-
Notifications
You must be signed in to change notification settings - Fork 16
Process description safety analysis takeover from old process repository #20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
masc2023
merged 6 commits into
eclipse-score:main
from
qorix-group:vohae_safety_analysis
Jun 10, 2025
Merged
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
2c51f50
Fixing docs CI build (#30)
MaximilianSoerenPollak 914b041
Fix command arguments for docs build (#31)
MaximilianSoerenPollak ea32c4a
process: switch to new repo, include new review findings
PandaeDo 2a4335a
process: fix reference at concept description
PandaeDo e53e1c7
process: include reviewfindings
PandaeDo 1d644b3
process: include review findings
PandaeDo File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
479 changes: 479 additions & 0 deletions
479
process/process_areas/safety_analysis/_assets/safety_analysis_component.drawio.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
502 changes: 502 additions & 0 deletions
502
process/process_areas/safety_analysis/_assets/safety_analysis_feature.drawio.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
829 changes: 829 additions & 0 deletions
829
process/process_areas/safety_analysis/_assets/safety_analysis_workflow.drawio.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
236 changes: 236 additions & 0 deletions
236
process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,236 @@ | ||
| .. | ||
| # ******************************************************************************* | ||
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | ||
| # | ||
| # See the NOTICE file(s) distributed with this work for additional | ||
| # information regarding copyright ownership. | ||
| # | ||
| # This program and the accompanying materials are made available under the | ||
| # terms of the Apache License Version 2.0 which is available at | ||
| # https://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| # ******************************************************************************* | ||
|
|
||
| .. _dfa failure initiators: | ||
|
|
||
| DFA failure initiators | ||
| ====================== | ||
|
|
||
| .. gd_guidl:: DFA failure initiators | ||
| :id: gd_guidl__dfa_failure_initiators | ||
| :status: valid | ||
| :complies: std_wp__iso26262__software_751, std_wp__iso26262__software_753 | ||
|
|
||
|
|
||
| :note: Use the failure initiators to ensure a structured analysis. If a failure doesn't apply, please fill in a short desciption in the violation cause of the analysis so it could be recognized that the analysis is done. If there are additional failure initiators needed, please enlage the list of fault models. | ||
|
|
||
| **Purpose** | ||
|
|
||
| In order to identify all cascading and common cause failures, which may initiated from your feature or components to the platform, other features, components, etc., | ||
| use the following framework of dependent failure initiators to check your completeness of the analysis. | ||
|
|
||
| DFA failure initiators | ||
| ====================== | ||
|
|
||
| 2.1 Shared resources | ||
|
|
||
| .. list-table:: DFA shared resources | ||
| :header-rows: 1 | ||
| :widths: 10,30,30,30 | ||
|
|
||
| * - ID | ||
| - Violation cause shared resources | ||
| - Simplification | ||
| - Importance (can be used for priorisation) | ||
| * - SR_01_01 | ||
| - Reused software modules | ||
| - | ||
| - Medium | ||
| * - SR_01_02 | ||
| - Libraries | ||
| - SR_01_01 | ||
| - Medium | ||
| * - SR_01_04 | ||
| - Basic software | ||
| - | ||
| - Medium | ||
| * - SR_01_05 | ||
| - Operating system including scheduler | ||
| - | ||
| - Medium | ||
| * - SR_01_06 | ||
| - Any service stack, e.g. communication stack | ||
| - | ||
| - Medium | ||
| * - SR_01_07 | ||
| - Configuration data | ||
| - | ||
| - Medium | ||
| * - SR_01_09 | ||
| - Execution time | ||
| - | ||
| - Medium | ||
| * - SR_01_10 | ||
| - Allocated memory | ||
| - | ||
| - Medium | ||
|
|
||
|
|
||
