Functional Safety in Qt
The objective of functional safety is to avoid an unacceptable risk of injury or damage to the health of people. The following are examples of such cases:
- The detection of brake failure in a car and showing indication about this to a driver.
- The detection of a malfunction in a medical device and shutting down the device operations as a result of this.
Functional safety applies to many vertical industries, such as automotive, medical, and automation:
- In the automotive industry, it is essential that safety-critical information in the digital displays is rendered even if some malfunction prevents rendering of the non-safety information in the UI (user interface).
- In medical industry, nurses, doctors, and technicians use safety-critical medical devices that must be safe to use.
- In automation industry, there is need for well-placed, prominent error indicators.
There are several ISO certification standards that are used to validate that components and systems are safe.
Certification of the whole Qt for functional safety is not economically feasible. The Qt framework includes too large amount of code, and features making Qt powerful and efficient framework are considered risky for safety-critical systems. For example, Qt uses advanced C++ features and allocates memory dynamically.
Qt Safe Renderer provides a solution for developers who want to use Qt for developing functional safety applications:
- With Qt Safe Renderer, you can render safety-critical graphics in your application UI.
- Even if there are failures in the non-safety parts of UI, Qt Safe Renderer is able to render the safety-critical UI elements, such as warning indicators.
- Qt Safe Renderer does not use dynamic memory allocation. Instead, all memory is allocated at startup.
- Coding follows MISRA C++ and MISRA C Guidelines for critical systems.
Qt Safe Renderer is designed to be integrated into a system that has a separate processes for safety-critical and non-safety functionality:
- Qt Safe Renderer ensures graphical rendering of safety-critical information by partitioning the related functionality into an independent subsystem that is run on its own process.
- Qt Safe Renderer monitors operation of the main UI and errors in the main UI do not affect the rendering of safety-critical information.
- Instead, Qt Safe Renderer restarts the main UI after detecting errors.
To use Qt Safe Renderer, your target device system must fulfill the following requirements:
- System must support partition between the safe and non-safe functionalities.
- There must be independent rendering of safety-related graphical output.
- It must be possible to concurrently render safe and non-safe graphical output.
Available under certain Qt licenses.
Find out more.