Qt安全渲染器监视器

Qt Safe Renderer Monitor

Qt安全渲染器监视器

September 05, 2022 by Asmo Saarela | Comments

​2022年9月5日 由阿斯莫·萨雷拉|评论

Qt Safe Renderer Monitor: Verifying the Rendering Output

Qt安全渲染器监视器：验证渲染输出

The Qt Safe Renderer is our solution for creating user interfaces (UI) for safety-critical systems. Since 2017 the Qt Safe Renderer has been used by multiple customers and certified for different functional safety standards. With the upcoming version 2.0, we are introducing a new approach for validating the correct rendering of safety-critical information – the Monitor.

​Qt安全渲染器是我们为安全关键系统创建用户界面（UI）的解决方案。自2017年以来，Qt安全渲染器已被多个客户使用，并已通过不同功能安全标准的认证。在即将发布的2.0版中，我们将引入一种新方法，用于验证安全关键信息的正确呈现——监视器。

Functional safety applies to many industries, such as automation, medical, railway, and automotive. Safety-critical information in the digital displays must be correct, even if some malfunction prevents rendering the other parts of the user interface. Qt Safe Renderer provides a solution for rendering the safety-critical information to achieve functional safety. It can be used with Qt or other user interface technologies – or even for creating the whole user interface in some cases.

功能安全适用于许多行业，如自动化、医疗、铁路和汽车。数字显示器中的安全关键信息必须正确，即使某些故障妨碍了用户界面的其他部分。Qt安全渲染器提供了一种用于渲染安全关键信息以实现功能安全的解决方案。它可以与Qt或其他用户界面技术一起使用，甚至在某些情况下可以创建整个用户界面。

The upcoming Qt Safe Renderer 2.0 release contains many new groundbreaking features. This blog illustrates the monitoring of the rendering output feature.

即将发布的Qt安全渲染器2.0版本包含许多新的突破性功能。本博客演示了渲染输出功能的监控。

An extra layer of safety with monitoring

一层额外的安全监控

Created to meet strict functional safety requirements, the Qt Safe Renderer (QSR) ensures safe rendering by partitioning the safety-critical functionality into an independent subsystem run on its process. With the new Monitor component, Qt Safe Renderer can be used to create a safety-critical user interface to a broader set of different processors and allow more versatile system architectures.

Qt安全渲染器（QSR）是为了满足严格的功能安全要求而创建的，它通过将安全关键功能划分为一个独立的子系统来确保安全渲染。有了新的监视器组件，Qt安全渲染器可用于为更广泛的不同处理器创建安全关键用户界面，并允许更通用的系统架构。

After the safety-critical UI is rendered, the Monitor component verifies that it is displayed correctly. This approach also allows using the Qt Safe Renderer in environments that do not provide safety-certified rendering hardware. Using the Monitor, it is also possible in certain use cases to achieve higher levels of functional safety via the additional checking for correct rendering.

呈现安全关键UI后，监视器组件将验证其是否正确显示。这种方法还允许在不提供安全认证渲染硬件的环境中使用Qt安全渲染器。使用监视器，在某些使用情况下，还可以通过对正确渲染的额外检查来实现更高级别的功能安全。

The block diagram below depicts the control and data flows at a high level. Customers want the optional Monitor for the rendered output in the safety-critical systems.

下面的框图描述了高层的控制和数据流。客户希望为安全关键系统中的渲染输出提供可选监视器。

Customers can mitigate the risks with the help of the new feature. And while doing so, more complex systems can be developed. These systems often contain many software and hardware components. Modern chipsets often contain a microcontroller that can run a separate monitor.

客户可以在新功能的帮助下降低风险。在这样做的同时，可以开发更复杂的系统。这些系统通常包含许多软件和硬件组件。现代芯片组通常包含可以运行单独监视器的微控制器。

Now there is an automatic sort of watchdog checking for any unexpected errors. The application developers can define the actions in case of errors. The Monitor is an optional feature. You can also create safety applications without it.

现在有了一种自动的看门狗来检查任何意外错误。应用程序开发人员可以定义发生错误时的操作。监视器是可选功能。您也可以创建安全应用程序而不使用它。

See the Monitor in action!

