+Requirement Model
- +Blinking LED
- +UART
+Logical Function Model
- Controller
- LED
- PC
- Button
- Blinking LED
- UART
+Software Model
- +Software
  - +Button
    - ButtonRead
    - +run_readButton
      - press_cnt
  - +LED
    - drv_LED
    - run_LED
  - +UART
- +RTE
  - +Activation Engine
    - Button Timebase
    - LED timebase
  - +Signal Layer
    - HWI LED
    - HWI_Button
    - button state
    - button_edge
    - button_cnt
    - HWO_UART
    - +Signal-Pools
      - Button
  - +System States
    - Blink
    - UART
    - +State-Handler
- +RTOS
  - Button
  - LED
  - UART
- +Linkage
  - +Output-Sections
  - +Protection-Sets
    - BaseProtection
    - UART
- +DataTypes
+Hardware Model
- +Nucelo-F446RE
  - +STM32F446RE
    - Arm® Cortex®-M4
    - main
    - +GPIO
      - PA5
      - PC13-TAMPER-RTC
    - USART
  - Button
  - LED
+Testing Model
- +Item Tests
  - (Test_128) Smoke-Test
- +Functional Tests
  - +Blinking LED
    - (Test_132) Regular blink
    - (Test_133) LED permanent ON
  - +UART
    - (Test_134) UART functional/system test

SignalEventObject

button_edge

Fired whenever the button is pressed (but not if it is released)

Diagrams

Requirements Model

Logical Function Model

Software Model

Hardware Model

Safety

Required
SIL derived	QM
overwrite (SIL_manual)	derived
reason (SIL_manual_reason)
SIL	QM
Achieved
SIL achieved	QM
justification

Properties

Base

Name

button_edge

Type

SignalEventObject

Description

Fired whenever the button is pressed (but not if it is released)

User-ID

SignalEventObject_57

UID

_29lu0OZoEeyZ2OzYlvU4PA

signal configuration

miminum Age

maximum Age

Storage (isLocal)

local signal

Checksum

false

Force Sync

false

Inline

false

effective inline

false

Has ISR API

false

effective ISR API

deactivated for all signals

Triggers

OnTrigger (1)

TriggerPorts associated with this event signal.

Port

Events

Signal event source

Container

Task

Guard

Order

Runnable_run_UART_WakeUP

If an event comes in, the runnable shall switch the state to UART to start the periodic sending

button_edge.onTrigger

run_readButton

run_UART_wakeUp

UART

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios for associated Hazardous Events.

Hazard Scenario	Parent	Hazard Events
Potential customers don't like the tool This would be very sad.	UART	Complexity Unknown features

Hazardous Events (2)

Hazardous Events for associated Safety Goals.

Hazardous Event	Parent	Probability	Controllability	Effect	SIL	Safety-Goals
Complexity The user might think µRTE is hard to use.	UART				QM	Show most important features in an lightweight demo
Unknown features The customer might not see the full spectrum of features µRTE comes with.	UART				QM	Show most important features in an lightweight demo

Safetygoals (1)

Safety Goals linking to the Requirements.

Safety Goal	Parent	Function Type	SIL derived	SIL manual	SIL effective	Safe State	Safety Requirements
Show most important features in an lightweight demo An small demo model with the most important features shall show the most important features of µRTE.	UART	System_Function	QM	derived	QM	Show slides	(SafetyRequirement_94) Global variables (Requirement_95) UART (SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_98) Multiple System-States (Requirement_95) UART (SafetyRequirement_115) Protection Sets (Requirement_95) UART (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART (SafetyRequirement_93) Runnable activation by signal events (Requirement_95) UART

(Safety)Requirements (1)

Requirements referencing to this signal.

