Documentation

Chart Architecture

hisf_0003: Usage of bitwise operations

ID: Titlehisf_0003: Usage of bitwise operations
Description

When using bitwise operations in Stateflow® blocks,

AAvoid signed integer data types as operands to the bitwise operations.
Notes

Normally, bitwise operations are not meaningful on signed integers. Undesired behavior can occur. For example, a shift operation might move the sign bit into the number, or a numeric bit into the sign bit.

RationaleAPromote unambiguous modeling style.
Model Advisor Checks

By Task > Modeling Standards for MAAB > Stateflow > Check for bitwise operations in Stateflow charts

References
  • IEC 61508-3, Table A.3 (3) 'Language subset'
    IEC 61508-3, Table A.3 (2) 'Strongly typed programming language'

  • ISO 26262-6, Table 1 (b) 'Use of language subsets'
    ISO 26262-6, Table 1 (c) 'Enforcement of strong typing'

  • EN 50128, Table A.4 (11) 'Language Subset'
    EN 50128, Table A.3 (1) 'Defensive Programming'

  • DO-331, Section MB.6.3.1.b 'High-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.1.e 'High-level requirements conform to standards'
    DO-331, Section 6.3.1.g 'Algorithms are accurate'
    DO-331, Section MB.6.3.2.b 'Low-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.2.e 'Low-level requirements conform to standards'
    DO-331, Section MB.6.3.2.g 'Algorithms are accurate'

  • MISRA-C:2004, Rule 12.7 'Bitwise operators shall not be applied to operands whose underlying type is signed'

See Alsohisl_0019: Usage of Bitwise Operator block
Last ChangedR2013b

hisf_0004: Usage of recursive behavior

ID: Titlehisf_0004: Usage of recursive behavior
Description

To support bounded function call behavior, avoid using design patterns that include unbounded recursive behavior. Recursive behavior is bound if you do the following:

AUse an explicit termination condition that is local to the recursive call.
BMake sure the termination condition is reached.
Notes

This rule only applies if a chart is a classic Stateflow chart. If hisf_0001: Mealy and Moore semantics is followed, recursive behavior is prevented due to restrictions in the chart semantics. Additionally, you can detect the error during simulation by enabling the Stateflow diagnostic Detect Cycles.

RationaleA, BPromote bounded function call behavior.
References
  • IEC 61508-3, Table B.1 (6) 'Limited use of recursion'

  • ISO 26262-6, Table 9 (j) 'No recursions'

  • EN 50128, Table A.12 (6) 'Limited Use of Recursion'

  • DO-331, Section MB.6.3.1.b 'High-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.1.e 'High-level requirements conform to standards'
    DO-331, Section MB.6.3.1.g 'Algorithms are accurate'
    DO-331, Section MB.6.3.2.b 'Low-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.2.e 'Low-level requirements conform to standards'
    DO-331, Section MB.6.3.2.g 'Algorithms are accurate'

  • MISRA-C:2004, Rule 16.2

Last ChangedR2013b
Examples

There are multiple patterns in Stateflow that can result in unbounded recursion.

Recursive Function Calls

When the default state A is entered, event Evn is broadcast in the entry action of A. Evn results in a recursive call of the interpretation algorithm. Since A is active, the outgoing transition of A is tested. Since the current event Evn matches the transition event (and because of the absence of condition) the condition action is executed, broadcasting Evn again. This results in a new call of the interpretation algorithm which repeats the same sequence of steps until stack overflow.

Recursive Function Calls

hisf_0007: Usage of junction conditions (maintaining mutual exclusion)

ID: Title

hisf_0007: Usage of junction conditions (maintaining mutual exclusion)

Description

To enhance clarity and prevent the generation of unreachable code,

AMake junction conditions mutually exclusive.
Notes

You can use this guideline to maintain a modeling language subset in high-integrity projects.

RationaleAEnhance clarity and prevent generation of unreachable code.
References
  • DO-331, Section MB.6.3.1.b 'High-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.1.d 'High-level requirements are verifiable'
    DO-331, Section MB.6.3.1.e 'High-level requirements conform to standards'
    DO-331, Section MB.6.3.2.b 'Low-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.2.d 'Low-level requirements are verifiable'
    DO-331, Section MB.6.3.2.e 'Low-level requirements conform to standards'

Last ChangedR2012b

hisf_0010: Usage of transition paths (looping out of parent of source and destination objects)

ID: Title

hisf_0010: Usage of transition paths (looping out of parent of source and destination objects

Description

Transitions that loop out of the parent of the source and destination objects are typically unintentional and cause the parent to deactivate.

