Certificate Z10 11 12 67052 014: To The

Report
to the
Certificate
Z10 11 12 67052 014
Software Tool for Safety Related Development
Embedded Coder
Manufacturer
The MathWorks, Inc.
3 Apple Hill Drive
Natick, MA, 01760-2098
USA
Report No. MN72051C
Revision 2.7 dated 2015-05-29
Testing Body
TV SD Rail GmbH
Embedded Systems
Certification Body
TV SD Product Service GmbH
Ridlerstrae 65
80339 Munich
Distribution, copying or any other use of information in this report in part is strictly prohibited.
Revision Log
Rev.
Date
Name
Changes/History
1.0
2008-05-30
F. Rauch, S. Waldhausen Initial Report
1.1
2008-12-16
S. Waldhausen
Minor adoptions for Release 2008b
1.2
2009-02-26
S. Waldhausen
Insertion of Release 2009a
1.3
2009-06-30
F. Rauch, S. Waldhausen Re-Certification due to assessment of tool qualification according to ISO26262
1.3.1
2009-07-02
F. Rauch, S. Waldhausen Clarification of derivate standards
1.3.2
2009-07-15
F. Rauch
Update of ISO 26262
1.4
2009-08-19
F. Rauch
Insertion of Release 2009b, Minor edits
1.5
2009-12-15
F. Rauch
Update for Release R2010a
1.6
2010-04-14
F. Rauch
Update for Release R20009bSP1
1.7
2010-06-10
F. Rauch
Update for Release R2010b, Minor edits
1.8
2011-01-18
F. Rauch
Update for Release R2010bSP1

Updates w.r.t. IEC 61508:2010
Updates w.r.t. ISO/FDIS 26262 BL 19:2010
1.9
2011-01-18
F. Rauch
Update for Release R2011a

Transitions for C/C++ code generation related
products to new MATLAB Coder, Simulink Coder,
and Embedded Coder products
1.10
2011-06-22
S. Waldhausen
L. Brandl
Update for Release R2011b

Updates w.r.t. ISO/FDIS 26262:2011
2.0
2011-12-19
S. Waldhausen
Update for Release 2012a

Update with respect to ISO 26262:2011
Reworked several chapters
2.1
2012-06-26
S. Waldhausen
Update for Releases R2010bSP2 and R2012b

Clarifications with respect to EN50128:2011
2.2
2012-12-18
S. Waldhausen M. Braun
2.2
2013-06-24
Update for Release 2013b
2.4
2013-12-18
2.5
2016-06-13
M. Braun
Update for Release 2014b,

Support Package for AUTOSAR Standard added.
2.6
2014-11-28
M. Braun
2.7
2015-05-29
M. Braun
Update for Release 2015b
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933
Report No.: MN72051C

Revision 2.7
M. Braun, S. Waldhausen
2015-05-29
Page 2 of 16
Content
Page
PURPOSE AND SCOPE ...................................................................................................... 4
PRODUCT OVERVIEW ....................................................................................................... 4
IDENTIFICATION ................................................................................................................. 5
3.1
Releases up to R2010bSP2 .......................................................................................... 5
3.2
Releases after R2010bSP2 ........................................................................................... 6
3.3
Releases after R2014a .................................................................................................. 6
CERTIFICATION .................................................................................................................. 7
4.1
Standards ...................................................................................................................... 7
4.2
Basis of certification ...................................................................................................... 7
4.3
Referenced Documents ................................................................................................. 7
RESULTS ............................................................................................................................ 8
5.1
Software development and quality engineering processes ............................................ 8
5.2
Customer bug reporting processes ................................................................................ 8
5.3
Requirements on software tools in IEC 61508, ISO 26262, and EN 50128.................... 9
5.3.1
General .................................................................................................................. 9
5.3.2
Embedded Coder................................................................................................ 9
5.4
Tool classification and validation according to IEC 61508:2010................................... 10
5.4.1
General ................................................................................................................ 10
5.4.2
Validation of the software tool............................................................................... 11
5.4.3
Summary .............................................................................................................. 11
5.5
EN 50128 .................................................................................................................... 12
5.6
Tool classification and qualification according to ISO 26262 ....................................... 12
5.6.1
General ................................................................................................................ 12
5.6.2
Evaluation of the development process ................................................................ 13
5.6.3
Validation of the software tool............................................................................... 13
5.6.4
Summary .............................................................................................................. 13
5.7
IEC 62304 ................................................................................................................... 15
GENERAL CONDITIONS AND RESTRICTIONS ............................................................... 16
SUMMARY AND CERTIFICATE NUMBER ....................................................................... 16
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 3 of 16
1 Purpose and scope

