uRTEDemo_03_Nucleo-F446RE_SystemStates_10_Model

Requirement Model

Contains the (safety) requirements of the system, along with their derivation via safetyGoals, hazardousEvents and hazardScenarious. The SIL for implemenation units in hard- and software will be derived from this model.

Diagrams

Requirements Model
Logical Function Model
Software units
Signals
Global variables
Activation Events
Hardware Model
Testing Model
Requirement Model Diagram

Properties

Content

Requirement Packages (2)

Requirement Packages contained in the model.

Requirement Package Parent SIL Sub-Packages (Safety)Requirements Safety Goals Hazardous Events Hazard Scenarios User Stories Use Cases Technical Functions Logical Functions
Blinking LED

All requirements related to the blinking LED

 -
UART

Requirements for the UART functionality

 SIL_1

Hazard Scenarios (1)

Hazard Scenarios contained in the model.

Hazard Scenario Parent Hazard Events
Potential customers don't like the tool

This would be very sad.

Hazardous Events (2)

Hazardous Events contained in the model.

Hazardous Event Parent Probability Controllability Effect SIL Safety-Goals
Complexity

The user might think µRTE is hard to use.

 QM
Unknown features

The customer might not see the full spectrum of features µRTE comes with.

 QM

Safetygoals (1)

Safety Goals contained in the model.

Safety Goal Parent Function Type SIL derived SIL manual SIL effective Safe State Safety Requirements
Show most important features in an lightweight demo

An small demo model with the most important features shall show the most important features of µRTE.

 System_Function QM derived QM Show slides

(Safety)Requirements (13)

(Safety)Requirements contained in the model.

(Safety)Requirement Parent User-ID Author Creation Date Start Date Deadline Expense Responsibe Category Type Status Function Type SIL derived SIL manual SIL effective Tests Technical Functions Software Hardware Signals Global variables Activation events Use-Cases User-Stories Refining Conflicting refined by conflicted by
(Requirement_32) LED Blink

In order to indicate that uRTE is up and running, an LED shall blink (toggle its binary state) with an frequency of 1/100ms.

 Requirement_32 Thomas Barth Tue Jun 07 13:05:57 CEST 2022 0.0 Thomas Barth product functional implemented - - - -
(Requirement_93) LED Button

While the button is pressed, the LED shall be on permanently.

 Requirement_93 Wed Jun 08 17:18:27 CEST 2022 0.0 product functional implemented - - - -
(Requirement_94) LED

The LED on the Nucelo Board shall act as an simple demo.

 Requirement_94 Thomas Barth Wed Jun 08 17:23:11 CEST 2022 0.0 Thomas Barth product non_functional implemented - - - -
(Requirement_95) UART

When the button is pressed, the system-state shall change from Blink into UART mode.
The start of UART mode shall be signaled via UART.
As long as the button is pressed, UART strings with the time in seconds the Button was pressed shall be send with the frequency with which the button pressed signal is updated.

 Requirement_95 Thomas Barth Wed Jun 08 17:56:19 CEST 2022 0.0 Thomas Barth product functional implemented - - - -
(SafetyRequirement_110) Hardware Interfacing

How to read and write data form and to hardware.

 SafetyRequirement_110 Thomas Barth Thu Jun 09 20:50:22 CEST 2022 0.0 Thomas Barth product functional approved System_Function QM derived QM
(SafetyRequirement_111) SignalLayer features

Demonstrate the use of scalers and validators.
Make use of age restrictions, checksums and pointer access.

 SafetyRequirement_111 Thu Jun 09 20:52:41 CEST 2022 0.0 product functional approved System_Function QM derived QM
(SafetyRequirement_115) Protection Sets

Show how protection sets can be used to grant access to hardware.

 SafetyRequirement_115 Fri Jun 10 14:24:52 CEST 2022 0.0 product functional implemented System_Function QM derived QM
(SafetyRequirement_93) Runnable activation by signal events

Runnables can be activated by signal (onData/onError) events.

 SafetyRequirement_93 Thomas Barth Wed Jun 08 17:34:15 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM derived QM
(SafetyRequirement_94) Global variables

Global variables can store data for Runnables and other Software Functions.
The memory protection will automatically be generated.
The actual declaration is implemented as user-code to allow the use of non-trivial datatypes and operations.

 SafetyRequirement_94 Thomas Barth Wed Jun 08 17:34:15 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM derived QM
(SafetyRequirement_95) Runnable activation by cyclic events

Runnables can be activated by cyclic events.

 SafetyRequirement_95 Thomas Barth Wed Jun 08 17:34:15 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM SIL_1 SIL_1
(SafetyRequirement_96) Inter-task communication

µRTE easily can transmit events and data between tasks

 SafetyRequirement_96 Thomas Barth Wed Jun 08 17:46:14 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM derived QM
(SafetyRequirement_97) local and global signals

Signals can either be global data objects of local objects on the task stack.
Global signals are the same for everyone while with local signals each task has an own copy which gets synchroized if the signal changes,

 SafetyRequirement_97 Wed Jun 08 17:49:01 CEST 2022 0.0 product non_functional implemented System_Function QM derived QM
(SafetyRequirement_98) Multiple System-States

uRTE allows the definition of multiple system-states where each state has an own data-flow.
For each runnable the system state it shall be active in is configured.
The resulting data-flow can be visualized in Software Model/uRTE/SystemStates

 SafetyRequirement_98 Wed Jun 08 17:52:52 CEST 2022 0.0 product functional implemented System_Function QM derived QM

Functional Layer

Technical Functions (2)

Technical Functions associated with (Safety)Requirements of the model.

