process: include review findings

Ref: closes #310

Author: PandaeDo

docs/process/process_areas/safety_analysis/_assets/safety_analysis_workflow.drawio.svg

@@ -17,10 +17,15 @@
 DFA failure initiators
 ======================
 
-.. gd_chklst:: DFA failure initiators
-    :id: gd_chklst__dfa_failure_initiators
-    :status: valid
-    :tags: safety analysis
+.. gd_guidl:: DFA failure initiators
+  :id: gd_guidl__dfa_failure_initiators
+  :status: valid
+  :complies: std_wp__iso26262__software_751, std_wp__iso26262__software_753
+
+
+:note: Use the failure initiators to ensure a structed analysis. If a fault model doesn't apply, please fill in a short desciption in the
+       violation cause so it could be recognized that the analysis is done. If there are additional failure initiators needed, please
+       enlage the list of fault models.
 
     **Purpose**
 
@@ -30,7 +35,6 @@ DFA failure initiators
     **DFA failure initiators**
 
     | 2.1 Shared resources
-    | Same software element instance used by the two functions which are therefore affected by the failure or unavailability of that shared resource.
 
     .. list-table:: DFA shared resources
        :header-rows: 1
@@ -68,10 +72,6 @@ DFA failure initiators
         - Configuration data
         -
         -
-      * - SR_01_08
-        - Calibration data
-        -
-        -
       * - SR_01_09
         - Execution time
         -
@@ -90,7 +90,7 @@ DFA failure initiators
 
       * - ID
         - Violation cause
-          Shared resource used by several components
+          communication between elements
         - Avoidance, or detection and mitigation of the fault
         - Comment
       * - CO_01_01
@@ -128,6 +128,9 @@ DFA failure initiators
         -
         -
 
+    | (*) These issues are taken from the arguments on freedom from interference between software elements.
+    |     In that respect, the dependent failure initiators Unintended Impact and Communication represent causes of violation of freedom from interference for software.
+
     | 2.3 Shared information inputs
     | Same information consumed by the two functions even in absence of shared resources, i.e. from a functional perspective.
 
@@ -140,10 +143,6 @@ DFA failure initiators
           Shared resource used by several components
         - Avoidance, or detection and mitigation of the fault
         - Comment
-      * - SI_01_01
-        - Calibration data
-        -
-        -
       * - SI_01_02
         - Configuration data
         -
@@ -215,7 +214,6 @@ DFA failure initiators
     |     In that respect, the dependent failure initiators Unintended Impact and Communication represent causes of violation of freedom from interference for software.
 
     | 2.5 Systematic coupling
-    | Systematic causes from human or tool errors can lead to the simultaneous failure of more than one function.
 
     .. list-table:: DFA systematic coupling
        :header-rows: 1
@@ -226,17 +224,11 @@ DFA failure initiators
           Shared resources used by several components
         - Avoidance, or detection and mitigation of the fault
         - Comment
-      * - SC_01_01
-        - Manufacturing fault / repair fault (e.g. false flashing,
-          false calibration reference for sensors)
-        -
-        -
       * - SC_01_02
         - Non-diverse development approaches including:
           - same software tools (e.g. IDE, compiler, linker)
           - same algorithms
           - same programming and/or modelling language used
-          - same complier/linker used
         -
         -
       * - SC_01_03

docs/process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst

@@ -12,10 +12,28 @@
    # SPDX-License-Identifier: Apache-2.0
    # *******************************************************************************
 
+.. _dfa_templates:
 