TV SD Rail GmbH evaluated the Embedded Coder product of The MathWorks, Inc.. The sections of the MathWorksTM development organization responsible for the Embedded Coder product
have been audited to assess their development and quality assurance procedures.
Recurring evaluations focus on processes used by the Embedded Coder team to implement enhancements and modifications, as well as quality engineering, and customer bug reporting processes.
The aim of the assessment was to determine the suitability for use in development processes which
need to comply with IEC 61508, ISO 26262, or EN 50128. The assessment also covered tool classification and tool qualification measures according to ISO 26262.
The basic assessment is documented in the Technical Report MN72051T, recent modifications are
reported in Modification Reports according to the table below.
Title
Document Name
Date
Revision
Technical Report on Functional Safety
MN72051T-V2.1.pdf
28.06.2012
2.1
Technical Report of Modifications R2013a
MN84722T-V1.0.pdf
18.12.2012
1.0
Technical Report of Modifications R2013b
MN85071T-V1.0.pdf
24.06.2013
1.0
MN85413T-V1.0.pdf
18.12.2013
1.0
MN85861T-V1.0.pdf
13.06.2014
1.0
MN86207T-V1.0.pdf
28.11.2014
1.0
MN86834T-V1.0.pdf
29.05.2015
1.0
2 Product overview
Embedded Coder is a code generator that transforms executable graphical models into C or C++
code. The input languages comprise Simulink, Fixed-Point Designer, and Stateflow. Embedded
Coder is an extension of Simulink Coder that generates C or C++ code for embedded discretetime systems. All products require MATLAB as the underlying base software. Simulink Coder requires MATLAB Coder.
Embedded Coder software also supports the generation of C code and description files for
AUTOSAR software components. Further AUTOSAR support is provided by the optional Embedded
Coder Support Package for AUTOSAR Standard.
Scope
The testing and thus the tool certification procedure covers the tool Embedded Coder with its principal objective to create C code or C++ code from Simulink, Fixed-Point Designer, and Stateflow
models. The tools that are used to create the input models, i.e. MATLAB, Simulink, Fixed-Point
Designer, and Stateflow are not part of the certification.
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 4 of 16
3 Identification
The following tables list the releases that are covered by the tool qualification activities. The division
of the tables reflects the name change of the code generation tools between releases R2010b and
R2011a.
3.1
Releases up to R2010bSP2
Release
Date
Real-Time
Workshop Stateflow Real-Time
Embedded
Coder
Workshop
TM
Coder
Reference Workflow Documentation
R2008a
March
2008
5.1
7.1
7.1
Application-Specific Verification and Validation

of Models and Generated Code
A Translation Validation Workflow for SafetyRelated Application Software According to IEC
61508; V1.1
R2008b
October
2008
5.2
7.2
7.2
Cert Kit IEC

Application-Specific Verification and Validation of
Models and Generated Code; V1.2
R2009a
March
2009
5.3
7.3
7.3
IEC Certification Kit

