diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index b83df5e9c1..a242b5a213 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -38,5 +38,5 @@ jobs: id-token: write with: - bazel-target: "//process:github_pages__latest" + bazel-target: "//process:incremental_latest" retention-days: 3 diff --git a/MODULE.bazel b/MODULE.bazel index cb39bea660..bd6c709b6e 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -59,4 +59,4 @@ bazel_dep(name = "score_python_basics", version = "0.3.2") bazel_dep(name = "score_cr_checker", version = "0.2.2") bazel_dep(name = "score_format_checker", version = "0.1.1") bazel_dep(name = "score_platform", version = "0.1.1") -bazel_dep(name = "score_docs_as_code", version = "0.3.0") +bazel_dep(name = "score_docs_as_code", version = "0.3.2") diff --git a/process/_assets/score_process_area_overview.drawio.svg b/process/_assets/score_process_area_overview.drawio.svg index a617085cb0..be313e7b26 100644 --- a/process/_assets/score_process_area_overview.drawio.svg +++ b/process/_assets/score_process_area_overview.drawio.svg @@ -1,4 +1,873 @@ - - - -


Process Areas - Development










 
Process Areas - Development...
Introduction
Introduction


Process Areas - Management










 
Process Areas - Management...
Requirements
Enngineering





Requirements...
Safety
Management
Safety...


Change Management

Change Managem...
Documentation
Management
Documentation...
General Concepts
General Concepts
Standards
Standards
Role definition
Role definition

Architecture





Architectur...
Imple-mentation

(Detailed Design,
Coding)
Imple-menta...
Problem Resolution
Problem Resolu...
ML 4
ML 4
ML 2
ML 2
ML 1
ML 1


Verification






Verificatio...
Configuration
Management
Configuration...
Tool
Management
Tool...
Quality
Management
Quality...
Project
Management
Project...
Maturity Level
Maturity Level
ML 0
ML 0
Safety
Analysis




Safety...
Work Products
Work Products
How To Contribute
How To Contribute
ML 3
ML 3
Plan
Process definition planned
Documents not available or most empty
Plan -...
Initial
Process definition in place, but not yet compliant, consistency across S-CORE platform, modules and repeatability of processes may not be possible.
Documents are mostly available, main parts done, principles clear, all top level questions addressed, well structured
Initial -...
Managed -
Process definition in place but not yet deployed in S-CORE, but execution would allow consitency across S-CORE platform and modules, repeatability of processes possible
Documents are complete, documented on a comprehensible systematic approach, verified, only minor questions open
Managed -...
Defined/Practiced
Deployed (at least once) in S-CORE platform or one Module, The processes have been practiced, and evidence exists to demonstrate that this has occurred. 
Document are complete, verified and released
Defined/Practiced -...
Improving - 
Deployed on S-CORE platform and various S-CORE Modules and constantly improving, using suitable process metrics, S-CORE commiter control the effectiveness and performance of the platform and modules and demonstrate continuous improvement in these areas.
Improving -...
Release
Management
Release...Text is not SVG - cannot display \ No newline at end of file + + + + + + + + + + +
+
+
+ +
+
+ Process Areas - Development +
+
+
+
+
+
+
+
+
+
+
+ +
+
+
+ + + Process Areas - Development... + + + + + + + + + + + +
+
+
+ + Introduction + +
+
+
+ + + Introduction + + + + + + + + + + + +
+
+
+ +
+
+ Process Areas - Management +
+
+
+
+
+
+
+
+
+
+
+ +
+
+
+ + + Process Areas - Management... + + + + + + + + + + + +
+
+
+ Requirements +
+ Enngineering +
+
+
+
+
+
+
+
+
+ + + Requirements... + + + + + + + + + + + +
+
+
+ Safety +
+ Management +
+
+
+ + + Safety... + + + + + + + + + + + +
+
+
+
+
+ Change Management +
+
+
+
+
+ + + Change Managem... + + + + + + + + + + + +
+
+
+ Documentation +
+ Management +
+
+
+ + + Documentation... + + + + + + + + + + + +
+
+
+ + General Concepts + +
+
+
+ + + General Concepts + + + + + + + + + + + +
+
+
+ + Standards + +
+
+
+ + + Standards + + + + + + + + + + + +
+
+
+ + Role definition + +
+
+
+ + + Role definition + + + + + + + + + + + +
+
+
+
+ Architecture +
+
+
+
+
+
+
+
+
+ + + Architectur... + + + + + + + + + + + +
+
+
+ Imple-mentation +
+
+ (Detailed Design, +
+ Coding) +
+
+
+ + + Imple-menta... + + + + + + + + + + + +
+
+
+ Problem Resolution +
+
+
+ + + Problem Resolu... + + + + + + + + + + + +
+
+
+ ML 4 +
+
+
+ + + ML 4 + + + + + + + + + + + +
+
+
+ ML 2 +
+
+
+ + + ML 2 + + + + + + + + + + + +
+
+
+ ML 1 +
+
+
+ + + ML 1 + + + + + + + + + + + +
+
+
+
+
+ Verification +
+
+
+
+
+
+
+
+
+
+ + + Verificatio... + + + + + + + + + + + +
+
+
+ Configuration +
+ Management +
+
+
+ + + Configuration... + + + + + + + + + + + +
+
+
+ Tool +
+ Management +
+
+
+ + + Tool... + + + + + + + + + + + +
+
+
+ Quality +
+ Management +
+
+
+ + + Quality... + + + + + + + + + + + +
+
+
+ Project +
+ Management +
+
+
+ + + Project... + + + + + + + + + + + +
+
+
+ + Maturity Level + +
+
+
+ + + Maturity Level + + + + + + + + + + + +
+
+
+ ML 0 +
+
+
+ + + ML 0 + + + + + + + + + + + +
+
+
+ Safety +
+ Analysis +
+
+
+
+
+
+
+
+ + + Safety... + + + + + + + + + + + +
+
+
+ + Work Products + +
+
+
+ + + Work Products + + + + + + + + + + + +
+
+
+ + How To Contribute + +
+
+
+ + + How To Contribute + + + + + + + + + + + +
+
+
+ ML 3 +
+
+
+ + + ML 3 + + + + + + + + + + + +
+
+
+ + Plan + + - +
+ + Process definition planned +
+ Documents not available + + or most empty +
+
+
+ + + Plan -... + + + + + + + + + + + +
+
+
+ + Initial + + - +
+ + Process definition in + + + place, but not yet compliant, + + + consistency across S-CORE platform, modules and repeatability of processes may not be possible. +
+ Documents are mostly available, main parts done, principles clear, all top level questions addressed, well structured +
+ +
+
+
+ + + Initial -... + + + + + + + + + + + +
+
+
+ + Managed + + - +
+ + Process definition in place but not + + + yet deployed in S-CORE, but + + + execution would allow consitency across S-CORE platform and modules, repeatability of processes possible +
+ Documents are complete, documented on a comprehensible systematic approach, verified, only minor questions open +
+ +
+
+
+ + + Managed -... + + + + + + + + + + + +
+
+
+ + Defined/Practiced + + - +
+ + Deployed (at least once) in S-CORE platform or one Module, + + + + The processes have been practiced, and evidence exists to demonstrate that this has occurred. + +
+ + Document are complete, verified and released + +
+ +
+
+
+ + + Defined/Practiced -... + + + + + + + + + + + +
+
+
+ Improving - +
+ + Deployed on S-CORE platform and various S-CORE Modules and + + + constantly improving, u + + + sing suitable process metrics, S-CORE commiter control the effectiveness and performance of the platform and modules and demonstrate continuous improvement in these areas. + +
+
+
+ + + Improving -... + + + + + + + + + + + +
+
+
+ Release +
+ Management +
+
+
+ + + Release... + + + + + + + + + + Text is not SVG - cannot display + + + + \ No newline at end of file diff --git a/process/process_areas/index.rst b/process/process_areas/index.rst index 05cd8d763d..ed4b8f8066 100644 --- a/process/process_areas/index.rst +++ b/process/process_areas/index.rst @@ -28,6 +28,7 @@ Process Areas problem_resolution/index.rst release_management/index.rst requirements_engineering/index.rst + safety_analysis/index.rst safety_management/index.rst tool_management/index.rst verification/index.rst diff --git a/process/process_areas/safety_analysis/_assets/safety_analysis_component.drawio.svg b/process/process_areas/safety_analysis/_assets/safety_analysis_component.drawio.svg new file mode 100644 index 0000000000..65415ea5e7 --- /dev/null +++ b/process/process_areas/safety_analysis/_assets/safety_analysis_component.drawio.svg @@ -0,0 +1,479 @@ + + + + + + + + + + + +
+
+
+ uses +
+
+
+ + + uses + + + + + + + + + + + + +
+
+
+ Actor +
+
+
+ + + Actor + + + + + + + + + + + +
+
+
+ User +
+
+
+ + + User + + + + + + + + + + + +
+
+
+ kvstorage +
+
+
+ + + kvstorage + + + + + + + + + + + + + + + +
+
+
+ fs +
+
+
+ + + fs + + + + + + + + + + + +
+
+
+ kvs +
+
+
+ + + kvs + + + + + + + + + + + + + + +
+
+
+ Example: Component architecture kvstorage +
