+Requirement Model
- +Blinking LED
- +UART
+Logical Function Model
- Controller
- LED
- PC
- Button
- Blinking LED
- UART
+Software Model
- +Software
  - +Button
    - ButtonRead
    - +run_readButton
      - press_cnt
  - +LED
    - drv_LED
    - run_LED
  - +UART
- +RTE
  - +Activation Engine
    - Button Timebase
    - LED timebase
  - +Signal Layer
    - HWI LED
    - HWI_Button
    - button state
    - button_edge
    - button_cnt
    - HWO_UART
    - +Signal-Pools
      - Button
  - +System States
    - Blink
    - UART
    - +State-Handler
- +RTOS
  - Button
  - LED
  - UART
- +Linkage
  - +Output-Sections
  - +Protection-Sets
    - BaseProtection
    - UART
- +DataTypes
+Hardware Model
- +Nucelo-F446RE
  - +STM32F446RE
    - Arm® Cortex®-M4
    - main
    - +GPIO
      - PA5
      - PC13-TAMPER-RTC
    - USART
  - Button
  - LED
+Testing Model
- +Item Tests
  - (Test_128) Smoke-Test
- +Functional Tests
  - +Blinking LED
    - (Test_132) Regular blink
    - (Test_133) LED permanent ON
  - +UART
    - (Test_134) UART functional/system test

Task

Button

Task responsible for reading the button state

Warnings

Safety (4)

Safety Warnings for Task Button.
Safety warnings are related to the Requirements Layer, especially the SIL

Multiple Technical functions for Task Task

Button:

Blinking LED, TechnicalFunction

UART

Mixed SILs in Task

Button : QM, SIL_1.

Memory referenced by RAM

main for the stack of Task

Button is using RAM

main with a SIL achieved of QM, which does not satisfy the SIL required of SIL_1 for this task.

Button needs a SIL of SIL_1 but is executing on Core

Arm® Cortex®-M4 which has a achieved SIL of QM.

Diagrams

Requirements Model

Logical Function Model

Software Model

Hardware Model

Safety

Required
SIL	SIL_1
mixed SILs	QM, SIL_1

Properties

Base
Name	Button
Type	Task
Description	Task responsible for reading the button state
User-ID	Task_50
UID	_9odTEOZiEeyZ2OzYlvU4PA
Configuration
Priority	6
Configuration
Own TimeBase	no, the central activation engine will send periodic events
Memory
Stack	.rtos.task.Button
Core
Core	Arm® Cortex®-M4

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios for associated Hazardous Events.

Hazard Scenario	Parent	Hazard Events
Potential customers don't like the tool This would be very sad.	UART	Complexity Unknown features

Hazardous Events (2)

Hazardous Events for associated Safety Goals.

Hazardous Event	Parent	Probability	Controllability	Effect	SIL	Safety-Goals
Complexity The user might think µRTE is hard to use.	UART				QM	Show most important features in an lightweight demo
Unknown features The customer might not see the full spectrum of features µRTE comes with.	UART				QM	Show most important features in an lightweight demo

Safetygoals (1)

Safety Goals linking to the Requirements.

Safety Goal	Parent	Function Type	SIL derived	SIL manual	SIL effective	Safe State	Safety Requirements
Show most important features in an lightweight demo An small demo model with the most important features shall show the most important features of µRTE.	UART	System_Function	QM	derived	QM	Show slides	(SafetyRequirement_94) Global variables (Requirement_95) UART (SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_98) Multiple System-States (Requirement_95) UART (SafetyRequirement_115) Protection Sets (Requirement_95) UART (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART (SafetyRequirement_93) Runnable activation by signal events (Requirement_95) UART

(Safety)Requirements (7)

Requirements derived by software units, hardware components, signals, global variables and activation events associated with this task.

