diff --git a/docs/process/_assets/score_process_area_overview.drawio.svg b/docs/process/_assets/score_process_area_overview.drawio.svg index 1660a8dad91..7841e17f3ad 100644 --- a/docs/process/_assets/score_process_area_overview.drawio.svg +++ b/docs/process/_assets/score_process_area_overview.drawio.svg @@ -1,4 +1,873 @@ - - - -


Process Areas - Development










 
Process Areas - Development...
Introduction
Introduction


Process Areas - Management










 
Process Areas - Management...
Requirements
Enngineering





Requirements...
Safety
Management
Safety...


Change Management

Change Managem...
Documentation
Management
Documentation...
General Concepts
General Concepts
Standards
Standards
Role definition
Role definition

Architecture





Architectur...
Imple-mentation

(Detailed Design,
Coding)
Imple-menta...
Problem Resolution
Problem Resolu...
ML 4
ML 4
ML 2
ML 2
ML 1
ML 1


Verification






Verificatio...
Configuration
Management
Configuration...
Release
Management
Release...
Tool
Management
Tool...
Quality
Management
Quality...
Project
Management
Project...
Maturity Level
Maturity Level
ML 0
ML 0
Safety
Analysis




Safety...
Work Products
Work Products
How To Contribute
How To Contribute
ML 3
ML 3
Plan
Process definition planned
Documents not available or most empty
Plan -...
Initial
Process definition in place, but not yet compliant, consistency across S-CORE platform, modules and repeatability of processes may not be possible.
Documents are mostly available, main parts done, principles clear, all top level questions addressed, well structured
Initial -...
Managed -
Process definition in place but not yet deployed in S-CORE, but execution would allow consitency across S-CORE platform and modules, repeatability of processes possible
Documents are complete, documented on a comprehensible systematic approach, verified, only minor questions open
Managed -...
Defined/Practiced
Deployed (at least once) in S-CORE platform or one Module, The processes have been practiced, and evidence exists to demonstrate that this has occurred. 
Document are complete, verified and released
Defined/Practiced -...
Improving - 
Deployed on S-CORE platform and various S-CORE Modules and constantly improving, using suitable process metrics, S-CORE commiter control the effectiveness and performance of the platform and modules and demonstrate continuous improvement in these areas.
Improving -...Text is not SVG - cannot display \ No newline at end of file + + + + + + + + + + +
+
+
+ +
+
+ Process Areas - Development +
+
+
+
+
+
+
+
+
+
+
+ +
+
+
+ + + Process Areas - Development... + + + + + + + + + + + +
+
+
+ + Introduction + +
+
+
+ + + Introduction + + + + + + + + + + + +
+
+
+ +
+
+ Process Areas - Management +
+
+
+
+
+
+
+
+
+
+
+ +
+
+
+ + + Process Areas - Management... + + + + + + + + + + + +
+
+
+ Requirements +
+ Enngineering +
+
+
+
+
+
+
+
+
+ + + Requirements... + + + + + + + + + + + +
+
+
+ Safety +
+ Management +
+
+
+ + + Safety... + + + + + + + + + + + +
+
+
+
+
+ Change Management +
+
+
+
+
+ + + Change Managem... + + + + + + + + + + + +
+
+
+ Documentation +
+ Management +
+
+
+ + + Documentation... + + + + + + + + + + + +
+
+
+ + General Concepts + +
+
+
+ + + General Concepts + + + + + + + + + + + +
+
+
+ + Standards + +
+
+
+ + + Standards + + + + + + + + + + + +
+
+
+ + Role definition + +
+
+
+ + + Role definition + + + + + + + + + + + +
+
+
+
+ Architecture +
+
+
+
+
+
+
+
+
+ + + Architectur... + + + + + + + + + + + +
+
+
+ Imple-mentation +
+
+ (Detailed Design, +
+ Coding) +
+
+
+ + + Imple-menta... + + + + + + + + + + + +
+
+
+ Problem Resolution +
+
+
+ + + Problem Resolu... + + + + + + + + + + + +
+
+
+ ML 4 +
+
+
+ + + ML 4 + + + + + + + + + + + +
+
+
+ ML 2 +
+
+
+ + + ML 2 + + + + + + + + + + + +
+
+
+ ML 1 +
+
+
+ + + ML 1 + + + + + + + + + + + +
+
+
+
+
+ Verification +
+
+
+
+
+
+
+
+
+
+ + + Verificatio... + + + + + + + + + + + +
+
+
+ Configuration +
+ Management +
+
+
+ + + Configuration... + + + + + + + + + + + +
+
+
+ Release +
+ Management +
+
+
+ + + Release... + + + + + + + + + + + +
+
+
+ Tool +
+ Management +
+
+
+ + + Tool... + + + + + + + + + + + +
+
+
+ Quality +
+ Management +
+
+
+ + + Quality... + + + + + + + + + + + +
+
+
+ Project +
+ Management +
+
+
+ + + Project... + + + + + + + + + + + +
+
+
+ + Maturity Level + +
+
+
+ + + Maturity Level + + + + + + + + + + + +
+
+
+ ML 0 +
+
+
+ + + ML 0 + + + + + + + + + + + +
+
+
+ Safety +
+ Analysis +
+
+
+
+
+
+
+
+ + + Safety... + + + + + + + + + + + +
+
+
+ + Work Products + +
+
+
+ + + Work Products + + + + + + + + + + + +
+
+
+ + How To Contribute + +
+
+
+ + + How To Contribute + + + + + + + + + + + +
+
+
+ ML 3 +
+
+
+ + + ML 3 + + + + + + + + + + + +
+
+
+ + Plan + + - +
+ + Process definition planned +
+ Documents not available + + or most empty +
+
+
+ + + Plan -... + + + + + + + + + + + +
+
+
+ + Initial + + - +
+ + Process definition in + + + place, but not yet compliant, + + + consistency across S-CORE platform, modules and repeatability of processes may not be possible. +
+ Documents are mostly available, main parts done, principles clear, all top level questions addressed, well structured +
+ +
+
+
+ + + Initial -... + + + + + + + + + + + +
+
+
+ + Managed + + - +
+ + Process definition in place but not + + + yet deployed in S-CORE, but + + + execution would allow consitency across S-CORE platform and modules, repeatability of processes possible +
+ Documents are complete, documented on a comprehensible systematic approach, verified, only minor questions open +
+ +
+
+
+ + + Managed -... + + + + + + + + + + + +
+
+
+ + Defined/Practiced + + - +
+ + Deployed (at least once) in S-CORE platform or one Module, + + + + The processes have been practiced, and evidence exists to demonstrate that this has occurred. + +
+ + Document are complete, verified and released + +
+ +
+
+
+ + + Defined/Practiced -... + + + + + + + + + + + +
+
+
+ Improving - +
+ + Deployed on S-CORE platform and various S-CORE Modules and + + + constantly improving, u + + + sing suitable process metrics, S-CORE commiter control the effectiveness and performance of the platform and modules and demonstrate continuous improvement in these areas. + +
+
+
+ + + Improving -... + + + + + + + + + + Text is not SVG - cannot display + + + + \ No newline at end of file diff --git a/docs/process/general_concepts/score_building_blocks_concept.rst b/docs/process/general_concepts/score_building_blocks_concept.rst index cb9fd07d195..0a3751b293b 100644 --- a/docs/process/general_concepts/score_building_blocks_concept.rst +++ b/docs/process/general_concepts/score_building_blocks_concept.rst @@ -67,6 +67,8 @@ to a Component. Building blocks overview for **S-CORE** platform +.. _building_block_example: + Building blocks example +++++++++++++++++++++++ diff --git a/docs/process/process_areas/index.rst b/docs/process/process_areas/index.rst index b9a22f28b5d..e4ef858ff07 100644 --- a/docs/process/process_areas/index.rst +++ b/docs/process/process_areas/index.rst @@ -27,5 +27,6 @@ Process Areas platform_management/index.rst problem_resolution/index.rst requirements_engineering/index.rst + safety_analysis/index.rst safety_management/index.rst verification/index.rst diff --git a/docs/process/process_areas/safety_analysis/_assets/safety_analysis_component.drawio.svg b/docs/process/process_areas/safety_analysis/_assets/safety_analysis_component.drawio.svg new file mode 100644 index 00000000000..a98cbb9ca7b --- /dev/null +++ b/docs/process/process_areas/safety_analysis/_assets/safety_analysis_component.drawio.svg @@ -0,0 +1,479 @@ + + + + + + + + + + + +
+
+
+ uses +
+
+
+ + + uses + + + + + + + + + + + + +
+
+
+ Actor +
+
+
+ + + Actor + + + + + + + + + + + +
+
+
+ User +
+
+
+ + + User + + + + + + + + + + + +
+
+
+ kvstorage +
+
+
+ + + kvstorage + + + + + + + + + + + + + + + +
+
+
+ fs +
+
+
+ + + fs + + + + + + + + + + + +
+
+
+ kvs +
+
+
+ + + kvs + + + + + + + + + + + + + + +
+
+
+ Component architecture +
+
+
+ + + Component architecture + + + + + + + + + + + +
+
+
+ COMPONENT +
+
+
+ + + COMPONENT + + + + + + + + + + + +
+
+
+ PUBLIC API +
+
+