+
+
+ + + Example: Component architecture kvstorage + + + + + + + + + + + +
+
+
+ COMPONENT +
+
+
+ + + COMPONENT + + + + + + + + + + + +
+
+
+ PUBLIC API +
+
+
+ + + PUBLIC API + + + + + + + + + + + +
+
+
+ SW Module: +
+
+
+ + + SW Module: + + + + + + + + + + + +
+
+
+ Feature: +
+
+
+ + + Feature: + + + + + + + + + + + +
+
+
+ + SEooC: + +
+
+
+ + + SEooC: + + + + + + + + + + + +
+
+
+ kvs +
+
+
+ + + kvs + + + + + + + + + + + +
+
+
+ fs +
+
+
+ + + fs + + + + + + + + + + + + +
+
+
+ Actor +
+
+
+ + + Actor + + + + + + + + + + + +
+
+
+ User +
+
+
+ + + User + + + + + + + + + + + + + + + + + + + + + +
+
+
+ open KVS +
+
+
+ + + open KVS + + + + + + + + + + + + +
+
+
+ Read defaults file +
+
+
+ + + Read defaults file + + + + + + + + + + + + +
+
+
+ Defaults  file content +
+
+
+ + + Defaults  file content + + + + + + + + + + + + +
+
+
+ KVS instance +
+
+
+ + + KVS instance + + + + + + + + + + + +
+
+
+ Interface 1 +
+
+
+ + + Interface 1 + + + + + + + + + + Text is not SVG - cannot display + + + + \ No newline at end of file diff --git a/process/process_areas/safety_analysis/_assets/safety_analysis_feature.drawio.svg b/process/process_areas/safety_analysis/_assets/safety_analysis_feature.drawio.svg new file mode 100644 index 0000000000..06cf69f6c0 --- /dev/null +++ b/process/process_areas/safety_analysis/_assets/safety_analysis_feature.drawio.svg @@ -0,0 +1,502 @@ + + + + + + + + + + +
+
+
+ Platform +
+
+
+ + + Platform + + + + + + + + + + + +
+
+
+ persistency/key-val-storage +
+
+
+ + + persistency/key-val-storage + + + + + + + + + + + + +
+
+
+ uses +
+
+
+ + + uses + + + + + + + + + + + + +
+
+
+ Actor +
+
+
+ + + Actor + + + + + + + + + + + +
+
+
+ KVS +
+
+
+ + + KVS + + + + + + + + + + + +
+
+
+ kvstorage +
+
+
+ + + kvstorage + + + + + + + + + + + +
+
+
+ COMPONENT +
+
+
+ + + COMPONENT + + + + + + + + + + + +
+
+
+ PUBLIC API +
+
+
+ + + PUBLIC API + + + + + + + + + + + +
+
+
+ User +
+
+
+ + + User + + + + + + + + + + + +
+
+
+ SW Module: +
+
+
+ + + SW Module: + + + + + + + + + + + +
+
+
+ Feature: +
+
+
+ + + Feature: + + + + + + + + + + + + + + +
+
+
+ + SEooC: + +
+
+
+ + + SEooC: + + + + + + + + + + + + + + +
+
+
+ json_al +
+
+
+ + + json_al + + + + + + + + + + + + + + +
+
+
+ Example: Feature architecture persistency +
+
+
+ + + Example: Feature architecture persistency + + + + + + + + + + + +
+
+
+ kvstorage +
+
+
+ + + kvstorage + + + + + + + + + + + + +
+
+
+ Actor +
+
+
+ + + Actor + + + + + + + + + + + +
+
+
+ User +
+
+
+ + + User + + + + + + + + + + + + + + + + + + +
+
+
+ Remove key +
+
+
+ + + Remove key + + + + + + + + + + + + +
+
+
+ Sucessfully deleted key +
+
+
+ + + Sucessfully deleted key + + + + + + + + + + + +
+
+
+ Interface 1 +
+
+
+ + + Interface 1 + + + + + + + + + + + +
+
+
+ Interface 2 +
+
+
+ + + Interface 2 + + + + + + + + + + + + + + + + +
+
+
+ Key not found Error +
+
+
+ + + Key not found Error + + + + + + + + + + Text is not SVG - cannot display + + + + \ No newline at end of file diff --git a/process/process_areas/safety_analysis/_assets/safety_analysis_workflow.drawio.svg b/process/process_areas/safety_analysis/_assets/safety_analysis_workflow.drawio.svg new file mode 100644 index 0000000000..4c73e76851 --- /dev/null +++ b/process/process_areas/safety_analysis/_assets/safety_analysis_workflow.drawio.svg @@ -0,0 +1,829 @@ + + + + + + + + + + + + + + +
+
+
+ Analyse Platform Feature Architecture +
+
+
+ + + Analyse Platform Fea... + + + + + + + + + + + +
+
+
+ 1 +
+
+
+ + + 1 + + + + + + + + + + + +
+
+
+ Platform Feature DFA +
+ [status = valid] +
+
+
+
+ + + Platform Feature DFA... + + + + + + + + + + + +
+
+
+ 4 +
+
+
+ + + 4 + + + + + + + + + + + + +
+
+
+ verified +
+
+
+ + + verified + + + + + + + + + + + + +
+
+
+ not verified +
+
+
+ + + not verified + + + + + + + + + + + +
+
+
+ 3 +
+
+
+ + + 3 + + + + + + + + + + + + + + + +
+
+
+ Monitor Platform Feature DFA +
+
+
+ + + Monitor Platform Fea... + + + + + + + + + + + +
+
+
+ 2 +
+
+
+ + + 2 + + + + + + + + + + + +
+
+
+ Verify DFA +
+
+
+ + + Verify DFA + + + + + + + + + + + +
+
+
+ Feature Level +
+
+
+ + + Feature Level + + + + + + + + + + + +
+
+
+ Component Level +
+
+
+ + + Component Level + + + + + + + + + + + + + + +
+
+
+ Analyse Feature Architecture +
+
+
+ + + Analyse Feature Arch... + + + + + + + + + + + +
+
+
+ 5 +
+
+
+ + + 5 + + + + + + + + + + + + + + + +
+
+
+ Analyse Component Architecture +
+
+
+ + + Analyse Component Ar... + + + + + + + + + + + +
+
+
+ 10 +
+
+
+ + + 10 + + + + + + + + + + + +
+
+
+ Feature FMEA +
+ [status = valid] +
+
+
+
+ + + Feature FMEA... + + + + + + + + + + + +
+
+
+ 8 +
+
+
+ + + 8 + + + + + + + + + + + + + + + + +
+
+
+ verified +
+
+
+ + + verified + + + + + + + + + + + +
+
+
+ 7 +
+
+
+ + + 7 + + + + + + + + + + + + + + + +
+
+
+ + Monitor Safety Analyses and DFA + +
+
+
+ + + Monitor Safety Analy... + + + + + + + + + + + +
+
+
+ 6 +
+
+
+ + + 6 + + + + + + + + + + + +
+
+
+ Verify Safety Analysis and DFA +
+
+
+ + + Verify Safety Anal... + + + + + + + + + + + + +
+
+
+ not verified +
+
+
+ + + not verified + + + + + + + + + + + + + + + +
+
+
+ Feature DFA +
+ [status = valid] +
+
+
+
+ + + Feature DFA... + + + + + + + + + + + +
+
+
+ 9 +
+
+
+ + + 9 + + + + + + + + + + + +
+
+
+ Component FMEA +
+ [status = valid] +
+
+
+
+ + + Component FMEA... + + + + + + + + + + + +
+
+
+ 13 +
+
+
+ + + 13 + + + + + + + + + + + + + + + + +
+
+
+ verified +
+
+
+ + + verified + + + + + + + + + + + +
+
+
+ 12 +
+
+
+ + + 12 + + + + + + + + + + + + + + + +
+
+
+ + Monitor Safety Analyses and DFA + +
+
+
+ + + Monitor Safety Analy... + + + + + + + + + + + +
+
+
+ 11 +
+
+
+ + + 11 + + + + + + + + + + + +
+
+
+ Verify Safety Analysis and DFA +
+
+
+ + + Verify Safety Anal... + + + + + + + + + + + + +
+
+
+ not verified +
+
+
+ + + not verified + + + + + + + + + + + +
+
+
+ Component DFA +
+ [status = valid] +
+
+
+
+ + + Component DFA... + + + + + + + + + + + +
+
+
+ 14 +
+
+
+ + + 14 + + + + + + + + + + Text is not SVG - cannot display + + + + \ No newline at end of file diff --git a/process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst b/process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst new file mode 100644 index 0000000000..b223fe0dda --- /dev/null +++ b/process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst @@ -0,0 +1,236 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _dfa failure initiators: + +DFA failure initiators +====================== + +.. gd_guidl:: DFA failure initiators + :id: gd_guidl__dfa_failure_initiators + :status: valid + :complies: std_wp__iso26262__software_751, std_wp__iso26262__software_753 + + +:note: Use the failure initiators to ensure a structured analysis. If a failure doesn't apply, please fill in a short desciption in the violation cause of the analysis so it could be recognized that the analysis is done. If there are additional failure initiators needed, please enlage the list of fault models. + +**Purpose** + +In order to identify all cascading and common cause failures, which may initiated from your feature or components to the platform, other features, components, etc., +use the following framework of dependent failure initiators to check your completeness of the analysis. + +DFA failure initiators +====================== + +2.1 Shared resources + +.. list-table:: DFA shared resources + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause shared resources + - Simplification + - Importance (can be used for priorisation) + * - SR_01_01 + - Reused software modules + - + - Medium + * - SR_01_02 + - Libraries + - SR_01_01 + - Medium + * - SR_01_04 + - Basic software + - + - Medium + * - SR_01_05 + - Operating system including scheduler + - + - Medium + * - SR_01_06 + - Any service stack, e.g. communication stack + - + - Medium + * - SR_01_07 + - Configuration data + - + - Medium + * - SR_01_09 + - Execution time + - + - Medium + * - SR_01_10 + - Allocated memory + - + - Medium + + +| 2.2 Communication between the two elements: +| Receiving function is affected by information that is false, lost, sent multiple times, or in the wrong order etc. from the sender. + +.. list-table:: DFA communication between elements + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause communication between elements + - Simplification + - Importance (can be used for priorisation) + * - CO_01_01 + - Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions (data flow) + - + - Medium + * - CO_01_02 + - Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information + - + - Medium + * - CO_01_03 + - Insertion / sequence of information + - + - Medium + * - CO_01_04 + - Corruption of information, inconsistent data + - + - Medium + * - CO_01_05 + - Asymmetric information sent from a sender to multiple receivers, so that not all defined receivers have the same informations + - + - Medium + * - CO_01_06 + - Information from a sender received by only a subset of the receivers + - + - Medium + * - CO_01_07 + - Blocking access to a communication channel + - + - Medium + +| 2.3 Shared information inputs +| Same information input used by multiple functions. + +.. list-table:: DFA shared information inputs + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause shared information inputs + - Simplification + - Importance (can be used for priorisation) + * - SI_01_02 + - Configuration data + - + - Medium + * - SI_01_03 + - Constants, or variables, being global to the two software functions + - + - Medium + * - SI_01_04 + - Basic software passes data (read from hardware register and converted into logical information) to two applications software functions + - + - Medium + * - SI_01_05 + - Data / function parameter arguments / messages delivered by software function to more than one other function + - + - Medium + +| 2.4 Unintended impact +| Unintended impacts to function due to various failures. + +.. list-table:: DFA unintended impact + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause unintended impact + - Simplification + - Importance (can be used for priorisation) + * - UI_01_01 + - Memory miss-allocation and leaks + - + - Medium + * - UI_01_02 + - Read/Write access to memory allocated to another software element + - + - Medium + * - UI_01_03 + - Stack/Buffer under-/overflow + - + - Medium + * - UI_01_04 + - Deadlocks + - + - Medium + * - UI_01_05 + - Livelocks + - + - Medium + * - UI_01_06 + - Blocking of execution + - + - Medium + * - UI_01_07 + - Incorrect allocation of execution time + - + - Medium + * - UI_01_08 + - Incorrect execution flow + - + - Medium + * - UI_01_09 + - Incorrect synchronization between software elements + - + - Medium + * - UI_01_10 + - CPU time depletion + - + - Medium + * - UI_01_11 + - Memory depletion + - + - Medium + * - UI_01_12 + - Other HW unavailability + - + - Medium + +| Development failure initiators +| Secition is **only aplicable if a divers SW development is needed** due to decomposition. + +:note: Section shall be applied only once to analyse all dependencies of the features. Results shall be checked during of the analysis of new features if this is applicable to the feature. + +.. list-table:: DFA development failure initiators + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause development failure initiators + - Simplification + - Importance (can be used for priorisation) + * - SC_01_02 + - Same development approaches (e.g. IDE, programming and/or modelling language) + - + - Medium + * - SC_01_03 + - Same personal + - + - Medium + * - SC_01_04 + - Same social-cultural context (even if different personnel). Only applicable if diverse development is needed. + - + - Medium + * - SC_01_05 + - Development fault (e.g. human error, insufficient qualification, insufficient methods). Only applicable if diverse development is needed. + - + - Medium diff --git a/process/process_areas/safety_analysis/guidance/dfa_template.rst b/process/process_areas/safety_analysis/guidance/dfa_template.rst new file mode 100644 index 0000000000..6a046403d8 --- /dev/null +++ b/process/process_areas/safety_analysis/guidance/dfa_template.rst @@ -0,0 +1,51 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _dfa_templates: + +DFA Templates +============= + +.. gd_temp:: Feature DFA Templates + :id: gd_temp__feat_saf_dfa + :status: valid + :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524, std_req__iso26262__software_7411, std_req__iso26262__analysis_741, std_req__iso26262__analysis_742, std_req__iso26262__analysis_743, std_req__iso26262__analysis_745, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747, std_req__iso26262__analysis_748, std_req__iso26262__analysis_749, std_req__isopas8926__44432 + + | .. feat_saf_dfa:: + | :verifies: + | :id: feat_saf_DFA____ + | :violation_id: + | :violation_cause: "description of failure effect of the failure initiator on the element" + | :mitigation: < NONE|ID from Feature Requirement> + | :mitigation_issue: + | :sufficient: + | :argument: + | :status: + + +.. gd_temp:: Component DFA Templates + :id: gd_temp__comp_saf_dfa + :status: valid + :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524, std_req__iso26262__software_7411, std_req__iso26262__analysis_741, std_req__iso26262__analysis_742, std_req__iso26262__analysis_743, std_req__iso26262__analysis_745, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747, std_req__iso26262__analysis_748, std_req__iso26262__analysis_749, std_req__isopas8926__44432 + + | .. comp_saf_dfa:: + | :verifies: + | :id: comp_saf_DFA____ + | :violation_id: + | :violation_cause: "description of failure effect of the failure initiator on the element" + | :mitigation: < NONE|ID from Component Requirement> + | :mitigation_issue: + | :sufficient: + | :argument: + | :status: diff --git a/process/process_areas/safety_analysis/guidance/fault_models_guideline.rst b/process/process_areas/safety_analysis/guidance/fault_models_guideline.rst new file mode 100644 index 0000000000..070d75dbb3 --- /dev/null +++ b/process/process_areas/safety_analysis/guidance/fault_models_guideline.rst @@ -0,0 +1,112 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Fault Models +============ + +.. gd_guidl:: Fault Models + :id: gd_guidl__fault_models + :status: valid + :complies: std_wp__iso26262__software_752, std_req__iso26262__analysis_846 + + | Fault Model for sequence diagrams + + +:note: Use the fault models to ensure a structed analysis. If a fault model doesn't apply, please fill in a short desciption in the violation cause of the analysis so it could be recognized that the analysis is done. If there are additional fault models needed, please enlage the list of fault models. + + + .. list-table:: Fault Models for sequence diagrams + :header-rows: 1 + :widths: 15,6,30,30,15 + + * - Element + - ID + - Failure Mode + - Simplification + - Importance (can be used for priorisation) + * - message + - MF_01_01 + - message is not received + - MF_01_05 + - High + * - message + - MF_01_02 + - message received too late + - relevant only if delay is a realistic fault + - Medium + * - message + - MF_01_03 + - message received too early + - usually not a problem + - Low + * - message + - MF_01_04 + - message not received correctly by all recipients (different messages or messages partly lost) + - only relevant if the same message goes to multiple recipients + - High + * - message + - MF_01_05 + - message is corrupted + - + - High + * - message + - MF_01_06 + - message is not sent + - + - High + * - message + - MF_01_07 + - message is unintended sent + - + - High + * - duration/time constraint + - CO_01_01 + - minimum constraint boundary is violated + - + - Medium + * - duration/time constraint + - CO_01_02 + - maximum constraint boundary is violated + - + - High + * - execution + - EX_01_01 + - Process calculates wrong result(s) + - MF_01_05 or MF_01_04 + - High + * - execution + - EX_01_02 + - processing too slow + - relevant only if timing is considered + - Medium + * - execution + - EX_01_03 + - processing too fast + - relevant only if timing is considered + - Medium + * - execution + - EX_01_04 + - loss of execution + - + - High + * - execution + - EX_01_05 + - processing changes to arbitrary process + - + - Medium + * - execution + - EX_01_06 + - processing is not complete (infinite loop) + - + - High diff --git a/process/process_areas/safety_analysis/guidance/index.rst b/process/process_areas/safety_analysis/guidance/index.rst new file mode 100644 index 0000000000..86deae5632 --- /dev/null +++ b/process/process_areas/safety_analysis/guidance/index.rst @@ -0,0 +1,27 