+Requirement Model
- +Blinking LED
- +UART
+Logical Function Model
- Controller
- LED
- PC
- Button
- Blinking LED
- UART
+Software Model
- +Software
  - +Button
    - ButtonRead
    - +run_readButton
      - press_cnt
  - +LED
    - drv_LED
    - run_LED
  - +UART
- +RTE
  - +Activation Engine
    - Button Timebase
    - LED timebase
  - +Signal Layer
    - HWI LED
    - HWI_Button
    - button state
    - button_edge
    - button_cnt
    - HWO_UART
    - +Signal-Pools
      - Button
  - +System States
    - Blink
    - UART
    - +State-Handler
- +RTOS
  - Button
  - LED
  - UART
- +Linkage
  - +Output-Sections
  - +Protection-Sets
    - BaseProtection
    - UART
- +DataTypes
+Hardware Model
- +Nucelo-F446RE
  - +STM32F446RE
    - Arm® Cortex®-M4
    - main
    - +GPIO
      - PA5
      - PC13-TAMPER-RTC
    - USART
  - Button
  - LED
+Testing Model
- +Item Tests
  - (Test_128) Smoke-Test
- +Functional Tests
  - +Blinking LED
    - (Test_132) Regular blink
    - (Test_133) LED permanent ON
  - +UART
    - (Test_134) UART functional/system test

Task

LED

Task responsible to let the LED blink

Warnings

Safety (3)

Safety Warnings for Task LED.
Safety warnings are related to the Requirements Layer, especially the SIL

Mixed SILs in Task

LED : QM, SIL_1.

Memory referenced by RAM

main for the stack of Task

LED is using RAM

main with a SIL achieved of QM, which does not satisfy the SIL required of SIL_1 for this task.

LED needs a SIL of SIL_1 but is executing on Core

Arm® Cortex®-M4 which has a achieved SIL of QM.

Diagrams

Requirements Model

Logical Function Model

Software Model

Hardware Model

Safety

Required
SIL	SIL_1
mixed SILs	QM, SIL_1

Properties

Base
Name	LED
Type	Task
Description	Task responsible to let the LED blink
User-ID	Task_9
UID	_-Qx7oOTTEeyrV5NXTwe27Q
Configuration
Priority	4
Configuration
Own TimeBase	no, the central activation engine will send periodic events
Memory
Stack	.rtos.task.LED
Core
Core	Arm® Cortex®-M4

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios for associated Hazardous Events.

Hazard Scenario	Parent	Hazard Events
Potential customers don't like the tool This would be very sad.	UART	Complexity Unknown features

Hazardous Events (2)

Hazardous Events for associated Safety Goals.

Hazardous Event	Parent	Probability	Controllability	Effect	SIL	Safety-Goals
Complexity The user might think µRTE is hard to use.	UART				QM	Show most important features in an lightweight demo
Unknown features The customer might not see the full spectrum of features µRTE comes with.	UART				QM	Show most important features in an lightweight demo

Safetygoals (1)

Safety Goals linking to the Requirements.

Safety Goal	Parent	Function Type	SIL derived	SIL manual	SIL effective	Safe State	Safety Requirements
Show most important features in an lightweight demo An small demo model with the most important features shall show the most important features of µRTE.	UART	System_Function	QM	derived	QM	Show slides	(SafetyRequirement_94) Global variables (Requirement_95) UART (SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_98) Multiple System-States (Requirement_95) UART (SafetyRequirement_115) Protection Sets (Requirement_95) UART (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART (SafetyRequirement_93) Runnable activation by signal events (Requirement_95) UART

(Safety)Requirements (7)

Requirements derived by software units, hardware components, signals, global variables and activation events associated with this task.