R2009b
Sept.
2009
5.4
7.4
7.4

R2009b
SP1
April
2010
5.4.1
7.4.1
7.4.1

Models and Generated Code; V1.4.1
R2010a
March
2010
5.5
7.5
7.5

R2010b
Sept.
2010
5.6
7.6
7.6

Models and Generated C Code; V1.6
R2010b
SP1
March
2011
5.6.1
7.6.1
7.6.1

Models and Generated C Code; V1.6.1
R2010b
SP2
April
2012
5.6.2
7.6.2
7.6.2

Models and Generated C Code; V1.6.2
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 5 of 16
3.2
Releases after R2010bSP2
Release
Optional
EmAUTOSAR
Simulink MATLAB
Date bedded
Target
TM
TM
Coder
Coder
TM
Coder
Prod.
Package
April
R2011a
2011
6.0
6.0
8.0
2.0

of Models and Generated C and C++ Code;
V1.7
Sept.
R2011b
2011
6.1
6.1
8.1
2.1

of Models and Generated C and C++ Code;
V2.0
R2012a
March
2012
6.2
6.2
8.2
2.2

Embedded Coder Reference Workflow; V2.1
R2012b
Sept.
2012
6.3
6.3
8.3
2.3

Embedded Code Reference Workflow; V3.0
R2013a
March
2013
6.4
8.4
2.4

R2013b
Sept.
2013
6.5
8.5
2.5

R2014a
March
2014
6.6
8.6
2.6

3.3
Releases after R2014a
Release
Optional
EmSupport
Simulink MATLAB
Date bedded Package for
TM
TM
Coder
Coder
TM
Coder
AUTOSAR
Standard
R2014b
Oct.
2014
6.7
14.2.0
8.7
2.7

R2015a
March
2015
6.8
15.1.0
8.8
2.8

R2015b
Sept.
2015
6.9
15.2.0
8.9
3.0

TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 6 of 16
4 Certification
4.1
Standards
Standard
Description
IEC 61508-1:2010
Functional Safety of electrical/electronic/programmable electronic

safety-related systems Part 1: General requirements
IEC 61508-3:2010
Functional Safety of electrical/electronic/programmable electronic

safety-related systems Part 3: Software requirements
ISO 26262-8:2011
Road vehicles Functional safety Part 8: Supporting processes

Chapter 11: Confidence in the use of software tools
EN 50128:2011
Railway applications Communications, signalling and processing

systems Software for railway control and protection systems
4.2
Basis of certification
Software development and quality engineering processes
Customer bug reporting processes
Requirements on software tools in IEC 61508, ISO 26262, or EN 50128
Tool classification and validation according to IEC 61508
Tool classification and qualification according to ISO 26262
4.3
Referenced Documents
Document
Author
[R1]
Technical Report on Functional Safety (MN72051T )
TV SD Rail GmbH
[R2]
Technical Report of Modifications R2013a (MN84722T)
TV SD Rail GmbH
[R3]
Technical Report of Modifications R2013b (MN85071T)
TV SD Rail GmbH
[R4]
TV SD Rail GmbH
[R5]
TV SD Rail GmbH
[R6]
TV SD Rail GmbH
[R7]
TV SD Rail GmbH
[R8]
Embedded Coder Reference Workflow
The MathWorks, Inc.
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 7 of 16
5 Results
5.1
Software development and quality engineering processes
The software development and quality engineering processes applied for Embedded Coder have
been audited, no objections were found.
To ensure adherence to the software development and quality engineering processes, as well as to
keep track of quality improvements, the processes to implement enhancements and modifications
are audited once a year by TV SD.
Product versions that are released in between two consecutive audits are subject to a defined approval procedure by TV SD. The procedure includes the following elements:
5.2
The MathWorks, Inc. documents new customer visible features for each release in the corresponding release notes.
The MathWorks, Inc. documents enhancements and new features of each Embedded Coder version in an internal delta report.
Test procedures for enhancements and new features are referenced in the delta report to
document the Mathworks' internal validation activities for newly developed features.
Each Embedded Coder version is validated against a validation test suite.
Customer bug reporting processes
The bug reports section of the MathWorksTM web site provides an interface for customers to view
and submit bug reports.
Customers can track the status of open bugs. Critical bugs can be easily identified in the bug report
section of the MathWorks web site. Customers can choose to receive email or RSS notifications for
new or updated bug reports. The bug reports on this web site include internally as well as externally
nominated bugs. If applicable, bug reports include provisions for known workarounds or file replacements.
Customers can use the bug report mechanism to nominate bugs. These nominations are processed
and evaluated by The MathWorks, Inc. development organization.
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 8 of 16
5.3
Requirements on software tools in IEC 61508, ISO 26262, and EN 50128
5.3.1 General
ISO 26262, IEC 61508 and EN 50128 in their current versions contain explicit requirements on software tools.
They strongly recommend the application of development tools and provide provisions for using
model-based design for software development. At the same time, they demand to perform an analysis of the tools used, and an analysis on how they are embedded in the development process:
analysis of tool usage (IEC 61508)
analysis of tool use cases (ISO 26262)
analysis on the effect of possible malfunctions of the applied tool(s).
Depending on the outcome of the above analysis, the standards referred to above demand
a) fault mitigation measures (process)
b) the qualification, respectively validation of tools.
These activities should complement each other, and the combination of both shall reduce the number of faults impacting the final product to a minimum.
5.3.2 Embedded Coder