 DFA Templates
 =============
 
+.. gd_temp:: Platform DFA Templates
+   :id: gd_temp__plat_saf_dfa
+   :status: valid
+   :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524, std_req__iso26262__software_7411, std_req__iso26262__analysis_741, std_req__iso26262__analysis_742, std_req__iso26262__analysis_743, std_req__iso26262__analysis_745, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747, std_req__iso26262__analysis_748, std_req__iso26262__analysis_749, std_req__isopas8926__44432
+
+   | .. plat_saf_dfa:: <Element descriptor>
+   |    :verifies: <Platform architecture>
+   |    :id: plat_saf_DFA__<Platform>__<Element descriptor>
+   |    :violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
+   |    :violation_cause: "description of failure effect of the failure initiator on the element"
+   |    :mitigation: < NONE|ID from Feature Requirement>
+   |    :mitigation_issue: <ID from Issue Tracker| None if no issue needed>
+   |    :mitigation_coverage: <0..100%>
+   |    :sufficient: <yes|no>
+   |    :argument: <text to argument why mitigation is sufficient>
+   |    :status: <valid|invalid>
+
 .. gd_temp:: Feature DFA Templates
    :id: gd_temp__feat_saf_dfa
    :status: valid
@@ -24,10 +42,11 @@ DFA Templates
    | .. feat_saf_dfa:: <Element descriptor>
    |    :verifies: <Feature architecture>
    |    :id: feat_saf_DFA__<Feature>__<Element descriptor>
-   |    :violation_id: <ID from DFA failure initiators :need:`gd_chklst__dfa_failure_initiators`>
-   |    :violation_cause: "Failure initiator similar to :need:`gd_chklst__dfa_failure_initiators`"
-   |    :violates: <ID from Feature Requirement>
+   |    :violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
+   |    :violation_cause: "description of failure effect of the failure initiator on the element"
    |    :mitigation: < NONE|ID from Feature Requirement>
+      | :mitigation_issue: <ID from Issue Tracker| None if no issue needed>
+   |    :mitigation_coverage: <0..100%>
    |    :sufficient: <yes|no>
    |    :argument: <text to argument why mitigation is sufficient>
    |    :status: <valid|invalid>
@@ -41,10 +60,11 @@ DFA Templates
    | .. comp_saf_dfa:: <Element descriptor>
    |    :verifies: <Component architecture>
    |    :id: comp_saf_DFA__<Component>__<Element descriptor>
-   |    :violation_id: <ID from DFA failure initiators :need:`gd_chklst__dfa_failure_initiators`>
-   |    :violation_cause: "Failure initiator similar to :need:`gd_chklst__dfa_failure_initiators`"
-   |    :violates: <ID from Component Requirement>
+   |    :violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
+   |    :violation_cause: "description of failure effect of the failure initiator on the element"
    |    :mitigation: < NONE|ID from Component Requirement>
+   |    :mitigation_issue: <ID from Issue Tracker| None if no issue needed>
+   |    :mitigation_coverage: <0..100%>
    |    :sufficient: <yes|no>
    |    :argument: <text to argument why mitigation is sufficient>
    |    :status: <valid|invalid>

docs/process/process_areas/safety_analysis/guidance/dfa_template.rst

@@ -16,106 +16,16 @@ Fault Models
 ============
 
 .. gd_guidl:: Fault Models
-   :id: gd_guidl__fault_models
-   :status: valid
-   :complies: std_wp__iso26262__software_752, std_req__iso26262__analysis_846
+  :id: gd_guidl__fault_models
+  :status: valid
+  :complies: std_wp__iso26262__software_752, std_req__iso26262__analysis_846
 
-    Fault Models for activity diagrams
-
-    .. list-table:: Fault Models for activity diagrams
-       :header-rows: 1
-       :widths: 15,6,30,30,15
-
-      * - Element
-        - ID
-        - Failure Mode
-        - Simplification
-        - Importance
-      * - data storage
-        - DS_01_01
-        - stored data changed
-          (before read operation)
-        -
-        - High
-      * - data storage
-        - DS_01_02
-        - new data not stored (keeps old data)
-          / stuck-at (specific value)
-        -
-        - High
-      * - data flow
-        - DF_01_01
-        - transferred data changed
-        - DS_01_01 if there is one data flow to the data store
-        - Medium
-      * - data flow
-        - DF_01_02
-        - transferred data lost
-        - DS_01_02 if there is one data flow to the data store
-        - Medium
-      * - data flow
-        - DF_01_03
-        - transferred to wrong data store
-        - DS_01_01 unless point in time of change is important
-        - Low
-      * - data flow
-        - DF_01_04
-        - data stored at wrong location in data store
-        - relevant only for arrays/complex types
-        - High
-      * - processing
-        - PS_01_01
-        - process calculates wrong result(s)
-        - DS_01_01 unless process affects multiple data stores
-        - High
-      * - processing
-        - PS_01_02
-        - processing too slow/fast
-        - relevant only if timing is considered, infinite loop->CF01_01
-        - Low
-      * - control flow
-        - CF_01_01
-        - control flow stops
-        -
-        - High
-      * - control flow
-        - CF_01_02
-        - control flow skips process
-        - PS_01_01 and PS_01_02
-        - Medium
-      * - control flow
-        - CF_01_03
-        - control flow proceeds to wrong process
-        - CF_01_02 or limited to specific process
-        - Low
-      * - fork
-        - FK_01_01
-        - some but not all outgoing concurrent processes are triggered
-        -
-        - Medium
-      * - fork
-        - FK_01_02
-        - concurrent processes are triggered despite incoming process has not yet been completed
-        - similar to CF_01_02
-        - Low
-      * - fork
-        - FK_01_03
-        - none of the outgoing concurrent processes is triggered
-        - similar to CF_01_01
-        - Low
-      * - join
-        - JF_01_01
-        - execution proceeds before all joining processes have been completed
-        - similar to CF_01_02
-        - High
-      * - join
-        - JF_01_02
-        - execution does not proceed despite all joining processes have been completed
-        - similar to CF_01_01
-        - Medium
+  | Fault Model for sequence diagrams
 