(Safety)Requirement	Parent	User-ID	Author	Creation Date	Responsibe	Category	Type	Status	Function Type	SIL derived	SIL manual	SIL effective	Tests	Technical Functions	Software	Signals	Activation events	Refining	refined by
(SafetyRequirement_110) Hardware Interfacing How to read and write data form and to hardware.	UART	SafetyRequirement_110	Thomas Barth	Thu Jun 09 20:50:22 CEST 2022	Thomas Barth	product	functional	approved	System_Function	QM	derived	QM			ButtonRead drv_LED			(SafetyRequirement_111) SignalLayer features (Requirement_95) UART
(SafetyRequirement_96) Inter-task communication µRTE easily can transmit events and data between tasks	UART	SafetyRequirement_96	Thomas Barth	Wed Jun 08 17:46:14 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM				button state button_cnt button_edge		(SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_97) local and global signals (Requirement_95) UART
(Requirement_32) LED Blink In order to indicate that uRTE is up and running, an LED shall blink (toggle its binary state) with an frequency of 1/100ms.	Blinking LED	Requirement_32	Thomas Barth	Tue Jun 07 13:05:57 CEST 2022	Thomas Barth	product	functional	implemented	-	-	-	-	(Test_132) Regular blink	Blinking LED	run_LED		LED timebase		(Requirement_94) LED (Requirement_32) LED Blink (Requirement_93) LED Button
(Requirement_93) LED Button While the button is pressed, the LED shall be on permanently.	Blinking LED	Requirement_93		Wed Jun 08 17:18:27 CEST 2022		product	functional	implemented	-	-	-	-	(Test_133) LED permanent ON	Blinking LED	run_LED				(Requirement_94) LED (Requirement_32) LED Blink (Requirement_93) LED Button
(SafetyRequirement_95) Runnable activation by cyclic events Runnables can be activated by cyclic events.	UART	SafetyRequirement_95	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	SIL_1	SIL_1		Blinking LED UART		button state	Button Timebase	(Requirement_95) UART
(SafetyRequirement_93) Runnable activation by signal events Runnables can be activated by signal (onData/onError) events.	UART	SafetyRequirement_93	Thomas Barth	Wed Jun 08 17:34:15 CEST 2022	Thomas Barth	product	functional	implemented	System_Function	QM	derived	QM		UART		button state		(Requirement_95) UART
(SafetyRequirement_97) local and global signals Signals can either be global data objects of local objects on the task stack. Global signals are the same for everyone while with local signals each task has an own copy which gets synchroized if the signal changes,	UART	SafetyRequirement_97		Wed Jun 08 17:49:01 CEST 2022		product	non_functional	implemented	System_Function	QM	derived	QM				button state button_cnt		(Requirement_95) UART	(SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART

Functional Layer

Technical Functions (1)

Technical Functions derived from hardware and software handled by this task.

Function	LFB	Software	Hardware	Technical Functions	sub Technical Functions	Requirements	sub Requirements
Blinking LED An LED shall blink to indicate that the system is alive and responding.	Button Controller LED	run_LED drv_LED run_readButton ButtonRead	PA5		Blinking LED UART	(Requirement_32) LED Blink (Requirement_93) LED Button (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART	(Requirement_32) LED Blink (Requirement_93) LED Button (SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_94) Global variables (Requirement_95) UART

Logical Function Blocks (3)

Logical function blocks based on the technical functions.

Function	Type	Technical functions
Button An binary HMI	Input	Blinking LED UART
Controller The MCU implementing the logic	Service	Blinking LED UART
LED An LED to indicate a binary state	Output	Blinking LED

Software Layer

Runnable Trigger Ports (1)

Runnable ports executing runnables in the context of this task.

Port	Events	Signal event source	Container	Task	Guard	Order
Runnable_00_blink_Tick	LED timebase		run_LED	LED		0

Activation-Events (1)

Activation Events executing runnables in the context of this task.

Event	Type	Cycle Time (C)	Offset (C)	Task-Init (S)	Requirements	Ports	Runnables	Tasks	SystemStates	SIL req	SIL ach
LED timebase The timebase for the LED logic. Has an bit of offset to make sure it comes after the button has been read (button value is polled).	CyclicEvent	100	2	-	(Requirement_32) LED Blink	Runnable_00_blink_Tick in run_LED	run_LED	LED	Blink UART	-	QM

Software units (2)

Software units executed in the context of this task.