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Guidance +######## + +.. toctree:: + :maxdepth: 1 + + safety_analysis_checklist + dfa_failure_initiators + dfa_template + fault_models_guideline + safety_analysis_guideline + safety_analysis_process_reqs + safety_analysis_templates diff --git a/process/process_areas/safety_analysis/guidance/safety_analysis_checklist.rst b/process/process_areas/safety_analysis/guidance/safety_analysis_checklist.rst new file mode 100644 index 0000000000..3d4126b08f --- /dev/null +++ b/process/process_areas/safety_analysis/guidance/safety_analysis_checklist.rst @@ -0,0 +1,74 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Checklist for Safety Analysis +================================ + +.. gd_chklst:: Safety Analysis Checklist Template + :id: gd_chklst__safety_analysis + :status: valid + :tags: safety_analysis + + **Purpose** + The purpose of this safety analysis checklist template is to collect the topics to be checked during verification of the safety analysis. + + **Checklist** + + .. list-table:: Safety Analysis Checklist + :header-rows: 1 + :widths: 10,30,30,15,8,8 + + * - Review ID + - Acceptance Criteria + - Guidance + - Passed + - Remarks + - Issue link + * - REQ_01_01 + - Is / are the safety analysis is / are finished? + - + - No open topics in safety analysis report. + - + - + * - REQ_01_02 + - Are the templates for DFA and/or Safety Analysis used? + - see :ref:`dfa_templates` / :ref:`safety_analysis_templates` + - Templates are used to generate the DFA or / and Safety Analysis. + - + - + * - REQ_01_03 + - Were the failure initiators / fault models applied? + - see :need:`gd_guidl__dfa_failure_initiators` / :need:`gd_guidl__fault_models` + - The items of the failure initiators / fault models are used to ensure a structured analysis. + - + - + * - REQ_01_04 + - Is the violation cause clearly and completely described? + - + - The cause of the violation is described completely. The cause can be recognized easily. + - + - + * - REQ_01_05 + - Is the mitigation described completely and in an easily understandable manner? + - + - The mitigation is clearly and completely described. + - + - + * - REQ_01_06 + - Is the overall result of the safety analysis described in the report? + - + - The results of the safety analysis are described in the report. The report is available :need:`wp__verification__platform_ver_report`. + - + - \ No newline at end of file diff --git a/process/process_areas/safety_analysis/guidance/safety_analysis_guideline.rst b/process/process_areas/safety_analysis/guidance/safety_analysis_guideline.rst new file mode 100644 index 0000000000..17c5789497 --- /dev/null +++ b/process/process_areas/safety_analysis/guidance/safety_analysis_guideline.rst @@ -0,0 +1,87 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Guidelines +########## + +.. gd_guidl:: Safety Analysis Guideline + :id: gd_guidl__safety_analysis + :status: valid + :complies: std_req__iso26262__analysis_841, std_req__iso26262__analysis_842, std_req__iso26262__analysis_843, std_req__iso26262__analysis_844, std_req__iso26262__analysis_847, std_req__iso26262__analysis_848, std_req__iso26262__analysis_849, std_req__iso26262__analysis_8410, std_req__isopas8926__44431, std_req__isopas8926__44432 + +This document describes the general guidances for Safety Analysis based on the concept which is defined :need:`Safety Analysis Concept`. + +Workflow for Safety Analysis +============================ + +Detailed description which steps are need for a safety analysis. In general the workflow is shown in :need:`doc_getstrt__safety_analysis`. + +#. Analyze the dependencies between features by performing a **single platform feature DFA** that references all platform feature static architecture diagrams, highlighting potential shared use of modules. +#. Monitor the results of the platform feature DFA and log any issues in the Issue Tracking system with the ``safety`` label. +#. Verify the platform feature DFA results by using :need:`gd_chklst__safety_analysis`. +#. Platform feature DFA are completed when the verification is done, no issues are open and the status is "valid". +#. To analyse the Feature Architecture a Safety Analysis and a DFA shall be executed. The results of the platform feature DFA shall be used as an input. +#. Monitor the results of the Safety Analysis and DFA and log any issues in the Issue Tracking system with the ``safety`` label. +#. Verify the Safety Analysis and DFA results by using :need:`gd_chklst__safety_analysis`.. +#. Feature Safety Analysis and DFA are completed when the verification is done, no issues are open and the status is "valid". +#. To analyse the Component Architecture a Safety Analysis and a DFA shall be executed. The results of the feature Safety Analysis and DFA shall be used as an input. +#. Monitor the results of the Safety Analysis and DFA and log any issues in the Issue Tracking system with the ``safety`` label. +#. Verify the Safety Analysis and DFA results by using :need:`gd_chklst__safety_analysis`.. +#. Component Safety Analysis and DFA are completed when the verification is done, no issues are open and the status is "valid". + + +A example for the safety analysis (FMEA and DFA) is shown in the :ref:`examples_fmea_dfa`. + +Step-by-Step-approach Safety Analysis: +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The analysis is done by using the template :ref:`safety_analysis_templates` on the feature or component architectural diagrams +using a diagram specific applied fault model <:need:`gd_guidl__fault_models`>. Apply the fault +model to the diagram and document the results in the template. If a fault model is not applicable, fill in a short remark in the +violation cause that it's not apllicable. So it could be shown that the analysis was done and no fault model is applicable. +The analysis considers single faults that can mitigate a safety requirement. + +**Steps:** + +* For each dynamic diagram, assign the faults by ID from the fault model and document it as a sphinx-needs directive. +* Document the resulting failure mode and effect and link to a safety requirement that mitigates the violation. +* Document safety mitigation to avoid or control the failure. +* The attributes of the template are described in :ref:`process_requirements_safety_analysis_attributes`. +* Judge if this is sufficient. +* If not, request to update the diagram and the requirements with additional safety mitigation to come to a sufficient outcome by creating an issue. +* The analysis is finished, if for each identified faults a sufficient mitigation exists. +* Unless the attribute sufficient is yes, mitigation and argument attribute can be still empty. +* Continue the analysis until all fault models are checked. +* The verification is done by applying the safety analysis checklist :need:`gd_chklst__safety_analysis`. + +Step-by-Step-approach DFA: +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The analysis is done by using the template :ref:`dfa_templates` on the feature or component architectural diagrams using a list of DFA failure initiators <:need:`gd_guidl__dfa_failure_initiators`>. +If a element of the failure initiators is not applicable, fill in a short remark in the violation cause that it's not applicable. +So it could be shown that the analysis was done and no fault model is applicable. + +**Steps:** + +* For each failure initiator assign the violation by ID from the DFA failure initiators and document it as a sphinx-needs directive. +* Document the resulting violation causes and effect and link to a safety requirement that mitigates the violation. +* The attributes of the template are described in :ref:`process_requirements_safety_analysis_attributes`. +* Judge if the mitigation is sufficient. If not, request to update the requirements with additional safety mitigation to come to a sufficient outcome. +* The analysis is finished, if for each identified violation a mitigation exists. +* Unless the attribute "sufficient" is "yes", mitigation and argument attribute can be still empty. +* Continue the analysis until all failure initiators are checked. +* The verification is done by appling the safety analysis checklist :need:`gd_chklst__safety_analysis`. + + diff --git