+Requirement Model
- +Blinking LED
- +UART
+Logical Function Model
- Controller
- LED
- PC
- Button
- Blinking LED
- UART
+Software Model
- +Software
  - +Button
    - ButtonRead
    - +run_readButton
      - press_cnt
  - +LED
    - drv_LED
    - run_LED
  - +UART
- +RTE
  - +Activation Engine
    - Button Timebase
    - LED timebase
  - +Signal Layer
    - HWI LED
    - HWI_Button
    - button state
    - button_edge
    - button_cnt
    - HWO_UART
    - +Signal-Pools
      - Button
  - +System States
    - Blink
    - UART
    - +State-Handler
- +RTOS
  - Button
  - LED
  - UART
- +Linkage
  - +Output-Sections
  - +Protection-Sets
    - BaseProtection
    - UART
- +DataTypes
+Hardware Model
- +Nucelo-F446RE
  - +STM32F446RE
    - Arm® Cortex®-M4
    - main
    - +GPIO
      - PA5
      - PC13-TAMPER-RTC
    - USART
  - Button
  - LED
+Testing Model
- +Item Tests
  - (Test_128) Smoke-Test
- +Functional Tests
  - +Blinking LED
    - (Test_132) Regular blink
    - (Test_133) LED permanent ON
  - +UART
    - (Test_134) UART functional/system test

Safety-Requirement - SafetyRequirement_115

Protection Sets

Show how protection sets can be used to grant access to hardware.

Warnings

Testing Warnings (1)

Testing Warnings for SafetyRequirement Protection Sets
Testing warnings are related to the tests in the testing layer and their depedencies.

(SafetyRequirement_115) Protection Sets is not referencing a test but all refinements reference a test.

Diagrams

Relationships

Requirements Model

Logical Function Model

Software units

Signals

Global variables

Activation Events

Hardware Model

Testing Model

Safety

Required
The SIL derived from the safety-goals linking to this safetyrequirement. SIL derived	QM
A manual overwrite of "SIL derived" SIL manual	derived
The required SIL of this requirement is defined by the derived SIL and can be overwritten by "SIL manual". SIL required	QM

Properties

Base

Name

Protection Sets

Type

SafetyRequirement

Description

Show how protection sets can be used to grant access to hardware.

User-ID

SafetyRequirement_115

UID

_U8gSEOi4EeyZCNhXq78uhw

Package

UART

Meta-Data

Author

Creation Date

Fri Jun 10 14:24:52 CEST 2022

Start Date

Deadline

Expense

0.0

Responsibe

Software units (1)

Software-Components this requirement is mapped to.

Unit	Parent	Function calls	other Software Elements	Technical Functions	Requirements	Type	Tasks	WCET	Stack	ROM	Globals	ProtectionSets	SIL required	SIL achieved	sub Technical Functions (R)	sub Requirements (R)	Has a return value (R)	SystemStates (R)	Ingoing Trigger Ports (R)	Outgoing Trigger Ports (R)	Ingoing Data Ports (R)	Outgoing Data Ports (R)	Signals (D)	Runnables (D)	DataType (D)	Is Synchronous (D)	Hardware (D)	Ports (G)	Callers (F)	Return Type (F)	Parameters (F)
run_UART_wakeUp Runnable to switch into the UART state if there is an event in the Blink State. This runnable does not use hardware signals but accesses hardware directly and is therefore associated with an protection set grandting access to hardware.	UART			UART	Requirement_95 - UART SafetyRequirement_115 - Protection Sets Requirement_95 - UART SafetyRequirement_98 - Multiple System-States Requirement_95 - UART	Runnable	UART	0	0	0		UART	SIL_1	QM			true	Blink	Runnable_run_UART_WakeUP				-	-	-	-	-	-	-	-	-

Direct (Safety)Requirement dependencies

Refining (Safety)Requirements (1)

(Safety)Requirements this Safety Requirement is directly refined by.

