Skip to content

Commit 41d2cc0

Browse files
Add safety plan - lifecycle
Refers: score/#3036
1 parent 01c393b commit 41d2cc0

48 files changed

Lines changed: 4144 additions & 201 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

docs/features/index.rst

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
..
2+
# *******************************************************************************
3+
# Copyright (c) 2026 Contributors to the Eclipse Foundation
4+
#
5+
# See the NOTICE file(s) distributed with this work for additional
6+
# information regarding copyright ownership.
7+
#
8+
# This program and the accompanying materials are made available under the
9+
# terms of the Apache License Version 2.0 which is available at
10+
# https://www.apache.org/licenses/LICENSE-2.0
11+
#
12+
# SPDX-License-Identifier: Apache-2.0
13+
# *******************************************************************************
14+
15+
16+
Features
17+
========
18+
19+
.. toctree::
20+
:maxdepth: 1
21+
:glob:
22+
23+
*/index
Lines changed: 205 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,205 @@
1+
..
2+
# *******************************************************************************
3+
# Copyright (c) 2026 Contributors to the Eclipse Foundation
4+
#
5+
# See the NOTICE file(s) distributed with this work for additional
6+
# information regarding copyright ownership.
7+
#
8+
# This program and the accompanying materials are made available under the
9+
# terms of the Apache License Version 2.0 which is available at
10+
# https://www.apache.org/licenses/LICENSE-2.0
11+
#
12+
# SPDX-License-Identifier: Apache-2.0
13+
# *******************************************************************************
14+
15+
16+
.. document:: Lifecycle Architecture Inspection Checklist
17+
:id: doc__lifecycle_arc_inspection
18+
:status: draft
19+
:safety: ASIL_B
20+
:security: YES
21+
:realizes: wp__sw_arch_verification
22+
23+
Architecture Inspection Checklist
24+
=================================
25+
26+
Purpose
27+
-------
28+
29+
The purpose of the software architecture checklist is to ensure that the design meets the criteria and quality as
30+
defined per project processes and guidelines for feature and component architectural design elements.
31+
It helps to check the compliance with requirements, identify errors or inconsistencies, and ensure adherence to best
32+
practices.
33+
The checklist guides evaluation of the architecture design, identifies potential problems, and aids in
34+
communication and documentation of architectural decisions to stakeholders.
35+
36+
Conduct
37+
-------
38+
39+
As described in the concept :need:`doc_concept__wp_inspections` the following "inspection roles" are expected to be filled:
40+
41+
- content responsible (author): <contributor/committer explicitly named here, who is the main author, as can be seen in config mgt tooling>
42+
- reviewer: <contributor/committer explicitly named here, who is the main content reviewer, must be different from content responsible>
43+
- moderator: <committer explicitly named here, who is is the safety manager, security manager or quality manager initiating the inspection>
44+
45+
Checklist
46+
---------
47+
48+
It is mandatory to fill in the "passed" column with "yes" or "no" for each checklist item and additionally to add in the remarks why it is passed or not passed.
49+
In case of "no" an issue link to the issue tracking system has to be added in the last column (if not solved in the same issue).
50+
See also :need:`doc_concept__wp_inspections` for further information about reviews in general and inspection in particular.
51+
52+
.. list-table:: Architecture Design Review Checklist
53+
:header-rows: 1
54+
55+
* - Review Id
56+
- Acceptance criteria
57+
- Guidance
58+
- passed
59+
- Remarks
60+
- Issue link
61+
* - ARC_01_01
62+
- Is the traceability from software architectural elements to requirements, and other level architectural elements (e.g. component to interface) established according to the "Relations between the architectural elements" as described in :need:`doc_concept__arch_process`?
63+
- Trace should be checked automatically by tool support in the future. It will be removed from the checklist once the requirement (:need:`Correlations of the architectural building blocks <gd_req__arch_build_blocks_corr>`) is implemented. Refer to `Tool Requirements <https://eclipse-score.github.io/docs-as-code/main/internals/requirements/requirements.html>`_ for the current status.
64+
-
65+
-
66+
-
67+
* - ARC_01_02
68+