AAvoid using these transitions.
Notes

You can use this guideline to maintain a modeling language subset in high-integrity projects.

RationaleAPromote a clear modeling style.
References
  • DO-331, Section MB.6.3.1.b 'High-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.1.e 'High-level requirements conform to standards'
    DO-331, Section MB.6.3.1.g 'Algorithms are accurate'
    DO-331, Section MB.6.3.2.b 'Low-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.2.e 'Low-level requirements conform to standards'
    DO-331, Section MB.6.3.2.g 'Algorithms are accurate'

Last ChangedR2012b
Examples

hisf_0012: Chart comments

ID: Title

hisf_0012: Chart comments

Description

To enhance traceability between generated code and a model,

A

Add comments to the following Stateflow objects:

  • Transitions

RationaleAEnhance traceability between generated code and the corresponding model.
References
  • DO-331, Section MB.6.3.4.e 'Source code is traceable to low-level requirements'

Last ChangedR2012b

hisf_0013: Usage of transition paths (crossing parallel state boundaries)

ID: Title

hisf_0013: Usage of transition paths (crossing parallel state boundaries)

Description

To avoid creating diagrams that are hard to understand,

AAvoid creating transitions that cross from one parallel state to another.
Notes

You can use this guideline to maintain a modeling language subset in high-integrity projects.

RationaleAEnhance model readability.
References
  • IEC 61508-3, Table A.3 (3) 'Language subset'

  • ISO 26262-6, Table 1 (b) 'Use of language subsets'

  • EN 50128, Table A.4 (11) 'Language Subset'

  • DO-331, Section MB.6.3.1.b 'High-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.1.e 'High-level requirements conform to standards'
    DO-331, Section MB.6.3.2.b 'Low-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.2.e 'Low-level requirements conform to standards'

Last ChangedR2014b
Example

In the following example, when Out_A is 4, both parent states (A_Parent and B_Parent) are reentered. Reentering the parent states resets the values of Out_A and Out_B to zero.

hisf_0014: Usage of transition paths (passing through states)

ID: Title

hisf_0014: Usage of transition paths (passing through states)

Description

To avoid creating diagrams that are confusing and include transition paths without benefit,

AAvoid transition paths that go into and out of a state without ending on a substate.
Notes

You can use this guideline to maintain a modeling language subset in high-integrity projects.

RationaleAEnhance model readability.
References
  • IEC 61508-3, Table A.3 (3) 'Language subset'

  • ISO 26262-6, Table 1 (b) 'Use of language subsets'

  • EN 50128, Table A.4 (11) 'Language Subset'

  • DO-331, Section MB.6.3.1.b 'High-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.1.e 'High-level requirements conform to standards'
    DO-331, Section MB.6.3.2.b 'Low-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.2.e 'Low-level requirements conform to standards'

Last ChangedR2014b
Examples

hisf_0015: Strong data typing (casting variables and parameters in expressions)

ID: Title

hisf_0015: Strong data typing (casting variables and parameters in expressions)

Description

To facilitate strong data typing,

A

Explicitly type cast variables and parameters of different data types in:

  • Transition evaluations

  • Transition assignments

  • Assignments in states

Notes

The Stateflow software automatically casts variables of different type into the same data type. This guideline helps clarify data types of the intermediate variables.

RationaleAApply strong data typing.
References
  • IEC 61508-3, Table A.3 (2) ‘Strongly typed programming language'

  • ISO 26262-6, Table 1 (c) 'Enforcement of strong typing'

  • EN 50128, Table A.4 (8) 'Strongly Typed Programming Language'

  • DO-331, Section MB.6.3.1.b 'High-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.1.e 'High-level requirements conform to standards'
    DO-331, Section MB.6.3.1.g 'Algorithms are accurate'
    DO-331, Section MB.6.3.2.b 'Low-level requirements are accurate and consistent'
    DO-331, Section MB.6.3.2.e 'Low-level requirements conform to standards'
    DO-331, Section MB.6.3.2.g 'Algorithms are accurate'

  • MISRA-C:2004, Rules 10.1, 10.2, 10.3 and 10.4

Last ChangedR2014b
Examples

Recommended

Not Recommended

Was this topic helpful?