(Safety)Requirement	Parent	User-ID	Author	Creation Date	Start Date	Deadline	Expense	Responsibe	Category	Type	Status	Justification	Function Type	SIL derived	SIL manual	SIL required	Tests	Technical Functions	Software	Other SW	Hardware	Signals	Global variables	Activation events	Use-Cases	User-Stories	Refining	Conflicting	refined by	conflicted by
Requirement_95 - UART When the button is pressed, the system-state shall change from Blink into UART mode. The start of UART mode shall be signaled via UART. As long as the button is pressed, UART strings with the time in seconds the Button was pressed shall be send with the frequency with which the button pressed signal is updated.	UART	Requirement_95	Thomas Barth	Wed Jun 08 17:56:19 CEST 2022			0.0	Thomas Barth	product	functional	implemented		-	-	-	-	(Test_134) UART functional/system test	UART	run_UART_send run_UART_wakeUp										SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_115 - Protection Sets Requirement_95 - UART SafetyRequirement_93 - Runnable activation by signal events Requirement_95 - UART SafetyRequirement_94 - Global variables Requirement_95 - UART SafetyRequirement_95 - Runnable activation by cyclic events Requirement_95 - UART SafetyRequirement_97 - local and global signals Requirement_95 - UART SafetyRequirement_98 - Multiple System-States Requirement_95 - UART

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios for directly associated Hazardous Events.

Hazard Scenario	Parent	Hazard Events
Potential customers don't like the tool This would be very sad.	UART	Complexity Unknown features

Hazardous Events (2)

Hazardous Events for directly associated Safety Goals.

Hazardous Event	Parent	Probability	Controllability	Effect	SIL	Safety-Goals
Complexity The user might think µRTE is hard to use.	UART				QM	Show most important features in an lightweight demo
Unknown features The customer might not see the full spectrum of features µRTE comes with.	UART				QM	Show most important features in an lightweight demo

Safetygoals (1)

Safety Goals directly linking to this Requirement.

Safety Goal	Parent	Function Type	SIL derived	SIL manual	SIL required	Safe State	Safety Requirements
Show most important features in an lightweight demo An small demo model with the most important features shall show the most important features of µRTE.	UART	System_Function	QM	derived	QM	Show slides	SafetyRequirement_94 - Global variables Requirement_95 - UART SafetyRequirement_110 - Hardware Interfacing SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_96 - Inter-task communication SafetyRequirement_97 - local and global signals Requirement_95 - UART SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_98 - Multiple System-States Requirement_95 - UART SafetyRequirement_115 - Protection Sets Requirement_95 - UART SafetyRequirement_95 - Runnable activation by cyclic events Requirement_95 - UART SafetyRequirement_93 - Runnable activation by signal events Requirement_95 - UART

All refining (Safety)Requirements (1)

All (Safety)Requirements refining this Safety Requirement.

(Safety)Requirement	Parent	User-ID	Author	Creation Date	Start Date	Deadline	Expense	Responsibe	Category	Type	Status	Justification	Function Type	SIL derived	SIL manual	SIL required	Tests	Technical Functions	Software	Other SW	Hardware	Signals	Global variables	Activation events	Use-Cases	User-Stories	Refining	Conflicting	refined by	conflicted by
Requirement_95 - UART When the button is pressed, the system-state shall change from Blink into UART mode. The start of UART mode shall be signaled via UART. As long as the button is pressed, UART strings with the time in seconds the Button was pressed shall be send with the frequency with which the button pressed signal is updated.	UART	Requirement_95	Thomas Barth	Wed Jun 08 17:56:19 CEST 2022			0.0	Thomas Barth	product	functional	implemented		-	-	-	-	(Test_134) UART functional/system test	UART	run_UART_send run_UART_wakeUp										SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_115 - Protection Sets Requirement_95 - UART SafetyRequirement_93 - Runnable activation by signal events Requirement_95 - UART SafetyRequirement_94 - Global variables Requirement_95 - UART SafetyRequirement_95 - Runnable activation by cyclic events Requirement_95 - UART SafetyRequirement_97 - local and global signals Requirement_95 - UART SafetyRequirement_98 - Multiple System-States Requirement_95 - UART

