+Requirement Model
- +Blinking LED
- +UART
+Logical Function Model
- Controller
- LED
- PC
- Button
- Blinking LED
- UART
+Software Model
- +Software
  - +Button
    - ButtonRead
    - +run_readButton
      - press_cnt
  - +LED
    - drv_LED
    - run_LED
  - +UART
- +RTE
  - +Activation Engine
    - Button Timebase
    - LED timebase
  - +Signal Layer
    - HWI LED
    - HWI_Button
    - button state
    - button_edge
    - button_cnt
    - HWO_UART
    - +Signal-Pools
      - Button
  - +System States
    - Blink
    - UART
    - +State-Handler
- +RTOS
  - Button
  - LED
  - UART
- +Linkage
  - +Output-Sections
  - +Protection-Sets
    - BaseProtection
    - UART
- +DataTypes
+Hardware Model
- +Nucelo-F446RE
  - +STM32F446RE
    - Arm® Cortex®-M4
    - main
    - +GPIO
      - PA5
      - PC13-TAMPER-RTC
    - USART
  - Button
  - LED
+Testing Model
- +Item Tests
  - (Test_128) Smoke-Test
- +Functional Tests
  - +Blinking LED
    - (Test_132) Regular blink
    - (Test_133) LED permanent ON
  - +UART
    - (Test_134) UART functional/system test

Task

LED

Task responsible to let the LED blink

Warnings

Safety (2)

Safety Warnings for Task LED.
Safety warnings are related to the Requirements Layer, especially the SIL

Memory referenced by RAM

main for the stack of Task

LED is using RAM

main with a SIL achieved of QM, which does not satisfy the SIL required of SIL_1 for this task.

LED needs a SIL of SIL_1 but is executing on Core

Arm® Cortex®-M4 which has a achieved SIL of QM.

Diagrams

Relationships

Requirements Model

Logical Function Model

Software Model

Hardware Model

Safety

Required
The maximum SIL derived from all safety implementations used by this task. SIL	SIL_1

Properties

Base
The name of this object. Certain classes of objects require this field to be unique. Please consider that this field might be used in code and thus must not contain special characters. Name	LED
The type of this object within the uRTE model Type	Task
A descriptive text for this object. Please consider that this field might be used in code and thus must not contain special characters. Description	Task responsible to let the LED blink
A user defined ID which can be freely chosen. Please consider that this field might be used in code and thus must not contain special characters. User-ID	Task_9
Each object within the uRTE model has a unique ID, this is the ID for this object UID	_-Qx7oOTTEeyrV5NXTwe27Q
Configuration
The priority of the task in an multitasking environment. Priority	4
A configuration string which is made available in code Configuration
Defines if this task creates an own periodic OS event to trigger all periodic operations or if the periodic events are created by the central activation engine Own TimeBase	no, the central activation engine will send periodic events
Memory
Section in which the stack for this task will be linked (responsibility of the user). Stack	.rtos.task.LED
Core
Core on which this task will be executed. Core	Arm® Cortex®-M4

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios for associated Hazardous Events.

Hazard Scenario	Parent	Hazard Events
Potential customers don't like the tool This would be very sad.	UART	Complexity Unknown features

Hazardous Events (2)

Hazardous Events for associated Safety Goals.

Hazardous Event	Parent	Probability	Controllability	Effect	SIL	Safety-Goals
Complexity The user might think µRTE is hard to use.	UART				QM	Show most important features in an lightweight demo
Unknown features The customer might not see the full spectrum of features µRTE comes with.	UART				QM	Show most important features in an lightweight demo

Safetygoals (1)

Safety Goals linking to the Requirements.

Safety Goal	Parent	Function Type	SIL derived	SIL manual	SIL required	Safe State	Safety Requirements
Show most important features in an lightweight demo An small demo model with the most important features shall show the most important features of µRTE.	UART	System_Function	QM	derived	QM	Show slides	SafetyRequirement_94 - Global variables Requirement_95 - UART SafetyRequirement_110 - Hardware Interfacing SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_96 - Inter-task communication SafetyRequirement_97 - local and global signals Requirement_95 - UART SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_98 - Multiple System-States Requirement_95 - UART SafetyRequirement_115 - Protection Sets Requirement_95 - UART SafetyRequirement_95 - Runnable activation by cyclic events Requirement_95 - UART SafetyRequirement_93 - Runnable activation by signal events Requirement_95 - UART

(Safety)Requirements (7)

Requirements derived by software units, hardware components, signals, global variables and activation events associated with this task.

