uRTEDemo_03_Nucleo-F446RE_SystemStates_10_Model

Safety-Requirement - SafetyRequirement_111

SignalLayer features

Demonstrate the use of scalers and validators.
Make use of age restrictions, checksums and pointer access.

Warnings

Testing Warnings (1)

Testing Warnings for SafetyRequirement SignalLayer features
Testing warnings are related to the tests in the testing layer and their depedencies.

(SafetyRequirement_111) SignalLayer features is not referencing a test but all refinements reference a test.

Requirements Warnings (1)

Requirements Warnings for SafetyRequirement SignalLayer features
Requirements warnings are related to the requirements layer.

(SafetyRequirement_111) SignalLayer features is not rejected or implemented.

Diagrams

Relationships

Requirements Model
Logical Function Model
Software units
Signals
Global variables
Activation Events
Hardware Model
Testing Model

Safety

Required
The SIL derived from the safety-goals linking to this safetyrequirement.
SIL derived 		QM
A manual overwrite of "SIL derived"
SIL manual 		derived
The required SIL of this requirement is defined by the derived SIL and can be overwritten by "SIL manual".
SIL required 		QM

Properties

Base
The name of this object. Certain classes of objects require this field to be unique. Please consider that this field might be used in code and thus must not contain special characters.
Name 		SignalLayer features
The type of this object within the uRTE model
Type 		SafetyRequirement
A descriptive text for this object. Please consider that this field might be used in code and thus must not contain special characters.
Description

Demonstrate the use of scalers and validators. Make use of age restrictions, checksums and pointer access.
A user defined ID which can be freely chosen. Please consider that this field might be used in code and thus must not contain special characters.
User-ID 		SafetyRequirement_111
Each object within the uRTE model has a unique ID, this is the ID for this object
UID 		_V1R28OglEeyW7KW0StAaTw
The package in which this SafetyRequirement is included.
Package
Meta-Data
The author of this requirement.
Author
The date this requirement was created.
Creation Date 		Thu Jun 09 20:52:41 CEST 2022
The date when the implementation of the requirement statrs.
Start Date
The deadline until this requirement has to be achieved.
Deadline
The expenses of this requirement.
Expense 		0.0
Who is responsible for this requirement.
Responsibe
The category of this requirement.
Category 		product
The type of this requirement.
Type 		functional
The status of this requirement.
Status 		approved
The purpose of the justification is to provide rationale for the requirement status and the like.
Justification
Stereotype
Function type of this safetyrequirement.
Function Type 		System_Function
Directly associated Implementation

Software units (1)

Software-Components this requirement is mapped to.

Unit Parent Function calls other Software Elements Technical Functions Requirements Type Tasks WCET Stack ROM Globals ProtectionSets SIL required SIL achieved sub Technical Functions (R) sub Requirements (R) Has a return value (R) SystemStates (R) Ingoing Trigger Ports (R) Outgoing Trigger Ports (R) Ingoing Data Ports (R) Outgoing Data Ports (R) Signals (D) Runnables (D) DataType (D) Is Synchronous (D) Hardware (D) Ports (G) Callers (F) Return Type (F) Parameters (F)
run_UART_send

Sends UART messages periodically via the UART signal

 UART
Runnable 0 0 0
SIL_1 QM
true
  • Runnable_run_UART_send_TPortIN_1
  • Runnable_run_UART_send_DPortIN_1
  • Runnable_run_UART_send_DPortIN_2
  • Runnable_run_UART_send_UART_OUT
 - - - - - - - - -

Signals (2)

Signals this requirement is mapped to

Signal Type Storage Runnables OUT Runnables IN Tasks SystemStates Requirements miminum Age maximum Age Checksum Force Sync Inline ISR API effective inline SIL required SIL achieved Initial value (D) Pointer access (D) Datatype (D) Alt-In (D) Alt-Out (D) In-Driver (D) Out-Driver (D) OnData (D) OnError (D) OnTrigger (E)
HWO_UART

Hardware Out interface for UART.
No Signal-Datatype will be defined so that a typedef will be generated into the signal configuration.
Pointer access is granted so signal memory can be used directly by the application.

 Data local in
0 0 false false false false false QM QM true
If not type is defined, a type definition template will be generated into the signal configuration file.
undefined
-
-
button_cnt

contains the number of seconds, the button has been pressed

 Data global in
Button		 0 202 true false false false false QM QM 0 false button_cnt_t
-
-
Direct (Safety)Requirement dependencies

Refining (Safety)Requirements (1)

(Safety)Requirements this Safety Requirement is directly refined by.

(Safety)Requirement Parent User-ID Author Creation Date Start Date Deadline Expense Responsibe Category Type Status Justification Function Type SIL derived SIL manual SIL required Tests Technical Functions Software Other SW Hardware Signals Global variables Activation events Use-Cases User-Stories Refining Conflicting refined by conflicted by
Requirement_95 - UART

When the button is pressed, the system-state shall change from Blink into UART mode.
The start of UART mode shall be signaled via UART.
As long as the button is pressed, UART strings with the time in seconds the Button was pressed shall be send with the frequency with which the button pressed signal is updated.

 Requirement_95 Thomas Barth Wed Jun 08 17:56:19 CEST 2022 0.0 Thomas Barth product functional implemented - - - -

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios for all Hazardous Events of refined requirements.

Hazard Scenario Parent Hazard Events
Potential customers don't like the tool

This would be very sad.

Hazardous Events (2)

Hazardous Events for all Safety Goals of refined requirements.

