Integrating Qt Safe Renderer

General Prerequisites

In order to successfully use Qt Safe Renderer and integrate it into your system, you must have the following knowledge about Qt and related tools:

  • Experience of C++ and object-oriented software development
  • Knowledge of functionality and requirements in safety-critical systems
  • Experience of developing software for the target device

We recommend you to introduce yourself to the Qt and the Qt tools. If you are our commercial customer and have questions concerning Qt, you can contact our support team. Qt Consulting Services can also help with the issues that are out of the scope of the standard support.

Adapting Qt Safe Renderer for Systems

The core parts of Qt Safe Renderer contain the code inside the SafeRenderer namespace. The implementation of the safety-critical requirements covers only the core parts of Qt Safe Renderer. The related classes are listed in Qt Safe Renderer C++ Classes.

The Qt Safe Renderer core functionality never changes but some parts of Qt Safe Renderer are system specific. For example, a system bus can be system-specific and a system event handler needs to be tailored accordingly. Also, graphics system depends on the used target device hardware.

If you need to adapt Qt Safe Renderer for a system that is not supported by the Qt Safe Renderer reference implementation, the following components may be adapted per system:

  • Communication interfaces used between the safety-critical and non-safe partitions
    • Heartbeat messages. If the heartbeat times out, it is up to an application developer to decide how to handle the situation. Qt Safe Renderer continues to render the safety-critical UI elements normally even if the heartbeat messages are not received. The application developer can configure the heartbeat message interval.
    • Positioning messages
    • For more information about the messaging interface, see SafeRenderer::QSafeEvent and QSafeMessageInterface, and their inherited classes.
  • Graphical rendering output. For more information, see SafeRenderer::AbstractFrameBuffer and SafeRenderer::AbstractWindow.
  • Interface for listening system messages, like a CAN bus or FlexRay.

    Note: A protection of system bus communication is not part of Qt Safe Renderer. Instead, when you integrate Qt Safe Renderer you must take care of that yourself.

  • Qt Safe Renderer preallocates the required memory on a system startup. However, allocation of output targets, such as hardware layers, must be done via system-specific interfaces.

Qt Safe Renderer provides a reference implementation for the features that are listed above. If it is not suitable for your system and you need to modify or add new implementation, you must carefully check if the requirements defined in ISO 26262-6 chapter 7.4. are still met.

Note: The Qt Safe Renderer architecture and design documentation describe the communication interface. These documents are part of the Qt Safe Renderer installation.

MISRA C++ Rules and Exception Handling

The ISO 26262 standard does not require MISRA C++ rules to be followed. However, as it is a likely case that the Qt Safe Renderer derived project follows MISRA C++ rules, also Qt Safe Renderer follows MISRA C++ Guidelines for critical systems.

If you integrate Qt Safe Renderer into a project that follows the MISRA C++ rules, you must ensure that main.cpp in the safety-critical partition is MISRA C++ compatible. All exceptions that are thrown from the constructor functions of SafeRenderer::StateManager and SafeRenderer::QSafeLayoutFileReader and SafeRenderer::QSafeLayoutResourceReader must be caught individually in the safe part of the code and a decision must be made how to handle them. After the QSR runtime initialization phase, possible runtime exceptions are documented in the SafeRenderer::StateManager.

Watchdog integration

You can have a watchdog that monitors Qt Safe Renderer and if needed, restarts Qt Safe Renderer. The watchdog can assume that if the Qt Safe Renderer process is up and running, it renders the safety-critical content properly.

There is the reference implementation for process watcher in Qt Safe Renderer Examples.

Backward Compatibility

Qt Safe Renderer 1.0 is the first release of Qt Safe Renderer. Thus the backward compatibility concerns only the Qt Safe Renderer versions later than 1.0. The rules for backward compatibility will be defined in the future Qt Safe Renderer releases.

Available under certain Qt licenses.
Find out more.