uRTEDemo_03_Nucleo-F446RE_SystemStates_10_Model

Safety-Requirement - SafetyRequirement_96

Inter-task communication

µRTE easily can transmit events and data between tasks

Warnings

Testing Warnings (1)

Testing Warnings for SafetyRequirement Inter-task communication
Testing warnings are related to the tests in the testing layer and their depedencies.

(SafetyRequirement_96) Inter-task communication is not referencing a test and not all refinements reference a test.

Diagrams

Relationships

Requirements Model
Logical Function Model
Software units
Signals
Global variables
Activation Events
Hardware Model
Testing Model

Safety

Required
The SIL derived from the safety-goals linking to this safetyrequirement.
SIL derived 		QM
A manual overwrite of "SIL derived"
SIL manual 		derived
The required SIL of this requirement is defined by the derived SIL and can be overwritten by "SIL manual".
SIL required 		QM

Properties

Base
The name of this object. Certain classes of objects require this field to be unique. Please consider that this field might be used in code and thus must not contain special characters.
Name 		Inter-task communication
The type of this object within the uRTE model
Type 		SafetyRequirement
A descriptive text for this object. Please consider that this field might be used in code and thus must not contain special characters.
Description

µRTE easily can transmit events and data between tasks
A user defined ID which can be freely chosen. Please consider that this field might be used in code and thus must not contain special characters.
User-ID 		SafetyRequirement_96
Each object within the uRTE model has a unique ID, this is the ID for this object
UID 		_IFv9AOdCEeyMHMAOoLxcsQ
The package in which this SafetyRequirement is included.
Package
Meta-Data
The author of this requirement.
Author 		Thomas Barth
The date this requirement was created.
Creation Date 		Wed Jun 08 17:46:14 CEST 2022
The date when the implementation of the requirement statrs.
Start Date
The deadline until this requirement has to be achieved.
Deadline
The expenses of this requirement.
Expense 		0.0
Who is responsible for this requirement.
Responsibe 		Thomas Barth
The category of this requirement.
Category 		product
The type of this requirement.
Type 		functional
The status of this requirement.
Status 		implemented
The purpose of the justification is to provide rationale for the requirement status and the like.
Justification
Stereotype
Function type of this safetyrequirement.
Function Type 		System_Function
Directly associated Implementation

Signals (3)

Signals this requirement is mapped to

Signal Type Storage Runnables OUT Runnables IN Tasks SystemStates Requirements miminum Age maximum Age Checksum Force Sync Inline ISR API effective inline SIL required SIL achieved Initial value (D) Pointer access (D) Datatype (D) Alt-In (D) Alt-Out (D) In-Driver (D) Out-Driver (D) OnData (D) OnError (D) OnTrigger (E)
button state

A representation of the current button state

 Data local in
0 105 false false false false false SIL_1 QM false false uRTE_boolean_t
-
-
button_cnt

contains the number of seconds, the button has been pressed

 Data global in
Button		 0 202 true false false false false QM QM 0 false button_cnt_t
-
-
button_edge

Fired whenever the button is pressed (but not if it is released)

 Event local in
0 0 false false false false false QM QM - - - - - - - - -
Direct (Safety)Requirement dependencies

Refining (Safety)Requirements (2)

(Safety)Requirements this Safety Requirement is directly refined by.

(Safety)Requirement Parent User-ID Author Creation Date Start Date Deadline Expense Responsibe Category Type Status Justification Function Type SIL derived SIL manual SIL required Tests Technical Functions Software Other SW Hardware Signals Global variables Activation events Use-Cases User-Stories Refining Conflicting refined by conflicted by
SafetyRequirement_111 - SignalLayer features

Demonstrate the use of scalers and validators.
Make use of age restrictions, checksums and pointer access.

 SafetyRequirement_111 Thu Jun 09 20:52:41 CEST 2022 0.0 product functional approved System_Function QM derived QM
SafetyRequirement_97 - local and global signals

Signals can either be global data objects of local objects on the task stack.
Global signals are the same for everyone while with local signals each task has an own copy which gets synchroized if the signal changes,

 SafetyRequirement_97 Wed Jun 08 17:49:01 CEST 2022 0.0 product non_functional implemented System_Function QM derived QM

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios for directly associated Hazardous Events.

Hazard Scenario Parent Hazard Events
Potential customers don't like the tool

This would be very sad.

Hazardous Events (2)

Hazardous Events for directly associated Safety Goals.

Hazardous Event Parent Probability Controllability Effect SIL Safety-Goals
Complexity

The user might think µRTE is hard to use.

 QM
Unknown features

The customer might not see the full spectrum of features µRTE comes with.

 QM

Safetygoals (1)

Safety Goals directly linking to this Requirement.

Safety Goal Parent Function Type SIL derived SIL manual SIL required Safe State Safety Requirements
Show most important features in an lightweight demo

An small demo model with the most important features shall show the most important features of µRTE.

