uRTEDemo_03_Nucleo-F446RE_SystemStates_10_Model

SignalDataObject

button state

A representation of the current button state

Warnings

Safety (1)

Safety Warnings for SignalDataObject button state.
Safety warnings are related to the Requirements Layer, especially the SIL

button state has a SIL required of SIL_1 but a SIL achieved of QM

Diagrams

Relationships

Requirements Model
Logical Function Model
Software Model
Hardware Model

Safety

Required
The highest SIL derived from SafetyRequirements.
SIL derived 		SIL_1
This attribute allows to overwrite the derived SIL level. The result is the SIL effective attribute.
SIL manual 		derived
The reason why the derived SIL is ignored and an explicit SIL is set.
reason
The SIL required for this implementation unit is defined by the derived SIL but can be overwritten by "SIL manual".
SIL required 		SIL_1
Achieved
The achieved SIL for this implementation unit. Has to be provided by the user.
SIL achieved 		QM
A justification why a certain SIL was achieved.
justification

Properties

Base
The name of this object. Certain classes of objects require this field to be unique. Please consider that this field might be used in code and thus must not contain special characters.
Name 		button state
The type of this object within the uRTE model
Type 		SignalDataObject
A descriptive text for this object. Please consider that this field might be used in code and thus must not contain special characters.
Description

A representation of the current button state
A user defined ID which can be freely chosen. Please consider that this field might be used in code and thus must not contain special characters.
User-ID 		SignalDataObject_43
Each object within the uRTE model has a unique ID, this is the ID for this object
UID 		_Gp4swOZiEeyZ2OzYlvU4PA
signal configuration
The minimum age of the signal. If the value is other than 0 then the signal will not be valid if the minimum age is not reached.
miminum Age 		0
The maximum age of the signal. If the value is other than 0 then the signal will not be valid if the maximum age is reached.
maximum Age 		105
Lokal signals are stored in all stacks of all tasks using them, global signals are stored as global data-objects.
Storage (isLocal) 		local signal
if the checksum feature is enabled, the signals content (meta-data and payload) will be protected by a user defined hash alogrithm. The hash is calculated after every write operation to the signal and is checked with every read operation.
Checksum 		false
Depending on how a signal is configured and used, the generator can decide wether an change of the signal shall be signaled by sending a trigger or a deep copy of the signal to the corresponding tasks. If this flag is set, the generator will choose deep copy sychronization over notification where possible.
Force Sync 		false
Determines if the signal code shall be inlined. Might be overwritten by the Signalpool or the SignalLayer
Inline 		false
The inline property might be overwritten by the signalPool or the SignalLayer. This is the effective inline.
effective inline 		false
If this flag is set, an API will be generated with which the signal can be used from an ISR context. This option works along with the global "signal_ISR_API" option.
Has ISR API 		false
The ISR property might be overwritten by the global configuration. This is the effective ISR API status.
effective ISR API 		deactivated for all signals
datasignal configuration
The initial value of the signal. If no value is set, the generator will try to use the inital value of the datatype (if defined).
Initial value: 		false
Will create methods which allow to access the signals payload via a pointer. Meant for signals with large payload or timing critical signals. Use with caution!
Pointer access: 		false
Datatype of the signal payload.
Datatype: 		uRTE_boolean_t
Triggers

OnData (1)

Triggers to be fired if there is new valid payload.

Port Events Signal event source Container Task Guard Order
Runnable_run_UART_send_TPortIN_1
run_UART_send UART
0

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios for associated Hazardous Events.

Hazard Scenario Parent Hazard Events
Potential customers don't like the tool

This would be very sad.

Hazardous Events (2)

Hazardous Events for associated Safety Goals.

Hazardous Event Parent Probability Controllability Effect SIL Safety-Goals
Complexity

The user might think µRTE is hard to use.

 QM
Unknown features

The customer might not see the full spectrum of features µRTE comes with.

 QM

Safetygoals (1)

Safety Goals linking to the Requirements.

Safety Goal Parent Function Type SIL derived SIL manual SIL required Safe State Safety Requirements
Show most important features in an lightweight demo

An small demo model with the most important features shall show the most important features of µRTE.

 System_Function QM derived QM Show slides

(Safety)Requirements (4)

Requirements referencing to signal button state.

(Safety)Requirement Parent User-ID Author Creation Date Start Date Deadline Expense Responsibe Category Type Status Justification Function Type SIL derived SIL manual SIL required Tests Technical Functions Software Other SW Hardware Signals Global variables Activation events Use-Cases User-Stories Refining Conflicting refined by conflicted by
SafetyRequirement_93 - Runnable activation by signal events

Runnables can be activated by signal (onData/onError) events.