- Does the software architecture design consider all the requirements allocated to the architectural element, including functional, non-functional, safety, and security requirements and all related design decisions?
69+
- Check if all requirements allocated to the architectural element are considered in the design. This includes functional requirements (e.g. functional safety requirements), non-functional requirements (e.g. performance, reliability), and security requirements (e.g. confidentiality, integrity). Additionally, ensure that all related design decisions are taken into account and documented in the architectural design.
70+
-
71+
-
72+
-
73+
* - ARC_01_03
74+
- If the architectural element is related to any supplier manuals (including safety and security), are the relevant parts covered?
75+
- If the architecture makes use of supplied elements, their manuals (like safety) have to be considered (i.e. its provided functionality matches the expectation and assumptions are fulfilled). Note that in case of safety component this means that assumed Technical Safety Requirements and AoUs of the safety manual are covered.
76+
-
77+
-
78+
-
79+
* - ARC_01_04
80+
- Is the architectural element traceable to the lower-level artifacts as defined by the work product traceability?
81+
-
82+
-
83+
-
84+
-
85+
* - ARC_02_01
86+
- Is the software architecture design compliant with the overall feature architecture?
87+
- On component level check against the feature architecture, on feature level check other features with common components used.
88+
-
89+
-
90+
-
91+
* - ARC_02_02
92+
- Is appropriate and comprehensible operation and interface naming present in the architectural design?
93+
- Check :need:`gd_guidl__arch_design`
94+
-
95+
-
96+
-
97+
* - ARC_02_03
98+
- Are the correctness of data flow and control flow within the architectural elements considered?
99+
- For example, examine definitions, transformations, integrity, and interaction of data; check error handling, data exchange between elements, correct response to inputs, and documented decision making.
100+
Note: Consistency is ensured by the process/tooling, by defining each interface only once.
101+
-
102+
-
103+
-
104+
* - ARC_02_04
105+
- Are the interfaces between the software architectural element and other architectural elements well defined?
106+
- Check if the interface handles undefined behaviour or errors; can established protocols be used; are the interfaces for inputs, outputs, and error codes documented; is loose coupling considered and only limited exposure; can unit or integration tests be written against the interface; data amount transferred; ensure no sensitive data is exposed;
107+
-
108+
-
109+
-
110+
* - ARC_02_05
111+
- Does the software architectural element consider the timing constraints (from the parent requirement)?
112+
- If there are strict timing requirements, a programming time estimation should be performed and deadline supervision should be considered.
113+
-
114+
-
115+
-
116+
* - ARC_02_06
117+
- Is the documentation of the software architectural element, including textual and graphical descriptions (e.g., UML diagrams), clear and complete?
118+
- Use of semi-formal notation is expected for architectural elements with an allocated ASIL level. Is the architecture template correctly filled?
119+
-
120+
-
121+
-
122+
* - ARC_03_01
123+
- Is the architectural element modular and encapsulated?
124+
- Check, for example, that only minimal interfaces are used. The design should be object oriented. Interfaces and interactions are clearly defined. Usage of access types (private, protected) is properly set. Limited global variables.
125+
-
126+
-
127+
-
128+
* - ARC_03_02
129+
- Is the suitability of the software architecture for future modifications and maintainability considered?
130+
- Check for, for example, loose coupling, separation of concerns, high cohesion, versioning strategy for interfaces, decision records, and use of established design patterns.
131+
-
132+
-
133+
-
134+
* - ARC_03_03
135+
- Are simplicity and avoidance of unnecessary complexity present in the software architecture?
136+
- Indicators of complexity include: the number of use cases (corresponding to dynamic diagrams) allocated to a single design element, the number of interfaces and operations in an interface, function parameters, global variables, complex types, and limited comprehensibility.
137+
138+
Notes:
139+
140+
