uRTEDemo_03_Nucleo-F446RE_SystemStates_10_Model

Task

UART

Task responsible for sending out UART protocolls

Warnings

Safety (3)

Safety Warnings for Task UART.
Safety warnings are related to the Requirements Layer, especially the SIL

Mixed SILs in UART : QM, SIL_1.
Memory referenced by main for the stack of UART is using main with a SIL achieved of QM, which does not satisfy the SIL required of SIL_1 for this task.
UART needs a SIL of SIL_1 but is executing on Arm® Cortex®-M4 which has a achieved SIL of QM.

Diagrams

Requirements Model
Logical Function Model
Software Model
Hardware Model

Safety

Required
SIL SIL_1
mixed SILs QM, SIL_1

Properties

Base
NameUART
Type Task
Description

Task responsible for sending out UART protocolls
User-IDTask_68
UID_72yAcOZqEeyZ2OzYlvU4PA
Configuration
Priority 5
Configuration
Own TimeBase no, the central activation engine will send periodic events
Memory
Stack .rtos.task.UART
Core
Core Arm® Cortex®-M4

Requirement Layer

Hazard Scenarios (1)

Hazard Scenarios for associated Hazardous Events.

Hazard Scenario Parent Hazard Events
Potential customers don't like the tool

This would be very sad.

Hazardous Events (2)

Hazardous Events for associated Safety Goals.

Hazardous Event Parent Probability Controllability Effect SIL Safety-Goals
Complexity

The user might think µRTE is hard to use.

 QM
Unknown features

The customer might not see the full spectrum of features µRTE comes with.

 QM

Safetygoals (1)

Safety Goals linking to the Requirements.

Safety Goal Parent Function Type SIL derived SIL manual SIL effective Safe State Safety Requirements
Show most important features in an lightweight demo

An small demo model with the most important features shall show the most important features of µRTE.

 System_Function QM derived QM Show slides

(Safety)Requirements (8)

Requirements derived by software units, hardware components, signals, global variables and activation events associated with this task.

(Safety)Requirement Parent User-ID Author Creation Date Start Date Deadline Expense Responsibe Category Type Status Function Type SIL derived SIL manual SIL effective Tests Technical Functions Software Hardware Signals Global variables Activation events Use-Cases User-Stories Refining Conflicting refined by conflicted by
(SafetyRequirement_96) Inter-task communication

µRTE easily can transmit events and data between tasks

 SafetyRequirement_96 Thomas Barth Wed Jun 08 17:46:14 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM derived QM
(SafetyRequirement_98) Multiple System-States

uRTE allows the definition of multiple system-states where each state has an own data-flow.
For each runnable the system state it shall be active in is configured.
The resulting data-flow can be visualized in Software Model/uRTE/SystemStates

 SafetyRequirement_98 Wed Jun 08 17:52:52 CEST 2022 0.0 product functional implemented System_Function QM derived QM
(SafetyRequirement_115) Protection Sets

Show how protection sets can be used to grant access to hardware.

 SafetyRequirement_115 Fri Jun 10 14:24:52 CEST 2022 0.0 product functional implemented System_Function QM derived QM
(SafetyRequirement_95) Runnable activation by cyclic events

Runnables can be activated by cyclic events.

 SafetyRequirement_95 Thomas Barth Wed Jun 08 17:34:15 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM SIL_1 SIL_1
(SafetyRequirement_93) Runnable activation by signal events

Runnables can be activated by signal (onData/onError) events.

 SafetyRequirement_93 Thomas Barth Wed Jun 08 17:34:15 CEST 2022 0.0 Thomas Barth product functional implemented System_Function QM derived QM
(SafetyRequirement_111) SignalLayer features

Demonstrate the use of scalers and validators.
Make use of age restrictions, checksums and pointer access.

 SafetyRequirement_111 Thu Jun 09 20:52:41 CEST 2022 0.0 product functional approved System_Function QM derived QM
(Requirement_95) UART

When the button is pressed, the system-state shall change from Blink into UART mode.
The start of UART mode shall be signaled via UART.
As long as the button is pressed, UART strings with the time in seconds the Button was pressed shall be send with the frequency with which the button pressed signal is updated.

 Requirement_95 Thomas Barth Wed Jun 08 17:56:19 CEST 2022 0.0 Thomas Barth product functional implemented - - - -
(SafetyRequirement_97) local and global signals

Signals can either be global data objects of local objects on the task stack.
Global signals are the same for everyone while with local signals each task has an own copy which gets synchroized if the signal changes,

 SafetyRequirement_97 Wed Jun 08 17:49:01 CEST 2022 0.0 product non_functional implemented System_Function QM derived QM

Functional Layer

Technical Functions (1)

Technical Functions derived from hardware and software handled by this task.

Function LFB Software Hardware Technical Functions sub Technical Functions Requirements sub Requirements
UART

If the button is pressed, UART messages indicating the press duration are sent.