+ + + PUBLIC API + + + + + + + + + + + +
+
+
+ SW Module: +
+
+
+ + + SW Module: + + + + + + + + + + + +
+
+
+ Feature: +
+
+
+ + + Feature: + + + + + + + + + + + +
+
+
+ + SEooC: + +
+
+
+ + + SEooC: + + + + + + + + + + + +
+
+
+ kvs +
+
+
+ + + kvs + + + + + + + + + + + +
+
+
+ fs +
+
+
+ + + fs + + + + + + + + + + + + +
+
+
+ Actor +
+
+
+ + + Actor + + + + + + + + + + + +
+
+
+ User +
+
+
+ + + User + + + + + + + + + + + + + + + + + + + + + +
+
+
+ call +
+
+
+ + + call + + + + + + + + + + + + +
+
+
+ trigger +
+
+
+ + + trigger + + + + + + + + + + + + +
+
+
+ flow 3 +
+
+
+ + + flow 3 + + + + + + + + + + + + +
+
+
+ flow 1 +
+
+
+ + + flow 1 + + + + + + + + + + + +
+
+
+ Interface 1 +
+
+
+ + + Interface 1 + + + + + + + + + + Text is not SVG - cannot display + + + + \ No newline at end of file diff --git a/docs/process/process_areas/safety_analysis/_assets/safety_analysis_feature.drawio.svg b/docs/process/process_areas/safety_analysis/_assets/safety_analysis_feature.drawio.svg new file mode 100644 index 00000000000..03f4ded99d1 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/_assets/safety_analysis_feature.drawio.svg @@ -0,0 +1,548 @@ + + + + + + + + + + +
+
+
+ Platform +
+
+
+ + + Platform + + + + + + + + + + + +
+
+
+ persistency/key-val-storage +
+
+
+ + + persistency/key-val-storage + + + + + + + + + + + + +
+
+
+ uses +
+
+
+ + + uses + + + + + + + + + + + + +
+
+
+ Actor +
+
+
+ + + Actor + + + + + + + + + + + +
+
+
+ KVS +
+
+
+ + + KVS + + + + + + + + + + + +
+
+
+ kvstorage +
+
+
+ + + kvstorage + + + + + + + + + + + +
+
+
+ COMPONENT +
+
+
+ + + COMPONENT + + + + + + + + + + + +
+
+
+ PUBLIC API +
+
+
+ + + PUBLIC API + + + + + + + + + + + +
+
+
+ User +
+
+
+ + + User + + + + + + + + + + + +
+
+
+ SW Module: +
+
+
+ + + SW Module: + + + + + + + + + + + +
+
+
+ Feature: +
+
+
+ + + Feature: + + + + + + + + + + + + + + +
+
+
+ + SEooC: + +
+
+
+ + + SEooC: + + + + + + + + + + + + + + +
+
+
+ json_al +
+
+
+ + + json_al + + + + + + + + + + + + + + +
+
+
+ Feature architecture +
+
+
+ + + Feature architecture + + + + + + + + + + + +
+
+
+ kvstorage +
+
+
+ + + kvstorage + + + + + + + + + + + +
+
+
+ json_al +
+
+
+ + + json_al + + + + + + + + + + + + +
+
+
+ Actor +
+
+
+ + + Actor + + + + + + + + + + + +
+
+
+ User +
+
+
+ + + User + + + + + + + + + + + + + + + + + + + + + +
+
+
+ call +
+
+
+ + + call + + + + + + + + + + + + +
+
+
+ trigger +
+
+
+ + + trigger + + + + + + + + + + + + +
+
+
+ flow 2 +
+
+
+ + + flow 2 + + + + + + + + + + + + +
+
+
+ flow 1 +
+
+
+ + + flow 1 + + + + + + + + + + + +
+
+
+ Interface 1 +
+
+
+ + + Interface 1 + + + + + + + + + + + +
+
+
+ Interface 2 +
+
+
+ + + Interface 2 + + + + + + + + + + + + + + Text is not SVG - cannot display + + + + \ No newline at end of file diff --git a/docs/process/process_areas/safety_analysis/_assets/safety_analysis_workflow.drawio.svg b/docs/process/process_areas/safety_analysis/_assets/safety_analysis_workflow.drawio.svg new file mode 100644 index 00000000000..60c895c433b --- /dev/null +++ b/docs/process/process_areas/safety_analysis/_assets/safety_analysis_workflow.drawio.svg @@ -0,0 +1,605 @@ + + + + + + + + + + + + + + + + + + +
+
+
+ Analyse Feature Architecture +
+
+
+ + + Analyse Feature Arch... + + + + + + + + + + + +
+
+
+ 3 +
+
+
+ + + 3 + + + + + + + + + + + + + + + + + + + +
+
+
+ Analyse Component Architecture +
+
+
+ + + Analyse Component Ar... + + + + + + + + + + + +
+
+
+ 6 +
+
+
+ + + 6 + + + + + + + + + + + + + + + +
+
+
+ Monitor Safety Analyses and DFA +
+
+
+ + + Monitor Safety Analy... + + + + + + + + + + + +
+
+
+ 9 +
+
+
+ + + 9 + + + + + + + + + + + +
+
+
+ Perform Feature Safety Analyses +
+
+
+ + + Perform Feature Safe... + + + + + + + + + + + +
+
+
+ 4 +
+
+
+ + + 4 + + + + + + + + + + + +
+
+
+ Perform Feature DFA +
+
+
+ + + Perform Feature DFA + + + + + + + + + + + +
+
+
+ 5 +
+
+
+ + + 5 + + + + + + + + + + + +
+
+
+ Perform Component Safety Analyses +
+
+
+ + + Perform Component Sa... + + + + + + + + + + + +
+
+
+ 7 +
+
+
+ + + 7 + + + + + + + + + + + +
+
+
+ Perform Component DFA +
+
+
+ + + Perform Component DFA + + + + + + + + + + + +
+
+
+ 8 +
+
+
+ + + 8 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ Issue Tracking System +
+
+
+ + + Issue Tracking System + + + + + + + + + + + +
+
+
+ 10 +
+
+
+ + + 10 + + + + + + + + + + + + + + + + + + + +
+
+
+ Analyse Platform Architecture +
+
+
+ + + Analyse Platform Arc... + + + + + + + + + + + +
+
+
+ 1 +
+
+
+ + + 1 + + + + + + + + + + + + + + + +
+
+
+ Perform Feature Safety Analyses +
+
+
+ + + Perform Feature Safe... + + + + + + + + + + + +
+
+
+ 2 +
+
+
+ + + 2 + + + + + + + + + + + +
+
+
+ Verify Safety Analyses and DFA +
+
+
+ + + Verify Safety Analys... + + + + + + + + + + + +
+
+
+ 11 +
+
+
+ + + 11 + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ no +
+
+
+ + + no + + + + + + + + + + + +
+
+
+ yes +
+
+
+ + + yes + + + + + + + + + + + +
+
+
+ Completed  Analysis +
+
+
+ + + Completed... + + + + + + + + + + Text is not SVG - cannot display + + + + diff --git a/docs/process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst b/docs/process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst new file mode 100644 index 00000000000..55bae59f5a8 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst @@ -0,0 +1,236 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _dfa failure initiators: + +DFA failure initiators +====================== + +.. gd_guidl:: DFA failure initiators + :id: gd_guidl__dfa_failure_initiators + :status: valid + :complies: std_wp__iso26262__software_751, std_wp__iso26262__software_753 + + +:note: Use the failure initiators to ensure a structured analysis. If a failure doesn't apply, please fill in a short desciption in the violation cause of the analysis so it could be recognized that the analysis is done. If there are additional failure initiators needed, please enlage the list of fault models. + +**Purpose** + +In order to identify all cascading and common cause failures, which may initiated from your feature or components to the platform, other features, components, etc., +use the following framework of dependent failure initiators to check your completeness of the analysis. + +DFA failure initiators +====================== + +2.1 Shared resources + +.. list-table:: DFA shared resources + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause shared resources + - Simplification + - Importance (can be used for priorisation) + * - SR_01_01 + - Reused software modules + - + - Medium + * - SR_01_02 + - Libraries + - SR_01_01 + - Medium + * - SR_01_04 + - Basic software + - + - Medium + * - SR_01_05 + - Operating system including scheduler + - + - Medium + * - SR_01_06 + - Any service stack, e.g. communication stack + - + - Medium + * - SR_01_07 + - Configuration data + - + - Medium + * - SR_01_09 + - Execution time + - + - Medium + * - SR_01_10 + - Allocated memory + - + - Medium + + +| 2.2 Communication between the two elements: +| Receiving function is affected by information that is false, lost, sent multiple times, or in the wrong order etc. from the sender. + +.. list-table:: DFA communication between elements + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause communication between elements + - Simplification + - Importance (can be used for priorisation) + * - CO_01_01 + - Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions (data flow) + - + - Medium + * - CO_01_02 + - Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information + - + - Medium + * - CO_01_03 + - Insertion / sequence of information + - + - Medium + * - CO_01_04 + - Corruption of information, inconsistent data + - + - Medium + * - CO_01_05 + - Asymmetric information sent from a sender to multiple receivers, so that not all defined receivers have the same informations + - + - Medium + * - CO_01_06 + - Information from a sender received by only a subset of the receivers + - + - Medium + * - CO_01_07 + - Blocking access to a communication channel + - + - Medium + +| 2.3 Shared information inputs +| Same information input used by multiple functions. + +.. list-table:: DFA shared information inputs + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause shared information inputs + - Simplification + - Importance (can be used for priorisation) + * - SI_01_02 + - Configuration data + - + - Medium + * - SI_01_03 + - Constants, or variables, being global to the two software functions + - + - Medium + * - SI_01_04 + - Basic software passes data (read from hardware register and converted into logical information) to two applications software functions + - + - Medium + * - SI_01_05 + - Data / function parameter arguments / messages delivered by software function to more than one other function + - + - Medium + +| 2.4 Unintended impact +| Unintended impacts to function due to various failures. + +.. list-table:: DFA unintended impact + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause unintended impact + - Simplification + - Importance (can be used for priorisation) + * - UI_01_01 + - Memory miss-allocation and leaks + - + - Medium + * - UI_01_02 + - Read/Write access to memory allocated to another software element + - + - Medium + * - UI_01_03 + - Stack/Buffer under-/overflow + - + - Medium + * - UI_01_04 + - Deadlocks + - + - Medium + * - UI_01_05 + - Livelocks + - + - Medium + * - UI_01_06 + - Blocking of execution + - + - Medium + * - UI_01_07 + - Incorrect allocation of execution time + - + - Medium + * - UI_01_08 + - Incorrect execution flow + - + - Medium + * - UI_01_09 + - Incorrect synchronization between software elements + - + - Medium + * - UI_01_10 + - CPU time depletion + - + - Medium + * - UI_01_11 + - Memory depletion + - + - Medium + * - UI_01_12 + - Other HW unavailability + - + - Medium + +| Development failure initiators +| Secition is **only aplicable if a divers SW development is needed** due to decomposition. + +:note: Section shall be applied on platform level. Results shall be implemented in general to the S-CORE development definitions. + +.. list-table:: DFA development failure initiators + :header-rows: 1 + :widths: 10,30,30,30 + + * - ID + - Violation cause development failure initiators + - Simplification + - Importance (can be used for priorisation) + * - SC_01_02 + - Same development approaches (e.g. IDE, programming and/or modelling language) + - + - Medium + * - SC_01_03 + - Same personal + - + - Medium + * - SC_01_04 + - Same social-cultural context (even if different personnel). Only applicable if diverse development is needed. + - + - Medium + * - SC_01_05 + - Development fault (e.g. human error, insufficient qualification, insufficient methods). Only applicable if diverse development is needed. + - + - Medium diff --git a/docs/process/process_areas/safety_analysis/guidance/dfa_template.rst b/docs/process/process_areas/safety_analysis/guidance/dfa_template.rst new file mode 100644 index 00000000000..0834fdc833e --- /dev/null +++ b/docs/process/process_areas/safety_analysis/guidance/dfa_template.rst @@ -0,0 +1,70 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _dfa_templates: + +DFA Templates +============= + +.. gd_temp:: Platform DFA Templates + :id: gd_temp__plat_saf_dfa + :status: valid + :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524, std_req__iso26262__software_7411, std_req__iso26262__analysis_741, std_req__iso26262__analysis_742, std_req__iso26262__analysis_743, std_req__iso26262__analysis_745, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747, std_req__iso26262__analysis_748, std_req__iso26262__analysis_749, std_req__isopas8926__44432 + + | .. plat_saf_dfa:: + | :verifies: + | :id: plat_saf_DFA____ + | :violation_id: + | :violation_cause: "description of failure effect of the failure initiator on the element" + | :mitigation: < NONE|ID from Feature Requirement> + | :mitigation_issue: + | :mitigation_coverage: <0..100%> + | :sufficient: + | :argument: + | :status: + +.. gd_temp:: Feature DFA Templates + :id: gd_temp__feat_saf_dfa + :status: valid + :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524, std_req__iso26262__software_7411, std_req__iso26262__analysis_741, std_req__iso26262__analysis_742, std_req__iso26262__analysis_743, std_req__iso26262__analysis_745, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747, std_req__iso26262__analysis_748, std_req__iso26262__analysis_749, std_req__isopas8926__44432 + + | .. feat_saf_dfa:: + | :verifies: + | :id: feat_saf_DFA____ + | :violation_id: + | :violation_cause: "description of failure effect of the failure initiator on the element" + | :mitigation: < NONE|ID from Feature Requirement> + | :mitigation_issue: + | :mitigation_coverage: <0..100%> + | :sufficient: + | :argument: + | :status: + + +.. gd_temp:: Component DFA Templates + :id: gd_temp__comp_saf_dfa + :status: valid + :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524, std_req__iso26262__software_7411, std_req__iso26262__analysis_741, std_req__iso26262__analysis_742, std_req__iso26262__analysis_743, std_req__iso26262__analysis_745, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747, std_req__iso26262__analysis_748, std_req__iso26262__analysis_749, std_req__isopas8926__44432 + + | .. comp_saf_dfa:: + | :verifies: + | :id: comp_saf_DFA____ + | :violation_id: + | :violation_cause: "description of failure effect of the failure initiator on the element" + | :mitigation: < NONE|ID from Component Requirement> + | :mitigation_issue: + | :mitigation_coverage: <0..100%> + | :sufficient: + | :argument: + | :status: diff --git a/docs/process/process_areas/safety_analysis/guidance/fault_models_guideline.rst b/docs/process/process_areas/safety_analysis/guidance/fault_models_guideline.rst new file mode 100644 index 00000000000..070d75dbb36 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/guidance/fault_models_guideline.rst @@ -0,0 +1,112 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Fault Models +============ + +.. gd_guidl:: Fault Models + :id: gd_guidl__fault_models + :status: valid + :complies: std_wp__iso26262__software_752, std_req__iso26262__analysis_846 + + | Fault Model for sequence diagrams + + +:note: Use the fault models to ensure a structed analysis. If a fault model doesn't apply, please fill in a short desciption in the violation cause of the analysis so it could be recognized that the analysis is done. If there are additional fault models needed, please enlage the list of fault models. + + + .. list-table:: Fault Models for sequence diagrams + :header-rows: 1 + :widths: 15,6,30,30,15 + + * - Element + - ID + - Failure Mode + - Simplification + - Importance (can be used for priorisation) + * - message + - MF_01_01 + - message is not received + - MF_01_05 + - High + * - message + - MF_01_02 + - message received too late + - relevant only if delay is a realistic fault + - Medium + * - message + - MF_01_03 + - message received too early + - usually not a problem + - Low + * - message + - MF_01_04 + - message not received correctly by all recipients (different messages or messages partly lost) + - only relevant if the same message goes to multiple recipients + - High + * - message + - MF_01_05 + - message is corrupted + - + - High + * - message + - MF_01_06 + - message is not sent + - + - High + * - message + - MF_01_07 + - message is unintended sent + - + - High + * - duration/time constraint + - CO_01_01 + - minimum constraint boundary is violated + - + - Medium + * - duration/time constraint + - CO_01_02 + - maximum constraint boundary is violated + - + - High + * - execution + - EX_01_01 + - Process calculates wrong result(s) + - MF_01_05 or MF_01_04 + - High + * - execution + - EX_01_02 + - processing too slow + - relevant only if timing is considered + - Medium + * - execution + - EX_01_03 + - processing too fast + - relevant only if timing is considered + - Medium + * - execution + - EX_01_04 + - loss of execution + - + - High + * - execution + - EX_01_05 + - processing changes to arbitrary process + - + - Medium + * - execution + - EX_01_06 + - processing is not complete (infinite loop) + - + - High diff --git a/docs/process/process_areas/safety_analysis/guidance/index.rst b/docs/process/process_areas/safety_analysis/guidance/index.rst new file mode 100644 index 00000000000..86deae56327 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/guidance/index.rst @@ -0,0 +1,27 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Guidance +######## + +.. toctree:: + :maxdepth: 1 + + safety_analysis_checklist + dfa_failure_initiators + dfa_template + fault_models_guideline + safety_analysis_guideline + safety_analysis_process_reqs + safety_analysis_templates diff --git a/docs/process/process_areas/safety_analysis/guidance/safety_analysis_checklist.rst b/docs/process/process_areas/safety_analysis/guidance/safety_analysis_checklist.rst new file mode 100644 index 00000000000..525ebb7d49f --- /dev/null +++ b/docs/process/process_areas/safety_analysis/guidance/safety_analysis_checklist.rst @@ -0,0 +1,74 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Checklist for Safety Analysis +================================ + +.. gd_chklst:: Safety Analysis Checklist Template + :id: gd_chklst__safety_analysis + :status: valid + :tags: safety_analysis + + **Purpose** + The purpose of this safety analysis checklist template is to collect the topics to be checked during verification of the safety analysis. + + **Checklist** + + .. list-table:: Safety Analysis Checklist + :header-rows: 1 + :widths: 10,30,30,15,8,8 + + * - Review ID + - Acceptance Criteria + - Guidance + - Passed + - Remarks + - Issue link + * - REQ_01_01 + - Is / are the safety analysis is / are finished? + - + - No open topics in safety analysis report. + - + - + * - REQ_01_02 + - Are the templates for DFA or / and Safety Analysis used? + - see :need:`gd_temp__plat_saf_dfa` / :need:`gd_temp__feat_saf_fmea` + - Templates are used to generate the DFA or / and Safety Analysis. + - + - + * - REQ_01_03 + - Were the failure initiators / fault models applied? + - see :need:`gd_guidl__dfa_failure_initiators` / :need:`gd_guidl__fault_models` + - The items of the failure initiators / fault models are used to ensure a structured analysis. + - + - + * - REQ_01_04 + - Is the vialation cause described completly and in an easily understandable manner? + - + - The cause of the violation is described completly. The cause can be recognized easily. + - + - + * - REQ_01_05 + - Is the mitigation described completly and in an easily understandable manner? + - + - The mitigation is described completly and can be recognized easily. + - + - + * - REQ_01_06 + - Is the overall result of the safety analysis described in the report? + - + - The results of the safety analysis are described in the report. The report is available :need:`wp__saf_analysis_report`. + - + - \ No newline at end of file diff --git a/docs/process/process_areas/safety_analysis/guidance/safety_analysis_guideline.rst b/docs/process/process_areas/safety_analysis/guidance/safety_analysis_guideline.rst new file mode 100644 index 00000000000..28b2c6b18ca --- /dev/null +++ b/docs/process/process_areas/safety_analysis/guidance/safety_analysis_guideline.rst @@ -0,0 +1,129 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Guidelines +########## + +.. gd_guidl:: Safety Analysis Guideline + :id: gd_guidl__safety_analysis + :status: valid + :complies: std_req__iso26262__analysis_841, std_req__iso26262__analysis_842, std_req__iso26262__analysis_843, std_req__iso26262__analysis_844, std_req__iso26262__analysis_847, std_req__iso26262__analysis_848, std_req__iso26262__analysis_849, std_req__iso26262__analysis_8410, std_req__isopas8926__44431, std_req__isopas8926__44432 + +This document describes the general guidances for Safety Analysis based on the concept which is defined :need:`[[title]]`. + +Workflow for Safety Analysis +============================ + +Detailed description which steps are need for a safety analysis. In general the workflow is shown in :ref:`safety_analysis_workflow_fig` + +#. To analyse the Platform Architecture DFA shall be executed. +#. Perform DFA on the Platform Architecture. +#. To analyse the Feature Architecture a Safety Analysis and a DFA shall be executed. +#. Perform Safety Analysis on the Feature Architecture. +#. Perform DFA on the Feature Architecture. +#. To analyse the Component Architecture a Safety Analysis and a DFA shall be executed. This only applies if the component architecture is not already covered by the feature architecture. +#. Perform Safety Analysis on the Component Architecture. +#. Perform DFA on the Component Architecture. +#. The performance of the Safety Analysis and DFA (Feature and Component) shall be monitored. +#. For open issues like from the Safety Analysis and DFA and Issue shall be created in the Issue Tracking system. For safety relevant issues types a ``safety`` label is used. Until there are open issues the safety analysis is "valid" and "not sufficient". +#. If the analysis is completed, a verification of the analysis shall be done and a report therfore shall be created. + +Step-by-Step-approach Safety Analysis: +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The analysis is done by using the template :ref:`safety_analysis_templates` on the feature or component architectural diagrams +(activity and/or sequence diagrams) using a diagram specific applied fault model <:need:`gd_guidl__fault_models`>. Apply the fault +model to the diagram and document the results in the template. If a fault model is not applicable, fill in a short remark in the +vialoation cause that it's not apllicable. So it could be shown that the analysis was done and no fault model is applicable. +The analysis considers single faults that can mitigate a safety requirement. + +**Steps:** + +* For each affected design element in scope of each diagram, assign the faults by ID from the fault model and document it as a sphinx-needs directive. +* Document the resulting failure mode and effect and the mitigated safety requirement. +* Document safety mitigation to avoid or control the failure. +* The mitigation coverage shall be estimated in percent. +* The attributes of the template are described in :ref:`process_requirements_safety_analysis_attributes`. +* Judge if this is sufficient. +* If not, request to update the diagram and the requirements with additional safety mitigation to come to a sufficient outcome by creating an issue. +* The analysis is finished, if for each identified faults a sufficient mitigation exists. +* Unless the attribute sufficient is yes, mitigation and argument attribute can be still empty. +* Coninue the analysis until all gault models are checked. +* The verification is done by appling the safety analysis checklist :need:`gd_chklst__safety_analysis`. + +**Examples:** + + +| .. feat_saf_fmea:: OpenKVS +| :verifies: +| :id: FEAT_SAF_FMEA__KVS__OpenKVS +| :failure_mode: "MF_01_05" +| :failure_effect: "message from calling app is corrupted" +| :mitigation: +| :mitigation_issue: +| :mitigation_coverage: <0..100%> +| :sufficient: no +| :argument: +| :status: valid + +| .. feat_saf_fmea:: GetKeyValue +| :verifies: +| :id: FEAT_SAF_FMEA__KVS__GetKeyValue +| :failure_mode: "MF_01_05" +| :failure_effect: "message is corrupted due to corrupted call open to OSAL" +| :mitigation: FEAT_REQ_persistency_key_val_storage__error +| :mitigation_issue: +| :mitigation_coverage: <0..100%> +| :sufficient: yes +| :argument: "Calling app gets error information" +| :status: valid + +The example is also used in the building blocks <:ref:`building_block_example`>. + + +Step-by-Step-approach DFA: +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The analysis is done by using the template :ref:`dfa_templates` on the feature or component architectural diagrams using a list of DFA failure initiators <:need:`gd_guidl__dfa_failure_initiators`>. +If a element of the failure initiators is not applicable, fill in a short remark in the vialoation cause that it's not apllicable. +So it could be shown that the analysis was done and no fault model is applicable. + +**Steps:** + +* For each failure initiator assign the violation by ID from the DFA failure initiators and document it as a sphinx-needs directive. +* Document the resulting violation causes and effect and the mitigated safety requirement. +* The mitigation coverage shall be estimated in percent. +* The attributes of the template are described in :ref:`process_requirements_safety_analysis_attributes`. +* Judge