Merge pull request #54 from qorix-group/vohae_safety_analysis

process: improve process description safety analysis

Author: masc2023

process/folder_templates/features/feature_name/index.rst

@@ -190,3 +190,4 @@ Footnotes
    safety_planning/index.rst
    safety_analysis/fmea.rst
    safety_analysis/dfa.rst
+   safety_analysis/platform_dfa.rst

process/folder_templates/features/feature_name/safety_analysis/dfa.rst

@@ -13,8 +13,8 @@
    # *******************************************************************************
 
 
-Dependent Failure Analysis
-==========================
+DFA (Dependent Failure Analysis)
+================================
 
 .. document:: [Your Feature Name] DFA
    :id: doc__feature_name_dfa
@@ -23,6 +23,8 @@ Dependent Failure Analysis
    :realizes: wp__feature_dfa
    :tags: template
 
+.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
+
 .. attention::
     The above directive must be updated according to your Feature.
 
@@ -31,23 +33,25 @@ Dependent Failure Analysis
     - Adjust ``status`` to be ``valid``
     - Adjust ``safety`` and ``tags`` according to your needs
 
-Dependent Failure Intitiators
------------------------------
+Dependent Failure Initiators
+----------------------------
 
 .. code-block:: rst
 
-   .. feat_saf_dfa:: <Element descriptor>
-      :id: feat_saf_DFA__<Feature>__<Element descriptor>
-      :violation_id: <ID from Dependent Failure Initiators list :need:`gd_guidl__dfi`>
-      :violation_effect: <Effect caused by the initiator (leading to a violation of a safety goal)>
-      :verifies: <ID from Feature Architecture>
-      :mitigated_by: < NONE|ID from Feature Requirement>
-      :sufficient: <yes|no>
-      :argument: <text to argument why measure is sufficient>
-      :status: <valid|invalid>
+    .. feat_saf_dfa:: <Title>
+       :violates: <Feature architecture>
+       :id: feat_saf_dfa__<Feature>__<Element descriptor>
+       :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
+       :failure_effect: "description of failure effect of the failure initiator on the element"
+       :mitigated_by: <ID from Feature Requirement | ID from AoU Feature Requirement>
+       :mitigation_issue: <ID from Issue Tracker>
+       :sufficient: <yes|no>
+       :status: <valid|invalid>
+
+ .. note::   argument is inside the 'content'. Therefore content is mandatory
 
 .. attention::
     The above directive must be updated according to your feature DFA.
 
-    - Remove the ``code-block``
+    - The above "code-block" directive must be updated
     - Fill in all the needed information in the <brackets>

process/folder_templates/features/feature_name/safety_analysis/fmea.rst

@@ -13,16 +13,18 @@
    # *******************************************************************************
 
 
-Safety Analysis : FMEA
-======================
+FMEA (Failure Modes and Effects Analysis)
+=========================================
 
 .. document:: [Your Feature Name] FMEA
    :id: doc__feature_name_fmea
    :status: draft
    :safety: ASIL_B
-   :realizes: wp__feature_safety_analysis
+   :realizes: wp__feature_fmea
    :tags: template
 
+.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
+
 .. attention::
     The above directive must be updated according to your Feature.
 
@@ -36,18 +38,21 @@ Failure Mode List
 
 .. code-block:: rst
 
-   .. feat_saf_fmea:: <Element descriptor>
-      :id: feat_saf_FMEA__<Feature>__<Element descriptor>
-      :failure_mode: <ID from fault model :need:`gd_guidl__fault_models`>
-      :failure_effect: <Effect caused by the failure (leading to a violation of a safety goal)>
-      :verifies: <ID from Feature Architecture>
-      :mitigated_by: < NONE|ID from Feature Requirement>
-      :sufficient: <yes|no>
-      :argument: <text to argument why measure is sufficient>
-      :status: <valid|invalid>
+
+    .. feat_saf_fmea:: <Title>
+       :violates: <Feature architecture>
+       :id: feat_saf_fmea__<Feature>__<Element descriptor>
+       :fault_id: <ID from fault model :need:`gd_guidl__fault_models`>
+       :failure_effect: "description of failure effect of the fault model on the element"
+       :mitigated_by: <ID from Feature Requirement | ID from AoU Feature Requirement>
+       :mitigation_issue: <ID from Issue Tracker>
+       :sufficient: <yes|no>
+       :status: <valid|invalid>
+
+ .. note::   argument is inside the 'content'. Therefore content is mandatory
 
 .. attention::
     The above directive must be updated according to your feature FMEA.
 
