Hazardous Event
Complexity
The user might think µRTE is hard to use.
- +
Requirement Model
- +
Blinking LED
- +UART
- Unknown features
- Complexity
Potential customers don't like the tool
Show most important features in an lightweight demo
SafetyRequirement_93 - Runnable activation by signal events- SafetyRequirement_94 - Global variables
- SafetyRequirement_95 - Runnable activation by cyclic events
- SafetyRequirement_96 - Inter-task communication
- SafetyRequirement_97 - local and global signals
- SafetyRequirement_98 - Multiple System-States
Requirement_95 - UART- SafetyRequirement_110 - Hardware Interfacing
- SafetyRequirement_111 - SignalLayer features
- SafetyRequirement_115 - Protection Sets
- +
- +
Logical Function Model
- +
Software Model
- +
Hardware Model
- +
Testing Model
Diagrams
Relationships
Requirements Model
Logical Function Model
Software units
Signals
Global variables
Activation Events
Hardware Model
Testing Model
Requirements Model
Logical Function Model
Software units
Signals
Global variables
Activation Events
Hardware Model
Testing Model
Safety
| Definition | |
|---|---|
The propability of this event to happen.
| |
|
How well can this event be controlled.
| |
|
The severity/effect of this event.
| |
|
The SIL defined for this event, based on factors such as probability, effect and controllability.
| QM |
Properties
| Base | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The name of this object. Certain classes of objects require this field to be unique. Please consider that this field might be used in code and thus must not contain special characters.
| Complexity | ||||||||||||||||
|
The type of this object within the uRTE model
| HazardousEvent |
||||||||||||||||
|
A descriptive text for this object. Please consider that this field might be used in code and thus must not contain special characters.
| The user might think µRTE is hard to use. |
||||||||||||||||
|
A user defined ID which can be freely chosen. Please consider that this field might be used in code and thus must not contain special characters.
| HazardousEvent_93 | ||||||||||||||||
|
Each object within the uRTE model has a unique ID, this is the ID for this object
| _OM7MEOdBEeyMHMAOoLxcsQ | ||||||||||||||||
|
The package in which this HazardousEvent is included.
| UART |
||||||||||||||||
| References | |||||||||||||||||
| |||||||||||||||||
| Safety Goal | Parent | Function Type | SIL derived | SIL manual | SIL required | Safe State | Safety Requirements |
|---|---|---|---|---|---|---|---|
An small demo model with the most important features shall show the most important features of µRTE. |
System_Function | QM | derived | QM | Show slides |
|
Requirement Layer
Hazard Scenarios (1)
Hazard Scenarios linking to this Hazardous Event.
| Hazard Scenario | Parent | Hazard Events |
|---|---|---|
This would be very sad. |
(Safety)Requirements (10)
(Safety)Requirements associated with (Safety)Requirements the associated safety goal link to. Directly or through refinement relationships.