(Safety)Requirement	Parent	User-ID	Author	Creation Date	Responsibe	Category	Type	Status	Function Type	SIL derived	SIL manual	SIL effective	Technical Functions	Software	Signals	Global variables	Activation events	Refining	refined by
(SafetyRequirement_94) Global variables Global variables can store data for Runnables and other Software Functions. The memory protection will automatically be generated. The actual declaration is implemented as user-code to allow the use of non-trivial datatypes and operations.	UART	SafetyRequirement_94	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM	UART	run_readButton		press_cnt		(Requirement_95) UART
(SafetyRequirement_110) Hardware Interfacing How to read and write data form and to hardware.	UART	SafetyRequirement_110	Thomas Barth	Thu Jun 09 20:50:22 CEST 2022	Thomas Barth	product	functional	approved	System_Function	QM	derived	QM		ButtonRead drv_LED				(SafetyRequirement_111) SignalLayer features (Requirement_95) UART
(SafetyRequirement_96) Inter-task communication µRTE easily can transmit events and data between tasks	UART	SafetyRequirement_96	Thomas Barth	Wed Jun 08 17:46:14 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM			button state button_cnt button_edge			(SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_97) local and global signals (Requirement_95) UART
(SafetyRequirement_95) Runnable activation by cyclic events Runnables can be activated by cyclic events.	UART	SafetyRequirement_95	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	SIL_1	SIL_1	Blinking LED UART		button state		Button Timebase	(Requirement_95) UART
(SafetyRequirement_93) Runnable activation by signal events Runnables can be activated by signal (onData/onError) events.	UART	SafetyRequirement_93	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM	UART		button state			(Requirement_95) UART
(SafetyRequirement_111) SignalLayer features Demonstrate the use of scalers and validators. Make use of age restrictions, checksums and pointer access.	UART	SafetyRequirement_111		Thu Jun 09 20:52:41 CEST 2022		product	functional	approved	System_Function	QM	derived	QM		run_UART_send	HWO_UART button_cnt			(Requirement_95) UART	(SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART
(SafetyRequirement_97) local and global signals Signals can either be global data objects of local objects on the task stack. Global signals are the same for everyone while with local signals each task has an own copy which gets synchroized if the signal changes,	UART	SafetyRequirement_97		Wed Jun 08 17:49:01 CEST 2022		product	non_functional	implemented	System_Function	QM	derived	QM			button state button_cnt			(Requirement_95) UART	(SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART

Functional Layer

Technical Functions (2)

Technical Functions derived from hardware and software handled by this task.

Function	LFB	Software	Hardware	Technical Functions	sub Technical Functions	Requirements	sub Requirements
Blinking LED An LED shall blink to indicate that the system is alive and responding.	Button Controller LED	run_LED drv_LED run_readButton ButtonRead	PA5		Blinking LED UART	(Requirement_32) LED Blink (Requirement_93) LED Button (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART	(Requirement_32) LED Blink (Requirement_93) LED Button (SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_94) Global variables (Requirement_95) UART
UART If the button is pressed, UART messages indicating the press duration are sent.	Button Controller PC	run_UART_send UART out run_UART_wakeUp run_readButton ButtonRead	USART		Blinking LED UART	(Requirement_95) UART (SafetyRequirement_93) Runnable activation by signal events (Requirement_95) UART (SafetyRequirement_94) Global variables (Requirement_95) UART (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART	(Requirement_95) UART (SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_115) Protection Sets (Requirement_95) UART (SafetyRequirement_94) Global variables (Requirement_95) UART (SafetyRequirement_98) Multiple System-States (Requirement_95) UART

Logical Function Blocks (4)

Logical function blocks based on the technical functions.

Function	Type	Technical functions
Button An binary HMI	Input	Blinking LED UART
Controller The MCU implementing the logic	Service	Blinking LED UART
LED An LED to indicate a binary state	Output	Blinking LED
PC A PC receiving UART messages	Monitor	UART

Software Layer

Runnable Trigger Ports (1)

Runnable ports executing runnables in the context of this task.

Port	Events	Signal event source	Container	Task	Guard	Order
Runnable_run_readButton_Tick	Button Timebase		run_readButton	Button		0

Activation-Events (1)

Activation Events executing runnables in the context of this task.

Event	Type	Cycle Time (C)	Offset (C)	Task-Init (S)	Requirements	Ports	Runnables	Tasks	SystemStates	SIL req	SIL ach
Button Timebase Timebase for button read operations	CyclicEvent	200	0	-	(SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART	Runnable_run_readButton_Tick in run_readButton	run_readButton	Button	Blink UART	SIL_1	QM

Software units (2)

Software units executed in the context of this task.

Unit	Parent	Function calls	Technical Functions	Requirements	Type	Tasks	WCET	Stack	ROM	Globals	ProtectionSets	SIL req	SIL ach	sub Technical Functions (R)	sub Requirements (R)	Has a return value (R)	SystemStates (R)	Ingoing Trigger Ports (R)	Outgoing Trigger Ports (R)	Ingoing Data Ports (R)	Outgoing Data Ports (R)	Signals (D)	Runnables (D)	DataType (D)	Is Synchronous (D)	Hardware (D)	Ports (G)	Callers (F)	Return Type (F)	Parameters (F)
ButtonRead Reads the current button state from hardware	Button		Blinking LED UART	(SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	InDriver	Button	0	0	0			QM	QM	-	-	-	-	-	-	-	-	HWI_Button	run_readButton	uRTE_boolean_t	true	PC13-TAMPER-RTC	-	-	-	-
run_readButton Acquires the button state periodically and provides button signals	Button		Blinking LED UART	(SafetyRequirement_94) Global variables (Requirement_95) UART	Runnable	Button	0	0	0	press_cnt		QM	QM	Blinking LED UART	(SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	false	Blink UART	Runnable_run_readButton_Tick	Runnable_run_readButton_Edge_OUT	run_readButton_HW_IN	Runnable_run_readButton_Button_OUT Runnable_run_readButton_button_pressed_cnt	-	-	-	-	-	-	-	-	-

Signals (4)

Signals used within the context of this task.