If the "number of use cases" or "number of interfaces" above exceeds "3" or "number of function parameters" exceeds "5" or the "number of operations" exceeds "20" or global variables are used, a design rationale is mandatory.
141+
-
142+
-
143+
-
144+
* - ARC_03_04
145+
- Is the software architecture design following best practices and design principles?
146+
- Refer to architectural guidelines and recommendations within the project documentation.
147+
-
148+
-
149+
-
150+
* - ARC_04_01
151+
- If your software architectural design includes processes with different safety ratings (QM/ASIL), is freedom from interference for shared resources (CPU time, shared memory, etc.) ensured? See also ARC_04_03.
152+
153+
Note: see :need:`std_req__iso26262__software_7411` and :need:`std_req__iso26262__software_749` with Annex D for partitioning to ensure freedom from interference.
154+
Note: Modules should not mix ASIL and QM processes unless justified otherwise; therefore, this question is only relevant on the feature level.
155+
-
156+
Check whether your architecture design complies with project guidelines to establish freedom from interference between components. This can be achieved, for example, by using a hypervisor or an OS that supports partitioning with an MMU or specific scheduling mechanisms, as well as safety mechanisms like watchdogs or program flow monitoring.
157+
Also check if the operating system supports freedom from interference between the processes and make sure an "Assumption of Use requirement" for this exists in your project. For example, see `score aou_req__platform__process_isolation <https://eclipse-score.github.io/score/main/requirements/platform_assumptions/index.html#aou_req__platform__process_isolation>`_.
158+
-
159+
-
160+
-
161+
* - ARC_04_02
162+
- Does the software architectural design consider its feasibility with respect to the required resources for the embedded software, especially for time-critical aspects like startup time, but also including RAM, ROM, non-volatile memory, communication bandwidth, and processing time limits according to the requirements or foreseeable customer needs? See also ARC_02_05.
163+
164+
Note: see :need:`std_req__iso26262__software_7413`
165+
-
166+
Check if there are any limits for resource consumption or timing aspects in your project, such as startup time, communication bandwidth, or memory usage. If such limits exist, ensure that your architecture takes these limits into account, especially with respect to scalability. For this, make an estimation of the required resources based on the architectural design and a prototypical implementation or a measurement of an existing implementation, and compare it to the defined limits or planned scalability. Check if any bottlenecks are present in the architecture that could lead to resource overuse or timing violations.
167+
-
168+
-
169+
-
170+
* - ARC_04_03
171+
- If your software architectural design includes processes and tasks, are their scheduling policies and priorities (at least the necessary relationships between them) defined to ensure that timing requirements are met? Please note that the particular priorities or priority ranges will probably be defined by the project handbook or the software development plan.
172+
173+
Note: see :need:`std_req__iso26262__software_743`
174+
- Provide a rationale for these scheduling policies and priorities, or explain why they are not needed.
175+
-
176+
-
177+
-
178+
179+
180+
.. attention::
181+
The above checklist entries must be filled according to your feature architecture in scope.
182+
183+
Note: If a Review ID is not applicable for your architecture, then state ""n/a" in status and comment accordingly in remarks.
184+
185+
The following static views in "valid" state and with "inspected" tag set are in the scope of this inspection:
186+
187+
.. needtable::
188+
:filter: "lifecycle" in docname and "architecture" in docname and docname is not None and status == "valid"
189+
:style: table
190+
:types: feat_arc_sta
191+
:tags: lifecycle
192+
:columns: id;status;tags
193+
:colwidths: 25,25,25
194+
:sort: title
195+
196+
and the following dynamic views:
197+
198+
.. needtable::
199+
:filter: "lifecycle" in docname and "architecture" in docname and docname is not None and status == "valid"
200+
:style: table
201+
:types: feat_arc_dyn
202+
:tags: lifecycle
203+
:columns: id;status;tags
204+
:colwidths: 25,25,25
205+
:sort: title
Lines changed: 143 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,143 @@
1+
..
2+
# *******************************************************************************
3+
# Copyright (c) 2026 Contributors to the Eclipse Foundation
4+