Unit	Parent	Function calls	Technical Functions	Requirements	Type	Tasks	WCET	Stack	ROM	Globals	ProtectionSets	SIL req	SIL ach	sub Technical Functions (R)	sub Requirements (R)	Has a return value (R)	SystemStates (R)	Ingoing Trigger Ports (R)	Outgoing Trigger Ports (R)	Ingoing Data Ports (R)	Outgoing Data Ports (R)	Signals (D)	Runnables (D)	DataType (D)	Is Synchronous (D)	Hardware (D)	Ports (G)	Callers (F)	Return Type (F)	Parameters (F)
drv_LED Hardware write-Interface towards the LED	LED		Blinking LED	(SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	OutDriver	LED	0	0	0			QM	QM	-	-	-	-	-	-	-	-	HWI LED	run_LED	uRTE_boolean_t	true	PA5	-	-	-	-
run_LED Controls the LED signal and thus the LED	LED		Blinking LED	(Requirement_32) LED Blink (Requirement_93) LED Button	Runnable	LED	0	0	0			-	QM	Blinking LED	(SafetyRequirement_110) Hardware Interfacing (SafetyRequirement_111) SignalLayer features (Requirement_95) UART	false	Blink UART	Runnable_00_blink_Tick		Runnable_blink_Button_IN	Runnable_00_blink_OUT	-	-	-	-	-	-	-	-	-

Signals (2)

Signals used within the context of this task.

Signal	Type	Storage	Runnables OUT	Runnables IN	Tasks	SystemStates	Requirements	miminum Age	maximum Age	Checksum	Force Sync	Inline	ISR API	effective inline	SIL req	SIL ach	Initial value (D)	Pointer access (D)	Datatype (D)	Alt-In (D)	Alt-Out (D)	In-Driver (D)	Out-Driver (D)	OnData (D)	OnError (D)	OnTrigger (E)
HWI LED Hardware interface for the LED	Data	local in .rtos.task.LED	run_LED		LED	Blink UART		0	0	false	false	false	false	false	-	QM	0	false	uRTE_boolean_t			-	drv_LED			-
button state A representation of the current button state	Data	local in .rtos.task.Button .rtos.task.LED .rtos.task.UART	run_readButton	run_LED run_UART_send	Button LED UART	Blink UART	(SafetyRequirement_93) Runnable activation by signal events (Requirement_95) UART (SafetyRequirement_95) Runnable activation by cyclic events (Requirement_95) UART (SafetyRequirement_96) Inter-task communication (SafetyRequirement_97) local and global signals (Requirement_95) UART (SafetyRequirement_111) SignalLayer features (Requirement_95) UART (SafetyRequirement_97) local and global signals (Requirement_95) UART	0	105	false	false	false	false	false	SIL_1	QM	false	false	uRTE_boolean_t			-		Runnable_run_UART_send_TPortIN_1 in run_UART_send		-

Output-Sections (2)

Outputsections used by software units, the task itself or the RTE.

OutputSection	SIL	References	Initialization	Generate	Section start symbol	Section end symbol	Memory
.rtos.task.LED Stack for the LED Task	SIL_1	LED	UnInit	true	ADRL_uRTE_RTOSTASKLED_BEGIN*	ADRL_uRTE_RTOSTASKLED_END*	main
.uRTE Contains the data for uRTE internals	SIL_1	Activation Engine Button LED UART	UnInit	true	ADRL_uRTE_URTE_BEGIN*	ADRL_uRTE_URTE_END*	main
Symbols marked with * are automatically generated because no value was set.

System-States (2)

SystemStates in which this task is active.

State	isStart	Runnables	Tasks
Blink In this state, an LED will blink.	true	run_LED run_UART_wakeUp run_readButton	Button LED UART
UART A state that is entered if the user has pressed the button. Here, periodic UART messages are sent.	false	run_LED run_UART_send run_readButton	Button LED UART

Hardware Layer

Hardware Components (3)

Hardware used by the task.

Component	Type	Start	End	SIL req	SIL ach	Technical Functions
Arm® Cortex®-M4 Arm® 32-bit Cortex®-M4 CPU with FPU, Adaptive real-time accelerator (ART Accelerator) allowing 0-wait state execution from Flash memory, frequency up to 180 MHz, MPU, 225 DMIPS/1.25 DMIPS/MHz (Dhrystone 2.1), and DSP instructions	Core	-	-	-	QM
PA5 LD2 [Green Led] on the Nucelo Board	Periphery	GPIOA_BASE	GPIOB_BASE - 1	-	QM	Blinking LED
main The STM32F446RE RAM module	RAM	0x20000000	0x2001ffff	-	QM