Skip to content

Commit 83407d7

Browse files
Baselibs component DFA
Refers: #2490
1 parent deb1f6a commit 83407d7

9 files changed

Lines changed: 200 additions & 184 deletions

File tree

  • docs/modules/baselibs
    • bitmanipulation/docs/safety_analysis
    • concurrency/docs/safety_analysis
    • containers/docs/safety_analysis
    • filesystem/docs/safety_analysis
    • json/docs/safety_analysis
    • language/safecpp/docs/safety_analysis
    • result/docs/safety_analysis
    • static_reflection_with_serialization/docs/safety_analysis
    • utils/docs/safety_analysis

docs/modules/baselibs/bitmanipulation/docs/safety_analysis/dfa.rst

Lines changed: 3 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ DFA (Dependent Failure Analysis)
1818

1919
.. document:: bitmanipulation DFA
2020
:id: doc__bitmanipulation_dfa
21-
:status: draft
21+
:status: valid
2222
:safety: ASIL_B
2323
:security: YES
2424
:realizes: wp__sw_component_dfa
@@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis)
2929
Dependent Failure Initiators
3030
----------------------------
3131

32-
.. code-block:: rst
33-
34-
.. comp_saf_dfa:: <Title>
35-
:violates: <Component architecture>
36-
:id: comp_saf_dfa__<Component>__<Element descriptor>
37-
:failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
38-
:failure_effect: "description of failure effect of the failure initiator on the element"
39-
:mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement>
40-
:mitigation_issue: <ID from Issue Tracker>
41-
:sufficient: <yes|no>
42-
:status: <valid|invalid>
43-
44-
.. note:: argument is inside the 'content'. Therefore content is mandatory
45-
46-
.. attention::
47-
The above directive must be updated according to your component DFA.
48-
49-
- The above "code-block" directive must be updated
50-
- Fill in all the needed information in the <brackets>
32+
As the component's archtitecture does not have a decomposition into further components,
33+
there are no failures additional to the ones analyzed on feature level.

docs/modules/baselibs/concurrency/docs/safety_analysis/dfa.rst

Lines changed: 4 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis)
1818

1919
.. document:: concurrency DFA
2020
:id: doc__concurrency_dfa
21-
:status: draft
21+
:status: valid
2222
:safety: ASIL_B
23-
:security: NO
23+
:security: YES
2424
:realizes: wp__sw_component_dfa
2525

2626
.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
@@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis)
2929
Dependent Failure Initiators
3030
----------------------------
3131

32-
.. code-block:: rst
33-
34-
.. comp_saf_dfa:: <Title>
35-
:violates: <Component architecture>
36-
:id: comp_saf_dfa__<Component>__<Element descriptor>
37-
:failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
38-
:failure_effect: "description of failure effect of the failure initiator on the element"
39-
:mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement>
40-
:mitigation_issue: <ID from Issue Tracker>
41-
:sufficient: <yes|no>
42-
:status: <valid|invalid>
43-
44-
.. note:: argument is inside the 'content'. Therefore content is mandatory
45-
46-
.. attention::
47-
The above directive must be updated according to your component DFA.
48-
49-
- The above "code-block" directive must be updated
50-
- Fill in all the needed information in the <brackets>
32+
As the component's archtitecture does not have a decomposition into further components,
33+
there are no failures additional to the ones analyzed on feature level.

docs/modules/baselibs/containers/docs/safety_analysis/dfa.rst

Lines changed: 4 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis)
1818

1919
.. document:: containers DFA
2020
:id: doc__containers_dfa
21-
:status: draft
21+
:status: valid
2222
:safety: ASIL_B
23-
:security: NO
23+
:security: YES
2424
:realizes: wp__sw_component_dfa
2525

2626
.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
@@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis)
2929
Dependent Failure Initiators
3030
----------------------------
3131

32-
.. code-block:: rst
33-
34-
.. comp_saf_dfa:: <Title>
35-
:violates: <Component architecture>
36-
:id: comp_saf_dfa__<Component>__<Element descriptor>
37-
:failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
38-
:failure_effect: "description of failure effect of the failure initiator on the element"
39-
:mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement>
40-
:mitigation_issue: <ID from Issue Tracker>
41-
:sufficient: <yes|no>
42-
:status: <valid|invalid>
43-
44-
.. note:: argument is inside the 'content'. Therefore content is mandatory
45-
46-
.. attention::
47-
The above directive must be updated according to your component DFA.
48-
49-
- The above "code-block" directive must be updated
50-
- Fill in all the needed information in the <brackets>
32+
As the component's archtitecture does not have a decomposition into further components,
33+
there are no failures additional to the ones analyzed on feature level.

docs/modules/baselibs/filesystem/docs/safety_analysis/dfa.rst

Lines changed: 4 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis)
1818

1919
.. document:: filesystem DFA
2020
:id: doc__filesystem_dfa
21-
:status: draft
21+
:status: valid
2222
:safety: ASIL_B
23-
:security: NO
23+
:security: YES
2424
:realizes: wp__sw_component_dfa
2525

