if any output element is not assigned set to Error or Warning.
This check applies to the Assignment block that is available in the Simulink block library under Simulink > Math Operations.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications, as well as code that complies with the CERT C, CWE, ISO/IEC TS 17961 standards.
Available with Embedded Coder® and Simulink® Check™.
| Condition | Recommended Action |
|---|---|
| The model or subsystem might contain Assignment blocks with incomplete array initialization that do not have block parameter Action if any output element is not assigned set to Error or Warning. | Set block parameter Action if any output element is not assigned to one of the recommended values:
|
Runs on library models.
Analyzes content of library linked blocks.
Analyzes content in masked subsystems.
If you have a Simulink Check license, allows exclusions of blocks and charts.
Edit-Time Checking. This check is supported by edit-time checking. However, the following check condition is not supported because edit-time checking is unable to determine whether the Assignment block is in an Iterator subsystem.
Set block parameter Action if any output element is not assigned to one of the recommended values:
Error, if Assignment block is not in an Iterator subsystem.
Warning, if Assignment block is in an Iterator subsystem.
MISRA C:2012, Rule 9.1
ISO/IEC TS 17961: 2013, uninitref
CERT C, EXP33-C
CWE, CWE-908
MISRA C Guidelines (Embedded Coder)
Secure Coding Standards (Embedded Coder)
Check ID:
mathworks.misra.BlkSupport
Identify blocks that are not supported or recommended for MISRA C:2012 compliant code generation.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
Lookup Table blocks using cubic spline interpolation or extrapolation methods were found in the model or subsystem. Specific blocks are:
| Consider other interpolation and extrapolation methods for the Lookup Table blocks. |
Deprecated Lookup Table blocks were found in the model or subsystem. Specific blocks are:
| Consider replacing the deprecated Lookup Table blocks. |
| S-Function Builder blocks were found in the model or subsystem. | Consider replacing the S-Function Builder blocks with blocks recommended for production. |
| From Workspace blocks were found in the model or subsystem | Consider replacing the From Workspace blocks with blocks recommended for production. |
String blocks were found in the model or subsystem. Specific blocks are:
| Consider replacing the String blocks with blocks recommended for production. |
You can:
Run this check on your library models.
Analyzes content of library linked blocks.
Analyzes content in masked subsystems.
Exclude blocks and charts from this check if you have a Simulink Check license.
Edit-Time Checking. This check is supported by edit-time checking.
Check ID: mathworks.misra.BlockNames
Identify block names containing /.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
Block names containing / were found in the
model or subsystem. | Remove / from the block name. |
Runs on library models.
Analyzes content of library linked blocks.
Analyzes content in masked subsystems.
If you have a Simulink Check license, allows exclusions of blocks and charts.
Edit-Time Checking. This check is supported by edit-time checking.
MISRA C:2012, Rule 3.1
MISRA C Guidelines (Embedded Coder)
Check ID: mathworks.misra.CodeGenSettings
Identify configuration parameters that can impact MISRA C:2012 compliant code generation.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
| Math and Data Types | |
Configuration parameter Use division for
fixed-point net slope computation is not set to
On or Use division for
reciprocals of integers only. | Set Use division for fixed-point net slope
computation to On or
Use division for reciprocals of integers
only. |
Configuration parameter
Inf or NaN block output is set to
Configuration
parameter Inf or NaN block output is set to
| When Support non-finite numbers is:
|
Configuration parameter Model Verification block
enabling is set to Use local
settings or Enable
All. | Set Model Verification block enabling to
Disable
All. |
Configuration parameter Undirected event
broadcasts is set to none or
warning. | Set Undirected event broadcasts to
error. |
Configuration parameter Wrap on
overflow is set to
None | Set configuration parameter Wrap on overflow to
warning or
error. |
| Hardware Implementation | |
Configuration parameter Production
hardware signed integer division rounds to is set to
Undefined | Set Production hardware signed integer division rounds
to to Zero or
Floor. |
| Configuration parameter Shift right on a signed integer as arithmetic shift is selected. | Clear Shift right on a signed integer as arithmetic shift. |
| Simulation Target | |
Configuration parameter Compile-time
recursion limit for MATLAB functions is set to a value
other than 0. | Set Compile-time recursion limit for MATLAB
functions to 0. |
| Configuration parameter Dynamic memory allocation in MATLAB functions is selected. | Clear Dynamic memory allocation in MATLAB functions. |
| Configuration parameter Enable run-time recursion for MATLAB functions is selected. | Clear Enable run-time recursion for MATLAB functions. |
| Code Generation | |
Configuration parameter Bitfield
declarator type specifier is set to
| Set Bitfield declarator type specifier to
uint_T. |
Configuration parameter Casting
Modes is not set to Standards
Compliant. | Set Casting Modes to Standards
Compliant. |
Configuration parameter Code replacement library
is not set to None or AUTOSAR
4.0. | Set Code replacement library to
|
| Configuration parameter External mode is selected. | Clear External mode. |
| Configuration parameter Generate shared constants is selected. | Clear Generate shared constants. |
Configuration parameter Include comments is cleared. | Select Include comments. |
| Configuration parameter MAT-file logging is selected. | Clear MAT-file logging |
| For ERT-based target systems, configuration parameter MATLAB user comments is cleared. | Select MATLAB user comments. |