Embedded Coder fulfills the requirements of IEC 61508, ISO 26262 and EN50128 regarding tool
support and automation.
The Embedded Coder is usually applied in one of the three following use cases:
1. Generating C Code for the Model Used for Production Code Generation
Embedded Coder code generator is used to transform an executable graphical model (model
used for production code generation) into production C code for application software components.
2. Generating C Code and Description Files for AUTOSAR Application Software Components
for the Model Used for Production Code Generation
used for production code generation) into production C code and description files for AUTOSAR
application software components.
The optional Embedded Coder Support Package for AUTOSAR Standard may be used to create an AUTOSAR configuration for a model, model AUTOSAR elements, and generate ARXML
and AUTOSAR-compatible C code from a model.
3. Generating C++ Code for the Model Used for Production Code Generation
used for production code generation) into production C++ code for application software components.
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 9 of 16
As a mitigation measure, The MathWorks, Inc. propose a translation validation workflow described in
[R8]. It combines back-to-back testing with measures to prevent unintended functionality in the generated code as a method to verify the correct transformation from model to code, and thus of the
code generation tool chain.
The MathWorks, Inc. also executes a validation suite on basis of the AVS suite as a means of commensurable validation. The validation suite results for each certified release are inspected by TV
SD, see 5.4 and 5.6 for details.
5.4
Tool classification and validation according to IEC 61508:2010
5.4.1 General
Embedded Coder is a class T3 off-line support tool. It can be used to transform executable graphical models created using Simulink, Fixed-Point Designer, and Stateflow into C or C++ code.
IEC 61508:2010 details and extends the requirements for tool certification specified in the first edition of the standard. The following list provides considerations on how tool users are being supported w.r.t. the requirements of IEC 61508-3 clause 7.4.4:
Code generation using Embedded Coder can be integrated with other Model-Based Design and verification tools from The MathWorks, Inc. (cf. IEC 61508-3, 7.4.4.2, Note 3). A
possible integration is outlined in the reference workflow documentation. A representative
combination of tools is being tested at the manufacturers site. (cf. IEC 61508-3, 7.4.4.9,
7.4.4.18 a).
The tool documentation for Embedded Coder (cf. IEC 6158-3, 7.4.4.4) is being provided
with the product.
The reference workflow documentation provides mitigation measures to potential failure