-    - Remove the ``code-block``
+    - The above "code-block" directive must be updated
     - Fill in all the needed information in the <brackets>

process/folder_templates/features/feature_name/safety_analysis/platform_dfa.rst

@@ -0,0 +1,59 @@
+..
+   # *******************************************************************************
+   # Copyright (c) 2025 Contributors to the Eclipse Foundation
+   #
+   # See the NOTICE file(s) distributed with this work for additional
+   # information regarding copyright ownership.
+   #
+   # This program and the accompanying materials are made available under the
+   # terms of the Apache License Version 2.0 which is available at
+   # https://www.apache.org/licenses/LICENSE-2.0
+   #
+   # SPDX-License-Identifier: Apache-2.0
+   # *******************************************************************************
+
+
+Platform DFA (Dependent Failure Analysis)
+=========================================
+
+.. document:: Platform DFA
+   :id: doc__platform_dfa
+   :status: draft
+   :safety: ASIL_B
+   :realizes: wp__platform_dfa
+   :tags: template
+
+.. note:: The platform DFA is only performed once at platform level to analyse the dependencies between the features of the platform.
+          The results shall be used as an input for the safety analysis so that general safety mechanisms are only defined once and not in every single safety analysis.
+
+.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
+
+.. attention::
+    The above directive must be updated according to your Feature.
+
+    - Modify ``Your Feature Name`` to be your Feature Name
+    - Modify ``id`` to be your Feature Name in upper snake case preceded by ``doc__`` and succeeded by ``_dfa``
+    - Adjust ``status`` to be ``valid``
+    - Adjust ``safety`` and ``tags`` according to your needs
+
+Dependent Failure Initiators
+----------------------------
+
+.. code-block:: rst
+
+    .. plat_saf_dfa:: <Title>
+       :violates: <Feature architecture>
+       :id: plat_saf_DFA__<Feature>__<Element descriptor>
+       :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
+       :failure_effect: "description of failure effect of the failure initiator on the element"
+       :mitigated_by: <ID from Feature Requirement | ID from AoU Feature Requirement>
+       :mitigation_issue: <ID from Issue Tracker>
+       :sufficient: <yes|no>
+       :status: <valid|invalid>
+.. note::   argument is inside the 'content'. Therefore content is mandatory
+
+.. attention::
+    The above directive must be updated according to the platform DFA.
+
+    - The above "code-block" directive must be updated
+    - Fill in all the needed information in the <brackets>

process/folder_templates/features/feature_name/safety_planning/index.rst

@@ -70,7 +70,7 @@ Feature Safety Planning
       - :need:`doc__feature_name_architecture`
       - doc :ndf:`copy('status', need_id='doc__feature_name_architecture')` & WP below
 
-    * - :need:`wp__feature_safety_analysis`
+    * - :need:`wp__feature_fmea`
       - <link to process>
       - <automated>
       - <link to issue>

process/folder_templates/modules/module_name/component_name/docs/safety_analysis/dfa.rst

@@ -13,8 +13,8 @@
    # *******************************************************************************
 
 
-Dependent Failure Analysis
-==========================
+DFA (Dependent Failure Analysis)
+================================
 
 .. document:: [Your Component Name] DFA
    :id: doc__component_name_dfa
@@ -23,6 +23,8 @@ Dependent Failure Analysis
    :realizes: wp__sw_component_dfa
    :tags: template
 
+.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
+
 .. attention::
     The above directive must be updated according to your Component.
 