+:note: Use the fault models to ensure a structed analysis. If a fault model doesn't apply, please fill in a short desciption in the
+          violation cause so it could be recognized that the analysis is done. If there are additional fault models needed, please
+          enlage the list of fault models.
 
-   | Fault Model for sequence diagrams
 
     .. list-table:: Fault Models for sequence diagrams
        :header-rows: 1
@@ -125,7 +35,7 @@ Fault Models
         - ID
         - Failure Mode
         - Simplification
-        - Importance
+        - Importance (can be used for priorisation)
       * - message
         - MF_01_01
         - message is not received
@@ -181,25 +91,3 @@ Fault Models
         - processing is not complete (infinite loop)
         -
         - Low
-      * - frame (*)
-        - FE_01_01
-        - frame not entered as specified
-        -
-        - Medium
-      * - frame (*)
-        - FE_01_02
-        - frame not exited as specified
-        -
-        - Medium
-      * - frame (*)
-        - FE_01_03
-        - frame entered differently than specified
-        -
-        - Medium
-      * - frame (*)
-        - FE_01_04
-        - frame exited differently than specified
-        -
-        - Medium
-
-   | (*) frame is a reference to another diagram, which describes more detailed aspects. Entry- and Exit points define the order of transitions.

docs/process/process_areas/safety_analysis/guidance/fault_models_guideline.rst

@@ -18,9 +18,10 @@ Guidance
 .. toctree::
    :maxdepth: 1
 
-   safety_analysis_guideline
-   fault_models_guideline
-   safety_analysis_templates
-   dfa_template
    dfa_failure_initiators
+   dfa_template
+   fault_models_guideline
+   safety_analysis_checklist
+   safety_analysis_guideline
    safety_analysis_process_reqs
+   safety_analysis_templates

docs/process/process_areas/safety_analysis/guidance/index.rst

@@ -0,0 +1,44 @@
+..
+   # *******************************************************************************
+   # Copyright (c) 2025 Contributors to the Eclipse Foundation
+   #
+   # See the NOTICE file(s) distributed with this work for additional
+   # information regarding copyright ownership.
+   #
+   # This program and the accompanying materials are made available under the
+   # terms of the Apache License Version 2.0 which is available at
+   # https://www.apache.org/licenses/LICENSE-2.0
+   #
+   # SPDX-License-Identifier: Apache-2.0
+   # *******************************************************************************
+
+
+Checklist for Safety Analysis
+================================
+
+.. gd_chklst:: Safety Analysis Checklist Template
+   :id: gd_chklst__safety_analysis
+   :status: valid
+   :tags: safety_analysis
+
+   **Purpose**
+   The purpose of this safety analysis checklist template is to collect the topics to be checked during verification of the safety analysis.
+
+   **Checklist**
+
+   .. list-table:: Safety Analysis Checklist
+      :header-rows: 1
+      :widths: 10,30,50,6,6,8
+
+      * - Review ID
+        - Acceptance Criteria
+        - Guidance
+        - Passed
+        - Remarks
+        - Issue link
+      * - REQ_01_01
+        - Is the safety analysis is finished?
+        - see :need:`gd_guidl__safety_analysis`
+        - No open topics in safety analysis report.
+        - <yes|no>
+        -