Skip to content

Commit 40a7873

Browse files
committed
include review findings. Update docs-as-code version
1 parent 453b380 commit 40a7873

4 files changed

Lines changed: 71 additions & 71 deletions

File tree

process/process_areas/safety_analysis/guidance/dfa_failure_initiators.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ DFA failure initiators
2525

2626
.. note:: Use the failure initiators to ensure a structured analysis. If a failure doesn't apply, please fill in a short description in the violation cause of the analysis so it could be recognized that the analysis is done. If there are additional failure initiators needed, please enlarge the list of fault models.
2727

28-
.. note:: A ASIL related message is trustable in that manner that it is not corrupted, repeated, lost, delayed, masqueraded or addressed incorrectly.
28+
.. note:: An ASIL related message is trustable in that manner that it is not corrupted, repeated, lost, delayed, masqueraded or addressed incorrectly.
2929

3030

3131
**Purpose**

process/process_areas/safety_analysis/guidance/dfa_templates.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ DFA Templates
2727
| :id: feat_saf_DFA__<Feature>__<Element descriptor>
2828
| :violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
2929
| :violation_cause: "description of failure effect of the failure initiator on the element"
30-
| :mitigation: <ID from Feature Requirement | ID from AoU Feature Requirement>
30+
| :mitigates: <ID from Feature Requirement | ID from AoU Feature Requirement>
3131
| :mitigation_issue: <ID from Issue Tracker>
3232
| :sufficient: <yes|no>
3333
| :status: <valid|invalid>
@@ -44,7 +44,7 @@ DFA Templates
4444
| :id: feat_saf_DFA__<Feature>__<Element descriptor>
4545
| :violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
4646
| :violation_cause: "description of failure effect of the failure initiator on the element"
47-
| :mitigation: <ID from Feature Requirement | ID from AoU Feature Requirement>
47+
| :mitigates: <ID from Feature Requirement | ID from AoU Feature Requirement>
4848
| :mitigation_issue: <ID from Issue Tracker>
4949
| :sufficient: <yes|no>
5050
| :status: <valid|invalid>
@@ -61,7 +61,7 @@ DFA Templates
6161
| :id: comp_saf_DFA__<Component>__<Element descriptor>
6262
| :violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
6363
| :violation_cause: "description of failure effect of the failure initiator on the element"
64-
| :mitigation: <ID from Component Requirement | ID from AoU Component Requirement>
64+
| :mitigates: <ID from Component Requirement | ID from AoU Component Requirement>
6565
| :mitigation_issue: <ID from Issue Tracker>
6666
| :sufficient: <yes|no>
6767
| :status: <valid|invalid>

process/process_areas/safety_analysis/guidance/fmea_templates.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ FMEA Templates
2727
| :id: feat_saf_fmea__<Feature>__<Element descriptor>
2828
| :violation_id: <ID from fault model :need:`gd_guidl__fault_models`>
2929
| :violation_cause: "description of failure effect of the fault model on the element"
30-
| :mitigation: <ID from Feature Requirement | ID from AoU Feature Requirement>
30+
| :mitigates: <ID from Feature Requirement | ID from AoU Feature Requirement>
3131
| :mitigation_issue: <ID from Issue Tracker>
3232
| :sufficient: <yes|no>
3333
| :status: <valid|invalid>
@@ -43,7 +43,7 @@ FMEA Templates
4343
| :id: comp_saf_fmea__<Component>__<Element descriptor>
4444
| :violation_id: <ID from fault model :need:`gd_guidl__fault_models`>
4545
| :violation_cause: "description of failure effect of the fault model on the element"
46-
| :mitigation: <ID from Component Requirement | ID from AoU Component Requirement>
46+
| :mitigates: <ID from Component Requirement | ID from AoU Component Requirement>
4747
| :mitigation_issue: <ID from Issue Tracker>
4848
| :sufficient: <yes|no>
4949
| :status: <valid|invalid>

process/process_areas/safety_analysis/safety_analysis_concept.rst

Lines changed: 65 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -20,16 +20,15 @@ Concept Description
2020
:status: valid
2121
:tags: safety_analysis
2222

23-
This section discusses a concept for safety analyses. As methods for safety analysis were used DFA (Dependent Failure Analysis)
23+
This section discusses a concept for safety analyses. As methods for safety analysis are used DFA (Dependent Failure Analysis)
2424
and FMEA (Failure Mode and Effects Analysis). Inputs for this concept are the requirements of ISO26262 Part 6 Chapter 7 and Part 9 Chapter 7 and 8.
2525

2626
The objectives of the DFA are to show that the required freedom from interference is achieved. Therefore the potential causes or initiators are
2727
analysed. The DFA is focussed on common cause failures. With a DFA architectural features are analysed if
2828