@@ -31,23 +33,25 @@ Dependent Failure Analysis
     - Adjust ``status`` to be ``valid``
     - Adjust ``safety`` and ``tags`` according to your needs
 
-Dependent Failure Intitiators
------------------------------
+Dependent Failure Initiators
+----------------------------
 
 .. code-block:: rst
 
-   .. comp_saf_dfa:: <Element descriptor>
-      :id: comp_saf_DFA__<Component>__<Element descriptor>
-      :violation_id: <ID from Dependent Failure Initiators list :need:`gd_guidl__dfi`>
-      :violation_effect: <Effect caused by the initiator (leading to a violation of a safety goal)>
-      :verifies: <ID from Component Architecture>
-      :mitigated_by: < NONE|ID from Component Requirement>
-      :sufficient: <yes|no>
-      :argument: <text to argument why measure is sufficient>
-      :status: <valid|invalid>
+    .. comp_saf_dfa:: <Title>
+       :violates: <Component architecture>
+       :id: comp_saf_dfa__<Component>__<Element descriptor>
+       :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
+       :failure_effect: "description of failure effect of the failure initiator on the element"
+       :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement>
+       :mitigation_issue: <ID from Issue Tracker>
+       :sufficient: <yes|no>
+       :status: <valid|invalid>
+
+.. note::   argument is inside the 'content'. Therefore content is mandatory
 
 .. attention::
     The above directive must be updated according to your component DFA.
 
-    - Remove the ``code-block``
+    - The above "code-block" directive must be updated
     - Fill in all the needed information in the <brackets>

process/folder_templates/modules/module_name/component_name/docs/safety_analysis/fmea.rst

@@ -13,16 +13,18 @@
    # *******************************************************************************
 
 
-Safety Analysis : FMEA
-======================
+FMEA (Failure Modes and Effects Analysis)
+=========================================
 
 .. document:: [Your Component Name] FMEA
    :id: doc__component_name_fmea
    :status: draft
    :safety: ASIL_B
-   :realizes: wp__sw_component_safety_analysis
+   :realizes: wp__sw_component_fmea
    :tags: template
 
+.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
+
 .. attention::
     The above directive must be updated according to your Component.
 
@@ -36,18 +38,20 @@ Failure Mode List
 
 .. code-block:: rst
 
-   .. comp_saf_fmea:: <Element descriptor>
-      :id: comp_saf_FMEA__<Component>__<Element descriptor>
-      :failure_mode: <ID from fault model :need:`gd_guidl__fault_models`>
-      :failure_effect: <Effect caused by the failure (leading to a violation of a safety goal)>
-      :verifies: <ID from Component Architecture>
-      :mitigated_by: < NONE|ID from Component Requirement>
-      :sufficient: <yes|no>
-      :argument: <text to argument why measure is sufficient>
-      :status: <valid|invalid>
+    .. comp_saf_fmea:: <Title>
+       :violates: <Component architecture>
+       :id: comp_saf_fmea__<Component>__<Element descriptor>
+       :fault_id: <ID from fault model :need:`gd_guidl__fault_models`>
+       :failure_effect: "description of failure effect of the fault model on the element"
+       :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement>
+       :mitigation_issue: <ID from Issue Tracker>
+       :sufficient: <yes|no>
+       :status: <valid|invalid>
+
+.. note::   argument is inside the 'content'. Therefore content is mandatory
 
 .. attention::
     The above directive must be updated according to your component FMEA.
 
-    - Remove the ``code-block``
+    - The above "code-block" directive must be updated
     - Fill in all the needed information in the <brackets>

process/folder_templates/modules/module_name/docs/safety_mgt/module_safety_plan.rst

@@ -197,7 +197,7 @@ Component <name> Work products List
           - Checklist used in Pull Request Review
           - n/a
 
-        * - :need:`wp__sw_component_safety_analysis`
+        * - :need:`wp__sw_component_fmea`
           - <Link to process>
           - <automated>
           - <Link to issue>
@@ -281,7 +281,7 @@ If the OSS element is classified as a
           - <Link to issue>
           - <Reasoning for tailoring, needed for example in case of deficits in process Id 3&4 and complexity Ids 1&4>
 
-        * - :need:`wp__sw_component_safety_analysis`
+        * - :need:`wp__sw_component_fmea`
           - <Link to issue>
           - <Reasoning for tailoring, could help arguing too high cyclomatic complexity covered by safety mechanisms>