From 345de6680583eb8b230ae2e377a99473fc3cdb35 Mon Sep 17 00:00:00 2001 From: aschemmel-git Date: Mon, 20 Apr 2026 11:50:31 +0200 Subject: [PATCH] Baselibs component DFA Refers: #2490 --- .../docs/safety_analysis/dfa.rst | 23 +-- .../concurrency/docs/safety_analysis/dfa.rst | 25 +-- .../containers/docs/safety_analysis/dfa.rst | 25 +-- .../filesystem/docs/safety_analysis/dfa.rst | 25 +-- .../json/docs/safety_analysis/dfa.rst | 186 ++++++++++++++++-- .../safecpp/docs/safety_analysis/dfa.rst | 25 +-- .../result/docs/safety_analysis/dfa.rst | 25 +-- .../docs/safety_analysis/dfa.rst | 25 +-- .../utils/docs/safety_analysis/dfa.rst | 25 +-- 9 files changed, 200 insertions(+), 184 deletions(-) diff --git a/docs/modules/baselibs/bitmanipulation/docs/safety_analysis/dfa.rst b/docs/modules/baselibs/bitmanipulation/docs/safety_analysis/dfa.rst index c8f242f4698..e2c24e8e9ea 100644 --- a/docs/modules/baselibs/bitmanipulation/docs/safety_analysis/dfa.rst +++ b/docs/modules/baselibs/bitmanipulation/docs/safety_analysis/dfa.rst @@ -18,7 +18,7 @@ DFA (Dependent Failure Analysis) .. document:: bitmanipulation DFA :id: doc__bitmanipulation_dfa - :status: draft + :status: valid :safety: ASIL_B :security: YES :realizes: wp__sw_component_dfa @@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis) Dependent Failure Initiators ---------------------------- -.. code-block:: rst - - .. comp_saf_dfa:: - :violates: <Component architecture> - :id: comp_saf_dfa__<Component>__<Element descriptor> - :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> - :failure_effect: "description of failure effect of the failure initiator on the element" - :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement> - :mitigation_issue: <ID from Issue Tracker> - :sufficient: <yes|no> - :status: <valid|invalid> - -.. note:: argument is inside the 'content'. Therefore content is mandatory - -.. attention:: - The above directive must be updated according to your component DFA. - - - The above "code-block" directive must be updated - - Fill in all the needed information in the <brackets> +As the component's archtitecture does not have a decomposition into further components, +there are no failures additional to the ones analyzed on feature level. diff --git a/docs/modules/baselibs/concurrency/docs/safety_analysis/dfa.rst b/docs/modules/baselibs/concurrency/docs/safety_analysis/dfa.rst index 923f0af6092..bc767df361c 100644 --- a/docs/modules/baselibs/concurrency/docs/safety_analysis/dfa.rst +++ b/docs/modules/baselibs/concurrency/docs/safety_analysis/dfa.rst @@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis) .. document:: concurrency DFA :id: doc__concurrency_dfa - :status: draft + :status: valid :safety: ASIL_B - :security: NO + :security: YES :realizes: wp__sw_component_dfa .. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram. @@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis) Dependent Failure Initiators ---------------------------- -.. code-block:: rst - - .. comp_saf_dfa:: <Title> - :violates: <Component architecture> - :id: comp_saf_dfa__<Component>__<Element descriptor> - :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> - :failure_effect: "description of failure effect of the failure initiator on the element" - :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement> - :mitigation_issue: <ID from Issue Tracker> - :sufficient: <yes|no> - :status: <valid|invalid> - -.. note:: argument is inside the 'content'. Therefore content is mandatory - -.. attention:: - The above directive must be updated according to your component DFA. - - - The above "code-block" directive must be updated - - Fill in all the needed information in the <brackets> +As the component's archtitecture does not have a decomposition into further components, +there are no failures additional to the ones analyzed on feature level. diff --git a/docs/modules/baselibs/containers/docs/safety_analysis/dfa.rst b/docs/modules/baselibs/containers/docs/safety_analysis/dfa.rst index 18627863e69..4ae12721172 100644 --- a/docs/modules/baselibs/containers/docs/safety_analysis/dfa.rst +++ b/docs/modules/baselibs/containers/docs/safety_analysis/dfa.rst @@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis) .. document:: containers DFA :id: doc__containers_dfa - :status: draft + :status: valid :safety: ASIL_B - :security: NO + :security: YES :realizes: wp__sw_component_dfa .. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram. @@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis) Dependent Failure Initiators ---------------------------- -.. code-block:: rst - - .. comp_saf_dfa:: <Title> - :violates: <Component architecture> - :id: comp_saf_dfa__<Component>__<Element descriptor> - :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> - :failure_effect: "description of failure effect of the failure initiator on the element" - :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement> - :mitigation_issue: <ID from Issue Tracker> - :sufficient: <yes|no> - :status: <valid|invalid> - -.. note:: argument is inside the 'content'. Therefore content is mandatory - -.. attention:: - The above directive must be updated according to your component DFA. - - - The above "code-block" directive must be updated - - Fill in all the needed information in the <brackets> +As the component's archtitecture does not have a decomposition into further components, +there are no failures additional to the ones analyzed on feature level. diff --git a/docs/modules/baselibs/filesystem/docs/safety_analysis/dfa.rst b/docs/modules/baselibs/filesystem/docs/safety_analysis/dfa.rst index 6c7d21524e2..882f77c3e1f 100644 --- a/docs/modules/baselibs/filesystem/docs/safety_analysis/dfa.rst +++ b/docs/modules/baselibs/filesystem/docs/safety_analysis/dfa.rst @@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis) .. document:: filesystem DFA :id: doc__filesystem_dfa - :status: draft + :status: valid :safety: ASIL_B - :security: NO + :security: YES :realizes: wp__sw_component_dfa .. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram. @@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis) Dependent Failure Initiators ---------------------------- -.. code-block:: rst - - .. comp_saf_dfa:: <Title> - :violates: <Component architecture> - :id: comp_saf_dfa__<Component>__<Element descriptor> - :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> - :failure_effect: "description of failure effect of the failure initiator on the element" - :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement> - :mitigation_issue: <ID from Issue Tracker> - :sufficient: <yes|no> - :status: <valid|invalid> - -.. note:: argument is inside the 'content'. Therefore content is mandatory - -.. attention:: - The above directive must be updated according to your component DFA. - - - The above "code-block" directive must be updated - - Fill in all the needed information in the <brackets> +As the component's archtitecture does not have a decomposition into further components, +there are no failures additional to the ones analyzed on feature level. diff --git a/docs/modules/baselibs/json/docs/safety_analysis/dfa.rst b/docs/modules/baselibs/json/docs/safety_analysis/dfa.rst index c2123a2621c..8b251604eab 100644 --- a/docs/modules/baselibs/json/docs/safety_analysis/dfa.rst +++ b/docs/modules/baselibs/json/docs/safety_analysis/dfa.rst @@ -18,33 +18,185 @@ DFA (Dependent Failure Analysis) .. document:: JSON DFA :id: doc__json_dfa - :status: draft + :status: valid :safety: ASIL_B - :security: NO + :security: YES :realizes: wp__sw_component_dfa .. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram. +The DFA for the component [Your Component Name] is performed. To show evidence that all failure initiators are considered, the applicability has to be filled out in the +following tables. For all applicable failure initiators, the DFA has to be performed. + Dependent Failure Initiators ---------------------------- -.. code-block:: rst +Shared resources +^^^^^^^^^^^^^^^^ + +The dependent failure initiators related to shared resources are not applicable for the component. The shared resources +will be considered in the platform DFA. + +Communication between the two elements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Receiving function is affected by information that is false, lost, sent multiple times, or in the wrong order etc. from the sender. + +.. list-table:: DFA communication between elements + :header-rows: 1 + :widths: 10,20,10,20 + + * - ID + - Violation cause communication between elements + - Applicability + - Rationale + * - CO_01_01 + - Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions (data flow) + - no + - No shared data input for nlohman-JSON and JSON-Wrapper. + * - CO_01_02 + - Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information + - no + - No messages between nlohman-JSON and JSON-Wrapper. + * - CO_01_03 + - Insertion / sequence of information + - no + - No messages between nlohman-JSON and JSON-Wrapper. + * - CO_01_04 + - Corruption of information, inconsistent data + - no + - No messages between nlohman-JSON and JSON-Wrapper. + * - CO_01_05 + - Asymmetric information sent from a sender to multiple receivers, so that not all defined receivers have the same information + - no + - No messages between nlohman-JSON and JSON-Wrapper. + * - CO_01_06 + - Information from a sender received by only a subset of the receivers + - no + - No messages between nlohman-JSON and JSON-Wrapper. + * - CO_01_07 + - Blocking access to a communication channel + - no + - No communication channel shared