+Requirement Model
- +Blinking LED
- +UART
+Logical Function Model
- Controller
- LED
- PC
- Button
- Blinking LED
- UART
+Software Model
- +Software
  - +Button
    - ButtonRead
    - +run_readButton
      - press_cnt
  - +LED
    - drv_LED
    - run_LED
  - +UART
- +RTE
  - +Activation Engine
    - Button Timebase
    - LED timebase
  - +Signal Layer
    - HWI LED
    - HWI_Button
    - button state
    - button_edge
    - button_cnt
    - HWO_UART
    - +Signal-Pools
      - Button
  - +System States
    - Blink
    - UART
    - +State-Handler
- +RTOS
  - Button
  - LED
  - UART
- +Linkage
  - +Output-Sections
  - +Protection-Sets
    - BaseProtection
    - UART
- +DataTypes
+Hardware Model
- +Nucelo-F446RE
  - +STM32F446RE
    - Arm® Cortex®-M4
    - main
    - +GPIO
      - PA5
      - PC13-TAMPER-RTC
    - USART
  - Button
  - LED
+Testing Model
- +Item Tests
  - (Test_128) Smoke-Test
- +Functional Tests
  - +Blinking LED
    - (Test_132) Regular blink
    - (Test_133) LED permanent ON
  - +UART
    - (Test_134) UART functional/system test

Hazardous Event

Complexity

The user might think µRTE is hard to use.

Diagrams

Requirements Model

Logical Function Model

Software units

Signals

Global variables

Activation Events

Hardware Model

Testing Model

Safety

Definition
Probability
Controllability
Effect
SIL	QM

Properties

Base

Name

Complexity

Type

HazardousEvent

Description

The user might think µRTE is hard to use.

User-ID

HazardousEvent_93

UID

_OM7MEOdBEeyMHMAOoLxcsQ

Package

UART

References

Safetygoals (1)

Safety Goals this Hazardous Event links to.

Safety Goal	Parent	Function Type	SIL derived	SIL manual	SIL effective	Safe State	Safety Requirements
Show most important features in an lightweight demo An small demo model with the most important features shall show the most important features of µRTE.	UART	System_Function	QM	derived	QM	Show slides	(SafetyRequirement_94) Global variables (Requirement_95) UART (SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_98) Multiple System-States (Requirement_95) UART (SafetyRequirement_115) Protection Sets (Requirement_95) UART (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART (SafetyRequirement_93) Runnable activation by signal events (Requirement_95) UART

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios linking to this Hazardous Event.

Hazard Scenario	Parent	Hazard Events
Potential customers don't like the tool This would be very sad.	UART	Complexity Unknown features

(Safety)Requirements (7)

(Safety)Requirements defined by the safety goals linked by this Hazardous Event.