(Safety)Requirement	Parent	User-ID	Author	Creation Date	Start Date	Deadline	Expense	Responsibe	Category	Type	Status	Function Type	SIL derived	SIL manual	SIL effective	Tests	Technical Functions	Software	Hardware	Signals	Global variables	Activation events	Use-Cases	User-Stories	Refining	Conflicting	refined by	conflicted by
(SafetyRequirement_96) Inter-task communication µRTE easily can transmit events and data between tasks	UART	SafetyRequirement_96	Thomas Barth	Wed Jun 08 17:46:14 CEST 2022			0.0	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM					button state button_cnt button_edge					(SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_97) local and global signals (Requirement_95) UART

Software Layer

Data-Out Runnables (1)

Runnables in which this signal is an output.

Unit	Parent	Function calls	Technical Functions	Requirements	Type	Tasks	WCET	Stack	ROM	Globals	ProtectionSets	SIL req	SIL ach	sub Technical Functions	sub Requirements)	Has a return value	SystemStates	Ingoing Trigger Ports	Outgoing Trigger Ports	Ingoing Data Ports	Outgoing Data Ports
run_readButton Acquires the button state periodically and provides button signals	Button		Blinking LED UART	(SafetyRequirement_94) Global variables (Requirement_95) UART	Runnable	Button	0	0	0	press_cnt		QM	QM	Blinking LED UART	(SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	false	Blink UART	Runnable_run_readButton_Tick	Runnable_run_readButton_Edge_OUT	run_readButton_HW_IN	Runnable_run_readButton_Button_OUT Runnable_run_readButton_button_pressed_cnt

Data-In Runnables (1)

Runnables in which this signal is an input.

Unit	Parent	Function calls	Technical Functions	Requirements	Type	Tasks	WCET	Stack	ROM	Globals	ProtectionSets	SIL req	SIL ach	sub Technical Functions	sub Requirements)	Has a return value	SystemStates	Ingoing Trigger Ports	Outgoing Trigger Ports	Ingoing Data Ports	Outgoing Data Ports
run_UART_wakeUp Runnable to switch into the UART state if there is an event in the Blink State. This runnable does not use hardware signals but accesses hardware directly and is therefore associated with an protection set grandting access to hardware.	UART		UART	(Requirement_95) UART (SafetyRequirement_115) Protection Sets (Requirement_95) UART (SafetyRequirement_98) Multiple System-States (Requirement_95) UART	Runnable	UART	0	0	0		UART	QM	QM			true	Blink	Runnable_run_UART_WakeUP

Tasks (2)

Tasks in which the signal is used.

Task	Core	SIL	Priority	Software	States	Signals	Init	Hardware	OutputSections	Own TimeBase	Stack
Button Task responsible for reading the button state	Arm® Cortex®-M4	SIL_1	6	run_readButton ButtonRead	Blink UART	HWI_Button button state button_cnt button_edge	-	Arm® Cortex®-M4 main PC13-TAMPER-RTC	.button .rtos.task.Button .uRTE	false	.rtos.task.Button
UART Task responsible for sending out UART protocolls	Arm® Cortex®-M4	SIL_1	5	run_UART_send UART out run_UART_wakeUp	Blink UART	HWO_UART button state button_cnt button_edge	-	Arm® Cortex®-M4 USART main	.button .rtos.task.UART .uRTE	false	.rtos.task.UART

System-States (2)

SystemStates in which the signal is used.

State	isStart	Runnables	Tasks
Blink In this state, an LED will blink.	true	run_LED run_UART_wakeUp run_readButton	Button LED UART
UART A state that is entered if the user has pressed the button. Here, periodic UART messages are sent.	false	run_LED run_UART_send run_readButton	Button LED UART

Hardware Layer

Hardware Components (2)

Associated hardware. Cores executing the associated runnables, memory used, peripherals interfaced.

Component	Type	Start	End	SIL req	SIL ach	Sub-Components	Technical Functions	sub Technical Functions	Requirements	sub Requirements
Arm® Cortex®-M4 Arm® 32-bit Cortex®-M4 CPU with FPU, Adaptive real-time accelerator (ART Accelerator) allowing 0-wait state execution from Flash memory, frequency up to 180 MHz, MPU, 225 DMIPS/1.25 DMIPS/MHz (Dhrystone 2.1), and DSP instructions	Core	-	-	-	QM
main The STM32F446RE RAM module	RAM	0x20000000	0x2001ffff	-	QM