Skip to content

Commit 3c4dbf9

Browse files
committed
update to platform dfa
1 parent 30c8d69 commit 3c4dbf9

8 files changed

Lines changed: 75 additions & 39 deletions

File tree

process/folder_templates/features/feature_name/index.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -190,3 +190,4 @@ Footnotes
190190
safety_planning/index.rst
191191
safety_analysis/fmea.rst
192192
safety_analysis/dfa.rst
193+
safety_analysis/platform_dfa.rst
Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
..
2+
# *******************************************************************************
3+
# Copyright (c) 2025 Contributors to the Eclipse Foundation
4+
#
5+
# See the NOTICE file(s) distributed with this work for additional
6+
# information regarding copyright ownership.
7+
#
8+
# This program and the accompanying materials are made available under the
9+
# terms of the Apache License Version 2.0 which is available at
10+
# https://www.apache.org/licenses/LICENSE-2.0
11+
#
12+
# SPDX-License-Identifier: Apache-2.0
13+
# *******************************************************************************
14+
15+
16+
Platform DFA (Dependent Failure Analysis)
17+
=========================================
18+
19+
.. document:: Platform DFA
20+
:id: doc__platform_dfa
21+
:status: draft
22+
:safety: ASIL_B
23+
:realizes: wp__platform_dfa
24+
:tags: template
25+
26+
.. note:: The platform DFA is only performed once at platform level to analyse the dependencies between the features of the platform.
27+
The results shall be used as an input for the safety analysis so that general safety mechanisms are only defined once and not in every single safety analysis.
28+
29+
.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
30+
31+
.. attention::
32+
The above directive must be updated according to your Feature.
33+
34+
- Modify ``Your Feature Name`` to be your Feature Name
35+
- Modify ``id`` to be your Feature Name in upper snake case preceded by ``doc__`` and succeeded by ``_dfa``
36+
- Adjust ``status`` to be ``valid``
37+
- Adjust ``safety`` and ``tags`` according to your needs
38+
39+
Dependent Failure Initiators
40+
----------------------------
41+
42+
.. code-block:: rst
43+
44+
.. plat_saf_dfa:: <Title>
45+
:violates: <Feature architecture>
46+
:id: plat_saf_DFA__<Feature>__<Element descriptor>
47+
:failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
48+
:failure_effect: "description of failure effect of the failure initiator on the element"
49+
:mitigated_by: <ID from Feature Requirement | ID from AoU Feature Requirement>
50+
:mitigation_issue: <ID from Issue Tracker>
51+
:sufficient: <yes|no>
52+
:status: <valid|invalid>
53+
.. note:: argument is inside the 'content'. Therefore content is mandatory
54+
55+
.. attention::
56+
The above directive must be updated according to the platform DFA.
57+
58+
- The above "code-block" directive must be updated
59+
- Fill in all the needed information in the <brackets>

process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ DFA failure initiators
4040

4141
.. note:: Shared libraries are only than to be considered as a shared resource if the feature and the related safety mechanisms are using this specific library. If the library is not used by the feature or the related safety mechanisms, it is not a shared resource.
4242

43-
.. list-table:: DFA shared resources (used for Platform Feature DFA)
43+
.. list-table:: DFA shared resources (used for Platform DFA)
4444
:header-rows: 1
4545
:widths: 10,50,10
4646

@@ -180,7 +180,7 @@ DFA failure initiators
180180
181181
:note: Section shall be applied only once to analyse all dependencies of the features. Results shall be checked during of the analysis of new features if this is applicable to the feature.
182182

183-
.. list-table:: DFA development failure initiators (Feature Platform DFA)
183+
.. list-table:: DFA development failure initiators (Platform DFA)
184184
:header-rows: 1
185185
:widths: 10,50,10
186186

process/process_areas/safety_analysis/guidance/dfa_templates.rst

Lines changed: 3 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -17,23 +17,12 @@
1717
DFA Templates
1818
=============
1919

20-
.. gd_temp:: Feature Platform DFA Templates
21-
:id: gd_temp__feat_plat_saf_dfa
20+
.. gd_temp:: Platform DFA Templates
21+
:id: gd_temp__plat_saf_dfa
2222
:status: valid
2323
:complies: std_wp__iso26262__analysis_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524, std_req__iso26262__software_7411, std_req__iso26262__analysis_741, std_req__iso26262__analysis_742, std_req__iso26262__analysis_743, std_req__iso26262__analysis_745, std_req__iso26262__analysis_746, std_req__iso26262__analysis_747, std_req__iso26262__analysis_748, std_req__iso26262__analysis_749, std_req__isopas8926__44432
2424

25-
.. code-block:: rst
26-
27-
.. feat_plat_saf_dfa:: <Title>
28-
:violates: <Feature architecture>
29-
:id: feat_saf_dfa__<Feature>__<Element descriptor>
30-
:failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
31-
:failure_effect: "description of failure effect of the failure initiator on the element"
32-
:mitigated_by: <ID from Feature Requirement | ID from AoU Feature Requirement>
33-
:mitigation_issue: <ID from Issue Tracker>
34-
:sufficient: <yes|no>
35-
:status: <valid|invalid>
36-
.. note:: argument is inside the 'content'. Therefore content is mandatory
25+
For the content see here: :need:`doc__platform_dfa`
3726

3827

3928
.. gd_temp:: Feature DFA Templates

process/process_areas/safety_analysis/guidance/safety_analysis_guideline.rst

Lines changed: 3 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ Safety Analysis Guidelines
2222
:complies: std_req__iso26262__analysis_841, std_req__iso26262__analysis_842, std_req__iso26262__analysis_843, std_req__iso26262__analysis_844, std_req__iso26262__analysis_847, std_req__iso26262__analysis_848, std_req__iso26262__analysis_849, std_req__iso26262__analysis_8410, std_req__isopas8926__44431, std_req__isopas8926__44432
2323