| | 2.2 Communication between the two elements: | ||
| | Receiving function is affected by information that is false, lost, sent multiple times, or in the wrong order etc. from the sender. | ||
|
|
||
| .. list-table:: DFA communication between elements | ||
| :header-rows: 1 | ||
| :widths: 10,30,30,30 | ||
|
|
||
| * - ID | ||
| - Violation cause communication between elements | ||
| - Simplification | ||
| - Importance (can be used for priorisation) | ||
| * - CO_01_01 | ||
| - Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions (data flow) | ||
| - | ||
| - Medium | ||
| * - CO_01_02 | ||
| - Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information | ||
| - | ||
| - Medium | ||
| * - CO_01_03 | ||
| - Insertion / sequence of information | ||
| - | ||
| - Medium | ||
| * - CO_01_04 | ||
| - Corruption of information, inconsistent data | ||
| - | ||
| - Medium | ||
| * - CO_01_05 | ||
| - Asymmetric information sent from a sender to multiple receivers, so that not all defined receivers have the same informations | ||
| - | ||
| - Medium | ||
| * - CO_01_06 | ||
| - Information from a sender received by only a subset of the receivers | ||
| - | ||
| - Medium | ||
| * - CO_01_07 | ||
| - Blocking access to a communication channel | ||
| - | ||
| - Medium | ||
|
|
||
| | 2.3 Shared information inputs | ||
| | Same information input used by multiple functions. | ||
|
|
||
| .. list-table:: DFA shared information inputs | ||
| :header-rows: 1 | ||
| :widths: 10,30,30,30 | ||
|
|
||
| * - ID | ||
| - Violation cause shared information inputs | ||
| - Simplification | ||
| - Importance (can be used for priorisation) | ||
| * - SI_01_02 | ||
| - Configuration data | ||
| - | ||
| - Medium | ||
| * - SI_01_03 | ||
| - Constants, or variables, being global to the two software functions | ||
| - | ||
| - Medium | ||
| * - SI_01_04 | ||
| - Basic software passes data (read from hardware register and converted into logical information) to two applications software functions | ||
| - | ||
| - Medium | ||
| * - SI_01_05 | ||
| - Data / function parameter arguments / messages delivered by software function to more than one other function | ||
| - | ||
| - Medium | ||
|
|
||
| | 2.4 Unintended impact | ||
| | Unintended impacts to function due to various failures. | ||
|
|
||
| .. list-table:: DFA unintended impact | ||
| :header-rows: 1 | ||
| :widths: 10,30,30,30 | ||
|
|
||
| * - ID | ||
| - Violation cause unintended impact | ||
| - Simplification | ||
| - Importance (can be used for priorisation) | ||
| * - UI_01_01 | ||
| - Memory miss-allocation and leaks | ||
| - | ||
| - Medium | ||
| * - UI_01_02 | ||
| - Read/Write access to memory allocated to another software element | ||
| - | ||
| - Medium | ||
| * - UI_01_03 | ||
| - Stack/Buffer under-/overflow | ||
| - | ||
| - Medium | ||
| * - UI_01_04 | ||
| - Deadlocks | ||
| - | ||
| - Medium | ||
| * - UI_01_05 | ||
| - Livelocks | ||
| - | ||
| - Medium | ||
| * - UI_01_06 | ||
| - Blocking of execution | ||
| - | ||
| - Medium | ||
| * - UI_01_07 | ||
| - Incorrect allocation of execution time | ||
| - | ||
| - Medium | ||
| * - UI_01_08 | ||
| - Incorrect execution flow | ||
| - | ||
| - Medium | ||
| * - UI_01_09 | ||
| - Incorrect synchronization between software elements | ||
| - | ||
| - Medium | ||
| * - UI_01_10 | ||
| - CPU time depletion | ||
| - | ||
| - Medium | ||
| * - UI_01_11 | ||
| - Memory depletion | ||
| - | ||
| - Medium | ||
| * - UI_01_12 | ||
| - Other HW unavailability | ||
| - | ||
| - Medium | ||
|
|
||
| | Development failure initiators | ||
| | Secition is **only aplicable if a divers SW development is needed** due to decomposition. | ||
|
|
||
| :note: Section shall be applied only once to analyse all dependencies of the features. Results shall be checked during of the analysis of new features if this is applicable to the feature. | ||
|
|
||
| .. list-table:: DFA development failure initiators | ||
| :header-rows: 1 | ||
| :widths: 10,30,30,30 | ||
|
|
||
| * - ID | ||