if the mitigation is sufficient. If not, request to update the requirements with additional safety mitigation to come to a sufficient outcome. +* The analysis is finished, if for each identified violation a mitigation exists. +* Unless the attribute "sufficient" is "yes", mitigation and argument attribute can be still empty. +* Coninue the analysis until all failure initiators are checked. +* The verification is done by appling the safety analysis checklist :need:`gd_chklst__safety_analysis`. + +**Examples:** + +| .. feat_saf_dfa:: +| :verifies: +| :id: feat_saf_DFA____ +| :violation_id: "SR_01_05" +| :violation_cause: "Operating system including scheduler" +| :mitigation: +| :mitigation_issue: +| :mitigation_coverage: <0..100%> +| :sufficient: no +| :argument: +| :status: valid + +The example is also used in the concept description <:ref:`safety_analysis_feature_example`> and also in the building blocks <:ref:`building_block_example`>. diff --git a/docs/process/process_areas/safety_analysis/guidance/safety_analysis_process_reqs.rst b/docs/process/process_areas/safety_analysis/guidance/safety_analysis_process_reqs.rst new file mode 100644 index 00000000000..753ce3b33fa --- /dev/null +++ b/docs/process/process_areas/safety_analysis/guidance/safety_analysis_process_reqs.rst @@ -0,0 +1,248 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _process_requirements_safety_analysis: + +Safety Analysis Process Requirements +==================================== + +.. gd_req:: Safety Analysis Structure + :id: gd_req__saf__structure + :status: valid + :tags: safety_analysis + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6432 + + Safety Analysis shall be hierarchically grouped into different levels. + + Following levels are defined: + + * Platform architecture + * Feature architecture + * Component architecture + +.. _process_requirements_safety_analysis_attributes: + +Process Safety Analysis Attributes +---------------------------------- + +.. gd_req:: Safety Analysis attribute: UID + :id: gd_req__saf__attr_uid + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6425, std_req__iso26262__support_6432 + + Each Safety Analysis shall have a unique ID. It shall be in a format which is also human readable and consists of + + * type of Safety Analysis + * keyword descirbing the level of analysis + * keyword describing the content of the Safety Analysis + + The naming convention is defined here: :ref:`naming_convention_needs` + +.. gd_req:: Safety Analysis attribute: title + :id: gd_req__saf_attr_title + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6424 + + The title of the Safety Analysis shall provide a short summary of the description + +.. gd_req:: DFA attribute: violation ID + :id: gd_req__saf__attr_vid + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6425, std_req__iso26262__support_6432 + + Each DFA shall have a violation ID. The violation ID is used to identify the related fault <:need:`gd_guidl__dfa_failure_initiators`>. + +.. gd_req:: DFA attribute: violation cause + :id: gd_req__saf__attr_vcause + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_742 + + Every DFA shall have a short description of the violation cause. + +.. gd_req:: FMEA attribute: failure mode + :id: gd_req__saf__attr_fmode + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848 + + Each FMEA shall have a failure mode. The failure nod is used to identify the related fault <:need:`gd_guidl__fault_models`>. + +.. gd_req:: FMEA attribute: failure effect + :id: gd_req__saf__attr_veffect + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_849 + + Every FMEA shall have a short description of the failure effect. + +.. gd_req:: Safety Analysis attribute: mitigation + :id: gd_req__saf_attr_mitigation + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_844, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747 + + Each violation shall have a mitigation for it. None can be used until a mitigation is developed. + +.. gd_req:: Safety Analysis attribute: mitigation issue + :id: gd_req__saf_attr_mitigation_issue + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_844, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747 + + For every mitigation that is needed a issue shall be created. If a mitigation is allready implemented without + an issue, please remark it so this can be reconstructed. + +.. gd_req:: Safety Analysis attribute: sufficient + :id: gd_req__saf__attr_sufficient + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749, std_req__isopas8926__44431, std_req__isopas8926__44432 + + Each mitigation shall have an statement if it's sufficient. + +.. gd_req:: Safety Analysis attribute: argument + :id: gd_req__saf__attr_argument + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749, std_req__isopas8926__44433 + + The argument shall describe why the mitigation is sufficient or not. If it's not sufficient the argument shall describe how the mitigation + can be improved to be sufficient. + +.. gd_req:: Safety Analysis attribute: status + :id: gd_req__saf__attr_status + :status: valid + :tags: attribute, mandatory + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749, std_req__isopas8926__44431, std_req__isopas8926__44432 + + Each safety analysis shall have the status invalid until the analysis is finished. The status shall be set to valid if the analysis is finished and all issues are closed. + +.. _process_requirements_safety_analysis_linkage: + +Safety Analysis Requirement Linkage +''''''''''''''''''''''''''''''''''' + +.. gd_req:: Safety Analysis Linkage + :id: gd_req__saf__linkage + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_842, std_req__iso26262__software_7410, std_req__iso26262__software_7411 + + Safety Analysis shall be linked to its adjacent level via the attribute verifies. + + * Platform Safety Analysis <-> platform architecture + * Feature Safety Analysis <-> feature architecture + * Component Safety Analysis <-> component architecture + +.. gd_req:: Safety Analysis attribute: mitigation coverage + :id: gd_req__saf__attr_saf_cov + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749, std_req__isopas8926__44433 + + It shall be possible to specify the mitigation coverage. + + * 0 to 100 percent + +.. gd_req:: Safety Analysis attribute: link to Requirements + :id: gd_req__saf__attr_requirements + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_842, std_req__iso26262__software_7410, std_req__iso26262__software_7411 + + Safety Analysis shall be linked to its adjacent level via the attribute mitigates. + + * Platform Safety Analysis <-> platform architecture + * Feature Safety Analysis <-> feature architecture + * Component Safety Analysis <-> component architecture + +.. gd_req:: Safety Analysis attribute: link to Aou + :id: gd_req__saf__attr_aou + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_845 + + It shall be possible to link Aou. + +.. gd_req:: Safety Analysis attribute: versioning + :id: gd_req__saf__attr_hash + :status: valid + :tags: attribute, automated + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__support_6425, std_req__iso26262__support_6434 + + It shall be possible to provide a versioning for Safety Analysis. It shall be possible to detect if any of the mandatory attributes differ from the versioning: :need:`gd_req__saf__attr_mandatory` + + +.. _process_requirements_safety_analysis_checks: + +Process Requirements Checks +''''''''''''''''''''''''''' + +.. gd_req:: Safety Analysis mandatory attributes provided + :id: gd_req__saf__attr_mandatory + :status: valid + :tags: attribute, check + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749 + + It shall be checked if all mandatory attributes for each Safety Analysis is provided by the user. For all Safety Analysis following attributes shall be mandatory: + + .. needtable:: Overview mandatory Safety Analysis attributes + :filter: "mandatory" in tags and "attribute" in tags and "safety_analysis" in tags and type == "gd_req" + :style: table + :columns: title + :colwidths: 30 + +.. gd_req:: Safety Analysis linkage level + :id: gd_req__saf__linkage_fulfill + :status: valid + :tags: attribute, check + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749 + + Every Safety Analysis shall be linked to at least one parent architecture. + + +.. gd_req:: Safety Analysis linkage safety + :id: gd_req__saf__linkage_safety + :status: valid + :tags: attribute, check + :satisfies: wf__analyse_platarch, wf__analyse_featarch, wf__analyse_comparch + :complies: std_req__iso26262__analysis_848, std_req__iso26262__analysis_749 + + It shall be checked that Safety Analysis (Safety != QM) can only be linked against elements with the same ASIL. + +.. needextend:: "process_areas/safety_analysis" in docname + :+tags: safety_analysis diff --git a/docs/process/process_areas/safety_analysis/guidance/safety_analysis_templates.rst b/docs/process/process_areas/safety_analysis/guidance/safety_analysis_templates.rst new file mode 100644 index 00000000000..096a33a9183 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/guidance/safety_analysis_templates.rst @@ -0,0 +1,53 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _safety_analysis_templates: + +Safety Analysis Templates +========================= + +.. gd_temp:: Feature Safety Analysis Template + :id: gd_temp__feat_saf_fmea + :status: valid + :complies: std_wp__iso26262__analysis_851, std_wp__iso26262__software_752, std_wp__isopas8926__4524, std_req__iso26262__software_7410, std_req__iso26262__software_7412, std_req__iso26262__analysis_841, std_req__iso26262__analysis_842, std_req__iso26262__analysis_843, std_req__iso26262__analysis_844, std_req__iso26262__analysis_845, std_req__iso26262__analysis_846, std_req__iso26262__analysis_847, std_req__iso26262__analysis_848, std_req__iso26262__analysis_849, std_req__iso26262__analysis_8410, std_req__isopas8926__44431 + + | .. feat_saf_fmea:: + | :verifies: + | :id: feat_saf_FMEA____ + | :failure_mode: + | :failure_effect: "description of failure effect of the failure initiator on the element" + | :mitigation: < NONE|ID from Feature Requirement> + | :mitigation_issue: + | :mitigation_coverage: <0..100%> + | :sufficient: + | :argument: + | :status: + + +.. gd_temp:: Component Safety Analysis Template + :id: gd_temp__comp_saf_fmea + :status: valid + :complies: std_wp__iso26262__analysis_851, std_wp__iso26262__software_752, std_wp__isopas8926__4524, std_req__iso26262__software_7410, std_req__iso26262__software_7412, std_req__iso26262__analysis_841, std_req__iso26262__analysis_842, std_req__iso26262__analysis_843, std_req__iso26262__analysis_844, std_req__iso26262__analysis_845, std_req__iso26262__analysis_846, std_req__iso26262__analysis_847, std_req__iso26262__analysis_848, std_req__iso26262__analysis_849, std_req__iso26262__analysis_8410, std_req__isopas8926__44431 + + | .. comp_saf_fmea:: + | :verifies: + | :id: comp_saf_FMEA____ + | :failure_mode: + | :failure_effect: "description of failure effect of the failure initiator on the element" + | :mitigation: < NONE|ID from Component Requirement> + | :mitigation_issue: + | :mitigation_coverage: <0..100%> + | :sufficient: + | :argument: + | :status: diff --git a/docs/process/process_areas/safety_analysis/index.rst b/docs/process/process_areas/safety_analysis/index.rst new file mode 100644 index 00000000000..c193635a497 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/index.rst @@ -0,0 +1,28 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _safety_analysis: + +Safety Analysis +############### + +.. toctree:: + :maxdepth: 1 + + safety_analysis_concept + safety_analysis_getstrt + guidance/index + safety_analysis_roles + safety_analysis_workflow + safety_analysis_workproducts diff --git a/docs/process/process_areas/safety_analysis/safety_analysis_concept.rst b/docs/process/process_areas/safety_analysis/safety_analysis_concept.rst new file mode 100644 index 00000000000..aea628cfb80 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/safety_analysis_concept.rst @@ -0,0 +1,136 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Concept Description +################### + +.. doc_concept:: Safety Analysis Concept + :id: doc_concept__safety__analysis + :status: valid + :tags: safety_analysis + +In this section a concept for the safety analyses will be discussed. Inputs for this concept are the requirements of ISO26262 Part 6 Chapter 7 and Part 9 Chapter 7 and 8. + +Inputs +****** + +#. Stakeholders for the safety analysis? +#. Who needs which information? +#. How to analyze existing safety mitigation? +#. How to add new safety mitigations? + +Stakeholders for the Safety Analysis +==================================== + +#. :need:`Contributor ` + + * Contributes features and components to grow the **S-CORE** content + +#. :need:`Committer ` + + * Analyse the feature architecture by performing the safety analyses and DFA + * Analyse the component architecture by performing the safety analyses and DFA + * Monitor/veryfiy the Safety Analysis and DFA + +#. :need:`Technical Lead ` + + * Support the feature safety analyses and DFA + * Support the monitoring and veryfing of the feature safety analyses and DFA + +#. :need:`Module Lead ` + + * Support the component safety analyses and DFA + * Support the monitoring and veryfing of the component safety analyses and DFA + +#. :need:`Safety Manager ` + + * Approve the safety analysis and DFA + * Approve the verification of the safety analysis and DFA + +#. :need:`Security Manager ` + + * Support the safety analyses and DFA + * Support the monitoring and veryfing of the safety analyses and DFA + + +Standard Requirements +===================== + +Also requirements of standards need to be taken into consideration: + +* ISO26262 +* ISO SAE 21434 + + + +How to analyze? +=============== + +The safety analysis is done on the feature and component architecture. The safety analysis shall be done accompanying to the development. +So the results can directly be used for the development of the feature and component. With a iterative approach it's neeeded to proof +the evidence of the functional safety of the functions. + +The analysis starts at platform level. With a DFA shall be analysed if there are dependent failures which have to be considered. The analysis +shall be done in the way that we use the static and dynamic diagrams. The following picture shall show the perspective of the User. + +.. _safety_analysis_feature_example: + +.. figure:: _assets/safety_analysis_feature.drawio.svg + :align: center + :width: 80% + :name: safety_analysis_feature_fig + + Safety Analysis Feature Perspective + +The safety analysis is done with the shown diagrams. The interface 1 and 2 are the interfaces of the feature. This interfaces shall be analyses with the +fault models :need:`gd_guidl__fault_models` that here could be applied. With the dynamic diagram the communication between the components and also the dependencies +of the components can be analysed. For violations a failure mitigation shall be defined. + +.. figure:: _assets/safety_analysis_component.drawio.svg + :align: center + :width: 80% + :name: safety_analysis_component_fig + + Safety Analysis Component Perspective + +At component level you can see inside of the component when the component consists of two or more subcomponents. If the component consists of +only one subcomponent there results of the analysis are the same as for the feature level. So no additional consideration is needed. +The component kvstorage consists of two subcomponents, kvs and fs. The dynamic diagram shows the communication between the subcomponents. + +DFA +^^^ + +A DFA :ref:`dfa_templates` shall be used to proof the absence of dependent failures. For the analysis a list +of DFA failure initiators :need:`gd_guidl__dfa_failure_initiators` is available. A step by step approach is recommended to +ensure that all dependent failures are identified :need:`gd_guidl__safety_analysis`. Every failure initiator shall be checked +and if it applies to the feature or component, a mitigation shall be defined. If the failure initiator doesn't apply, a short description +shall be added to the violation cause of the analysis so it could be recognized that the analysis is done. + +Safety Analysis +^^^^^^^^^^^^^^^ + +For the safety analyses the templates :ref:`safety_analysis_templates` shall be used. For the safety analysis we selected +the method FMEA on feature and component level. The safety analysis is done on architectural diagrams (state and sequence diagrams). +For the safety analysis fault models shall be used :need:`gd_guidl__fault_models`. A step by step approach is recommended to +ensure that all dependent failures are identified :need:`gd_guidl__safety_analysis`. Every fault model shall be checked +and if it applies to the feature or component, a mitigation shall be defined. If the fault model doesn't apply, a short description +shall be added to the violation cause of the analysis so it could be recognized that the analysis is done. + +How to add new safety mitigations? +================================== + +Identified faults without a mitigation stay open and are monitored in the issue tracking sytem :need:`wp__issue_track_system` until they are resolved. + + + diff --git a/docs/process/process_areas/safety_analysis/safety_analysis_getstrt.rst b/docs/process/process_areas/safety_analysis/safety_analysis_getstrt.rst new file mode 100644 index 00000000000..50dbab9bcd3 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/safety_analysis_getstrt.rst @@ -0,0 +1,38 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Getting Started +############### + +.. doc_getstrt:: Getting Started on Safety Analysis + :id: doc_getstrt__safety_analysis + :status: valid + :tags: safety_analysis + +This document describes the steps which are needed to perform safety analysis and also how to monitor and verify the results of the safety analysis. +The concept of performing safety analysis is described in :need:`doc_concept__safety__analysis`. The verification of the architecure is described +in :need:`doc_concept__arch__process`. + +General Workflow +**************** + +.. figure:: _assets/safety_analysis_workflow.drawio.svg + :align: center + :width: 80% + :name: safety_analysis_workflow_fig + + Safety Analysis Workflow + +The details of what needs to be done in each step are described in the :need:`gd_guidl__safety_analysis`. + diff --git a/docs/process/process_areas/safety_analysis/safety_analysis_roles.rst b/docs/process/process_areas/safety_analysis/safety_analysis_roles.rst new file mode 100644 index 00000000000..ad061b249f5 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/safety_analysis_roles.rst @@ -0,0 +1,72 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Roles +##### + +Roles +----- + +.. role:: Safety Engineer + :id: rl__safety_engineer + :status: valid + :contains: rl__committer + + The safety engineer is responsible for content and processing of all work products required in the project. + + Required skills + + * Degree: Master's degree in electrical engineering/computer science/mathematics, or similar degree, or comparable work experience + * Solid understanding of functional safety engineering including safety analysis + * Knowledge of safety management + * Deep understanding of quality criteria and the correlating methods and procedures to achieve and verify them + * Technical know-how of embedded systems + * Preferred training: Automotive Functional Safety Expert (AFSE) or similar + + Knowledge of standards + + * ISO 26262 + + Experience + + * 2 years of experience in safety engineering + * Experience in automotive software development projects + * Experience in creation of workproducts according ISO 26262 + + Responsibility + + * For content and processing of all work products required in the project + * Creating of Safety Analysis (FMEA, DFA) + * Support of Safety Manager + * Specialist contact person on engineering level for the project + + Authority + + * Escalation of planning topics to the safety manager + * Implementation of safety requirements + * Refusing the approval of work products as defined in the workflows + + +Contributing Roles: + + * :need:`Contributor ` + * :need:`Committer ` + * :need:`Technical Lead ` + * :need:`Module Lead ` + * :need:`Safety Manager ` + * :need:`Security Manager ` + +A detailed overview of the responsibility for the steps of the safety analysis process is listed here: + +:ref:`workflow_safety_analysis` diff --git a/docs/process/process_areas/safety_analysis/safety_analysis_workflow.rst b/docs/process/process_areas/safety_analysis/safety_analysis_workflow.rst new file mode 100644 index 00000000000..31752e3d755 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/safety_analysis_workflow.rst @@ -0,0 +1,102 @@ +.. + # ******************************************************************************* + # Copyright (c) 2024 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +.. _workflow_safety_analysis: + +Workflow Safety Analysis +######################## + +.. workflow:: Analyse Platform Architecture + :id: wf__analyse_platarch + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__requirements__stkh, wp__issue_track_system + :output: wp__platform_dfa + :contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | The DFA for the platform is executed. + +.. workflow:: Analyse Feature Architecture + :id: wf__analyse_featarch + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__requirements__feat, wp__feature_arch, wp__issue_track_system + :output: wp__feature_safety_analysis, wp__feature_dfa + :contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa, gd_guidl__fault_models, gd_temp__feat_saf_fmea + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | The safety analysis and DFA for the feature is executed. + +.. workflow:: Analyse Component Architecture + :id: wf__analyse_comparch + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__requirements__comp, wp__component_arch, wp__issue_track_system + :output: wp__sw_component_safety_analysis, wp__sw_component_dfa + :contains: gd_guidl__dfa_failure_initiators, gd_temp__comp_saf_dfa, gd_guidl__fault_models, gd_temp__comp_saf_fmea + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | The safety analysis and DFA for the component is executed. + +.. workflow:: Monitor Safety Analyses and DFA + :id: wf__mr_saf_analyses_dfa + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__feature_safety_analysis, wp__feature_dfa, wp__sw_component_safety_analysis, wp__sw_component_dfa + :output: wp__verification__platform_ver_report, wp__issue_track_system + :contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa, gd_temp__comp_saf_dfa, gd_guidl__fault_models, gd_temp__feat_saf_fmea, gd_temp__comp_saf_fmea + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | The safety analyses and DFA are monitored. + +.. workflow:: Verify Safety Analyses and DFA + :id: wf__vy_saf_analyses_dfa + :status: valid + :tags: safety_analysis + :responsible: rl__safety_engineer + :approved_by: rl__safety_manager + :supported_by: rl__contributor, rl__committer, rl__security_manager + :input: wp__feature_safety_analysis, wp__feature_dfa, wp__sw_component_safety_analysis, wp__sw_component_dfa + :output: wp__verification__platform_ver_report, wp__saf_analysis_report + :contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa, gd_temp__comp_saf_dfa, gd_guidl__fault_models, gd_temp__feat_saf_fmea, gd_temp__comp_saf_fmea + :has: doc_concept__safety__analysis, doc_getstrt__safety_analysis + + | The safety analyses and DFA are monitored and verified. + + +RAS(IC) for Safety Analysis +*************************** + + +.. needtable:: RASIC Overview for Safety Analysis + :tags: safety_analysis + :filter: "safety_analysis" in tags and type == "workflow" + :style: table + :sort: status + :columns: id as "Activity";responsible as "Responsible";approved_by as "Approver";supported_by as "Supporter" + :colwidths: 30,30,30,30 diff --git a/docs/process/process_areas/safety_analysis/safety_analysis_workproducts.rst b/docs/process/process_areas/safety_analysis/safety_analysis_workproducts.rst new file mode 100644 index 00000000000..c7b50661589 --- /dev/null +++ b/docs/process/process_areas/safety_analysis/safety_analysis_workproducts.rst @@ -0,0 +1,74 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Workproducts Safety Analysis +############################ + +.. workproduct:: Platform DFA + :id: wp__platform_dfa + :status: valid + :complies: std_wp__iso26262__software_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524 + + | Dependent Failure Analysis on platform level + | - Detection and prevention mitigations linked to Software Platform Requirements + | Perform analysis on interactions between safety related and non-safety related modules or modules with different ASIL of the platform. + + +.. workproduct:: Feature Safety Analysis + :id: wp__feature_safety_analysis + :status: valid + :complies: std_wp__iso26262__software_751, std_wp__iso26262__analysis_851, std_wp__isopas8926__4524 + + | Bottom-Up Safety Analysis with e.g. FMEA method, verifies the feature architecture (as part of SW Safety Concept) + | - Detection and prevention mitigations linked to Software Feature Requirements or Feature Assumptions of Use + +.. workproduct:: Feature DFA + :id: wp__feature_dfa + :status: valid + :complies: std_wp__iso26262__software_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524 + + | Dependent Failure Analysis on feature level + | - Detection and prevention mitigations linked to Software Feature Requirements or Feature Assumptions of Use + | Perform analysis on interactions between safety related and non-safety related modules or modules with different ASIL of one feature. Including potential influences from other features in the platform. + +.. workproduct:: Component Safety Analysis + :id: wp__sw_component_safety_analysis + :status: valid + :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__analysis_851, std_wp__isopas8926__4524 + + | Bottom-Up Safety Analysis with e.g. FMEA method, verifies the component architecture (as part of SW Safety Concept) + | - Detection and prevention mitigations linked to Software Component Requirements or Assumptions of Use + +.. workproduct:: Component DFA + :id: wp__sw_component_dfa + :status: valid + :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524 + + | Dependent Failure Analysis on component/module level + | - Detection and prevention mitigations linked to Software Component Requirements or Assumptions of Use + | Perform analysis of safety related and non-safety related sub-elements or sub-elements with different ASIL. + | Perform analysis on interactions between safety related and non-safety related sub-components or sub-components with different ASIL of one component. Including potential influences from the other components in the component's module. + +.. workproduct:: Feature Safety Analysis Report + :id: wp__saf_analysis_report + :status: valid + :complies: std_wp__iso26262__analysis_851, std_wp__iso26262__software_752, std_wp__iso26262__analysis_752, std_wp__iso26262__software_753, std_wp__isopas8926__4524 + + | Report of the safety analysis and DFA for the feature. For every feature architecture a report for safety analysis and DFA shall be created. + | The report shall include: + | - Coverage of mitigations for the feature architecture (none will also be count as one mitigation) + | - Number of sufficient mitigations + | - Number of insufficient mitigations + | - Number of valid mitigations + | - Number of invalid mitigations diff --git a/docs/process/workflows/index.rst b/docs/process/workflows/index.rst index 07be4ca6b4b..a18a853058d 100644 --- a/docs/process/workflows/index.rst +++ b/docs/process/workflows/index.rst @@ -21,8 +21,6 @@ Workflows process_management quality_management - safety_analysis - S-CORE Workflow list -------------------- diff --git a/docs/process/workflows/safety_analysis.rst b/docs/process/workflows/safety_analysis.rst deleted file mode 100644 index cbb7b4b85da..00000000000 --- a/docs/process/workflows/safety_analysis.rst +++ /dev/null @@ -1,60 +0,0 @@ -.. - # ******************************************************************************* - # Copyright (c) 2024 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # SPDX-License-Identifier: Apache-2.0 - # ******************************************************************************* - -Safety Analysis -=============== - - -Workflows ---------- - -todo: need to add guidance and standard links - - -.. workflow:: Analyse Feature Architecture - :id: wf__analyse_featarch - :status: draft - :tags: safety_analysis - :responsible: rl__committer - :approved_by: rl__safety_manager - :supported_by: rl__technical_lead, rl__security_manager - :input: wp__requirements__feat, wp__feature_arch, wp__issue_track_system - :output: wp__feature_safety_analysis, wp__feature_dfa - - | The safety analysis and DFA for the feature is executed. - -.. workflow:: Analyse Component Architecture - :id: wf__analyse_comparch - :status: draft - :tags: safety_analysis - :responsible: rl__committer - :approved_by: rl__safety_manager - :supported_by: rl__module_lead, rl__security_manager - :input: wp__requirements__comp, wp__component_arch, wp__issue_track_system - :output: wp__sw_component_safety_analysis, wp__sw_component_dfa - - | The safety analysis and DFA for the component is executed. - -.. workflow:: Monitor/Verify Safety Analyses and DFA - :id: wf__mr_vy_saf_analyses_dfa - :status: draft - :tags: safety_analysis - :responsible: rl__committer - :approved_by: rl__safety_manager - :supported_by: rl__technical_lead, rl__module_lead, rl__security_manager - :input: wp__feature_safety_analysis, wp__feature_dfa, wp__sw_component_safety_analysis, wp__sw_component_dfa - :output: wp__sw_arch_verification, wp__issue_track_system - - | The safety analyses and DFA are monitored and verified. - | The inspection shall be implemented as integral part of the review tool. diff --git a/docs/process/workproducts/index.rst b/docs/process/workproducts/index.rst index d4d486a8b84..ae6b68293b5 100644 --- a/docs/process/workproducts/index.rst +++ b/docs/process/workproducts/index.rst @@ -99,25 +99,6 @@ Product development Platform development ^^^^^^^^^^^^^^^^^^^^ -.. workproduct:: Feature Safety Analysis - :id: wp__feature_safety_analysis - :status: draft - :tags: safety - :complies: std_wp__iso26262__analysis_851, std_wp__iso26262__software_752 - - Bottom-Up Safety Analysis with e.g. FMEA method, verifies the feature architecture (as part of SW Safety Concept) - - Detection and prevention mitigations linked to Software Feature Requirements or Assumptions of Use - -.. workproduct:: Feature DFA - :id: wp__feature_dfa - :status: draft - :tags: safety - :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753 - - Dependent Failure Analysis on platform/feature level - - Detection and prevention mitigations linked to Software Feature Requirements or Assumptions of Use - Perform analysis on interactions between safety related and non-safety related modules or modules with different ASIL of one feature. Including potential influences from the rest of the SW platform. - .. workproduct:: Platform Build Configuration :id: wp__platform_sw_build_config :status: draft @@ -148,26 +129,6 @@ Platform development Component development ^^^^^^^^^^^^^^^^^^^^^ -.. workproduct:: Component Safety Analysis - :id: wp__sw_component_safety_analysis - :status: draft - :tags: safety - :complies: std_wp__iso26262__analysis_851, std_wp__iso26262__software_752, std_wp__isopas8926__4524 - - Bottom-Up Safety Analysis with e.g. FMEA method, verifies the component architecture (as part of SW Safety Concept) - - Detection and prevention mitigations linked to Software Component Requirements or Assumptions of Use - -.. workproduct:: Component DFA - :id: wp__sw_component_dfa - :status: draft - :tags: safety - :complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753 - - Dependent Failure Analysis on component/module level - - Detection and prevention mitigations linked to Software Component Requirements or Assumptions of Use - Perform analysis of safety related and non-safety related sub-elements or sub-elements with different ASIL. - Perform analysis on interactions between safety related and non-safety related sub-components or sub-components with different ASIL of one component. Including potential influences from the other components in the component's module. - .. workproduct:: Module Build Configuration :id: wp__module_sw_build_config :status: draft