 SafetyRequirement_93 Thomas Barth Wed Jun 08 17:34:15 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM derived QM
SafetyRequirement_95 - Runnable activation by cyclic events

Runnables can be activated by cyclic events.

 SafetyRequirement_95 Thomas Barth Wed Jun 08 17:34:15 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM SIL_1 SIL_1
SafetyRequirement_96 - Inter-task communication

µRTE easily can transmit events and data between tasks

 SafetyRequirement_96 Thomas Barth Wed Jun 08 17:46:14 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM derived QM
SafetyRequirement_97 - local and global signals

Signals can either be global data objects of local objects on the task stack.
Global signals are the same for everyone while with local signals each task has an own copy which gets synchroized if the signal changes,

 SafetyRequirement_97 Wed Jun 08 17:49:01 CEST 2022 0.0 product non_functional implemented System_Function QM derived QM

Software Layer

Data-Out Runnables (1)

Runnables in which signal button state is an output.

Unit Parent Function calls other Software Elements Technical Functions Requirements Type Tasks WCET Stack ROM Globals ProtectionSets SIL required SIL achieved sub Technical Functions sub Requirements) Has a return value SystemStates Ingoing Trigger Ports Outgoing Trigger Ports Ingoing Data Ports Outgoing Data Ports
run_readButton

Acquires the button state periodically and provides button signals

 Button
Runnable 0 0 0
SIL_1 QM false
  • Runnable_run_readButton_Tick
  • Runnable_run_readButton_Edge_OUT
  • run_readButton_HW_IN
  • Runnable_run_readButton_Button_OUT
  • Runnable_run_readButton_button_pressed_cnt

Data-In Runnables (2)

Runnables in which signal button state is an input.

Unit Parent Function calls other Software Elements Technical Functions Requirements Type Tasks WCET Stack ROM Globals ProtectionSets SIL required SIL achieved sub Technical Functions sub Requirements) Has a return value SystemStates Ingoing Trigger Ports Outgoing Trigger Ports Ingoing Data Ports Outgoing Data Ports
run_LED

Controls the LED signal and thus the LED

 LED
Runnable 0 0 0
SIL_1 QM false
  • Runnable_00_blink_Tick
  • Runnable_blink_Button_IN
  • Runnable_00_blink_OUT
run_UART_send

Sends UART messages periodically via the UART signal

 UART
Runnable 0 0 0
SIL_1 QM
true
  • Runnable_run_UART_send_TPortIN_1
  • Runnable_run_UART_send_DPortIN_1
  • Runnable_run_UART_send_DPortIN_2
  • Runnable_run_UART_send_UART_OUT

Input signals (1)

Signals that are input to runnables for which signal button state is an output.

Signal Type Storage Runnables OUT Runnables IN Tasks SystemStates Requirements miminum Age maximum Age Checksum Force Sync Inline ISR API effective inline SIL required SIL achieved Initial value (D) Pointer access (D) Datatype (D) Alt-In (D) Alt-Out (D) In-Driver (D) Out-Driver (D) OnData (D) OnError (D) OnTrigger (E)
HWI_Button

Hardware interface for the button

 Data local in
0 2 false false false false false - QM false false uRTE_boolean_t
ButtonRead
-

Tasks (3)

Tasks in which signal button state is used.

Task Core SIL Priority Software States Signals Init Hardware OutputSections Own TimeBase Stack
Button

Task responsible for reading the button state

 Arm® Cortex®-M4 SIL_1 6 - false .rtos.task.Button
LED

Task responsible to let the LED blink

 Arm® Cortex®-M4 SIL_1 4 - false .rtos.task.LED
UART

Task responsible for sending out UART protocolls

 Arm® Cortex®-M4 SIL_1 5 - false .rtos.task.UART

System-States (2)

SystemStates in which signal button state is used.

State isStart Runnables Tasks
Blink

In this state, an LED will blink.

 true
UART

A state that is entered if the user has pressed the button. Here, periodic UART messages are sent.

 false

Hardware Layer

Hardware Components (2)

Associated hardware for signal button state. Cores executing the associated runnables, memory used, peripherals interfaced.

Component Type Start End SIL required SIL achieved Sub-Components Technical Functions sub Technical Functions Requirements sub Requirements
Arm® Cortex®-M4

Arm® 32-bit Cortex®-M4 CPU with FPU, Adaptive real-time accelerator (ART Accelerator) allowing 0-wait state execution from Flash memory, frequency up to 180 MHz, MPU, 225 DMIPS/1.25 DMIPS/MHz (Dhrystone 2.1), and DSP instructions

 Core - - - QM
main

The STM32F446RE RAM module

 RAM 0x20000000 0x2001ffff - QM