2929
| - there are redundant elements (similar or non-similar)
30-
| - identical software is implemented in different features or components
3130
| - failures can violate a functions and the safety mechanisms for the function
32-
| - failures an violate partitions of features or components
31+
| - failures can violate components
3332
3433
With the DFA shall be shown that the freedom from interference is achieved by the absence of common cause failures. Common cause failures
3534
shall be analysed at feature platform level and for complex components. A complex component is defined as a component where not directly
@@ -130,16 +129,17 @@ Examples for FMEA and DFA at feature level
130129

131130
The dynamic architecture is analysed with the FMEA. Therefore the template :ref:`FMEA_templates` is used.
132131

133-
.. feat_saf_fmea:: <Element descriptor>
134-
:verifies: <Feature architecture>
135-
:id: feat_saf_fmea__<Feature>__<Element descriptor>
136-
:violation_id: <ID from fault model :need:`gd_guidl__fault_models`>
137-
:violation_cause: "description of failure effect of the fault model on the element"
138-
:mitigation: <ID from Feature Requirement | ID from AoU Feature Requirement>
139-
:mitigation_issue: <ID from Issue Tracker>
140-
:sufficient: <yes|no>
141-
:status: <valid|invalid>
142-
.. note:: argument is inside the 'content'. Therefore content is mandatory
132+
133+
| .. feat_saf_fmea:: <Element descriptor>
134+
| :verifies: <Feature architecture>
135+
| :id: feat_saf_fmea__<Feature>__<Element descriptor>
136+
| :violation_id: <ID from fault model :need:`gd_guidl__fault_models`>
137+
| :violation_cause: "description of failure effect of the fault model on the element"
138+
| :mitigation: <ID from Feature Requirement | ID from AoU Feature Requirement>
139+
| :mitigation_issue: <ID from Issue Tracker>
140+
| :sufficient: <yes|no>
141+
| :status: <valid|invalid>
142+
.. note:: argument is inside the 'content'. Therefore content is mandatory
143143
144144
Use the fault models :need:`gd_guidl__fault_models` to ensure a structured analysis. If a fault model doesn't apply,
145145
please fill in a short description in the violation cause of the analysis so it could be recognized that the analysis
@@ -149,27 +149,27 @@ The dynamic architecture for
149149
"check if key contains default value" is used as an example. The attributes of the template (:ref:`process_requirements_safety_analysis_attributes`)
150150
shall be filled in as follows:
151151

152-
.. feat_saf_fmea:: Check if key contains default value
153-
:verifies: feat_arc_dyn__persistency_check_key_default
154-
:id: feat_saf_fmea__persistency_check_key_default
155-
:violation_id: "MF_01_01"
156-
:violation_cause: The message from the User is not received by the component kvs.
157-
:mitigation: feat_req__persistency__default_value_get
158-
:mitigation_issue:
159-
:sufficient: yes
160-
:status: valid
161-
This violation is not applicable for persistency. The feature will always work as expected.
162-
163-
.. feat_saf_fmea:: Check if key contains default value
164-
:verifies: feat_arc_dyn__persistency_check_key_default
165-
:id: feat_saf_fmea__persistency_check_key_default
166-
:violation_id: "MF_01_02"
167-
:violation_cause: The message from the User is received too late by the component kvs.
168-
:mitigation: feat_req__persistency__default_value_get
169-
:mitigation_issue:
170-
:sufficient: yes
171-
:status: valid
172-
This violation could not occur. There are no time constraints for the persistency feature. The feature will always work as expected.
152+
| .. feat_saf_fmea:: Persistency
153+
| :verifies: feat_arc_dyn__persistency__check_key_default, feat_arc_dyn__persistency__delete_key, feat_arc_dyn__persistency__flush, feat_arc_dyn__persistency__read_key, feat_arc_dyn__persistency__read_from_storage, feat_arc_dyn__persistency__write_key, feat_arc_dyn__persistency__snapshot_restore
154+
| :id: feat_saf_FMEA__persistency__message_nreived
155+
| :violation_id: MF_01_01
156+
| :violation_cause: Message is not received.
157+
| :mitigates: aou_req__persistency__error_handling
158+
| :sufficient: yes
159+
| :status: valid
160+
|
161+
| User is not able to use the feature. Middleware cant be used.
162+
163+
| .. feat_saf_fmea:: Persistency
164+
| :verifies: feat_arc_dyn__persistency__check_key_default, feat_arc_dyn__persistency__delete_key, feat_arc_dyn__persistency__flush, feat_arc_dyn__persistency__read_key, feat_arc_dyn__persistency__read_from_storage, feat_arc_dyn__persistency__write_key, feat_arc_dyn__persistency__snapshot_restore
165+
| :id: feat_saf_FMEA__persistency__late_message
166+
| :violation_id: MF_01_02
167+
| :violation_cause: message received too late.
168+
| :mitigates: aou_req__persistency__error_handling
169+
| :sufficient: yes
170+
| :status: valid
171+
|
172+
| User is not able to use the feature. Middleware cant be used.
173173
174174
The FMEA is finished, if all fault models are checked and for each identified fault a sufficient mitigation exists. For the validation of the
175175
FMEA the checklist :need:`gd_chklst__safety_analysis` shall be used.
@@ -179,42 +179,42 @@ FMEA the checklist :need:`gd_chklst__safety_analysis` shall be used.
179179
The static architecture is analysed with the DFA. Therefore the template :ref:`DFA_templates` is used. The goal is to show that
180180
the freedom from interference is achieved.
181181

