Qt Safe Renderer Output Verification

The purpose of the output verification is to ensure the integrity of display content for safe items. The integrity check is based on the CRC (Cyclic Redundancy Check) values comparison between offline calculated and the graphics output.

Qt Safe Renderer provides a mechanism for generating the expected CRC and reading the actual output CRC value from the hardware. The actions when a failure is detected are not in the scope of Qt Safe Renderer but are a part of the system logic.

Output verification is supported from Qt Safe Renderer 2.0 onwards.

Using fillColor Property

The background color of the safe item must be solid. Define the background color for safe items using the fillColor property:

In a UI, several graphics buffers are blended in a display processor to form final display content. The output CRC values are calculated from that data. Therefore, the background color of safe items cannot be transparent. Instead, you should use a solid background color.

Also, the solid background color is used when the output verification is done for a hidden safe item. When a safe item is hidden, its icon area in the UI is cleared with a solid color defined in the fillColor property. The output verification for a hidden safe item verifies that the clearing works as expected.

Note: If the background fill color is almost solid, it can make the safety-critical element pass through the contrast check. It is still possible that the CRC output verification fails as the non-safe background can be seen through a partially transparent element, which affects the CRC calculation.

Using of OutputVerifier Class

The output verifier is enabled by creating an instance of the SafeRenderer::OutputVerifier class. The reference is passed to the SafeRenderer::SafeWindow and SafeRenderer::EventHandler as follows:

static OutputVerifier outputVerifier;
static QSafeLayoutResourceReader layout("/layoutData/MainForm/MainForm.ui.srl");
SafeWindow telltaleWindow(layout.size(), QSafePoint(0U, 0U), outputVerifier);
static SafeRenderer::StateManager stateManager(telltaleWindow, layout, background);
EventHandler msgHandler(stateManager, telltaleWindow, outputVerifier);

SafeWindow implementation reads the output CRC value after rendering for the changed items. The result values are stored in the SafeRenderer::OutputVerificationQueue.

The results can be read from the safe renderer process using the SafeRenderer::QSafeEventOutputVerificationStatusRequest event. The output CRC values are packed to the SafeRenderer::QSafeEventOutputVerificationStatusReply event.

The Golden CRC Values

Qt Safe Layout Tool calculates the Golden CRC values for each QML item for the visible and hidden state. The values are stored in the layout file, and they can be read using SafeRenderer::QSafeLayout class.

The following code snippet can be used in the external process to read the golden CRC values for comparison.

struct ExpectedCRCValues {
    quint32 drawCRC;
    quint32 clearCRC;

bool getExpectedCRC(const char*const filenameArg, const quint32 idArg, ExpectedCRCValues &crcValues)
    bool found = false;
    crcValues = {0U, 0U};
    //Initialize the resource
    const QSafeResource res;
    size_t sizeOfData = 0U;
    //Get the resource structure for the layout file
    const quchar *const data = res.data(filenameArg, sizeOfData);
    const QSafeByteArray layoutData(data, sizeOfData);
    //Validate the layout data file
    const quint32 itemCount = QSafeLayout::validateLayout(layoutData);
    size_t offsetInWords = Constraints::LAYOUTDATA_HEADER_SIZE;
    const quint32 layoutDataSize = QSafeLayout::layoutDataSize(QSafeLayout::layoutVersion(layoutData));
    if (data) {
        //Go through the layoutdata file
        for (quint32 i=0U; i<itemCount; i++) {
            const quint32 itemIDOffset = offsetInWords + QSafeLayout::ItemIDOffset;
            const quint32 id = layoutData.readUInt32ValueConst(itemIDOffset);
            //If item is found get the CRC values.
            if (id == idArg) {
                const quint32 drawCRCOffset = offsetInWords + QSafeLayout::OutputCRCDrawOffset;
                const quint32 clearCRCOffset = offsetInWords + QSafeLayout::OutputCRCClearOffset;
                crcValues.drawCRC = layoutData.readUInt32ValueConst(drawCRCOffset);
                crcValues.clearCRC = layoutData.readUInt32ValueConst(clearCRCOffset);
                found = true;
            offsetInWords += layoutDataSize;
    return found;

Updating the output CRC values

The output CRC value is read after every rendering operation for the dirty region. It is also possible to read the CRC value for an individual item manually. The CRC value of the single item can be updated using the SafeRenderer::QSafeEventOutputVerificationVerifyItem event.

Reading the output CRC values

The output CRC values are stored in the SafeRenderer::OutputVerificationQueue class. The values from the queue can be read using the SafeRenderer::QSafeEventOutputVerificationStatusRequest event. The SafeRenderer::QSafeEventOutputVerificationStatusReply contains the list of the ID and CRC pairs.


Verifying the dynamic text output is not supported.

Supported Hardware

The functionality is supported with the following reference hardware configurations:

Available under certain Qt licenses.
Find out more.