| A value for configuration parameter Maximum identifier length is not provided. | Set the value to the implementation-dependent limit. The default is
31. |
Configuration parameter Parenthesis level is not
set to Maximum (Specify precedence with
parentheses). | Set Parentheses level to Maximum
(Specify precedence with parentheses). |
For ERT-based target systems,
configuration parameter Preserve static keyword in
function declarations is cleared when File
packaging format is set to
| Select Preserve static keyword in function declarations. |
| Configuration parameter Replace multiplications by powers of two with signed bitwise shifts is selected. | Clear Replace multiplications by powers of two with signed bitwise shifts. |
Configuration parameter Shared code placement is
set to Auto. | Set Shared code placement to
|
| For ERT-based target systems, configuration parameter Support continuous time is selected | Clear Support continuous time. |
| For ERT-based target systems, configuration parameter Support non-inlined S-functions is selected | Clear Support non-inlined S-functions. |
Configuration parameter System-generated
identifiers is set to
Classic. | Set System-generated identifiers to
Shortened. |
| Configuration parameter System target file is set to a GRT-based target. | Set System target file to an ERT-based target. |
Configuration parameter Use dynamic memory allocation for
model initialization is selected when Code
Interface Packaging is set to Reusable
Function. | Clear Use dynamic memory allocation for model initialization. Note Select only when Code Interface Packaging
is set to |
Clicking Modify All changes the parameter values to the recommended values.
Note
When you click Modify All for models with a GRT-based target, the Model Advisor does not update the System target file configuration parameter to an ERT-based system.
Parameter subchecks depend on the results of the parameter noted with D in the results table. When the result is D-Warning, the Current Value column in the results table states Prerequisite constraint not met for the subchecks. After you change the parameter, rerun the check.
Note
Some subchecks are specific to configuration parameters for ERT-based systems. These parameters are not updated when you click Modify All unless you change the model to an ERT-based system.
This check does not review referenced models.
Check ID: mathworks.misra.CompareFloatEquality
Identify equality and inequality operations on floating-point values.
The check flags sources causing equality or inequality operations on floating-point values.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications, as well as code that complies with the CERT C and CWE standards.
The check does not flag blocks with equality or inequality operations on floating-point values if they are justified with a Polyspace® annotation. When you run the check, the Blocks with justification table lists blocks with equality or inequality operations that have a justification.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
Model object has an equality or inequality operation on a floating-point value. | Consider using non-floating-point values for equality or inequality operations. |
You can:
Exclude blocks and charts from this check if you have a Simulink Check license.
MISRA C:2012, Dir 1.1
CERT C, FLP00-C
CWE, CWE-697
Annotate Code and Hide Known or Acceptable Results (Polyspace Bug Finder)
Secure Coding Standards (Embedded Coder)
Check ID: mathworks.misra.CompliantCGIRConstructions
Identify Simulink blocks that contain bitwise operations on signed integers.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications, as well as code that complies with the CERT C and CWE standards.
Available with Embedded Coder and Simulink Check.
This check requires a Stateflow® license when Stateflow is used in the model.
| Condition | Recommended Action |
|---|---|
| The model has blocks that contain bitwise operations on signed integers. | Consider using unsigned integers for bitwise operations. |
You can:
The check assumes that code is generated for the whole model. When code is generated by a subsystem build or export functions, the check can product incorrect results.
Exclude blocks and charts from this check if you have a Simulink Check license.
MISRA C:2012, Rule 10.1
CERT C, INT13-C
CWE, CWE-682
hisl_0060: Configuration parameters that improve MISRA C:2012 compliance
Secure Coding Standards (Embedded Coder)
Check ID: mathworks.misra.RecursionCompliance
Identify recursive function calls in Stateflow charts.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications. The check flags charts that have recursive function calls.
Available with Embedded Coder and Simulink Check.
This check requires a Stateflow license.
| Condition | Recommended Action |
|---|---|
Chart has a recursive function call. | Remove recursive function call. |
MISRA C:2012, Dir 17.2
Avoid Unwanted Recursion in a Chart (Stateflow)
Check ID: mathworks.misra.SwitchDefault
Identify switch case expressions that do not have a default case.
The check flags model objects that have switch case expressions without a default case.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications, as well as code that complies with the CERT C, CWE, ISO/IEC TS 17961 standards.
The check does not flag blocks without default cases if they are justified with a Polyspace annotation. When you run the check, the Blocks with justification table lists blocks without default cases that have a justification.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
Model object has a switch case expression without a default case. | For Switch Case blocks, consider selecting block parameter Show default case to explicitly specify a default case. |
You can:
Run this check on your library models.
Exclude blocks and charts from this check if you have a Simulink Check license.
Edit-Time Checking. This check is supported by edit-time checking.
