Module Functionalities
The Qt Safe Renderer installation contains the Qt Safe Renderer runtime component and tools that enable the runtime component related work on a host platform. For more information, see Qt Safe Renderer Runtime Component and Qt Safe Renderer Tools.
The commercial customers of Qt Safe Renderer have access to the module architecture and design documentation. These documents provide more detailed information about the module structure and architecture. After you have installed Qt Safe Renderer to your host platform, you find the documents under <Qt installation directory>/Docs/QtSafeRenderer-<version>/.
Qt Safe Renderer Runtime Component
The Qt Safe Renderer runtime component is the Qt Safe Renderer application binary that runs on the target device. The runtime component consists of all the content inside the SafeRenderer
namespace. See Qt Safe Renderer C++ Classes for detailed information about the SafeRenderer namespace. Before you can use the runtime component, you must build it from sources as instructed in the platform-specific build instructions that are listed in Building Qt Safe Renderer.
Partitioning Safety-Critical Functionality
The Qt Safe Renderer runtime component is designed to be integrated into a system that has separate processes for safety-critical and non-safety functionality. The Qt Safe Renderer runtime ensures graphical rendering of safety-critical information by partitioning the related functionality into an independent subsystem that is run on its own process. In this documentation, the non-safe part of the system is called the main UI (user interface). As the Qt Safe Renderer runtime and the main UI run on separate processes, the main UI functionality does not depend on the Qt Safe Renderer runtime. For more information about how to integrate the Qt Safe Renderer runtime component into your system, see Integrating Qt Safe Renderer.
The Qt Safe Renderer runtime has been studied for several architectural models for the underlying system. In case of all kind of underlying architectural models, Qt Safe Renderer observes the status of the main UI, that is, the UI that contains all non-safe UI elements. Qt Safe Renderer receives a periodical heartbeat signal that indicates the main UI is running. If the heartbeat signal times out, Qt Safe Renderer assumes that the main UI is no longer running.
Note: The application developer must implement heartbeat handling in the application side. It is not automatically handled by the Qt Safe Renderer. For more information, see theTelltales: Rendering Safety-Critical UI example.
For more information about the architectural models, see the Qt Safe Renderer architecture documentation and White Paper: Functional Safety and Qt.
Rendering Safety-Critical and Non-Safe UI
Qt Safe Renderer renders safety-critical UI elements on the target device screen on basis of a safe layout data that is provided to it. All the safety-critical elements are rendered as raw bitmaps. Qt Safe Renderer assumes that the target device provides a way to set up the graphics overlays as the screen will have separate graphics planes for safety-critical and non-safe content. As the plane that contains the safety-critical UI elements is the topmost graphics layer, it is always visible regardless of the graphics drawn on other graphics planes.
Even if Qt Safe Renderer is responsible for rendering the safety-critical UI elements, the non-safe main UI may request a certain position for the elements. However, these requests are purely advisory and Qt Safe Renderer may ignore them in case of a sanity check failure
Messaging Interface
Qt Safe Renderer takes care of rendering the safety-critical UI in its own process. Qt Safe Renderer uses its messaging interface to communicate via a system bus with the non-safe part of the UI and the underlying system. However, the system bus communication protection is not part of the Qt Safe Renderer functionality. When you integrate Qt Safe Renderer to your own system, you must take care of the system bus communication protection yourself.
A heartbeat signal from the main UI occurs periodically. It informs Qt Safe Renderer that the non-safe partition is running. If the heartbeat signal times out, Qt Safe Renderer assumes that the non-safe partition is no longer in a known good state. If the heartbeat signal stops, the application developer needs to decide how to handle the situation. Qt Safe Renderer keeps rendering the safety-critical UI elements even if the heartbeat signal has stopped.
The main UI can request to position the safety-critical UI elements. The non-safe partition may request to place the UI elements at a certain position on a target device. Qt Safe Renderer ignores illegal position requests and throws exceptions depending on how the sanity check of the layout data has failed. An adaptation of Qt Safe Renderer can catch and ignore the illegal layouts or send error messages about them.
See Integrating Qt Safe Renderer for detailed information about the messaging interface issues that you must consider when you integrate Qt Safe Renderer into your system.
The following Qt Safe Renderer classes are related to the messaging interface:
- SafeRenderer::StateManager
- SafeRenderer::QSafeEvent and its inherited classes
Design and Implementation Constraints
Qt Safe Renderer design and implementation have the following constraints:
- As recommended in table 3 in ISO 26262 Part 6, the module structure is as small and focused as possible.
- After initialization, dynamic memory allocation is not allowed.
- Central processing unit (CPU) implementation has only one thread.
- Whenever possible, Qt Safe Renderer follows static configuration techniques instead of dynamic configuration techniques. Thus a compile-time configuration is preferred over a run-time configuration.
- Coding follows MISRA C++ Guidelines for critical systems.
Note: The MISRA C++ guidelines are followed in the classes that are included into the
SafeRenderer
namespace. The example code that is part of the Qt Safe Renderer installation does not fully follow the MISRA C++ guidelines.
Working with Qt Safe Renderer and Qt Tools
Qt Safe Renderer provides a seamless integration with the Qt toolchain. In Qt Safe Renderer, the safety-critical UI elements are implemented as QML Types. You can use Qt Creator together with the QML language and Qt Quick Designer to develop a UI that contains both safety-critical and non-safe content. Qt Creator provides a cross-platform, complete integrated development environment (IDE) for application developers to create applications.
For developing the safety-critical parts of the UI, Qt Safe Renderer provides a new tool called Qt Safe Layout Tool. It is used for generating layout data for the safety-critical UI elements.
By using Qt Quick Designer and Qt Creator, you can test the look and feel of your UI on the host platform even if the UI is actually targeted for an embedded platform. The executable generated for the host platform includes both safety-critical and non-safe UI elements. However, when you build an executable for your target device, the executable contains the non-safe UI elements and only placeholders for the safety-critical UI elements. The safety-critical layout data is not part of the executable that resides on the target device. Instead, Qt Safe Renderer is fully responsible for rendering the safety-critical UI elements and the main UI renders everything else.
Qt Safe Layout Tool
Qt Safe Renderer contains Qt Safe Layout Tool that generates properly formatted layout data for Qt Safe Renderer. The tool generates the layout data that stores the bitmaps for the safety-critical UI elements in an ARGB32 format. The generated data contains all the information Qt Safe Renderer needs for rendering safety-critical UI elements. Users of Qt Safe Renderer are not allowed to change manually the content of the generated safe layout data. Qt Safe Renderer validates the layout data against a checksum that is included in the layout data.
Your UI can contain both safety-critical and non-safety UI elements. When you create a UI with Qt Quick Designer, you can use any QML types to construct non-safety parts of the UI. To create safety-critical parts of the UI, you must use the safe QML types provided by Qt Safe Renderer. Qt Safe Layout Tool generates the safe layout data only for safe QML types provided by Qt Safe Renderer.
You can easily make your Qt project to use Qt Safe Layout Tool. You just need to specify a Qt Safe Renderer related configuration option for your project. Then, when you create a UI with Qt Quick Designer and build the project with Qt Creator, your project automatically utilizes Qt Safe Layout Tool. For more information, see Safety-Critical UI with Qt Quick Designer.
Qt Safe Renderer OverviewSupported Development Environment
Available under certain Qt licenses.Find out more.