mechanisms of Embedded Coder (cf. IEC 61508-3, 7.4.4.5, 7.4.4.8). Applying the complete workflow provides a high degree of confidence that potential bugs in Embedded
Coder can be mitigated.
MathWorks reports critical known bugs brought to its attention on its Bug Report system at
http://www.mathworks.com/support/bugreports/ (cf. IEC 61508-3, 7.4.4.6, Note 1).
The Release Notes for Embedded Coder provide the version history of Embedded Coder. Tool users can assess available bug reports for different Embedded Coder versions
via the Bug Reports system (cf. IEC 61508-3, 7.4.4.6, Note 1)
The MathWorks, Inc. validated Embedded Coder and provided documentation of this validation to TV SD for review and approval (cf. IEC 61508-3, 7.4.4.6, 7.4.4.7). Each certified
Embedded Coder version is subject to a defined approval procedure by TV SD outlined
in section 5.1. (cf. IEC 61508-3, 7.4.4.18, Note)
Each release of Embedded Coder is identifiable (cf. IEC 61508-3, 7.4.4.15 a)
The MathWorks, Inc. as well as 3rd party vendors offer training courses for MathWorks tools
(cf. IEC 61508-3, 7.4.4.2, Note 6).
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 10 of 16
5.4.2 Validation of the software tool
Since R2009a, each Embedded Coder version to be certified is validated by a version of a

validation test suite derived from the Automotive Code Validation Suite AVS V4.0 (TV
Rheinland Report 968/EL 525.00/08). The validation suite may be adapted in order to be
compatible with the code generator version to be certified. A successful validation test is
considered as a means of end-to-end validation of Embedded Coder. The validation reports were submitted to TV SD.
Since R2009a, test procedures for enhancements/new features are referenced in the delta
report to document The MathWorks, Inc. internal validation activities for newly developed
features.
5.4.3 Summary
All Embedded Coder versions listed in the subsequent table are certified as T3 off-line support
tools according to IEC 61508:2010. The tool meets the applicable requirements of IEC 61508-3
7.4.4.
For SIL 1 to SIL 3, mitigation measures to potential failure mechanisms of the code generator are
described in the corresponding reference workflow documentation.
The tool classification and the assessment of the tool validation activities were carried out by TV
SD.
Embedded Coder is suitable to be used in the development of safety-related software according to
IEC 61508:2010. Tool certification for Embedded Coder can be claimed by referencing this certification report and the corresponding certificate.
Tool validation activities

Tool / Release
SIL
Delta Report
Validation Suite
Real-Time Workshop Embedded Coder R2008a
1,2,3
Real-Time Workshop Embedded Coder R2008b
1,2,3
1,2,3
1,2,3
Real-Time Workshop Embedded Coder R2009bSP1
1,2,3
not required1
1,2,3
1,2,3
1,2,3
not required2
1 No enhancements w.r.t. R2009b

TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 11 of 16
Tool validation activities

Tool / Release
SIL
Delta Report
2
Validation Suite
1,2,3
not required
Embedded Coder R2011a
1,2,3
Embedded Coder R2011b
1,2,3
1,2,3
1,2,3
1,2,3
1,2,3
1,2,3
1,2,3
1,2,3
1,2,3
5.5
EN 50128
EN 50128:2011 is an application standard derived from IEC 61508. The requirements for software
tools are explicitly derived from the requirements on software tools according to IEC 61508-3:2010.
Due to the equivalences between the two standards no separate testing has been performed with
respect to EN 50128.
For SIL 1 to SIL 3/4 according to EN 50128, mitigation measures to potential failure mechanisms of
the code generator are described in the reference workflow document for Embedded Coder.
Embedded Coder is suitable to be used in the development of safety-related software according to
EN 50128:2011 up to SIL 3/4. Tool certification for the Embedded Coder versions listed in the above
table can be claimed by referencing this certification report and the corresponding certificate.
5.6
Tool classification and qualification according to ISO 26262
5.6.1 General
Based on the use cases defined in 5.3.2, the tool impact for the code generator is TI2 due to the
conservative estimation. TI2 requires the estimation of the tool error detection TD.
The tool error detection TD depends on the verification and validation workflow that is being used.
TD1 will be achieved if the verification and validation workflow, documented in Embedded Coder
Reference Workflow, is followed completely. Applying the complete workflow provides a high degree of confidence that a malfunction or an erroneous output of the code generator will be prevented
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 12 of 16
or detected. In this case, the resulting tool confidence level is TCL1. Tool qualification for the code
generator can be claimed without further tool qualification measures. The tool qualification measures
described in 5.6.2 and 5.6.3 are voluntary and provide additional confidence.
TD2 can be achieved if a suitable subset of the verification and validation workflow, documented in
Embedded Coder Reference Workflow, is followed. The workflow subset has to ensure that a
malfunction or an erroneous output of the code generator will be prevented or detected with at least
a medium degree of confidence. In this case the resulting tool confidence level is TCL2. Tool qualification of the code generator can be claimed based on the combination of following methods for tool
qualification:
Evaluation of the development process