(Safety)Requirement	Parent	User-ID	Author	Creation Date	Responsibe	Category	Type	Status	Function Type	SIL derived	SIL manual	SIL effective	Technical Functions	Software	Signals	Global variables	Activation events	Refining
(SafetyRequirement_110) Hardware Interfacing How to read and write data form and to hardware.	UART	SafetyRequirement_110	Thomas Barth	Thu Jun 09 20:50:22 CEST 2022	Thomas Barth	product	functional	approved	System_Function	QM	derived	QM		ButtonRead drv_LED				(SafetyRequirement_111) SignalLayer features (Requirement_95) UART
(SafetyRequirement_115) Protection Sets Show how protection sets can be used to grant access to hardware.	UART	SafetyRequirement_115		Fri Jun 10 14:24:52 CEST 2022		product	functional	implemented	System_Function	QM	derived	QM		run_UART_wakeUp				(Requirement_95) UART
(SafetyRequirement_93) Runnable activation by signal events Runnables can be activated by signal (onData/onError) events.	UART	SafetyRequirement_93	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM	UART		button state			(Requirement_95) UART
(SafetyRequirement_94) Global variables Global variables can store data for Runnables and other Software Functions. The memory protection will automatically be generated. The actual declaration is implemented as user-code to allow the use of non-trivial datatypes and operations.	UART	SafetyRequirement_94	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM	UART	run_readButton		press_cnt		(Requirement_95) UART
(SafetyRequirement_95) Runnable activation by cyclic events Runnables can be activated by cyclic events.	UART	SafetyRequirement_95	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	SIL_1	SIL_1	Blinking LED UART		button state		Button Timebase	(Requirement_95) UART
(SafetyRequirement_96) Inter-task communication µRTE easily can transmit events and data between tasks	UART	SafetyRequirement_96	Thomas Barth	Wed Jun 08 17:46:14 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM			button state button_cnt button_edge			(SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_97) local and global signals (Requirement_95) UART
(SafetyRequirement_98) Multiple System-States uRTE allows the definition of multiple system-states where each state has an own data-flow. For each runnable the system state it shall be active in is configured. The resulting data-flow can be visualized in Software Model/uRTE/SystemStates	UART	SafetyRequirement_98		Wed Jun 08 17:52:52 CEST 2022		product	functional	implemented	System_Function	QM	derived	QM		run_UART_send run_UART_wakeUp State-Handler				(Requirement_95) UART

Functional Layer

Technical Functions (2)

Technical Functions of the (Safety)Requirements.

Function	LFB	Software	Hardware	Technical Functions	sub Technical Functions	Requirements	sub Requirements
Blinking LED An LED shall blink to indicate that the system is alive and responding.	Button Controller LED	run_LED drv_LED run_readButton ButtonRead	PA5		Blinking LED UART	(Requirement_32) LED Blink (Requirement_93) LED Button (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART	(Requirement_32) LED Blink (Requirement_93) LED Button (SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_94) Global variables (Requirement_95) UART
UART If the button is pressed, UART messages indicating the press duration are sent.	Button Controller PC	run_UART_send UART out run_UART_wakeUp run_readButton ButtonRead	USART		Blinking LED UART	(Requirement_95) UART (SafetyRequirement_93) Runnable activation by signal events (Requirement_95) UART (SafetyRequirement_94) Global variables (Requirement_95) UART (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART	(Requirement_95) UART (SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_115) Protection Sets (Requirement_95) UART (SafetyRequirement_94) Global variables (Requirement_95) UART (SafetyRequirement_98) Multiple System-States (Requirement_95) UART

Logical Function Blocks (4)

Logical Function Blocks of the technical functions.

Function	Type	Technical functions
Button An binary HMI	Input	Blinking LED UART
Controller The MCU implementing the logic	Service	Blinking LED UART
LED An LED to indicate a binary state	Output	Blinking LED
PC A PC receiving UART messages	Monitor	UART

Software Layer

Software units (5)

Sofware units associated with (Safety)Requirements.