Hazardous Event Parent Probability Controllability Effect SIL Safety-Goals
Complexity

The user might think µRTE is hard to use.

 QM
Unknown features

The customer might not see the full spectrum of features µRTE comes with.

 QM

Safetygoals (1)

Safety Goals linking to requirements this requirement is refining.

Safety Goal Parent Function Type SIL derived SIL manual SIL required Safe State Safety Requirements
Show most important features in an lightweight demo

An small demo model with the most important features shall show the most important features of µRTE.

 System_Function QM derived QM Show slides

All refined (Safety)Requirements (2)

All (Safety)Requirements this Safety Requirement is refining.

(Safety)Requirement Parent User-ID Author Creation Date Start Date Deadline Expense Responsibe Category Type Status Justification Function Type SIL derived SIL manual SIL required Tests Technical Functions Software Other SW Hardware Signals Global variables Activation events Use-Cases User-Stories Refining Conflicting refined by conflicted by
SafetyRequirement_110 - Hardware Interfacing

How to read and write data form and to hardware.

 SafetyRequirement_110 Thomas Barth Thu Jun 09 20:50:22 CEST 2022 0.0 Thomas Barth product functional approved System_Function QM derived QM
SafetyRequirement_96 - Inter-task communication

µRTE easily can transmit events and data between tasks

 SafetyRequirement_96 Thomas Barth Wed Jun 08 17:46:14 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM derived QM

Refined (Safety)Requirements (2)

(Safety)Requirements directly refined by this Safety Requirement.

(Safety)Requirement Parent User-ID Author Creation Date Start Date Deadline Expense Responsibe Category Type Status Justification Function Type SIL derived SIL manual SIL required Tests Technical Functions Software Other SW Hardware Signals Global variables Activation events Use-Cases User-Stories Refining Conflicting refined by conflicted by
SafetyRequirement_110 - Hardware Interfacing

How to read and write data form and to hardware.

 SafetyRequirement_110 Thomas Barth Thu Jun 09 20:50:22 CEST 2022 0.0 Thomas Barth product functional approved System_Function QM derived QM
SafetyRequirement_96 - Inter-task communication

µRTE easily can transmit events and data between tasks

 SafetyRequirement_96 Thomas Barth Wed Jun 08 17:46:14 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM derived QM

All refining (Safety)Requirements (1)

All (Safety)Requirements refining this Safety Requirement.

(Safety)Requirement Parent User-ID Author Creation Date Start Date Deadline Expense Responsibe Category Type Status Justification Function Type SIL derived SIL manual SIL required Tests Technical Functions Software Other SW Hardware Signals Global variables Activation events Use-Cases User-Stories Refining Conflicting refined by conflicted by
Requirement_95 - UART

When the button is pressed, the system-state shall change from Blink into UART mode.
The start of UART mode shall be signaled via UART.
As long as the button is pressed, UART strings with the time in seconds the Button was pressed shall be send with the frequency with which the button pressed signal is updated.

 Requirement_95 Thomas Barth Wed Jun 08 17:56:19 CEST 2022 0.0 Thomas Barth product functional implemented - - - -

Functional Layer

Technical Functions (1)

Technical functions associated with refining requirements

Function LFB Software Hardware Other Software SIL required SIL achieved SIL justification sub Technical Functions Requirements sub Requirements
UART

If the button is pressed, UART messages indicating the press duration are sent.
SIL_1 QM

Logical Function Blocks (3)

Logical Function Blocks which map to technical functions associated with refining requirements.

Function Type Technical functions
Button

An binary HMI

 Input
Controller

The MCU implementing the logic

 Service
PC

A PC receiving UART messages

 Monitor

Software Layer

Software units (2)

Software units associated with refining requirements.

Unit Parent Function calls other Software Elements Technical Functions Requirements Type Tasks WCET Stack ROM Globals ProtectionSets SIL required SIL achieved sub Technical Functions (R) sub Requirements (R) Has a return value (R) SystemStates (R) Ingoing Trigger Ports (R) Outgoing Trigger Ports (R) Ingoing Data Ports (R) Outgoing Data Ports (R) Signals (D) Runnables (D) DataType (D) Is Synchronous (D) Hardware (D) Ports (G) Callers (F) Return Type (F) Parameters (F)
run_UART_send

Sends UART messages periodically via the UART signal

 UART
Runnable 0 0 0
SIL_1 QM
true
  • Runnable_run_UART_send_TPortIN_1
  • Runnable_run_UART_send_DPortIN_1
  • Runnable_run_UART_send_DPortIN_2
  • Runnable_run_UART_send_UART_OUT
 - - - - - - - - -
run_UART_wakeUp

Runnable to switch into the UART state if there is an event in the Blink State.
This runnable does not use hardware signals but accesses hardware directly and is therefore associated with
an protection set grandting access to hardware.

 UART
Runnable 0 0 0
SIL_1 QM
true
  • Runnable_run_UART_WakeUP
- - - - - - - - -

Testing Layer

Tests (1)

Tests associated associated with refining requirements.

Test User-ID Group Priority Status Procedure and Input-Data Expected Results gen Name gen Props SIL Requirements Technical-Functions Software-Units Signals Global variables Activation-Events Hardware-Components
(Test_134) UART functional/system test

Tests the UART functionality at the system level

 Test_134 0 approved Regular power-on with a terminal connected to UART. The Button is pressed for 10 seconds. The string '--- UART WakeUp ----' is send whenever the button is pressed, followed by 'Button pressed for %d seconds.' messages, where '%d' represents the integer number of seconds the button already has been pressed.