| (Safety)Requirement | Parent | User-ID | Author | Creation Date | Start Date | Deadline | Expense | Responsibe | Category | Type | Status | Justification | Function Type | SIL derived | SIL manual | SIL required | Tests | Technical Functions | Software | Other SW | Hardware | Signals | Global variables | Activation events | Use-Cases | User-Stories | Refining | Conflicting | refined by | conflicted by |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
When the button is pressed, the system-state shall change from Blink into UART mode. |
Requirement_95 | Thomas Barth | Wed Jun 08 17:56:19 CEST 2022 | 0.0 | Thomas Barth | product | functional | implemented | - | - | - | - |
|
|||||||||||||||||
How to read and write data form and to hardware. |
SafetyRequirement_110 | Thomas Barth | Thu Jun 09 20:50:22 CEST 2022 | 0.0 | Thomas Barth | product | functional | approved | System_Function | QM | derived | QM | ||||||||||||||||||
Demonstrate the use of scalers and validators. |
SafetyRequirement_111 | Thu Jun 09 20:52:41 CEST 2022 | 0.0 | product | functional | approved | System_Function | QM | derived | QM | ||||||||||||||||||||
Show how protection sets can be used to grant access to hardware. |
SafetyRequirement_115 | Fri Jun 10 14:24:52 CEST 2022 | 0.0 | product | functional | implemented | System_Function | QM | derived | QM | ||||||||||||||||||||
Runnables can be activated by signal (onData/onError) events. |
SafetyRequirement_93 | Thomas Barth | Wed Jun 08 17:34:15 CEST 2022 | 0.0 | Thomas Barth | product | functional | implemented | System_Function | QM | derived | QM |
|
|||||||||||||||||
Global variables can store data for Runnables and other Software Functions. |
SafetyRequirement_94 | Thomas Barth | Wed Jun 08 17:34:15 CEST 2022 | 0.0 | Thomas Barth | product | functional | implemented | System_Function | QM | derived | QM | ||||||||||||||||||
Runnables can be activated by cyclic events. |
SafetyRequirement_95 | Thomas Barth | Wed Jun 08 17:34:15 CEST 2022 | 0.0 | Thomas Barth | product | functional | implemented | System_Function | QM | SIL_1 | SIL_1 |
|
|||||||||||||||||
µRTE easily can transmit events and data between tasks |
SafetyRequirement_96 | Thomas Barth | Wed Jun 08 17:46:14 CEST 2022 | 0.0 | Thomas Barth | product | functional | implemented | System_Function | QM | derived | QM |
|
|||||||||||||||||
Signals can either be global data objects of local objects on the task stack. |
SafetyRequirement_97 | Wed Jun 08 17:49:01 CEST 2022 | 0.0 | product | non_functional | implemented | System_Function | QM | derived | QM |
|
|||||||||||||||||||
uRTE allows the definition of multiple system-states where each state has an own data-flow. |
SafetyRequirement_98 | Wed Jun 08 17:52:52 CEST 2022 | 0.0 | product | functional | implemented | System_Function | QM | derived | QM |
Functional Layer
Technical Functions (2)
Technical Functions associated with (Safety)Requirements the associated safety goal link to. Directly or through refinement relationships.
| Function | LFB | Software | Hardware | Other Software | SIL required | SIL achieved | SIL justification | sub Technical Functions | Requirements | sub Requirements |
|---|---|---|---|---|---|---|---|---|---|---|
An LED shall blink to indicate that the system is alive and responding. |
SIL_1 | QM | ||||||||
If the button is pressed, UART messages indicating the press duration are sent. |
SIL_1 | QM |
Logical Function Blocks (4)
Logical Function Blocks referenced by the above Technical Functions.
| Function | Type | Technical functions |
|---|---|---|
An binary HMI |
Input | |
The MCU implementing the logic |
Service | |
An LED to indicate a binary state |
Output | |
A PC receiving UART messages |
Monitor |
Software Layer
Software units (5)
Sofware units associated with (Safety)Requirements the associated safety goal link to. Directly or through refinement relationships.