2626
.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
@@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis)
2929
Dependent Failure Initiators
3030
----------------------------
3131

32-
.. code-block:: rst
33-
34-
.. comp_saf_dfa:: <Title>
35-
:violates: <Component architecture>
36-
:id: comp_saf_dfa__<Component>__<Element descriptor>
37-
:failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
38-
:failure_effect: "description of failure effect of the failure initiator on the element"
39-
:mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement>
40-
:mitigation_issue: <ID from Issue Tracker>
41-
:sufficient: <yes|no>
42-
:status: <valid|invalid>
43-
44-
.. note:: argument is inside the 'content'. Therefore content is mandatory
45-
46-
.. attention::
47-
The above directive must be updated according to your component DFA.
48-
49-
- The above "code-block" directive must be updated
50-
- Fill in all the needed information in the <brackets>
32+
As the component's archtitecture does not have a decomposition into further components,
33+
there are no failures additional to the ones analyzed on feature level.

docs/modules/baselibs/json/docs/safety_analysis/dfa.rst

Lines changed: 169 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -18,33 +18,185 @@ DFA (Dependent Failure Analysis)
1818

1919
.. document:: JSON DFA
2020
:id: doc__json_dfa
21-
:status: draft
21+
:status: valid
2222
:safety: ASIL_B
23-
:security: NO
23+
:security: YES
2424
:realizes: wp__sw_component_dfa
2525

2626
.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
2727

2828

29+
The DFA for the component [Your Component Name] is performed. To show evidence that all failure initiators are considered, the applicability has to be filled out in the
30+
following tables. For all applicable failure initiators, the DFA has to be performed.
31+
2932
Dependent Failure Initiators
3033
----------------------------
3134

32-
.. code-block:: rst
35+
Shared resources
36+
^^^^^^^^^^^^^^^^
37+
38+
The dependent failure initiators related to shared resources are not applicable for the component. The shared resources
39+
will be considered in the platform DFA.
40+
41+
Communication between the two elements
42+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
43+
44+
Receiving function is affected by information that is false, lost, sent multiple times, or in the wrong order etc. from the sender.
45+
46+
.. list-table:: DFA communication between elements
47+
:header-rows: 1
48+
:widths: 10,20,10,20
49+
50+
* - ID
51+
- Violation cause communication between elements
52+
- Applicability
53+
- Rationale
54+
* - CO_01_01
55+
- Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions (data flow)
56+
- no
57+
- No shared data input for nlohman-JSON and JSON-Wrapper.
58+
* - CO_01_02
59+
- Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information
60+
- no
61+
- No messages between nlohman-JSON and JSON-Wrapper.
62+
* - CO_01_03
63+
- Insertion / sequence of information
64+
- no
65+
- No messages between nlohman-JSON and JSON-Wrapper.
66+
* - CO_01_04
67+
- Corruption of information, inconsistent data
68+
- no
69+
- No messages between nlohman-JSON and JSON-Wrapper.
70+
* - CO_01_05
71+
- Asymmetric information sent from a sender to multiple receivers, so that not all defined receivers have the same information
72+
- no
73+
- No messages between nlohman-JSON and JSON-Wrapper.
74+
* - CO_01_06
75+
- Information from a sender received by only a subset of the receivers
76+
- no
77+
- No messages between nlohman-JSON and JSON-Wrapper.
78+
* - CO_01_07
79+
- Blocking access to a communication channel
80+
- no
81+
- No communication channel shared between nlohman-JSON and JSON-Wrapper.
82+
83+
Shared information inputs
84+
^^^^^^^^^^^^^^^^^^^^^^^^^
85+
86+
Same information input used by multiple functions.
87+
88+
.. list-table:: DFA shared information inputs
89+
:header-rows: 1
90+
:widths: 10,20,10,20
91+
92+
* - ID
93+
- Violation cause shared information inputs
94+
- Applicability
95+
- Rationale
96+
* - SI_01_02
97+
- Configuration data
98+
- no
99+
- Configuration data may be shared but should not add additional failure modes.
100+
* - SI_01_03
101+
- Constants, or variables, being global to the two software functions
102+
- no
103+
- No global data is used by nlohman-JSON and JSON-Wrapper.
104+
* - SI_01_04
105+
- Basic software passes data (read from hardware register and converted into logical information) to two applications software functions
106+
- no
107+
- nlohman-JSON and JSON-Wrapper are not sharing HW related data.
108+
* - SI_01_05
109+
- Data / function parameter arguments / messages delivered by software function to more than one other function
110+
- no
111+
- nlohman-JSON and JSON-Wrapper are libraries incorporated by each using function individually.
112+
113+
Unintended impact
114+
^^^^^^^^^^^^^^^^^
115+
116+
Unintended impacts to function due to various failures.
117+
118+
.. list-table:: DFA unintended impact
119+
:header-rows: 1
120+
:widths: 10,20,10,20
121+
122+
* - ID
123+
- Violation cause unintended impact
124+
- Applicability
125+
- Rationale
126+
* - UI_01_01
127+
- Memory miss-allocation and leaks
128+
- no
129+
- Not a specific json topic, therefore covered at platform DFA.
130+
* - UI_01_02
131+
- Read/Write access to memory allocated to another software element
132+
- yes
133+
- nlohman-JSON and JSON-Wrapper are in same memory space
134+
* - UI_01_03
135+
- Stack/Buffer under-/overflow
136+
- no
137+
- Not a specific json topic, therefore covered at platform DFA.
138+
* - UI_01_04
139+
- Deadlocks
140+
- yes
141+
- Filesystem access may be blocking.
142+
* - UI_01_05
143+
- Livelocks
144+
- no
145+
- Not a specific json topic, therefore covered at feature level.
146+
* - UI_01_06
147+
- Blocking of execution
148+
- no
149+
- nlohman-JSON and JSON-Wrapper block each other.
150+
* - UI_01_07
151+
- Incorrect allocation of execution time
152+
- no
153+
- Execution time allocated by (external) OS on platform level, should be covered centrally at platform level.
154+
* - UI_01_08
155+
- Incorrect execution flow
156+
- no
157+
- Execution flow controlled by (external) OS on platform level, should be covered centrally at platform level.
158+
* - UI_01_09
159+
- Incorrect synchronization between software elements
160+
- no
161+
- nlohman-JSON and JSON-Wrapper have no synchronization needs.
162+
* - UI_01_10
163+
- CPU time depletion
164+
- yes
165+
- nlohman-JSON and JSON-Wrapper deplete each other's CPU time.
166+
* - UI_01_11
167+
- Memory depletion
168+
- no
169+
- Not a specific json topic, therefore covered at platform DFA.
170+
* - UI_01_12
171+
- Other HW unavailability
172+
- no
173+
- No special HW used for baselibs.
174+
175+
176+
DFA
177+
===
178+
179+
For all identified applicable failure initiators, the DFA is performed in the following section.
180+
33181