| - Violation cause development failure initiators | ||
| - Simplification | ||
| - Importance (can be used for priorisation) | ||
| * - SC_01_02 | ||
| - Same development approaches (e.g. IDE, programming and/or modelling language) | ||
| - | ||
| - Medium | ||
| * - SC_01_03 | ||
| - Same personal | ||
| - | ||
| - Medium | ||
| * - SC_01_04 | ||
| - Same social-cultural context (even if different personnel). Only applicable if diverse development is needed. | ||
| - | ||
| - Medium | ||
| * - SC_01_05 | ||
| - Development fault (e.g. human error, insufficient qualification, insufficient methods). Only applicable if diverse development is needed. | ||
| - | ||
| - Medium | ||
51 changes: 51 additions & 0 deletions
51
process/process_areas/safety_analysis/guidance/dfa_template.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| .. | ||
| # ******************************************************************************* | ||
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | ||
| # | ||
| # See the NOTICE file(s) distributed with this work for additional | ||
| # information regarding copyright ownership. | ||
| # | ||
| # This program and the accompanying materials are made available under the | ||
| # terms of the Apache License Version 2.0 which is available at | ||
| # https://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| # ******************************************************************************* | ||
|
|
||
| .. _dfa_templates: | ||
|
|
||
| DFA Templates | ||
| ============= | ||
|
|
||
| .. gd_temp:: Feature DFA Templates | ||
| :id: gd_temp__feat_saf_dfa | ||
| :status: valid | ||
| :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524, std_req__iso26262__software_7411, std_req__iso26262__analysis_741, std_req__iso26262__analysis_742, std_req__iso26262__analysis_743, std_req__iso26262__analysis_745, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747, std_req__iso26262__analysis_748, std_req__iso26262__analysis_749, std_req__isopas8926__44432 | ||
|
|
||
| | .. feat_saf_dfa:: <Element descriptor> | ||
| | :verifies: <Feature architecture> | ||
| | :id: feat_saf_DFA__<Feature>__<Element descriptor> | ||
| | :violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> | ||
| | :violation_cause: "description of failure effect of the failure initiator on the element" | ||
| | :mitigation: < NONE|ID from Feature Requirement> | ||
| | :mitigation_issue: <ID from Issue Tracker| None if no issue needed> | ||
| | :sufficient: <yes|no> | ||
| | :argument: <text to argument why mitigation is sufficient> | ||
| | :status: <valid|invalid> | ||
|
|
||
|
|
||
| .. gd_temp:: Component DFA Templates | ||
| :id: gd_temp__comp_saf_dfa | ||
| :status: valid | ||
| :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524, std_req__iso26262__software_7411, std_req__iso26262__analysis_741, std_req__iso26262__analysis_742, std_req__iso26262__analysis_743, std_req__iso26262__analysis_745, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747, std_req__iso26262__analysis_748, std_req__iso26262__analysis_749, std_req__isopas8926__44432 | ||
|
|
||
| | .. comp_saf_dfa:: <Element descriptor> | ||
| | :verifies: <Component architecture> | ||
| | :id: comp_saf_DFA__<Component>__<Element descriptor> | ||
| | :violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> | ||
| | :violation_cause: "description of failure effect of the failure initiator on the element" | ||
| | :mitigation: < NONE|ID from Component Requirement> | ||
| | :mitigation_issue: <ID from Issue Tracker| None if no issue needed> | ||
| | :sufficient: <yes|no> | ||
| | :argument: <text to argument why mitigation is sufficient> | ||
| | :status: <valid|invalid> |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are the modified, as stated in the previous review?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I create an issue for the shared resources and included all review findings from the preceded reviews. We will discuss this question in the next working slot