| Unit | Parent | Function calls | other Software Elements | Technical Functions | Requirements | Type | Tasks | WCET | Stack | ROM | Globals | ProtectionSets | SIL required | SIL achieved | sub Technical Functions (R) | sub Requirements (R) | Has a return value (R) | SystemStates (R) | Ingoing Trigger Ports (R) | Outgoing Trigger Ports (R) | Ingoing Data Ports (R) | Outgoing Data Ports (R) | Signals (D) | Runnables (D) | DataType (D) | Is Synchronous (D) | Hardware (D) | Ports (G) | Callers (F) | Return Type (F) | Parameters (F) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Reads the current button state from hardware |
 Button |
InDriver | 0 | 0 | 0 | SIL_1 | QM | - | - | - | - | - | - | - | - |  uRTE_boolean_t |
true | - | - | - | - | ||||||||||
Hardware write-Interface towards the LED |
LED |
OutDriver | 0 | 0 | 0 | SIL_1 | QM | - | - | - | - | - | - | - | - | uRTE_boolean_t |
true | - | - | - | - | ||||||||||
Sends UART messages periodically via the UART signal |
UART |
Runnable | 0 | 0 | 0 | SIL_1 | QM | true |
|
|
|
- | - | - | - | - | - | - | - | - | |||||||||||
Runnable to switch into the UART state if there is an event in the Blink State. |
UART |
Runnable | 0 | 0 | 0 | SIL_1 | QM | true |
|
- | - | - | - | - | - | - | - | - | |||||||||||||
Acquires the button state periodically and provides button signals |
Button |
Runnable | 0 | 0 | 0 | SIL_1 | QM | false |
|
|
|
|
- | - | - | - | - | - | - | - | - |
Runnable_run_UART_send_TPortIN_1
Runnable_run_UART_send_DPortIN_1
Runnable_run_UART_send_UART_OUT
Runnable_run_readButton_Edge_OUT Signals (4)
Signals associated with (Safety)Requirements the associated safety goal link to. Directly or through refinement relationships.
| Signal | Type | Storage | Runnables OUT | Runnables IN | Tasks | SystemStates | Requirements | miminum Age | maximum Age | Checksum | Force Sync | Inline | ISR API | effective inline | SIL required | SIL achieved | Initial value (D) | Pointer access (D) | Datatype (D) | Alt-In (D) | Alt-Out (D) | In-Driver (D) | Out-Driver (D) | OnData (D) | OnError (D) | OnTrigger (E) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Hardware Out interface for UART. |
Data | local in |
0 | 0 | false | false | false | false | false | QM | QM | true |
If not type is defined, a type definition template will be generated into the signal configuration file.
|
- | - | |||||||||||
A representation of the current button state |
Data | local in |
0 | 105 | false | false | false | false | false | SIL_1 | QM | false | false | uRTE_boolean_t |
- |
|
- | |||||||||
contains the number of seconds, the button has been pressed |
Data | global in  Button |
0 | 202 | true | false | false | false | false | QM | QM | 0 | false | button_cnt_t |
- | - | ||||||||||
Fired whenever the button is pressed (but not if it is released) |
Event | local in |
0 | 0 | false | false | false | false | false | QM | QM | - | - | - | - | - | - | - | - | - |
|
Global Variables (1)
Global variables associated with (Safety)Requirements the associated safety goal link to. Directly or through refinement relationships.
| Global Variable | Container | DataType | Requirements | public (S) | InitValue | Storage | Protection Set (S) | SIL required | SIL achieved |
|---|---|---|---|---|---|---|---|---|---|
internal counter for button press duration |
 run_readButton |
uRTE_uint16_t |
- | 0 |  .button |
- | SIL_1 | QM |
Activation-Events (1)
Activation Events associated with (Safety)Requirements the associated safety goal link to. Directly or through refinement relationships.
| Event | Type | Cycle Time (C) | Offset (C) | Task-Init (S) | Requirements | Ports | Runnables | Tasks | SystemStates | SIL required | SIL achieved |
|---|---|---|---|---|---|---|---|---|---|---|---|
Timebase for button read operations |
CyclicEvent | 200 | 0 | - |
|
SIL_1 | QM |
Testing Layer
Tests (1)
Tests associated with (Safety)Requirements the associated safety goal link to. Directly or through refinement relationships.
| Test | User-ID | Group | Priority | Status | Procedure and Input-Data | Expected Results | gen Name | gen Props | SIL | Requirements | Technical-Functions | Software-Units | Signals | Global variables | Activation-Events | Hardware-Components |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Tests the UART functionality at the system level |
Test_134 | 0 | approved | Regular power-on with a terminal connected to UART. The Button is pressed for 10 seconds. | The string '--- UART WakeUp ----' is send whenever the button is pressed, followed by 'Button pressed for %d seconds.' messages, where '%d' represents the integer number of seconds the button already has been pressed. |