#
5+
# See the NOTICE file(s) distributed with this work for additional
6+
# information regarding copyright ownership.
7+
#
8+
# This program and the accompanying materials are made available under the
9+
# terms of the Apache License Version 2.0 which is available at
10+
# https://www.apache.org/licenses/LICENSE-2.0
11+
#
12+
# SPDX-License-Identifier: Apache-2.0
13+
# *******************************************************************************
14+
15+
Feature Architecture
16+
====================
17+
18+
.. document:: Lifecycle Architecture
19+
:id: doc__lifecycle_architecture
20+
:status: draft
21+
:safety: ASIL_B
22+
:security: NO
23+
:realizes: wp__feature_arch
24+
25+
Overview
26+
--------
27+
<Brief summary>
28+
29+
Description
30+
-----------
31+
32+
<General Description>
33+
34+
<Design Decisions - For the documentation of the decision the :need:`gd_temp__change_decision_record` can be used.>
35+
36+
<Design Constraints>
37+
38+
Requirements
39+
------------
40+
41+
The requirements for the feature architecture are defined in the `requirements` section of the feature documentation in the project repository.
42+
43+
Rationale Behind Architecture Decomposition
44+
*******************************************
45+
46+
Mandatory: A motivation for the decomposition
47+
48+
.. note:: Common decisions across features / cross cutting concepts is at the high level.
49+
50+
Static Architecture
51+
-------------------
52+
53+
The live feature architecture template snippets are maintained in the
54+
`module template documentation <https://eclipse-score.github.io/module_template/main/>`__.
55+
56+
.. code-block:: rst
57+
58+
.. feat_arc_sta:: Feature Static View
59+
:id: feat_arc_sta__feature_name__static_view
60+
:security: YES
61+
:safety: ASIL_B
62+
:status: invalid
63+
:fulfils: feat_req__feature_name__some_title
64+
:includes: logic_arc_int__feature_name__interface_name1
65+
:belongs_to: feat__feature_name
66+
67+
.. needarch::
68+
:scale: 50
69+
:align: center
70+
71+
{{ draw_feature(need(), needs) }}
72+
73+
Dynamic Architecture
74+
--------------------
75+
76+
.. code-block:: rst
77+
78+
.. feat_arc_dyn:: Dynamic View
79+
:id: feat_arc_dyn__feature_name__dynamic_view
80+
:security: YES
81+
:safety: ASIL_B
82+
:status: invalid
83+
:fulfils: feat_req__feature_name__some_title
84+
:belongs_to: feat__feature_name
85+
86+
Put here a sequence diagram
87+
88+
Logical Interfaces
89+
------------------
90+
91+
The logical interfaces of the feature are defined in the `logical interfaces` section of the feature documentation in the project repository.
92+
93+
Module Viewpoint
94+
----------------
95+
96+
The following modules are needed to be defined to be able to draw the static feature view.
97+
They will be replaced by linking the proper module definitions in the used module's repositories as soon as those exist.
98+
99+
The rendered module and used-component examples are maintained in the
100+
`module template documentation <https://eclipse-score.github.io/module_template/main/>`_.
101+
102+
.. code-block:: rst
103+
104+
.. mod:: Module Name
105+
:id: mod__module_name
106+
:includes: comp__component_name_template
107+
108+
109+
.. mod_view_sta:: Module Name Static View
110+
:id: mod_view_sta__feature_name__module_name
111+
:includes: comp__component_name_template
112+
113+
.. needarch::
114+
:scale: 50
115+
:align: center
116+
117+
{{ draw_module(need(), needs) }}
118+
119+
Used Components
120+
---------------
121+
122+
The following components are needed to be defined to be able to draw the static feature view.
123+
They will be replaced by linking the proper SW component definitions in the used module's repositories as soon as those exist.
124+
125+
.. code-block:: rst
126+
127+
.. comp:: Component Name
128+
:id: comp__component_name_template
129+
:safety: ASIL_B
130+
:security: YES
131+
:status: invalid
132+
:implements: logic_arc_int__feature_name__interface_name1
133+
134+
.. note::
135+
Architecture can be split into multiple files, it is an high level architecture design
136+
which can be shown without actual c++/rust interfaces and data types
137+
and there will be link to internal architecture till code to get actual api descriptions.
138+
139+
.. attention::
140+
The above directives must be updated according to your feature architecture.
141+
142+
- Replace the example content by the real content (according to :need:`gd_guidl__arch_design`)
143+
- Set the status to valid and start the review/merge process

0 commit comments

Comments
 (0)