Reactis for ISO 26262 Safety Compliance

Reactis provides model-based verification, automated test-generation, and validation tooling designed to help organizations meet the verification objectives of ISO 26262. Use Reactis to trace requirements, generate evidence, perform back-to-back testing, and reduce manual effort during functional-safety development.


TÜV SÜD Certified

Reactive Systems worked with global certification authority TÜV SÜD to prequalify Reactis for use in an ISO 26262 process. Clause 11 of Part 8 of the ISO 26262 standard specifies how software tools should be qualified for use on the development of safety related items. The qualification of Reactis employed an evaluation of the tool development process as specified in Sub-clause 11.4.8 of Part 8 and a validation of Reactis according to the steps outlined in Sub-clause 11.4.9 of Part 8. Reactis ISO 26262 Certificate →

Tuv Sud Logo

What Reactis Does

  • Automated test generation from Simulink/Stateflow models
  • Model and code simulation with interactive debugging
  • Property-based checks (assertions / observers)
  • Coverage measurement including MC/DC and model-specific metrics

How It Maps to ISO 26262

  • Requirements traceability: attach checks and user-defined targets to requirements.
  • Verification & Validation: generate tests to demonstrate coverage and exercise fault conditions.
  • ASIL evidence: measurable test evidence and coverage reports support ASIL work products.
  • Tool confidence: supports rigorous workflows and measurable outputs for audits.

Key Compliance Features

  • Targeted test generation driven by coverage objectives
  • Assertion-based validation to detect requirement violations
  • Regression-ready test suites for change impact analysis
  • Comprehensive reporting suitable for safety artifacts


Recommended Workflow

Integrate Reactis into your existing model-based development pipeline to produce repeatable verification artifacts aligned with ISO 26262 lifecycle tasks (V&V, integration, and software unit testing).

1. Specify Requirements

Document requirements and map them to model elements. Create assertions or observer diagrams to represent properties.

2. Instrument Model

Add checks, watchers, and user-defined targets so Reactis can monitor and exercise critical behaviors.

3. Generate Tests

Use guided simulation to create tests that focus on uncovered objectives (branch, decision, MC/DC, state coverage).

4. Execute & Report

Run tests on models and generated code, collect coverage, and produce evidence artifacts for ASIL justification.



Back-to-Back Testing of Code Against Model

When using model-based development within an ISO 26262 process, ISO 26262-6 sub-clauses 9.4.2 and 10.4.2 recommend performing back-to-back comparisons of a model and the implementation derived from the model. The goal of back-to-back testing is to determine that an implementation and model both produce the same outputs when given the same inputs. There are four essential requirements for back-to-back testing to be successful. First, there should be a high degree of confidence in the correctness of the model gained from prior testing of the model against its requirements. Second, the implementation should produce outputs which are reasonably close (small differences are likely due to rounding of results during numerical calculations) to the outputs of the model for all inputs. Third, the tests which were used to perform the comparison should achieve a high degree of coverage of the model and its requirements. Fourth, the tests should achieve a high degree of coverage of the implementation.

For applications which are implemented using the C language, Reactis for Simulink and Reactis for C can be used in tandem to support efficient back-to-back testing. Note that the C code itself may be coded by hand or automatically generated from the model using a tool such as Embedded Coder offered by MathWorks or TargetLink offered by dSPACE. In either case, the code should be compared to the model in a back-to-back test.

Back-to-back testing of a model and a C code with Reactis consists of three steps:

  1. Generate a comprehensive test suite from the model using Reactis Tester (see Reactis User’s Guide: Tester).

  2. Execute the test suite on the C code in Reactis for C using Simulator (see Reactis for C User’s Guide: Creating Test Execution Reports).

  3. Any differences in behavior will be flagged. The generated test suite and reports can be used as evidence of verification activities.

Diagram showing Simulink model going into Reactis for Simulink to generate tests, the tests feed in to Reactis for C to check that the C code produces the same outputs as the model when given the same inputs

Benefits for Safety Teams

  • Reduce manual test case design with automated generation
  • Increase confidence through measurable coverage and automated assertions
  • Faster regression when models or code change
  • Produce consistent, reviewable artifacts for audits

Read the full safety manual for implementation guidance and recommended practices:

Reactis Safety Manual →

Want a walkthrough? Contact us to schedule a demo focused on ISO 26262 goals.

Copyright © Reactive Systems, Inc. 2000-2025
Tomorrow's Software Today®