 System_Function QM derived QM Show slides

All refining (Safety)Requirements (3)

All (Safety)Requirements refining this Safety Requirement.

(Safety)Requirement Parent User-ID Author Creation Date Start Date Deadline Expense Responsibe Category Type Status Justification Function Type SIL derived SIL manual SIL required Tests Technical Functions Software Other SW Hardware Signals Global variables Activation events Use-Cases User-Stories Refining Conflicting refined by conflicted by
Requirement_95 - UART

When the button is pressed, the system-state shall change from Blink into UART mode.
The start of UART mode shall be signaled via UART.
As long as the button is pressed, UART strings with the time in seconds the Button was pressed shall be send with the frequency with which the button pressed signal is updated.

 Requirement_95 Thomas Barth Wed Jun 08 17:56:19 CEST 2022 0.0 Thomas Barth product functional implemented - - - -
SafetyRequirement_111 - SignalLayer features

Demonstrate the use of scalers and validators.
Make use of age restrictions, checksums and pointer access.

 SafetyRequirement_111 Thu Jun 09 20:52:41 CEST 2022 0.0 product functional approved System_Function QM derived QM
SafetyRequirement_97 - local and global signals

Signals can either be global data objects of local objects on the task stack.
Global signals are the same for everyone while with local signals each task has an own copy which gets synchroized if the signal changes,

 SafetyRequirement_97 Wed Jun 08 17:49:01 CEST 2022 0.0 product non_functional implemented System_Function QM derived QM

Functional Layer

Technical Functions (1)

Technical functions associated with refining requirements

Function LFB Software Hardware Other Software SIL required SIL achieved SIL justification sub Technical Functions Requirements sub Requirements
UART

If the button is pressed, UART messages indicating the press duration are sent.
SIL_1 QM

Logical Function Blocks (3)

Logical Function Blocks which map to technical functions associated with refining requirements.

Function Type Technical functions
Button

An binary HMI

 Input
Controller

The MCU implementing the logic

 Service
PC

A PC receiving UART messages

 Monitor

Software Layer

Software units (2)

Software units associated with refining requirements.

Unit Parent Function calls other Software Elements Technical Functions Requirements Type Tasks WCET Stack ROM Globals ProtectionSets SIL required SIL achieved sub Technical Functions (R) sub Requirements (R) Has a return value (R) SystemStates (R) Ingoing Trigger Ports (R) Outgoing Trigger Ports (R) Ingoing Data Ports (R) Outgoing Data Ports (R) Signals (D) Runnables (D) DataType (D) Is Synchronous (D) Hardware (D) Ports (G) Callers (F) Return Type (F) Parameters (F)
run_UART_send

Sends UART messages periodically via the UART signal

 UART
Runnable 0 0 0
SIL_1 QM
true
  • Runnable_run_UART_send_TPortIN_1
  • Runnable_run_UART_send_DPortIN_1
  • Runnable_run_UART_send_DPortIN_2
  • Runnable_run_UART_send_UART_OUT
 - - - - - - - - -
run_UART_wakeUp

Runnable to switch into the UART state if there is an event in the Blink State.
This runnable does not use hardware signals but accesses hardware directly and is therefore associated with
an protection set grandting access to hardware.

 UART
Runnable 0 0 0
SIL_1 QM
true
  • Runnable_run_UART_WakeUP
- - - - - - - - -

Signals (3)

Signals associated with refining requirements

Signal Type Storage Runnables OUT Runnables IN Tasks SystemStates Requirements miminum Age maximum Age Checksum Force Sync Inline ISR API effective inline SIL required SIL achieved Initial value (D) Pointer access (D) Datatype (D) Alt-In (D) Alt-Out (D) In-Driver (D) Out-Driver (D) OnData (D) OnError (D) OnTrigger (E)
HWO_UART

Hardware Out interface for UART.
No Signal-Datatype will be defined so that a typedef will be generated into the signal configuration.
Pointer access is granted so signal memory can be used directly by the application.

 Data local in
0 0 false false false false false QM QM true
If not type is defined, a type definition template will be generated into the signal configuration file.
undefined
-
-
button state

A representation of the current button state

 Data local in
0 105 false false false false false SIL_1 QM false false uRTE_boolean_t
-
-
button_cnt

contains the number of seconds, the button has been pressed

 Data global in
Button		 0 202 true false false false false QM QM 0 false button_cnt_t
-
-

Testing Layer

Tests (1)

Tests associated associated with refining requirements.

Test User-ID Group Priority Status Procedure and Input-Data Expected Results gen Name gen Props SIL Requirements Technical-Functions Software-Units Signals Global variables Activation-Events Hardware-Components
(Test_134) UART functional/system test

Tests the UART functionality at the system level

 Test_134 0 approved Regular power-on with a terminal connected to UART. The Button is pressed for 10 seconds. The string '--- UART WakeUp ----' is send whenever the button is pressed, followed by 'Button pressed for %d seconds.' messages, where '%d' represents the integer number of seconds the button already has been pressed.