Validation of the software tool
5.6.2 Evaluation of the development process
TV SD conducts yearly surveillance audits of the software development and quality engineering processes for Embedded Coder.
The MathWorks, Inc. documents new customer visible features for each release in the corresponding release notes. The release notes were submitted to TV SD.
Since R2009a, The MathWorks, Inc. documents enhancements and new features of each
Embedded Coder version to be qualified in a comprehensive delta report. The delta reports were submitted to TV SD.
5.6.3 Validation of the software tool
Since R2009a, each Embedded Coder version to be qualified is validated by a validation

test suite derived from the Automotive Code Validation Suite AVS v4.0 (TV Rheinland Report 968/EL 525.00/08). The validation suite may be adapted in order to be compatible with
the code generator version to be qualified. A successful validation test is considered as a
means of end-to-end validation of Embedded Coder. The validation reports were submitted
to TV SD.
Since R2009a, test procedures for enhancements/new features are referenced in the delta
report to document The MathWorks, Inc. internal validation activities for newly developed
features.
5.6.4 Summary
All Embedded Coder versions listed in the subsequent table are qualified for all ASILs according
to ISO 26262 (tool confidence level TCL1). The prerequisites for TCL1 are given, provided that the
verification and validation workflow documented in Embedded Coder Reference Workflow is followed.
All Real-Time Workshop Embedded Coder versions listed in the subsequent table and released after
2008 are qualified for all ASILs according to ISO 26262 up to a maximum tool confidence level of
TCL2. The prerequisites for TCL2 are given, provided that a suitable subset of the verification and
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 13 of 16
validation workflow (see [R8]) is used that ensures that a malfunction or an erroneous output of the
code generator will be prevented or detected with at least a medium degree of confidence.
The confirmation of the tool classification and the assessment of the results of the measures applied
to qualify the software tool were carried out by TV SD.
Tool qualification for Embedded Coder can be claimed for TCL1 and TCL2 by referencing this
certification report and the corresponding certificate.
Qualification Methods
Release
Reference
Workflow
Degree of
confidence
Maximum
TCL
ASIL
Surveillance Audit
not required not required
A, B, C, D
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable subset
Medium
A, B, C, D
A, B, C, D
R2008b
Complete
High
Complete
High
Suitable subset
R2010a
R2010b
R2010b
SP1
R2010b
SP2
Validation
Suite
A, B, C, D
High
R2009b
SP1
Delta
Report
Complete
R2009b
Release
Notes
Validation of the
software tool
R2008a
R2009a
Evaluation of the
development process

not required3

not required4

not required

TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 14 of 16
Qualification Methods
Release
R2011a
R2011b
R2012a
R2012b
R2013a
R2013b
R2014a
R2014b
R2015a
R2015b
5.7
Degree of
confidence
Maximum
TCL
ASIL
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Complete
High
A, B, C, D
Suitable Subset
Medium
A, B, C, D
Reference
Workflow
Evaluation of the
development process
Surveillance Audit
Release
Notes
Validation of the
software tool
Delta
Report
Validation
Suite
IEC 62304
IEC 62304:2006 provides a framework of life cycle processes for the safe design and maintenance
of medical device software.
IEC 62304 does not place specific requirements on software tools, or on the qualification of tools,
but IEC 62304 advises that IEC 61508 can be looked to as a source of methods, tools and techniques that can be used to implement the requirements in IEC 62304 (IEC 62304:2006, C.1).
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 15 of 16
6 General conditions and restrictions
The verification and validation workflow documented in Embedded Coder Reference