Unit	Parent	Technical Functions	Requirements	Type	Tasks	Globals	ProtectionSets	SIL req	SIL ach	sub Technical Functions (R)	sub Requirements (R)	Has a return value (R)	SystemStates (R)	Ingoing Trigger Ports (R)	Outgoing Trigger Ports (R)	Ingoing Data Ports (R)	Outgoing Data Ports (R)	Signals (D)	Runnables (D)	DataType (D)	Is Synchronous (D)	Hardware (D)	Ports (G)	Callers (F)	Return Type (F)	Parameters (F)
ButtonRead Reads the current button state from hardware	Button	Blinking LED UART	(SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	InDriver	Button			QM	QM	-	-	-	-	-	-	-	-	HWI_Button	run_readButton	uRTE_boolean_t	true	PC13-TAMPER-RTC	-	-	-	-
drv_LED Hardware write-Interface towards the LED	LED	Blinking LED	(SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	OutDriver	LED			QM	QM	-	-	-	-	-	-	-	-	HWI LED	run_LED	uRTE_boolean_t	true	PA5	-	-	-	-
run_UART_send Sends UART messages periodically via the UART signal	UART	UART	(Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_98) Multiple System-States (Requirement_95) UART	Runnable	UART			QM	QM	UART		true	UART	Runnable_run_UART_send_TPortIN_1		Runnable_run_UART_send_DPortIN_1 Runnable_run_UART_send_DPortIN_2	Runnable_run_UART_send_UART_OUT	-	-	-	-	-	-	-	-	-
run_UART_wakeUp Runnable to switch into the UART state if there is an event in the Blink State. This runnable does not use hardware signals but accesses hardware directly and is therefore associated with an protection set grandting access to hardware.	UART	UART	(Requirement_95) UART (SafetyRequirement_115) Protection Sets (Requirement_95) UART (SafetyRequirement_98) Multiple System-States (Requirement_95) UART	Runnable	UART		UART	QM	QM			true	Blink	Runnable_run_UART_WakeUP				-	-	-	-	-	-	-	-	-
run_readButton Acquires the button state periodically and provides button signals	Button	Blinking LED UART	(SafetyRequirement_94) Global variables (Requirement_95) UART	Runnable	Button	press_cnt		QM	QM	Blinking LED UART	(SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	false	Blink UART	Runnable_run_readButton_Tick	Runnable_run_readButton_Edge_OUT	run_readButton_HW_IN	Runnable_run_readButton_Button_OUT Runnable_run_readButton_button_pressed_cnt	-	-	-	-	-	-	-	-	-

Signals (3)

Signals of the (Safety)Requirements.

Signal	Type	Storage	Runnables OUT	Runnables IN	Tasks	SystemStates	Requirements	maximum Age	Checksum	Force Sync	Inline	ISR API	effective inline	SIL req	SIL ach	Initial value (D)	Pointer access (D)	Datatype (D)	Alt-In (D)	Alt-Out (D)	In-Driver (D)	Out-Driver (D)	OnData (D)	OnError (D)	OnTrigger (E)
button state A representation of the current button state	Data	local in .rtos.task.Button .rtos.task.LED .rtos.task.UART	run_readButton	run_LED run_UART_send	Button LED UART	Blink UART	(SafetyRequirement_93) Runnable activation by signal events (Requirement_95) UART (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_97) local and global signals (Requirement_95) UART	105	false	false	false	false	false	SIL_1	QM	false	false	uRTE_boolean_t			-		Runnable_run_UART_send_TPortIN_1 in run_UART_send		-
button_cnt contains the number of seconds, the button has been pressed	Data	global in Button	run_readButton	run_UART_send	Button UART	Blink UART	(SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_97) local and global signals (Requirement_95) UART	202	true	false	false	false	false	QM	QM	0	false	button_cnt_t	uRTE_uint16_t		-				-
button_edge Fired whenever the button is pressed (but not if it is released)	Event	local in .rtos.task.Button .rtos.task.UART	run_readButton	run_UART_wakeUp	Button UART	Blink UART	(SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	0	false	false	false	false	false	QM	QM	-	-	-	-	-	-	-	-	-	Runnable_run_UART_WakeUP in run_UART_wakeUp

Global Variables (1)

Global variables of the (Safety)Requirements.

Global Variable	Container	DataType	Requirements	public (S)	InitValue	Storage	Protection Set (S)	SIL req	SIL ach
press_cnt internal counter for button press duration	run_readButton	uRTE_uint16_t	(SafetyRequirement_94) Global variables (Requirement_95) UART	-	0	.button	-	QM	QM

Activation-Events (1)

Activation Events of the (Safety)Requirements.

Event	Type	Cycle Time (C)	Offset (C)	Task-Init (S)	Requirements	Ports	Runnables	Tasks	SystemStates	SIL req	SIL ach
Button Timebase Timebase for button read operations	CyclicEvent	200	0	-	(SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART	Runnable_run_readButton_Tick in run_readButton	run_readButton	Button	Blink UART	SIL_1	QM