regarding 38b and 48a

Forum for discussing and asking questions about the MISRA document MISRA AC SLSF "Modelling design and style guidelines for the application of Simulink and Stateflow"

Moderators: david ward, GeoffFrost

stefania.botta
Posts: 3
Joined: Wed Feb 01, 2012 1:20 pm
Company: Magneti Marelli SpA

regarding 38b and 48a

Postby stefania.botta » Fri Mar 02, 2012 3:26 pm

Hi,

I have some doubt about the use in stateflow of matlab functions as min or max. The tools for autocoding haven't limitation to use in this way these matlab functions.

So, why it is wrong to use these functions in stateflow?

Thanks a lot,
Stefania Botta.

MISRA Reply
Posts: 52
Joined: Mon Dec 06, 2004 12:24 pm

Re: regarding 38b and 48a

Postby MISRA Reply » Thu Mar 08, 2012 10:22 am

The underlying reason for these rules is to maximize the likelihood of the generated code being of the form intended, and maintain the greatest level of control over the generated code, by the model developer. In the Stateflow environment there is generally reduced capability to tailor the content, to affect the generated code, and more is left to the discretion of the code generator.

Application of 38B will persuade the developer to implement any more complex functionality in the Simulink domain where there is more scope to ensure the generated code is as expected, especially with respect to data typing and scaling application across operations. 48A reinforces that, but also rules out using complex MATLAB functions for which generated code could easily be considerably more lengthy and complex than expected, e.g. a simple looking expression like inv(A) can yield more complex code than the developer might expect and, more importantly, it could lead to unexpected consequences that are hard to deal with; what happens if A is a singular matrix?

However, neither of the guidelines completely rule out the use of MATLAB functions. If you believe there is a legitimate need for using simple functions, like min and max, for which you can easily demonstrate that the generated code is robust and without unexpected side-effects, then it is legitimate to raise a formal deviation against 48A, as per Section 2.2 of MISRA AC SLSF.

stefania.botta
Posts: 3
Joined: Wed Feb 01, 2012 1:20 pm
Company: Magneti Marelli SpA

Re: regarding 38b and 48a

Postby stefania.botta » Tue Apr 03, 2012 3:43 pm

Are you going to introduce a deviation for min/max/abs matlab function, in the next version of the misra ac slsf document?

MISRA Reply
Posts: 52
Joined: Mon Dec 06, 2004 12:24 pm

Re: regarding 38b and 48a

Postby MISRA Reply » Wed May 09, 2012 11:48 am

The nature of generated code that will result from inlined MATLAB functions in a Stateflow chart is auto-code generator specific so it is very unlikely that deviation/exceptions will be identified for use of min/max/abs/any matlab function in that context in the MISRA AC SLSF document.

Future versions of supporting auto-code generator guideline documents, e.g. MISRA AC TL, may provide specific guidance on interpretation of MISRA AC SLSF guidelines. For instance, in this case there could be scope to identify allowable exceptions/deviations in the auto-code specific guidelines for use of min/max/abs functions in Stateflow charts when using the specified auto-code generator with particular settings where resultant generated code may be assured by following a specified style/guidance.


Return to “MISRA AC SLSF discussions”

Who is online

Users browsing this forum: No registered users and 1 guest