What is Functional Safety?

The objective of functional safety is to avoid an unacceptable risk of injury or damage to the health of people. The following are examples of such cases:

• The detection of brake failure in a car and showing indication about this to a driver.
• The detection of a malfunction in a medical device and shutting down the device operations as a result of this.

Functional safety applies to many vertical industries, such as automotive, medical, and automation:

• In the automotive industry, it is essential that safety-critical information in the digital displays is rendered even if some malfunction prevents rendering of the non-safety information in the UI (user interface).
• In medical industry, nurses, doctors, and technicians use safety-critical medical devices that must be safe to use.
• In automation industry, there is need for well-placed, prominent error indicators.

There are several ISO certification standards that are used to validate that components and systems are safe.

Functional Safety with Qt Safe Renderer

Certification of the whole Qt for functional safety is not economically feasible. The Qt framework includes too large amount of code, and features making Qt powerful and efficient framework are considered risky for safety-critical systems. For example, Qt uses advanced C++ features and allocates memory dynamically.

Qt Safe Renderer provides a solution for developers who want to use Qt for developing functional safety applications:

• With Qt Safe Renderer, you can render safety-critical graphics in your application UI.
• Even if there are failures in the non-safety parts of UI, Qt Safe Renderer is able to render the safety-critical UI elements, such as warning indicators.
• Qt Safe Renderer does not use dynamic memory allocation. Instead, all memory is allocated at startup.
• Coding follows MISRA C++ and MISRA C Guidelines for critical systems.

The Qt Safe Renderer installation contains pre-certified application binary called runtime component. The Qt Safe Renderer runtime component renders the safety-critical UI on your target device. It is designed to be deployed in a combined architecture with a non-safety UI which is primarily responsible for all those system functions which are not safety-related.