2424
This document describes the general guidances for Safety Analysis (DFA and FMEA) based on the concept which is defined :need:`Safety Analysis Concept<doc_concept__safety__analysis>`.
25+
Use the platform DFA as an input so that general safety mechanisms are only defined once and not in every single safety analysis.
2526

2627
Workflow for Safety Analysis
2728
============================
@@ -100,7 +101,7 @@ In the dynamic view of the example the "flow component 1" to the user realizes a
100101
find possible failures. Therefore we need a mitigation.
101102

102103
.. code-block:: rst
103-
104+
104105
.. feat_saf_fmea:: Component 1 Call message not received
105106
:violates: feat_arc_dyn__mab__dynamic
106107
:id: feat_saf_fmea__mab__comp1_call_nreceived
@@ -114,23 +115,9 @@ find possible failures. Therefore we need a mitigation.
114115
If the message is not received by the feature it will be unavailable for the user. This has to be detected by the User because
115116
the feature can't detect if it's not called. This requirement is addressed by the AoU requirement aou_req__Mab__func_call_not_received.
116117
117-
.. code-block:: rst
118-
119-
.. feat_saf_fmea:: Component 1 unintended triggered
120-
:violates: feat_arc_dyn__mab__dynamic
121-
:id: feat_saf_fmea__mab__component_1
122-
:fault_id: MF_01_07
123-
:failure_effect: Message is unintended sent. Component 1 will be unintended triggered.
124-
:mitigated_by:
125-
:mitigation_issue:
126-
:sufficient: yes
127-
:status: valid
128-
129-
An unintended return can be neglected as the component is ASIL B developed, non complex and sufficiently tested.
130-
131-
132118
For all fault models that are not applicable, the reason has to be documented in the content of the document, so it can be recognized. An example could be that
133119

120+
* Fault model FM_01_07 "Message is unintended sent. Component 1 will be unintended triggered." is not applicable, because the component is ASIL B developed, non complex and sufficiently tested.
134121
* Fault model FX_01_04 "loss of execution" is not applicable, because feature is completely deterministic. Other failures like HW failures are not considered in this analysis because it's developed as a SEooC.
135122

136123

process/process_areas/safety_analysis/safety_analysis_workflow.rst

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -28,12 +28,12 @@ Safety analysis is used as a umbrella term for the methods FMEA (Failure Modes a
2828
:approved_by: rl__safety_manager
2929
:supported_by: rl__contributor, rl__committer, rl__security_manager
3030
:input: wp__requirements__feat, wp__feature_arch, wp__issue_track_system
31-
:output: wp__feature_platform_dfa
31+
:output: wp__platform_dfa
3232
:contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa
3333
:has: doc_concept__safety__analysis, doc_getstrt__safety_analysis
3434

35-
| With a platform features DFA the potential common usage of modules shall be analysed. It shall be used as an input for all other DFA's.
36-
| There will be only one platform feature DFA.
35+
| With a platform DFA the potential common usage of modules shall be analysed. It shall be used as an input for all other DFA's.
36+
| There will be only one platform DFA.
3737
3838
.. workflow:: Analyse Feature Architecture
3939
:id: wf__analyse_featarch
@@ -84,7 +84,7 @@ Safety analysis is used as a umbrella term for the methods FMEA (Failure Modes a
8484
:responsible: rl__safety_engineer
8585
:approved_by: rl__safety_manager
8686
:supported_by: rl__contributor, rl__committer, rl__security_manager
87-
:input: wp__feature_platform_dfa, wp__feature_fmea, wp__feature_dfa, wp__sw_component_fmea, wp__sw_component_dfa
87+
:input: wp__platform_dfa, wp__feature_fmea, wp__feature_dfa, wp__sw_component_fmea, wp__sw_component_dfa
8888
:output: wp__verification__platform_ver_report, wp__verification__module_ver_report
8989
:contains: gd_guidl__dfa_failure_initiators, gd_temp__feat_saf_dfa, gd_temp__comp_saf_dfa, gd_guidl__fault_models, gd_temp__feat_saf_fmea, gd_temp__comp_saf_fmea, gd_chklst__safety_analysis
9090
:has: doc_concept__safety__analysis, doc_getstrt__safety_analysis

process/process_areas/safety_analysis/safety_analysis_workproducts.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@
1515
Workproducts Safety Analysis
1616
############################
1717

18-
.. workproduct:: Platform Feature DFA
19-
:id: wp__feature_platform_dfa
18+
.. workproduct:: Platform DFA
19+
:id: wp__platform_dfa
2020
:status: valid
2121
:complies: std_wp__iso26262__software_751, std_wp__iso26262__software_753, std_wp__isopas8926__4524
2222

process/process_areas/verification/workflows.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -181,7 +181,7 @@ Workflow Verification
181181
:supported_by: rl__safety_manager, rl__infrastructure_tooling_community
182182
:input: wp__verification__plan, wp__requirements__stkh, wp__requirements__feat, wp__requirements__feat_aou,
183183
wp__feature_arch, wp__platform_sw_release_note, wp__platform_mgmt,
184-
wp__feature_fmea, wp__feature_dfa, wp__feature_platform_dfa,
184+
wp__feature_fmea, wp__feature_dfa, wp__platform_dfa,
185185
wp__sw_arch_verification, wp__requirements__inspect,
186186
wp__verification__feat_int_test, wp__verification__platform_test
187187
:output: wp__verification__platform_ver_report

0 commit comments

Comments
 (0)