Workflow shall be applied for all safety-related applications. The workflow shall be instantiated in accordance with the notified body depending on the SIL or ASIL required.
As a prerequisite to claim tool qualification according to ISO 26262 the application of the verification and validation workflow documented in Embedded Coder Reference Workflow
(tool confidence level TCL1) or a suitable subset (tool confidence level TCL2) shall be applied. The tool qualification methods are intended to supplement, not to replace this workflow.
The Embedded Coder Reference Workflow comprises two main parts:

o
o
back-to-back testing between model and code

coverage analysis to show the completeness of the tests and to show the absence of
unintended functionality.
In order to demonstrate the absence of unintended functionality, the tests have to be derived
from the specifications on model level, respectively from the design for testing on code level.
7 Summary and certificate number

This report specifies the conditions of use and restrictions to be considered for the application of the
Embedded Coder by The MathWorks, Inc. It is part of the certificate
Z10 11 12 67052 014
The certificate Z10 11 12 67052 014 replaces the certificates Z10 08 05 67052 001, Z10 09 06
67052 002, Z10 11 01 67052 005 and Z10 11 06 67052 010.
Munich, 2015-05-29
Technical Certifier
Peter Wei
TV SD Rail GmbH
Embedded Systems
Barthstr. 16
80339 Mnchen
Phone: +49 89 5791-4378; Fax: -2933

Revision 2.7
2015-05-29
Page 16 of 16

Certificate Z10 11 12 67052 014: To The

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Certificate Z10 11 12 67052 014: To The

Caricato da

Copyright:

Formati disponibili

Report

F. Rauch, S. Waldhausen Initial Report

Minor adoptions for Release 2008b

Insertion of Release 2009a

F. Rauch, S. Waldhausen Re-Certification due to assessment of tool qualification according to ISO26262

F. Rauch, S. Waldhausen Clarification of derivate standards

Update of ISO 26262

Insertion of Release 2009b, Minor edits

Update for Release R2010a

Update for Release R20009bSP1

Update for Release R2010b, Minor edits

Update for Release R2010bSP1

Update for Release R2011a

Update for Release R2011b

Update for Release 2012a

Update for Releases R2010bSP2 and R2012b

Update for Release 2013a

Update for Release 2013b

Update for Release 2014a

Update for Release 2014b,

Update for Release 2015a

Update for Release 2015b

Report No.: MN72051C

PURPOSE AND SCOPE ...................................................................................................... 4

PRODUCT OVERVIEW ....................................................................................................... 4

Releases up to R2010bSP2 .......................................................................................... 5

Releases after R2010bSP2 ........................................................................................... 6

Releases after R2014a .................................................................................................. 6

Basis of certification ...................................................................................................... 7

Referenced Documents ................................................................................................. 7

Software development and quality engineering processes ............................................ 8

Customer bug reporting processes ................................................................................ 8

IEC 62304 ................................................................................................................... 15

GENERAL CONDITIONS AND RESTRICTIONS ............................................................... 16

SUMMARY AND CERTIFICATE NUMBER ....................................................................... 16

Report No.: MN72051C

1 Purpose and scope

Technical Report on Functional Safety

Technical Report of Modifications R2013a

Technical Report of Modifications R2013b

Technical Report of Modifications R2014a

Technical Report of Modifications R2014b

Technical Report of Modifications R2015a

Technical Report of Modifications R2015b

Report No.: MN72051C

Workshop Stateflow Real-Time

Reference Workflow Documentation

Application-Specific Verification and Validation

Cert Kit IEC

IEC Certification Kit

IEC Certification Kit

IEC Certification Kit

IEC Certification Kit

IEC Certification Kit

IEC Certification Kit

IEC Certification Kit

Report No.: MN72051C

Releases after R2010bSP2

Reference Workflow Documentation

IEC Certification Kit

IEC Certification Kit

IEC Certification Kit

IEC Certification Kit