34-
.. comp_saf_dfa:: <Title>
35-
:violates: <Component architecture>
36-
:id: comp_saf_dfa__<Component>__<Element descriptor>
37-
:failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
38-
:failure_effect: "description of failure effect of the failure initiator on the element"
39-
:mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement>
40-
:mitigation_issue: <ID from Issue Tracker>
41-
:sufficient: <yes|no>
42-
:status: <valid|invalid>
182+
.. comp_saf_dfa:: Json component FFI
183+
:violates: comp_arc_sta__baselibs__json
184+
:id: comp_saf_dfa__json__ffi
185+
:failure_id: UI_01_02,UI_01_06,UI_01_10
186+
:failure_effect: nlohman-JSON and JSON-Wrapper influence each other and cause wrong read or write of Json data
187+
:mitigated_by: comp_req__json__asil
188+
:sufficient: yes
189+
:status: valid
43190

44-
.. note:: argument is inside the 'content'. Therefore content is mandatory
191+
nlohman-JSON and JSON-Wrapper have the same ASIL.
45192

46-
.. attention::
47-
The above directive must be updated according to your component DFA.
193+
.. comp_saf_dfa:: Json blocking access
194+
:violates: comp_arc_sta__baselibs__json
195+
:id: comp_saf_dfa__json__blocking_access
196+
:failure_id: UI_01_04
197+
:failure_effect: nlohman-JSON and JSON-Wrapper influence each other and cause wrong read or write of Json data
198+
:mitigated_by: aou_req__filesystem__thread_safety
199+
:sufficient: yes
200+
:status: valid
48201

49-
- The above "code-block" directive must be updated
50-
- Fill in all the needed information in the <brackets>
202+
Json Lib is using baselibs/filesystem and has to cover the AoU about thread safety.

docs/modules/baselibs/language/safecpp/docs/safety_analysis/dfa.rst

Lines changed: 4 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis)
1818

1919
.. document:: SafeCpp DFA
2020
:id: doc__safecpp_dfa
21-
:status: draft
21+
:status: valid
2222
:safety: ASIL_B
23-
:security: NO
23+
:security: YES
2424
:realizes: wp__sw_component_dfa
2525

2626
.. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram.
@@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis)
2929
Dependent Failure Initiators
3030
----------------------------
3131

32-
.. code-block:: rst
33-
34-
.. comp_saf_dfa:: <Title>
35-
:violates: <Component architecture>
36-
:id: comp_saf_dfa__<Component>__<Element descriptor>
37-
:failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`>
38-
:failure_effect: "description of failure effect of the failure initiator on the element"
39-
:mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement>
40-
:mitigation_issue: <ID from Issue Tracker>
41-
:sufficient: <yes|no>
42-
:status: <valid|invalid>
43-
44-
.. note:: argument is inside the 'content'. Therefore content is mandatory
45-
46-
.. attention::
47-
The above directive must be updated according to your component DFA.
48-
49-
- The above "code-block" directive must be updated
50-
- Fill in all the needed information in the <brackets>
32+
As the component's archtitecture does not have a decomposition into further components,
33+
there are no failures additional to the ones analyzed on feature level.

0 commit comments

Comments
 (0)