Logical Function Blocks (3)

Logical function blocks based on the technical functions.

Function Type Technical functions
Button

An binary HMI

 Input
Controller

The MCU implementing the logic

 Service
PC

A PC receiving UART messages

 Monitor

Software Layer

Runnable Trigger Ports (2)

Runnable ports executing runnables in the context of this task.

Port Events Signal event source Container Task Guard Order
Runnable_run_UART_WakeUP

If an event comes in, the runnable shall switch the state to UART to start the periodic sending
run_UART_wakeUp UART
0
Runnable_run_UART_send_TPortIN_1
run_UART_send UART
0

Software units (3)

Software units executed in the context of this task.

Unit Parent Function calls Technical Functions Requirements Type Tasks WCET Stack ROM Globals ProtectionSets SIL req SIL ach sub Technical Functions (R) sub Requirements (R) Has a return value (R) SystemStates (R) Ingoing Trigger Ports (R) Outgoing Trigger Ports (R) Ingoing Data Ports (R) Outgoing Data Ports (R) Signals (D) Runnables (D) DataType (D) Is Synchronous (D) Hardware (D) Ports (G) Callers (F) Return Type (F) Parameters (F)
UART out

writes Data to the UART module.
No DataType is chosen, so that a typedef file will be generated.

 UART
OutDriver 0 0 0
- QM - - - - - - - - None true - - - -
run_UART_send

Sends UART messages periodically via the UART signal

 UART
Runnable 0 0 0
QM QM
true
  • Runnable_run_UART_send_TPortIN_1
  • Runnable_run_UART_send_DPortIN_1
  • Runnable_run_UART_send_DPortIN_2
  • Runnable_run_UART_send_UART_OUT
 - - - - - - - - -
run_UART_wakeUp

Runnable to switch into the UART state if there is an event in the Blink State.
This runnable does not use hardware signals but accesses hardware directly and is therefore associated with
an protection set grandting access to hardware.

 UART
Runnable 0 0 0
QM QM
true
  • Runnable_run_UART_WakeUP
- - - - - - - - -

Signals (4)

Signals used within the context of this task.

Signal Type Storage Runnables OUT Runnables IN Tasks SystemStates Requirements miminum Age maximum Age Checksum Force Sync Inline ISR API effective inline SIL req SIL ach Initial value (D) Pointer access (D) Datatype (D) Alt-In (D) Alt-Out (D) In-Driver (D) Out-Driver (D) OnData (D) OnError (D) OnTrigger (E)
HWO_UART

Hardware Out interface for UART.
No Signal-Datatype will be defined so that a typedef will be generated into the signal configuration.
Pointer access is granted so signal memory can be used directly by the application.

 Data local in
0 0 false false false false false QM QM true undefined
-
-
button state

A representation of the current button state

 Data local in
0 105 false false false false false SIL_1 QM false false uRTE_boolean_t
-
-
button_cnt

contains the number of seconds, the button has been pressed

 Data global in
Button		 0 202 true false false false false QM QM 0 false button_cnt_t
-
-
button_edge

Fired whenever the button is pressed (but not if it is released)

 Event local in
0 0 false false false false false QM QM - - - - - - - - -

Output-Sections (3)

Outputsections used by software units, the task itself or the RTE.

OutputSection SIL References Initialization Generate Section start symbol Section end symbol Memory
.button

a section containing application data for the button

 SIL_1 UnInit true ADRL_uRTE_BUTTON_BEGIN* ADRL_uRTE_BUTTON_END* main
.rtos.task.UART

Stack for the UART Task

 SIL_1 UnInit true ADRL_uRTE_RTOSTASKUART_BEGIN* ADRL_uRTE_RTOSTASKUART_END* main
.uRTE

Contains the data for uRTE internals

 SIL_1 UnInit true ADRL_uRTE_URTE_BEGIN* ADRL_uRTE_URTE_END* main
Symbols marked with * are automatically generated because no value was set.

System-States (2)

SystemStates in which this task is active.

State isStart Runnables Tasks
Blink

In this state, an LED will blink.

 true
UART

A state that is entered if the user has pressed the button. Here, periodic UART messages are sent.

 false

Hardware Layer

Hardware Components (3)

Hardware used by the task.

Component Type Start End SIL req SIL ach Sub-Components Technical Functions sub Technical Functions Requirements sub Requirements
Arm® Cortex®-M4

Arm® 32-bit Cortex®-M4 CPU with FPU, Adaptive real-time accelerator (ART Accelerator) allowing 0-wait state execution from Flash memory, frequency up to 180 MHz, MPU, 225 DMIPS/1.25 DMIPS/MHz (Dhrystone 2.1), and DSP instructions

 Core - - - QM
USART

UART module connected to pin TX/RX PA2/PA3 at 115200 8N1

 Periphery USART2_BASE USART3_BASE - 1 - QM
main

The STM32F446RE RAM module

 RAM 0x20000000 0x2001ffff - QM