(Safety)Requirement	Parent	User-ID	Author	Creation Date	Responsibe	Category	Type	Status	Function Type	SIL derived	SIL manual	SIL required	Tests	Technical Functions	Software	Signals	Activation events	Refining	refined by
SafetyRequirement_110 - Hardware Interfacing How to read and write data form and to hardware.	UART	SafetyRequirement_110	Thomas Barth	Thu Jun 09 20:50:22 CEST 2022	Thomas Barth	product	functional	approved	System_Function	QM	derived	QM			ButtonRead drv_LED			SafetyRequirement_111 - SignalLayer features Requirement_95 - UART
SafetyRequirement_96 - Inter-task communication µRTE easily can transmit events and data between tasks	UART	SafetyRequirement_96	Thomas Barth	Wed Jun 08 17:46:14 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM				button state button_cnt button_edge		SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_97 - local and global signals Requirement_95 - UART
Requirement_32 - LED Blink In order to indicate that uRTE is up and running, an LED shall blink (toggle its binary state) with an frequency of 1/100ms.	Blinking LED	Requirement_32	Thomas Barth	Tue Jun 07 13:05:57 CEST 2022	Thomas Barth	product	functional	implemented	-	-	-	-	(Test_132) Regular blink	Blinking LED	run_LED		LED timebase		Requirement_94 - LED Requirement_32 - LED Blink Requirement_93 - LED Button
Requirement_93 - LED Button While the button is pressed, the LED shall be on permanently.	Blinking LED	Requirement_93		Wed Jun 08 17:18:27 CEST 2022		product	functional	implemented	-	-	-	-	(Test_133) LED permanent ON	Blinking LED	run_LED				Requirement_94 - LED Requirement_32 - LED Blink Requirement_93 - LED Button
SafetyRequirement_95 - Runnable activation by cyclic events Runnables can be activated by cyclic events.	UART	SafetyRequirement_95	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	SIL_1	SIL_1		Blinking LED UART		button state	Button Timebase	Requirement_95 - UART
SafetyRequirement_93 - Runnable activation by signal events Runnables can be activated by signal (onData/onError) events.	UART	SafetyRequirement_93	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM		UART		button state		Requirement_95 - UART
SafetyRequirement_97 - local and global signals Signals can either be global data objects of local objects on the task stack. Global signals are the same for everyone while with local signals each task has an own copy which gets synchroized if the signal changes,	UART	SafetyRequirement_97		Wed Jun 08 17:49:01 CEST 2022		product	non_functional	implemented	System_Function	QM	derived	QM				button state button_cnt		Requirement_95 - UART	SafetyRequirement_96 - Inter-task communication SafetyRequirement_97 - local and global signals Requirement_95 - UART SafetyRequirement_111 - SignalLayer features Requirement_95 - UART

Functional Layer

Technical Functions (1)

Technical Functions derived from hardware and software handled by this task.

Function	LFB	Software	Hardware	Other Software	SIL required	SIL achieved	SIL justification	sub Technical Functions	Requirements	sub Requirements
Blinking LED An LED shall blink to indicate that the system is alive and responding.	Button Controller LED	run_LED drv_LED run_readButton ButtonRead	PA5		SIL_1	QM		Blinking LED UART	Requirement_32 - LED Blink Requirement_93 - LED Button SafetyRequirement_95 - Runnable activation by cyclic events Requirement_95 - UART	Requirement_32 - LED Blink Requirement_93 - LED Button SafetyRequirement_110 - Hardware Interfacing SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_94 - Global variables Requirement_95 - UART

Logical Function Blocks (3)

Logical function blocks based on the technical functions.

Function	Type	Technical functions
Button An binary HMI	Input	Blinking LED UART
Controller The MCU implementing the logic	Service	Blinking LED UART
LED An LED to indicate a binary state	Output	Blinking LED

Software Layer

Runnable Trigger Ports (1)

Runnable ports executing runnables in the context of this task.

Port	Events	Signal event source	Container	Task	Guard	Order
Runnable_00_blink_Tick	LED timebase		run_LED	LED		0

Activation-Events (1)

Activation Events executing runnables in the context of this task.

Event	Type	Cycle Time (C)	Offset (C)	Task-Init (S)	Requirements	Ports	Runnables	Tasks	SystemStates	SIL required	SIL achieved
LED timebase The timebase for the LED logic. Has an bit of offset to make sure it comes after the button has been read (button value is polled).	CyclicEvent	100	2	-	Requirement_32 - LED Blink	Runnable_00_blink_Tick in run_LED	run_LED	LED	Blink UART	SIL_1	QM

Software units (2)

Software units executed in the context of this task.