182-
.. feat_saf_dfa:: <Element descriptor>
183-
:verifies: <Feature architecture>
184-
:id: feat_saf_DFA__<Feature>__<Element descriptor>
185-
:violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
186-
:violation_cause: "description of failure effect of the failure initiator on the element"
187-
:mitigation: <ID from Feature Requirement | ID from AoU Feature Requirement>
188-
:mitigation_issue: <ID from Issue Tracker>
189-
:sufficient: <yes|no>
190-
:status: <valid|invalid>
191-
.. note:: argument is inside the 'content'. Therefore content is mandatory
182+
| .. feat_saf_dfa:: <Element descriptor>
183+
| :verifies: <Feature architecture>
184+
| :id: feat_saf_DFA__<Feature>__<Element descriptor>
185+
| :violation_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
186+
| :violation_cause: "description of failure effect of the failure initiator on the element"
187+
| :mitigates: <ID from Feature Requirement | ID from AoU Feature Requirement>
188+
| :mitigation_issue: <ID from Issue Tracker>
189+
| :sufficient: <yes|no>
190+
| :status: <valid|invalid>
191+
.. note:: argument is inside the 'content'. Therefore content is mandatory
192192
193193
Use the DFA failure initiators :need:`gd_guidl__dfa_failure_initiators` to ensure a structured analysis. If a failure initiator doesn't apply,
194194
please fill in a short description in the violation cause of the analysis so it could be recognized that the analysis
195195
is done. If there are additional failure initiators needed, please enlarge the list of failure initiators.
196196

197-
.. feat_saf_dfa:: Static Architecture
198-
:verifies: feat_arc_sta_persistency_static
199-
:id: feat_saf_dfa__persistency__libraries
200-
:violation_id: "CO_01_01"
201-
:violation_cause: Shared resources: Libraries
202-
:mitigation: feat_req__persistency__persistency
203-
:mitigation_issue:
204-
:sufficient: yes
205-
:status: valid
206-
The violation is not applicable. The persistency feature is implemented in a way that it doesn't share libraries between functions and their related safety mechanisms.
207-
208-
.. feat_saf_dfa:: Static Architecture
209-
:verifies: feat_arc_sta_persistency_static
210-
:id: feat_saf_dfa__persistency__message_corruption
211-
:violation_id: "CO_01_01"
212-
:violation_cause: "Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information. Failures will lead to falsified execution or to a not available feature.
213-
:mitigation: feat_req__persistency__integrity_check
214-
:mitigation_issue: None
215-
:sufficient: yes
216-
:status: valid
217-
The integrity check will ensure that the data is not corrupted and the feature will work as expected.
197+
| .. feat_saf_dfa:: Persistency
198+
| :verifies: feat_arc_sta__persistency__static
199+
| :id: feat_saf_dfa__persistency__config
200+
| :violation_id: SR_01_07
201+
| :violation_cause: Configuration data. Return values might be falsified.
202+
| :mitigates: feat_req__persistency__integrity_check
203+
| :sufficient: yes
204+
| :status: valid
205+
|
206+
| Integrity check will fail, so the failure will be detected.
207+
208+
| .. feat_saf_dfa:: Persistency
209+
| :verifies: feat_arc_sta__persistency__static
210+
| :id: feat_saf_dfa__persistency__arg_passed
211+
| :violation_id: CO_01_01
212+
| :violation_cause: Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions (data flow)
213+
| :mitigates: feat_req__persistency__cpp_rust_interop
214+
| :sufficient: yes
215+
| :status: valid
216+
|
217+
| Failure initiator not applicable at persistency, so no mitigates is needed.
218218
219219
The DFA is finished, if all fault models are checked and for each identified fault a sufficient mitigation exists. For the validation of the
220220
DFA the checklist :need:`gd_chklst__safety_analysis` shall be used.

0 commit comments

Comments
 (0)