MISRA C:2012, Rule 16.4
ISO/IEC TS 17961: 2013, swtchdflt
CERT C, MSC01-C
CWE, CWE-478
Annotate Code and Hide Known or Acceptable Results (Polyspace Bug Finder)
Secure Coding Standards (Embedded Coder)
Check ID: mathworks.codegen.PCGSupport
Identify blocks not supported by code generation or not recommended for C/C++ production code deployment.
This check partially identifies model constructs that are not recommended for C/C++ production code generation. For Simulink Coder™ and Embedded Coder, these model construct identities appear in tables of Simulink Block Support (Simulink Coder).
In some instances, this check flags blocks that are supported for code generation. For these blocks, you should review the footnote information that is provided in the support notes and adhere to the recommended action provided by the Model Advisor.
Following the recommendations of this check increases the likelihood of generating code that complies with the CERT C, CWE, and ISO/IEC TS 17961 standards.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
| The model or subsystem contains blocks that should not be used for production code deployment. | Consider replacing the blocks listed in the results. Click an element from the list of questionable items to locate condition. |
| The model or subsystem contains blocks that are supported but not recommended for production code generation. | Review the support notes and adhere to the recommended action provided by the Model Advisor. |
You can:
Run this check on your library models.
Analyze content of library linked blocks.
Analyze content in masked subsystems.
Exclude blocks and charts if you have a Simulink Check license.
This check is supported by edit-time checking.
Blocks and Products Supported for Code Generation (Simulink Coder)
Secure Coding Standards (Embedded Coder)
Check ID:
mathworks.misra.AutosarReceiverInterface
Identify AUTOSAR receiver interface inports that do not have matching error ports.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications. The check flags AUTOSAR receiver interfaces inports that are missing error ports. The following table identifies the AUTOSAR data access mode types for receiver interface ports that are flagged by the check when the corresponding error port is missing.
| AUTOSAR Data Access Mode Type | Flagged by Check? |
|---|---|
ImplicitReceive | Yes |
ExplicitReceive | Yes |
QueuedExplicitReceive | No |
ErrorStatus | No |
ModeReceive | No |
IsUpdated | No |
EndToEndRead | Yes |
ExplicitReceiveByVal | No |
otherwise | No |
The check does not flag missing error ports when they are justified with a Polyspace annotation. When you run the check, the Blocks with justification table lists the missing error ports that have a justification.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
|
AUTOSAR receiver interface inport does not have a matching error port. |
Add missing error port and map to the corresponding AUTOSAR receiver interface inport. |
AUTOSAR receiver interface ports do not have a matching error port
when data access mode is ImplicitReceive,
ExplicitReceive, or
EndToEndRead. | Add missing error port and map to the corresponding AUTOSAR receiver interface inport. |
You can:
Analyzes top layer/root level models.
Exclude blocks and charts from this check if you have a Simulink Check license.
MISRA C: 2012, Directive 4.7
MISRA C Guidelines (Embedded Coder)
Annotate Code and Hide Known or Acceptable Results (Polyspace Bug Finder)
Configure AUTOSAR Elements and Properties (AUTOSAR Blockset)
AUTOSAR Component Configuration (AUTOSAR Blockset)
Check ID:
mathworks.misra.ModelFunctionInterface
Identify missing const qualifiers in input data pointers.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications. The check flags input data pointers that do not have a const qualifier.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
| A const qualifier is not defined for the input data pointer. | Consider adding a const qualifier to the input data pointer. |
MISRA C:2012, Rule 8.13
MISRA C Guidelines (Embedded Coder)
Check ID:
mathworks.misra.IntegerWordLengths
Identify integer word lengths that do not comply with hardware implementation settings
The check flags integers whose word lengths exceed the number of bits permitted via the hardware implementation settings.
Following the recommendations of this check increases the likelihood of generating MISRA C:2012 compliant code for embedded applications, as well as code that complies with the CERT C and CWE standards.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
|
Model object contains integer word lengths that are not compliant with hardware implementation settings. |
Update the integer so its length does not exceed the permitted number of bits. You can view the permitted number of bits in the Configuration Parameters dialog box, on the Hardware Implementation > Device details pane. |
You can:
Exclude blocks and charts from this check if you have a Simulink Check license.
MISRA C:2012, Rule 10.1
CERT C, INT13-C
CWE, CWE-682
MISRA C Guidelines (Embedded Coder)
Secure Coding Standards (Embedded Coder)
Check ID:
mathworks.misra.BusElementNames
Identify bus object names that are used as bus element names.
Using this check increases the likelihood of generating code for embedded applications that is compliant with MISRA C:2012. The check flags instances where a Simulink.Bus object name is used as the Simulink.Bus element name.
Available with Embedded Coder and Simulink Check.
| Condition | Recommended Action |
|---|---|
| A bus object name is being used as a bus element name. | Change either the flagged bus object name or the bus element name so that they are not identical. |
MISRA C:2012, Rule 5.6
MISRA AC AGC, Rule 5.3
MISRA C Guidelines (Embedded Coder)