Unit	Parent	Function calls	other Software Elements	Technical Functions	Requirements	Type	Tasks	WCET	Stack	ROM	Globals	ProtectionSets	SIL required	SIL achieved	sub Technical Functions (R)	sub Requirements (R)	Has a return value (R)	SystemStates (R)	Ingoing Trigger Ports (R)	Outgoing Trigger Ports (R)	Ingoing Data Ports (R)	Outgoing Data Ports (R)	Signals (D)	Runnables (D)	DataType (D)	Is Synchronous (D)	Hardware (D)	Ports (G)	Callers (F)	Return Type (F)	Parameters (F)
drv_LED Hardware write-Interface towards the LED	LED			Blinking LED	SafetyRequirement_110 - Hardware Interfacing SafetyRequirement_111 - SignalLayer features Requirement_95 - UART	OutDriver	LED	0	0	0			SIL_1	QM	-	-	-	-	-	-	-	-	HWI LED	run_LED	uRTE_boolean_t	true	PA5	-	-	-	-
run_LED Controls the LED signal and thus the LED	LED			Blinking LED	Requirement_32 - LED Blink Requirement_93 - LED Button	Runnable	LED	0	0	0			SIL_1	QM	Blinking LED	SafetyRequirement_110 - Hardware Interfacing SafetyRequirement_111 - SignalLayer features Requirement_95 - UART	false	Blink UART	Runnable_00_blink_Tick		Runnable_blink_Button_IN	Runnable_00_blink_OUT	-	-	-	-	-	-	-	-	-

Signals (2)

Signals used within the context of this task.

Signal	Type	Storage	Runnables OUT	Runnables IN	Tasks	SystemStates	Requirements	miminum Age	maximum Age	Checksum	Force Sync	Inline	ISR API	effective inline	SIL required	SIL achieved	Initial value (D)	Pointer access (D)	Datatype (D)	Alt-In (D)	Alt-Out (D)	In-Driver (D)	Out-Driver (D)	OnData (D)	OnError (D)	OnTrigger (E)
HWI LED Hardware interface for the LED	Data	local in .rtos.task.LED	run_LED		LED	Blink UART		0	0	false	false	false	false	false	-	QM	0	false	uRTE_boolean_t			-	drv_LED			-
button state A representation of the current button state	Data	local in .rtos.task.Button .rtos.task.LED .rtos.task.UART	run_readButton	run_LED run_UART_send	Button LED UART	Blink UART	SafetyRequirement_93 - Runnable activation by signal events Requirement_95 - UART SafetyRequirement_95 - Runnable activation by cyclic events Requirement_95 - UART SafetyRequirement_96 - Inter-task communication SafetyRequirement_97 - local and global signals Requirement_95 - UART SafetyRequirement_111 - SignalLayer features Requirement_95 - UART SafetyRequirement_97 - local and global signals Requirement_95 - UART	0	105	false	false	false	false	false	SIL_1	QM	false	false	uRTE_boolean_t			-		Runnable_run_UART_send_TPortIN_1 in run_UART_send		-

Output-Sections (2)

Outputsections used by software units, the task itself or the RTE.

OutputSection	SIL	References	Initialization	Generate	Section start symbol	Section end symbol	Memory
.rtos.task.LED Stack for the LED Task	SIL_1	LED	UnInit	true	ADRL_uRTE_RTOSTASKLED_BEGIN*	ADRL_uRTE_RTOSTASKLED_END*	main
.uRTE Contains the data for uRTE internals	SIL_1	Activation Engine Button LED UART	UnInit	true	ADRL_uRTE_URTE_BEGIN*	ADRL_uRTE_URTE_END*	main
Symbols marked with * are automatically generated because no value was set.

System-States (2)

SystemStates in which this task is active.

State	isStart	Runnables	Tasks
Blink In this state, an LED will blink.	true	run_LED run_UART_wakeUp run_readButton	Button LED UART
UART A state that is entered if the user has pressed the button. Here, periodic UART messages are sent.	false	run_LED run_UART_send run_readButton	Button LED UART

Hardware Layer

Hardware Components (3)

Hardware used by the task.

Component	Type	Start	End	SIL required	SIL achieved	Technical Functions
Arm® Cortex®-M4 Arm® 32-bit Cortex®-M4 CPU with FPU, Adaptive real-time accelerator (ART Accelerator) allowing 0-wait state execution from Flash memory, frequency up to 180 MHz, MPU, 225 DMIPS/1.25 DMIPS/MHz (Dhrystone 2.1), and DSP instructions	Core	-	-	-	QM
PA5 LD2 [Green Led] on the Nucelo Board	Periphery	GPIOA_BASE	GPIOB_BASE - 1	SIL_1	QM	Blinking LED
main The STM32F446RE RAM module	RAM	0x20000000	0x2001ffff	-	QM