看到监视器在运行！

The monitoring example is shown in action with the example of the indicator. The below screen capture shows the indicators on the top left corner. There are animations and state transitions ongoing. Different telltales (Safe Pictures) are either made visible or hidden and have a solid background fill color. The gear selection (Safe Images) is animated as well. 

​监控示例与指示器示例一起显示。下面的屏幕截图显示了左上角的指示器。动画和状态转换正在进行。不同的信号装置（安全图片）或可见或隐藏，并具有纯色背景填充颜色。档位选择（安全图像）也会设置动画

The top right corner shows the monitor example in a separate application. In case of an error, the safe QML object identification code is shown, and the mismatching fingerprint is listed. The lower part shows the test harness used to stimulate different exceptional cases. The red battery icon is toggled off while it should be visible. The Monitor shows an error for it. Also, the position is set to overlap with another Safe Picture. Once the overlapping is removed, the error messages are no longer added.

右上角显示了独立应用程序中的监视器示例。如果出现错误，将显示安全QML对象标识码，并列出不匹配的指纹。下部显示了用于刺激不同例外情况的测试线束。红色电池图标应在可见时关闭。监视器显示了一个错误。此外，该位置被设置为与另一个安全图片重叠。删除重叠后，将不再添加错误消息。

How the system works

系统如何工作

You can enable monitoring for your safety application. Please see the detailed steps from the online documentation.

​您可以为安全应用程序启用监控。请参阅在线文档中的详细步骤。

The tooling generates a unique digital fingerprint for each safe item in the design. These fingerprints are calculated using a cyclic redundancy check (CRC) algorithm. The safe assets can have animations.

该工具为设计中的每个安全项目生成唯一的数字指纹。使用循环冗余校验（CRC）算法计算这些指纹。安全资产可以具有动画。

The monitor checks that reference values match the actual content in the display. If the CRC codes match, then everything is working in the system. The Monitor detects the slightest possible deviation, even if it is invisible to the human eye.

监视器检查参考值是否与显示器中的实际内容匹配。如果CRC码匹配，则系统中的一切都正常工作。即使人眼看不见，监视器也能检测到最轻微的偏差。

If there are errors, the safety application developer decides what to do. Will the error disappear as soon as it appears without action? Or will it disappear after redrawing the screen in a split second? Or is there a need to restart the system and resume after a quick reboot?

如果出现错误，安全应用程序开发人员将决定要做什么。错误一出现就立即消失而不采取行动吗？或者它会在瞬间重新绘制屏幕后消失？还是需要重新启动系统并在快速重新启动后恢复？

Supported safe QML types, environments, and coding standards

支持的安全QML类型、环境和编码标准

The new release supports Snapdragon 6155P and 8155P hardware and QNX operating system. You can verify static information out of the box. If you need support for other platforms, please contact us.

​新版本支持Snapdragon 6155P和8155P硬件以及QNX操作系统。您可以立即验证静态信息。如果您需要其他平台的支持，请联系我们。

The monitor and CRC data are compatible with AUTOSAR (AUTomotive Open System ARchitecture) tools  and MISRA (Motor Industry Software Reliability Association) C coding rules. You can use the data in a separate microcontroller without a file system.

​监视器和CRC数据与AUTOSAR（汽车开放系统架构）工具和MISRA（汽车工业软件可靠性协会）C编码规则兼容。您可以在单独的微控制器中使用数据，而无需文件系统。

You can verify static information with animations, such as safe images, icons, and text. Support for dynamic text verification is planned in later releases.

​可以使用动画（如安全图像、图标和文本）验证静态信息。计划在以后的版本中支持动态文本验证。

QSR 2.0 is expected to be available soon. The pre-release version is already available via the Qt installer. The QSR is part of the Qt for Device Creation Enterprise version. So, you get it as part of the bundle without needing a dedicated QSR license. Shall you have any questions, please don't hesitate to contact us.

QSR 2.0预计将很快推出。预发布版本已通过Qt安装程序提供。QSR是Qt设备创建企业版的一部分。因此，您可以将其作为捆绑包的一部分，而不需要专用的QSR许可证。如果您有任何问题，请随时与我们联系。