[kristoffer]

This does not really mean Qt (and/or QML) is certified. It means there is support in QtCreator for exporting certain graphics (tell tales) so that they can be rendered by Qt Safe Renderer and if that happens on a certified RTOS the system could be certified.

So the Qt libraries or QML renderer are still not certifiable.

[gmueckl]

Nor will they ever be, at least at that high level. The standards are very strict about what is allowed in the code and Qt is coded in a way that is fundamentally incompatible with that.

But that is okay. Isolating the core components that have the highest safety requirement and developing the rest to a lower standard is accepted and good practice. You also need to have an operating system that enforces the separation and a design that guarantees that the safety critical part cannot be disrupted by failures in the rest of the system.

For example, a fancy navigation map display is not safety critical at all and developing that to ASIL standards would be madness. Icon ovelays for engine or braking system failures are quite important, on the other hand. Separating then out into a different process and making sure that it cannot be affected by a misbehaving navigation system is just common sense. So even with the current limits, this is very useful.

[kristoffer]

Sure, I agree that you should limit ASIL certified software as much as possible. Nothing running on Linux will be certified ever.

That also limits the benefits of Qt Safe Renderer. I think it is mostly a marketing thing within the automotive sector. The competitors there (Disti, Kanzi, etc) have their "solutions" for safety critical and say Qt can't handle it. So Qt needs to check the box of "safety critical" to fend for themselves.

Tell tales can quite simply be implemented by hand coding. But there is OpenGL SC which possibly could support more fancy and certified graphics. It could be nice if Qt/QtCreator/Qt3dStudio supported that in some manner. Having a layer that is safety critical and separated out to it's own OpenGL SC code. The usual argument for this kind of stuff is that nice graphical ADAS features (think advances HUDs) will need this (although I think it is still reasonable to hand code it in OpenGL SC).