What do you mean by the “safe subset”?
The project team selected the so called “safe subset” of blocks in the Simulink language and features from the Stateflow language and the toolset supports this safe subset only. There is an assumption, that Gene-Auto is not a verification tool, and the input model should be verified before generating any code. However, by excluding “potentially dangerous” constructs from the input model, the required analysis can be considerably simplified.
When selecting Simulink blocks for implementation there were two main criteria:
- Blocks with complex behaviour were generally avoided, assuming, that it is possible to compose the functionality of such blocks from lower level blocks. This reduces the effort required for qualifying the block library.
- Only the blocks that are useful for embedded software were selected.
Note: This does not mean that the list of supported Simulink blocks is final. New blocks will be added in future versions of Gene-Auto and they can also be added by the users themselves. See also Access to Node 77 denied. .
In Stateflow we excluded constructs that may lead to non-termination e.g. local broadcasts, but also some puzzling features like condition actions (not to be confused with transition actions!) between states, transitions between concurrent states etc.
There are two deliverables that list the restrictions that need to be followed when developing Gene-Auto compatible models:
- D1.13 Functional Modelling Guidelines and
- D1.14 Modelling Guidelines for State Diagrams
In general it is the responsibility of the modeller to ensure that the model corresponds to the modelling guidelines. Although a large part of the rules are checked by the tool, one must keep in mind that Gene-Auto is not a verification tool and does not guarantee exhaustive checking. More sophisticated standalone verification tools might be developed in the future. See also question What is the difference between a development tool and a verification tool?.