Function LFB Software Hardware Technical Functions sub Technical Functions Requirements sub Requirements
Blinking LED

An LED shall blink to indicate that the system is alive and responding.
UART

If the button is pressed, UART messages indicating the press duration are sent.

Logical Function Blocks (4)

Logical Function Blocks associated with (Safety)Requirements of the model.

Function Type Technical functions
Button

An binary HMI

 Input
Controller

The MCU implementing the logic

 Service
LED

An LED to indicate a binary state

 Output
PC

A PC receiving UART messages

 Monitor

Software Layer

Software units (6)

Software Functions associated with (Safety)Requirements of the model.

Unit Parent Function calls Technical Functions Requirements Type Tasks WCET Stack ROM Globals ProtectionSets SIL req SIL ach sub Technical Functions (R) sub Requirements (R) Has a return value (R) SystemStates (R) Ingoing Trigger Ports (R) Outgoing Trigger Ports (R) Ingoing Data Ports (R) Outgoing Data Ports (R) Signals (D) Runnables (D) DataType (D) Is Synchronous (D) Hardware (D) Ports (G) Callers (F) Return Type (F) Parameters (F)
ButtonRead

Reads the current button state from hardware

 Button
InDriver 0 0 0
QM QM - - - - - - - - uRTE_boolean_t true - - - -
drv_LED

Hardware write-Interface towards the LED

 LED
OutDriver 0 0 0
QM QM - - - - - - - - uRTE_boolean_t true - - - -
run_LED

Controls the LED signal and thus the LED

 LED
Runnable 0 0 0
- QM false
  • Runnable_00_blink_Tick
  • Runnable_blink_Button_IN
  • Runnable_00_blink_OUT
 - - - - - - - - -
run_UART_send

Sends UART messages periodically via the UART signal

 UART
Runnable 0 0 0
QM QM
true
  • Runnable_run_UART_send_TPortIN_1
  • Runnable_run_UART_send_DPortIN_1
  • Runnable_run_UART_send_DPortIN_2
  • Runnable_run_UART_send_UART_OUT
 - - - - - - - - -
run_UART_wakeUp

Runnable to switch into the UART state if there is an event in the Blink State.
This runnable does not use hardware signals but accesses hardware directly and is therefore associated with
an protection set grandting access to hardware.

 UART
Runnable 0 0 0
QM QM
true
  • Runnable_run_UART_WakeUP
- - - - - - - - -
run_readButton

Acquires the button state periodically and provides button signals

 Button
Runnable 0 0 0
QM QM false
  • Runnable_run_readButton_Tick
  • Runnable_run_readButton_Edge_OUT
  • run_readButton_HW_IN
  • Runnable_run_readButton_Button_OUT
  • Runnable_run_readButton_button_pressed_cnt
 - - - - - - - - -

Signals (4)

Signals associated with (Safety)Requirements of the model.

Signal Type Storage Runnables OUT Runnables IN Tasks SystemStates Requirements miminum Age maximum Age Checksum Force Sync Inline ISR API effective inline SIL req SIL ach Initial value (D) Pointer access (D) Datatype (D) Alt-In (D) Alt-Out (D) In-Driver (D) Out-Driver (D) OnData (D) OnError (D) OnTrigger (E)
HWO_UART

Hardware Out interface for UART.
No Signal-Datatype will be defined so that a typedef will be generated into the signal configuration.
Pointer access is granted so signal memory can be used directly by the application.

 Data local in
0 0 false false false false false QM QM true undefined
-
-
button state

A representation of the current button state

 Data local in
0 105 false false false false false SIL_1 QM false false uRTE_boolean_t
-
-
button_cnt

contains the number of seconds, the button has been pressed

 Data global in
Button		 0 202 true false false false false QM QM 0 false button_cnt_t
-
-
button_edge

Fired whenever the button is pressed (but not if it is released)

 Event local in
0 0 false false false false false QM QM - - - - - - - - -

Global Variables (1)

Global variables associated with (Safety)Requirements of the model.

Global Variable Container DataType Requirements public (S) InitValue Storage Protection Set (S) SIL req SIL ach
press_cnt

internal counter for button press duration

 run_readButton uRTE_uint16_t - 0 .button - QM QM

Activation-Events (2)

Activation events associated with (Safety)Requirements of the model.

Event Type Cycle Time (C) Offset (C) Task-Init (S) Requirements Ports Runnables Tasks SystemStates SIL req SIL ach
Button Timebase

Timebase for button read operations

 CyclicEvent 200 0 - SIL_1 QM
LED timebase

The timebase for the LED logic. Has an bit of offset to make sure it comes after the button has been read (button value is polled).

 CyclicEvent 100 2 -
  • Runnable_00_blink_Tick in run_LED
- QM

Testing Layer

Tests (3)

Tests associated with (Safety)Requirements.

Test User-ID Group Priority Status Procedure and Input-Data Expected Results SIL Requirements Technical-Functions Software-Units Signals Global variables Activation-Events Hardware-Components
(Test_132) Regular blink

The LED has to blink with a frequency of 1/100ms.

 Test_132 0 implemented Regular power-on without user-input A blinking LED
(Test_133) LED permanent ON

Check if the LED is permanent on if there is user-input from the button

 Test_133 0 implemented After a regular power-on, the button is pressed The LED shall be permanently on while the button is pressed
(Test_134) UART functional/system test

Tests the UART functionality at the system level

 Test_134 0 approved Regular power-on with a terminal connected to UART. The Button is pressed for 10 seconds. The string '--- UART WakeUp ----' is send whenever the button is pressed, followed by 'Button pressed for %d seconds.' messages, where '%d' represents the integer number of seconds the button already has been pressed.