Functional Layer

Technical Functions (1)

Technical functions associated with refining requirements

Function	LFB	Software	Hardware	Other Software	SIL required	SIL achieved	SIL justification	sub Technical Functions	Requirements	sub Requirements
UART If the button is pressed, UART messages indicating the press duration are sent.	Button Controller PC	run_UART_send UART out run_UART_wakeUp run_readButton ButtonRead	USART		SIL_1	QM		Blinking LED UART	Requirement_95 - UART SafetyRequirement_93 - Runnable activation by signal events Requirement_95 - UART SafetyRequirement_94 - Global variables Requirement_95 - UART SafetyRequirement_95 - Runnable activation by cyclic events Requirement_95 - UART	Requirement_95 - UART SafetyRequirement_110 - Hardware Interfacing SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_115 - Protection Sets Requirement_95 - UART SafetyRequirement_94 - Global variables Requirement_95 - UART SafetyRequirement_98 - Multiple System-States Requirement_95 - UART

Logical Function Blocks (3)

Logical Function Blocks which map to technical functions associated with refining requirements.

Function	Type	Technical functions
Button An binary HMI	Input	Blinking LED UART
Controller The MCU implementing the logic	Service	Blinking LED UART
PC A PC receiving UART messages	Monitor	UART

Software Layer

Software units (2)

Software units associated with refining requirements.

Unit	Parent	Function calls	other Software Elements	Technical Functions	Requirements	Type	Tasks	WCET	Stack	ROM	Globals	ProtectionSets	SIL required	SIL achieved	sub Technical Functions (R)	sub Requirements (R)	Has a return value (R)	SystemStates (R)	Ingoing Trigger Ports (R)	Outgoing Trigger Ports (R)	Ingoing Data Ports (R)	Outgoing Data Ports (R)	Signals (D)	Runnables (D)	DataType (D)	Is Synchronous (D)	Hardware (D)	Ports (G)	Callers (F)	Return Type (F)	Parameters (F)
run_UART_send Sends UART messages periodically via the UART signal	UART			UART	Requirement_95 - UART SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_98 - Multiple System-States Requirement_95 - UART	Runnable	UART	0	0	0			SIL_1	QM	UART		true	UART	Runnable_run_UART_send_TPortIN_1		Runnable_run_UART_send_DPortIN_1 Runnable_run_UART_send_DPortIN_2	Runnable_run_UART_send_UART_OUT	-	-	-	-	-	-	-	-	-
run_UART_wakeUp Runnable to switch into the UART state if there is an event in the Blink State. This runnable does not use hardware signals but accesses hardware directly and is therefore associated with an protection set grandting access to hardware.	UART			UART	Requirement_95 - UART SafetyRequirement_115 - Protection Sets Requirement_95 - UART SafetyRequirement_98 - Multiple System-States Requirement_95 - UART	Runnable	UART	0	0	0		UART	SIL_1	QM			true	Blink	Runnable_run_UART_WakeUP				-	-	-	-	-	-	-	-	-

Testing Layer

Tests (1)

Tests associated associated with refining requirements.

Test	User-ID	Group	Priority	Status	Procedure and Input-Data	Expected Results	gen Name	gen Props	SIL	Requirements	Technical-Functions	Software-Units	Signals	Global variables	Activation-Events	Hardware-Components
(Test_134) UART functional/system test Tests the UART functionality at the system level	Test_134	Functional Tests UART	0	approved	Regular power-on with a terminal connected to UART. The Button is pressed for 10 seconds.	The string '--- UART WakeUp ----' is send whenever the button is pressed, followed by 'Button pressed for %d seconds.' messages, where '%d' represents the integer number of seconds the button already has been pressed.				Requirement_95 - UART	UART	run_UART_send run_UART_wakeUp