Signal	Type	Storage	Runnables OUT	Runnables IN	Tasks	SystemStates	Requirements	maximum Age	Checksum	Force Sync	Inline	ISR API	effective inline	SIL req	SIL ach	Initial value (D)	Pointer access (D)	Datatype (D)	Alt-In (D)	Alt-Out (D)	In-Driver (D)	Out-Driver (D)	OnData (D)	OnError (D)	OnTrigger (E)
HWI_Button Hardware interface for the button	Data	local in .rtos.task.Button		run_readButton	Button	Blink UART		2	false	false	false	false	false	-	QM	false	false	uRTE_boolean_t			ButtonRead				-
button state A representation of the current button state	Data	local in .rtos.task.Button .rtos.task.LED .rtos.task.UART	run_readButton	run_LED run_UART_send	Button LED UART	Blink UART	(SafetyRequirement_93) Runnable activation by signal events (Requirement_95) UART (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_97) local and global signals (Requirement_95) UART	105	false	false	false	false	false	SIL_1	QM	false	false	uRTE_boolean_t			-		Runnable_run_UART_send_TPortIN_1 in run_UART_send		-
button_cnt contains the number of seconds, the button has been pressed	Data	global in Button	run_readButton	run_UART_send	Button UART	Blink UART	(SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_97) local and global signals (Requirement_95) UART	202	true	false	false	false	false	QM	QM	0	false	button_cnt_t	uRTE_uint16_t		-				-
button_edge Fired whenever the button is pressed (but not if it is released)	Event	local in .rtos.task.Button .rtos.task.UART	run_readButton	run_UART_wakeUp	Button UART	Blink UART	(SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	0	false	false	false	false	false	QM	QM	-	-	-	-	-	-	-	-	-	Runnable_run_UART_WakeUP in run_UART_wakeUp

Global Variables (1)

Global variables used within the context of this task.

Global Variable	Container	DataType	Requirements	public (S)	InitValue	Storage	Protection Set (S)	SIL req	SIL ach
press_cnt internal counter for button press duration	run_readButton	uRTE_uint16_t	(SafetyRequirement_94) Global variables (Requirement_95) UART	-	0	.button	-	QM	QM

Output-Sections (3)

Outputsections used by software units, the task itself or the RTE.

OutputSection	SIL	References	Initialization	Generate	Section start symbol	Section end symbol	Memory
.button a section containing application data for the button	SIL_1	Button Button UART press_cnt	UnInit	true	ADRL_uRTE_BUTTON_BEGIN*	ADRL_uRTE_BUTTON_END*	main
.rtos.task.Button Stack for the Button Task	SIL_1	Button	UnInit	true	ADRL_uRTE_RTOSTASKBUTTON_BEGIN*	ADRL_uRTE_RTOSTASKBUTTON_END*	main
.uRTE Contains the data for uRTE internals	SIL_1	Activation Engine Button LED UART	UnInit	true	ADRL_uRTE_URTE_BEGIN*	ADRL_uRTE_URTE_END*	main
Symbols marked with * are automatically generated because no value was set.

System-States (2)

SystemStates in which this task is active.

State	isStart	Runnables	Tasks
Blink In this state, an LED will blink.	true	run_LED run_UART_wakeUp run_readButton	Button LED UART
UART A state that is entered if the user has pressed the button. Here, periodic UART messages are sent.	false	run_LED run_UART_send run_readButton	Button LED UART

Hardware Layer

Hardware Components (3)

Hardware used by the task.

Component	Type	Start	End	SIL req	SIL ach
Arm® Cortex®-M4 Arm® 32-bit Cortex®-M4 CPU with FPU, Adaptive real-time accelerator (ART Accelerator) allowing 0-wait state execution from Flash memory, frequency up to 180 MHz, MPU, 225 DMIPS/1.25 DMIPS/MHz (Dhrystone 2.1), and DSP instructions	Core	-	-	-	QM
PC13-TAMPER-RTC B1 [Blue PushButton] on the Nucleo Board	Periphery	GPIOC_BASE	GPIOD_BASE - 1	-	QM
main The STM32F446RE RAM module	RAM	0x20000000	0x2001ffff	-	QM