a/process/process_areas/safety_analysis/guidance/safety_analysis_process_reqs.rst b/process/process_areas/safety_analysis/guidance/safety_analysis_process_reqs.rst new file mode 100644 index 0000000000..8dd8db7a3e --- /dev/null +++ b/process/process_areas/safety_analysis/guidance/safety_analysis_process_reqs.rst @@ -0,0 +1,254 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _process_requirements_safety_analysis: + +Safety Analysis Process Requirements +==================================== + +.. gd_req:: Safety Analysis Structure + :id: gd_req__saf__structure + :status: valid + :tags: safety_analysis + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6432 + + Safety Analysis shall be hierarchically grouped into different levels. + + Following levels are defined: + + * Feature architecture + * Component architecture + +.. _process_requirements_safety_analysis_attributes: + +Process Safety Analysis Attributes +---------------------------------- + +.. gd_req:: Safety Analysis attribute: UID + :id: gd_req__saf__attr_uid + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6425, std_req__iso26262__support_6432 + + Each Safety Analysis shall have a unique ID. It shall be in a format which is also human readable and consists of + + * type of Safety Analysis + * keyword describing the level of analysis + * keyword describing the content of the Safety Analysis + + The naming convention shall be defined in the project and shall be used consistently. + +.. gd_req:: Safety Analysis attribute: title + :id: gd_req__saf_attr_title + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6424 + + The title of the Safety Analysis shall provide a short summary of the description + +.. gd_req:: Safety Analysis attribute: mitigation + :id: gd_req__saf_attr_mitigation + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_844, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747 + + Each violation shall have an associated mitigation. The mitigation may be a requirement or a brief description of the mitigation. + Use "None" if a mitigation has not yet been implemented, and update it once completed. + +.. gd_req:: Safety Analysis attribute: mitigation issue + :id: gd_req__saf_attr_mitigation_issue + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_844, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747 + + For every mitigation that is needed a issue shall be created. If a mitigation is already implemented without + an issue, please remark it so this can be reconstructed. + +.. gd_req:: Safety Analysis attribute: sufficient + :id: gd_req__saf__attr_sufficient + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749, std_req__isopas8926__44431, std_req__isopas8926__44432 + + Each mitigation shall have a statement if it's sufficient. + +.. gd_req:: Safety Analysis attribute: argument + :id: gd_req__saf__attr_argument + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749, std_req__isopas8926__44433 + + The argument shall describe why the mitigation is sufficient or not. If it is not sufficient, the argument shall describe how the mitigation + can be improved to achieve sufficiency. + +.. gd_req:: Safety Analysis attribute: status + :id: gd_req__saf__attr_status + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749, std_req__isopas8926__44431, std_req__isopas8926__44432 + + Each safety analysis shall have the status invalid until the analysis is finished. The status shall be set to valid if the analysis is finished and all issues are closed. + +.. _process_requirements_safety_analysis_linkage: + +Safety Analysis Requirement Linkage +''''''''''''''''''''''''''''''''''' + +.. gd_req:: Safety Analysis Linkage check + :id: gd_req__saf__linkage_check + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_842, std_req__iso26262__software_7410, std_req__iso26262__software_7411 + + Safety Analysis shall be linked to at least one dynamic diagram of the architecture on the corresponding level via the attribute verifies. + +.. gd_req:: Safety Analysis Linkage + :id: gd_req__saf__linkage + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_842, std_req__iso26262__software_7410, std_req__iso26262__software_7411 + + Each Safety Analysis shall be automatically linked to the corresponding dynamic diagram via the "verified by" linkage. + +.. gd_req:: Safety Analysis attribute: check Requirements linkage + :id: gd_req__saf__attr_requirements_check + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_842, std_req__iso26262__software_7410, std_req__iso26262__software_7411 + + Safety Analysis shall be linked to a requirement on the corresponding level via the attribute mitigates. + +.. gd_req:: Safety Analysis attribute: Requirements linkage + :id: gd_req__saf__attr_requirements + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_842, std_req__iso26262__software_7410, std_req__iso26262__software_7411 + + Each Safety Analysis shall be automatically linked to the corresponding Safety Requirement via the "mitigates by" linkage. + +.. gd_req:: Safety Analysis attribute: link to Aou + :id: gd_req__saf__attr_aou + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_845 + + It shall be possible to link Aou. + +.. gd_req:: Safety Analysis attribute: versioning + :id: gd_req__saf__attr_hash + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6425, std_req__iso26262__support_6434 + + It shall be possible to provide a versioning for Safety Analysis. It shall be possible to detect any differences in mandatory attributes compared to the versioning: :need:`gd_req__saf__attr_mandatory` + + +.. _process_requirements_safety_analysis_checks: + +Process Requirements Checks +''''''''''''''''''''''''''' + +.. gd_req:: Safety Analysis mandatory attributes provided + :id: gd_req__saf__attr_mandatory + :status: valid + :tags: attribute, check + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749 + + It shall be checked if all mandatory attributes for each Safety Analysis are provided by the user. For all Safety Analysis following attributes shall be mandatory: + + .. needtable:: Overview mandatory Safety Analysis attributes + :filter: "mandatory" in tags and "attribute" in tags and "safety_analysis" in tags and type == "gd_req" + :style: table + :columns: title + :colwidths: 30 + +.. gd_req:: Safety Analysis linkage level + :id: gd_req__saf__linkage_fulfill + :status: valid + :tags: attribute, check + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749 + + Every Safety Analysis shall be linked to at least one parent architecture. + + +.. gd_req:: Safety Analysis linkage safety + :id: gd_req__saf__linkage_safety + :status: valid + :tags: attribute, check + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749 + + It shall be checked that Safety Analysis (Safety != QM) can only be linked against elements with the same ASIL. + +DFA Process Requirements +======================== + +.. gd_req:: DFA attribute: violation ID + :id: gd_req__saf__attr_vid + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6425, std_req__iso26262__support_6432 + + Each DFA shall have a violation ID. The violation ID is used to identify the related fault <:need:`gd_guidl__dfa_failure_initiators`>. + +.. gd_req:: DFA attribute: violation cause + :id: gd_req__saf__attr_vcause + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_742 + + Every DFA shall have a short description of the violation cause. + +FMEA Process Requirements +========================= + +.. gd_req:: FMEA attribute: failure mode + :id: gd_req__saf__attr_fmode + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848 + + Each FMEA shall have a failure mode. The failure mode is used to identify the related fault <:need:`gd_guidl__fault_models`>. + +.. gd_req:: FMEA attribute: failure effect + :id: gd_req__saf__attr_veffect + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_849 + + Every FMEA shall have a short description of the failure effect. + + +.. needextend:: docname is not None and "process_areas/safety_analysis" in docname + :+tags: safety_analysis diff --git a/process/process_areas/safety_analysis/guidance/safety_analysis_templates.rst b/process/process_areas/safety_analysis/guidance/safety_analysis_templates.rst new file mode 100644 index 0000000000..48085d1382 --- /dev/null +++ b/process/process_areas/safety_analysis/guidance/safety_analysis_templates.rst @@ -0,0 +1,51 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _safety_analysis_templates: + +Safety Analysis Templates +========================= + +.. gd_temp:: Feature Safety Analysis Template + :id: gd_temp__feat_saf_fmea + :status: valid + :complies: std_wp__iso26262__analysis_851, std_wp__iso26262__software_752, std_wp__isopas8926__4524, std_req__iso26262__software_7410, std_req__iso26262__software_7412, std_req__iso26262__analysis_841, std_req__iso26262__analysis_842, std_req__iso26262__analysis_843, std_req__iso26262__analysis_844, std_req__iso26262__analysis_845, std_req__iso26262__analysis_846, std_req__iso26262__analysis_847, std_req__iso26262__analysis_848, std_req__iso26262__analysis_849, std_req__iso26262__analysis_8410, std_req__isopas8926__44431 + + | .. feat_saf_fmea:: + | :verifies: + | :id: feat_saf_FMEA____ + | :failure_mode: + | :failure_effect: "description of failure effect of the failure initiator on the element" + | :mitigation: < NONE|ID from Feature Requirement> + | :mitigation_issue: + | :sufficient: + | :argument: + | :status: + + +.. gd_temp:: Component Safety Analysis Template + :id: gd_temp__comp_saf_fmea + :status: valid + :complies: std_wp__iso26262__analysis_851, std_wp__iso26262__software_752, std_wp__isopas8926__4524, std_req__iso26262__software_7410, std_req__iso26262__software_7412, std_req__iso26262__analysis_841, std_req__iso26262__analysis_842, std_req__iso26262__analysis_843, std_req__iso26262__analysis_844, std_req__iso26262__analysis_845, std_req__iso26262__analysis_846, std_req__iso26262__analysis_847, std_req__iso26262__analysis_848, std_req__iso26262__analysis_849, std_req__iso26262__analysis_8410, std_req__isopas8926__44431 + + | .. comp_saf_fmea:: + | :verifies: + | :id: comp_saf_FMEA____ + | :failure_mode: + | :failure_effect: "description of failure effect of the failure initiator on the element" + | :mitigation: < NONE|ID from Component Requirement> + | :mitigation_issue: + | :sufficient: + | :argument: + | :status: diff --git a/process/process_areas/safety_analysis/index.rst b/process/process_areas/safety_analysis/index.rst new file mode 100644 index 0000000000..e855d6e543 --- /dev/null +++ b/process/process_areas/safety_analysis/index.rst @@ -0,0 +1,28 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _safety_analysis: + +Safety Analysis +############### + +.. toctree:: + :maxdepth: 1 + + safety_analysis_getstrt + safety_analysis_concept + guidance/index + safety_analysis_roles + safety_analysis_workflow + safety_analysis_workproducts diff --git a/process/process_areas/safety_analysis/safety_analysis_concept.rst b/process/process_areas/safety_analysis/safety_analysis_concept.rst new file mode 100644 index 0000000000..48b63f7425 --- /dev/null +++ b/process/process_areas/safety_analysis/safety_analysis_concept.rst @@ -0,0 +1,167 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Concept Description +################### + +.. doc_concept:: Safety Analysis Concept + :id: doc_concept__safety__analysis + :status: valid + :tags: safety_analysis + +This section discusses a concept for safety analyses. Inputs for this concept are the requirements of ISO26262 Part 6 Chapter 7 and Part 9 Chapter 7 and 8. + +Inputs +****** + +#. Stakeholders for the safety analysis? +#. Who needs which information? +#. How to analyze existing safety mitigation? +#. How to add new safety mitigations? + +Stakeholders for the Safety Analysis +==================================== + +#. :need:`Safety Engineer ` + + * Analyse the platform feature architecture with a DFA + * Analyse the feature architecture with a Safety Analysis and DFA + * Analyse the component architecture with a Safety Analysis and DFA + * Monitor/verify the Safety Analysis and DFA + +#. :need:`Safety Manager ` + + * Approve the safety analysis and DFA + * Approve the verification of the safety analysis and DFA + +#. :need:`Contributor ` + + * Support the safety analyses and DFA + * Support the monitoring and verifying of the safety analyses and DFA + +#. :need:`Committer ` + + * Support the safety analyses and DFA + * Support the monitoring and verifying of the safety analyses and DFA + +#. :need:`Security Manager ` + + * Support the safety analyses and DFA + * Support the monitoring and verifying of the safety analyses and DFA + + +Standard Requirements +===================== + +Also requirements of standards need to be taken into consideration: + +* ISO26262 +* ISO SAE 21434 + +How to analyze? +=============== + +The safety analysis is done on the feature and component architecture. The safety analysis shall be done accompanying to the development. +So the results can directly be used for the development of the feature and component. With a iterative approach it is needed to proof +the evidence of the functional safety of the functions. + +The analysis starts at feature level. With a DFA shall be analysed if there are dependent failures which have to be considered. The analysis +shall be done in the way that we use the static and dynamic diagrams. The following picture shall show the perspective of the User. + +.. _safety_analysis_feature_example: + +.. figure:: _assets/safety_analysis_feature.drawio.svg + :align: center + :width: 80% + :name: safety_analysis_feature_fig + + Dynamic Architecture + +The safety analysis is done with the shown diagrams. The interface 1 and 2 are the interfaces of the feature. These interfaces shall be analyzed with the +fault models :need:`gd_guidl__fault_models` that here could be applied. With the dynamic diagrams the communication between the components can be analysed. +The static diagrams are used to analyse the dependencies. For violations a failure mitigation shall be defined. + +.. figure:: _assets/safety_analysis_component.drawio.svg + :align: center + :width: 80% + :name: safety_analysis_component_fig + + Safety Analysis Component Perspective + +At component level you can see inside of the component when the component consists of two or more subcomponents. If the component consists of +only one subcomponent there results of the analysis are the same as for the feature level. So no additional consideration is needed. +The component kvstorage consists of two subcomponents, kvs and fs. The dynamic diagram shows the communication between the subcomponents. + +DFA +^^^ + +A DFA :ref:`dfa_templates` shall be used to proof the absence of dependent failures. For the analysis a list +of DFA failure initiators :need:`gd_guidl__dfa_failure_initiators` is available. A step by step approach is recommended to +ensure that all dependent failures are identified :need:`gd_guidl__safety_analysis`. Every failure initiator shall be checked +and if it applies to the feature or component, a mitigation shall be defined. If the failure initiator doesn't apply, a short description +shall be added to the violation cause of the analysis so it could be recognized that the analysis is done. + +Safety Analysis +^^^^^^^^^^^^^^^ + +For the safety analyses the templates :ref:`safety_analysis_templates` shall be used. For the safety analysis we selected +the method FMEA on feature and component level. The safety analysis is done on architectural diagrams (state and sequence diagrams). +For the safety analysis fault models shall be used :need:`gd_guidl__fault_models`. A step by step approach is recommended to +ensure that all dependent failures are identified :need:`gd_guidl__safety_analysis`. Every fault model shall be checked +and if it applies to the feature or component, a mitigation shall be defined. If the fault model doesn't apply, a short description +shall be added to the violation cause of the analysis so it could be recognized that the analysis is done. + +How to add new safety mitigations? +================================== + +Identified faults without a mitigation remain open and are tracked in the issue tracking system :need:`wp__issue_track_system` until they are resolved. + +.. _examples_fmea_dfa: + +Examples for FMEA and DFA at feature level +========================================== + +**FMEA:** + +| .. feat_saf_fmea:: Remove key +| :verifies: feat_arc_dynamic__kvstorage__remove_key +| :id: FEAT_SAF_FMEA__KVSTORAGE__RemoveKey +| :failure_mode: "MF_01_01" +| :failure_effect: "message is not received" +| :mitigation: Detetion and error handling shall be done outside of the middleware. +| :mitigation_issue: ID from Issue Tracker that defined mitigation will be documented in the assumtions of use (AoU) +| :sufficient: yes +| :argument: This error is handled by the calling application. +| :status: valid + +Use the fault models :need:`gd_guidl__fault_models` to ensure a structured analysis. If a fault model doesn't apply, +please fill in a short description in the violation cause of the analysis so it could be recognized that the analysis +is done. If there are additional fault models needed, please enlarge the list of fault models. + +**DFA:** + +| .. feat_saf_dfa:: Static Architecture Persistency +| :verifies: feat_arc_sta_persistency_static +| :id: feat_saf_DFA__persistency__json_al +| :violation_id: "CO_01_02" +| :violation_cause: "Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information. Failures will lead to falsified execution or to a not available feature. +| :mitigation: feat_req__persistency__integrity_check +| :mitigation_issue: None +| :sufficient: yes +| :argument: The integrity check will ensure that the data is not corrupted and the feature will work as expected. +| :status: valid + +Use the DFA failure initiators :need:`gd_guidl__dfa_failure_initiators` to ensure a structured analysis. If a failure initiator doesn't apply, +please fill in a short description in the violation cause of the analysis so it could be recognized that the analysis is done. If there are +additional failure initiators needed, please enlarge the list of fault models. \ No newline at end of file diff --git a/process/process_areas/safety_analysis/safety_analysis_getstrt.rst b/process/process_areas/safety_analysis/safety_analysis_getstrt.rst new file mode 100644 index 0000000000..0b435b0506 --- /dev/null +++ b/process/process_areas/safety_analysis/safety_analysis_getstrt.rst @@ -0,0 +1,42 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Getting Started +############### + +.. doc_getstrt:: Getting Started on Safety Analysis + :id: doc_getstrt__safety_analysis + :status: valid + :tags: safety_analysis + +This document outlines the steps for performing, monitoring, and verifying safety analysis. +The concept of performing safety analysis is described in :need:`doc_concept__safety__analysis`. The verification of the architecture is described +in :need:`doc_concept__arch__process`. + +Safety Analysis Workflow + +The details of what needs to be done in each step are described in the :need:`gd_guidl__safety_analysis`. + +General Workflow +**************** + +.. figure:: _assets/safety_analysis_workflow.drawio.svg + :align: center + :width: 80% + :name: safety_analysis_workflow_fig + + + + + diff --git a/process/process_areas/safety_analysis/safety_analysis_roles.rst b/process/process_areas/safety_analysis/safety_analysis_roles.rst new file mode 100644 index 0000000000..e2c9844289 --- /dev/null +++ b/process/process_areas/safety_analysis/safety_analysis_roles.rst @@ -0,0 +1,69 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Roles +##### + +Roles +----- + +.. role:: Safety Engineer + :id: rl__safety_engineer + :status: valid + :contains: rl__committer + + The safety engineer is responsible for content and processing of all work products required in the project. + + Required skills + + * Degree: Master's degree in electrical engineering/computer science/mathematics, or similar degree, or comparable work experience + * Solid understanding of functional safety engineering including safety analysis + * Knowledge of safety management + * Deep understanding of quality criteria and the correlating methods and procedures to achieve and verify them + * Technical know-how of embedded systems + * Preferred training: Automotive Functional Safety Expert (AFSE) or similar + + Knowledge of standards + + * ISO 26262 + * ISO SAE 21434 + + Experience + + * More than five years of experience in safety engineering + * Experience safety analysis methods (e.g., FMEA, DFA) + * Experience in automotive software development projects + * Experience in creation of workproducts according ISO 26262 + + Responsibility + + * Analyse Feature and Component Architecture by performing Safety Analysis and DFA + * Monitor Safety Analyses and DFA + * Verify Safety Analyses and DFA + + Authority + + * Escalation of safety topics to the Safety Manager + * Creation of Issues in the Issue Tracking System for needed mitigations + +Contributing Roles: + + * :need:`Contributor ` + * :need:`Committer ` + * :need:`Safety Manager ` + * :need:`Security Manager ` + +A detailed overview of the responsibility for the steps of the safety analysis process is listed in the section titled "Workflow for Safety Analysis". You can find it here: + +:ref:`workflow_safety_analysis` diff --git a/process/process_areas/safety_analysis/safety_analysis_workflow.rst b/process/process_areas/safety_analysis/safety_analysis_workflow.rst new file mode 100644 index 0000000000..11d36b5823 --- /dev/null +++ b/process/process_areas/safety_analysis/safety_analysis_workflow.rst @@ -0,0 +1,102 @@ +.. + # ******************************************************************************* + # Copyright (c) 2024 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +.. _workflow_safety_analysis: + +Workflow Safety Analysis +######################## + +.. workflow:: Analyse Platform Feature Architecture + :id: wf__analyse_platform_featarch + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__requirements__feat, wp__feature_arch, wp__issue_track_system + :output: wp__platform_feature_dfa + :contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | With a platform features DFA the potential common usage of modules shall be analyzed. It shall be used as an input for all other DFA's. + +.. workflow:: Analyse Feature Architecture + :id: wf__analyse_featarch + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__requirements__feat, wp__feature_arch, wp__issue_track_system + :output: wp__feature_safety_analysis, wp__feature_dfa + :contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa, gd_guidl__fault_models, gd_temp__feat_saf_fmea + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | The safety analysis and DFA for the feature is executed. + +.. workflow:: Analyse Component Architecture + :id: wf__analyse_comparch + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__requirements__comp, wp__component_arch, wp__issue_track_system + :output: wp__sw_component_safety_analysis, wp__sw_component_dfa + :contains: gd_guidl__dfa_failure_initiators, gd_temp__comp_saf_dfa, gd_guidl__fault_models, gd_temp__comp_saf_fmea + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | The safety analysis and DFA for the component is executed. + +.. workflow:: Monitor Safety Analyses and DFA + :id: wf__mr_saf_analyses_dfa + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__feature_safety_analysis, wp__feature_dfa, wp__sw_component_safety_analysis, wp__sw_component_dfa + :output: wp__verification__platform_ver_report, wp__issue_track_system, wp__verification__module_ver_report + :contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa, gd_temp__comp_saf_dfa, gd_guidl__fault_models, gd_temp__feat_saf_fmea, gd_temp__comp_saf_fmea + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | The safety analyses and DFA are monitored. + +.. workflow:: Verify Safety Analyses and DFA + :id: wf__vy_saf_analyses_dfa + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__feature_safety_analysis, wp__feature_dfa, wp__sw_component_safety_analysis, wp__sw_component_dfa + :output: wp__verification__platform_ver_report, wp__verification__module_ver_report + :contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa, gd_temp__comp_saf_dfa, gd_guidl__fault_models, gd_temp__feat_saf_fmea, gd_temp__comp_saf_fmea, gd_chklst__safety_analysis + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | The safety analyses and DFA are verified. + + +RAS(IC) for Safety Analysis +*************************** + + +.. needtable:: RASIC Overview for Safety Analysis + :tags: safety_analysis + :filter: "safety_analysis" in tags and type == "workflow" and is_external == False + :style: table + :sort: status + :columns: id as "Activity";responsible as "Responsible";approved_by as "Approver";supported_by as "Supporter" + :colwidths: 30,30,30,30 diff --git a/process/process_areas/safety_analysis/safety_analysis_workproducts.rst b/process/process_areas/safety_analysis/safety_analysis_workproducts.rst new file mode 100644 index 0000000000..1d2aab2b7f --- /dev/null +++ b/process/process_areas/safety_analysis/safety_analysis_workproducts.rst @@ -0,0 +1,59 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Workproducts Safety Analysis +############################ + +.. workproduct:: Platform Feature DFA + :id: wp__platform_feature_dfa + :status: valid + :complies: std_wp__iso26262__software_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524 + + | Analyze the dependencies between features that references all platform feature static architecture diagrams, highlighting potential shared use of modules. + +.. workproduct:: Feature Safety Analysis + :id: wp__feature_safety_analysis + :status: valid + :complies: std_wp__iso26262__software_751, std_wp__iso26262__analysis_851, std_wp__isopas8926__4524 + + | Bottom-Up Safety Analysis with e.g. FMEA method, verifies the feature architecture (as part of SW Safety Concept) + | - Detection and prevention mitigations linked to Software Feature Requirements or Feature Assumptions of Use + +.. workproduct:: Feature DFA + :id: wp__feature_dfa + :status: valid + :complies: std_wp__iso26262__software_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524 + + | Dependent Failure Analysis on feature level + | - Detection and prevention mitigations linked to Software Feature Requirements or Feature Assumptions of Use + | Perform analysis on interactions between safety related and non-safety related modules or modules with different ASIL of one feature. + +.. workproduct:: Component Safety Analysis + :id: wp__sw_component_safety_analysis + :status: valid + :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__analysis_851, std_wp__isopas8926__4524 + + | Bottom-Up Safety Analysis with e.g. FMEA method, verifies the component architecture (as part of SW Safety Concept) + | - Detection and prevention mitigations linked to Software Component Requirements or Assumptions of Use + +.. workproduct:: Component DFA + :id: wp__sw_component_dfa + :status: valid + :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524 + + | Dependent Failure Analysis on component/module level + | - Detection and prevention mitigations linked to Software Component Requirements or Assumptions of Use + | Perform analysis of safety related and non-safety related sub-elements or sub-elements with different ASIL. + | Perform analysis on interactions between safety related and non-safety related sub-components or sub-components with different ASIL of one component. Including potential influences from the other components in the component's module. + diff --git a/process/process_areas/safety_management/roles.rst b/process/process_areas/safety_management/roles.rst index 2036872812..e8473d073c 100644 --- a/process/process_areas/safety_management/roles.rst +++ b/process/process_areas/safety_management/roles.rst @@ -63,9 +63,6 @@ Roles * Refusing the approval of his team's role nomination (i.e. requesting that the role will be withdrawn) - - - .. role:: External Auditor :id: rl__external_auditor :status: valid diff --git a/process/workflows/index.rst b/process/workflows/index.rst index e71a295917..399caab3be 100644 --- a/process/workflows/index.rst +++ b/process/workflows/index.rst @@ -21,7 +21,6 @@ Workflows process_management quality_management - safety_analysis S-CORE Workflow list diff --git a/process/workflows/safety_analysis.rst b/process/workflows/safety_analysis.rst deleted file mode 100644 index cbb7b4b85d..0000000000 --- a/process/workflows/safety_analysis.rst +++ /dev/null @@ -1,60 +0,0 @@ -.. - # ******************************************************************************* - # Copyright (c) 2024 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # SPDX-License-Identifier: Apache-2.0 - # ******************************************************************************* - -Safety Analysis -=============== - - -Workflows ---------- - -todo: need to add guidance and standard links - - -.. workflow:: Analyse Feature Architecture - :id: wf__analyse_featarch - :status: draft - :tags: safety_analysis - :responsible: rl__committer - :approved_by: rl__safety_manager - :supported_by: rl__technical_lead, rl__security_manager - :input: wp__requirements__feat, wp__feature_arch, wp__issue_track_system - :output: wp__feature_safety_analysis, wp__feature_dfa - - | The safety analysis and DFA for the feature is executed. - -.. workflow:: Analyse Component Architecture - :id: wf__analyse_comparch - :status: draft - :tags: safety_analysis - :responsible: rl__committer - :approved_by: rl__safety_manager - :supported_by: rl__module_lead, rl__security_manager - :input: wp__requirements__comp, wp__component_arch, wp__issue_track_system - :output: wp__sw_component_safety_analysis, wp__sw_component_dfa - - | The safety analysis and DFA for the component is executed. - -.. workflow:: Monitor/Verify Safety Analyses and DFA - :id: wf__mr_vy_saf_analyses_dfa - :status: draft - :tags: safety_analysis - :responsible: rl__committer - :approved_by: rl__safety_manager - :supported_by: rl__technical_lead, rl__module_lead, rl__security_manager - :input: wp__feature_safety_analysis, wp__feature_dfa, wp__sw_component_safety_analysis, wp__sw_component_dfa - :output: wp__sw_arch_verification, wp__issue_track_system - - | The safety analyses and DFA are monitored and verified. - | The inspection shall be implemented as integral part of the review tool. diff --git a/process/workproducts/index.rst b/process/workproducts/index.rst index 2ab1967715..e9af4c63c9 100644 --- a/process/workproducts/index.rst +++ b/process/workproducts/index.rst @@ -99,25 +99,6 @@ Product development Platform development ^^^^^^^^^^^^^^^^^^^^ -.. workproduct:: Feature Safety Analysis - :id: wp__feature_safety_analysis - :status: draft - :tags: safety - :complies: std_wp__iso26262__analysis_851, std_wp__iso26262__software_752 - - Bottom-Up Safety Analysis with e.g. FMEA method, verifies the feature architecture (as part of SW Safety Concept) - - Detection and prevention mitigations linked to Software Feature Requirements or Assumptions of Use - -.. workproduct:: Feature DFA - :id: wp__feature_dfa - :status: draft - :tags: safety - :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753 - - Dependent Failure Analysis on platform/feature level - - Detection and prevention mitigations linked to Software Feature Requirements or Assumptions of Use - Perform analysis on interactions between safety related and non-safety related modules or modules with different ASIL of one feature. Including potential influences from the rest of the SW platform. - .. workproduct:: Platform Build Configuration :id: wp__platform_sw_build_config :status: draft @@ -140,26 +121,6 @@ Platform development Component development ^^^^^^^^^^^^^^^^^^^^^ -.. workproduct:: Component Safety Analysis - :id: wp__sw_component_safety_analysis - :status: draft - :tags: safety - :complies: std_wp__iso26262__analysis_851, std_wp__iso26262__software_752, std_wp__isopas8926__4524 - - Bottom-Up Safety Analysis with e.g. FMEA method, verifies the component architecture (as part of SW Safety Concept) - - Detection and prevention mitigations linked to Software Component Requirements or Assumptions of Use - -.. workproduct:: Component DFA - :id: wp__sw_component_dfa - :status: draft - :tags: safety - :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753 - - Dependent Failure Analysis on component/module level - - Detection and prevention mitigations linked to Software Component Requirements or Assumptions of Use - Perform analysis of safety related and non-safety related sub-elements or sub-elements with different ASIL. - Perform analysis on interactions between safety related and non-safety related sub-components or sub-components with different ASIL of one component. Including potential influences from the other components in the component's module. - .. workproduct:: Module Build Configuration :id: wp__module_sw_build_config :status: draft