between nlohman-JSON and JSON-Wrapper. + +Shared information inputs +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Same information input used by multiple functions. + +.. list-table:: DFA shared information inputs + :header-rows: 1 + :widths: 10,20,10,20 + + * - ID + - Violation cause shared information inputs + - Applicability + - Rationale + * - SI_01_02 + - Configuration data + - no + - Configuration data may be shared but should not add additional failure modes. + * - SI_01_03 + - Constants, or variables, being global to the two software functions + - no + - No global data is used by nlohman-JSON and JSON-Wrapper. + * - SI_01_04 + - Basic software passes data (read from hardware register and converted into logical information) to two applications software functions + - no + - nlohman-JSON and JSON-Wrapper are not sharing HW related data. + * - SI_01_05 + - Data / function parameter arguments / messages delivered by software function to more than one other function + - no + - nlohman-JSON and JSON-Wrapper are libraries incorporated by each using function individually. + +Unintended impact +^^^^^^^^^^^^^^^^^ + +Unintended impacts to function due to various failures. + +.. list-table:: DFA unintended impact + :header-rows: 1 + :widths: 10,20,10,20 + + * - ID + - Violation cause unintended impact + - Applicability + - Rationale + * - UI_01_01 + - Memory miss-allocation and leaks + - no + - Not a specific json topic, therefore covered at platform DFA. + * - UI_01_02 + - Read/Write access to memory allocated to another software element + - yes + - nlohman-JSON and JSON-Wrapper are in same memory space, :need:`comp_saf_dfa__json__ffi` + * - UI_01_03 + - Stack/Buffer under-/overflow + - no + - Not a specific json topic, therefore covered at platform DFA. + * - UI_01_04 + - Deadlocks + - yes + - Filesystem access may be blocking, :need:`comp_saf_dfa__json__blocking_access` + * - UI_01_05 + - Livelocks + - no + - Not a specific json topic, therefore covered at feature level. + * - UI_01_06 + - Blocking of execution + - yes + - nlohman-JSON and JSON-Wrapper may block each other, :need:`comp_saf_dfa__json__ffi` + * - UI_01_07 + - Incorrect allocation of execution time + - no + - Execution time allocated by (external) OS on platform level, should be covered centrally at platform level. + * - UI_01_08 + - Incorrect execution flow + - no + - Execution flow controlled by (external) OS on platform level, should be covered centrally at platform level. + * - UI_01_09 + - Incorrect synchronization between software elements + - no + - nlohman-JSON and JSON-Wrapper have no synchronization needs. + * - UI_01_10 + - CPU time depletion + - yes + - nlohman-JSON and JSON-Wrapper may deplete each other's CPU time, :need:`comp_saf_dfa__json__ffi` + * - UI_01_11 + - Memory depletion + - no + - Not a specific json topic, therefore covered at platform DFA. + * - UI_01_12 + - Other HW unavailability + - no + - No special HW used for baselibs. + + +DFA +=== + +For all identified applicable failure initiators, the DFA is performed in the following section. + - .. comp_saf_dfa:: <Title> - :violates: <Component architecture> - :id: comp_saf_dfa__<Component>__<Element descriptor> - :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> - :failure_effect: "description of failure effect of the failure initiator on the element" - :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement> - :mitigation_issue: <ID from Issue Tracker> - :sufficient: <yes|no> - :status: <valid|invalid> +.. comp_saf_dfa:: Json component FFI + :violates: comp_arc_sta__baselibs__json + :id: comp_saf_dfa__json__ffi + :failure_id: UI_01_02,UI_01_06,UI_01_10 + :failure_effect: nlohman-JSON and JSON-Wrapper influence each other and cause wrong read or write of Json data + :mitigated_by: comp_req__json__asil + :sufficient: yes + :status: valid -.. note:: argument is inside the 'content'. Therefore content is mandatory + nlohman-JSON and JSON-Wrapper have the same ASIL. -.. attention:: - The above directive must be updated according to your component DFA. +.. comp_saf_dfa:: Json blocking access + :violates: comp_arc_sta__baselibs__json + :id: comp_saf_dfa__json__blocking_access + :failure_id: UI_01_04 + :failure_effect: nlohman-JSON and JSON-Wrapper influence each other and cause wrong read or write of Json data + :mitigated_by: aou_req__filesystem__thread_safety + :sufficient: yes + :status: valid - - The above "code-block" directive must be updated - - Fill in all the needed information in the <brackets> + Json Lib is using baselibs/filesystem and has to cover the AoU about thread safety. diff --git a/docs/modules/baselibs/language/safecpp/docs/safety_analysis/dfa.rst b/docs/modules/baselibs/language/safecpp/docs/safety_analysis/dfa.rst index 973427ab2f5..7ac1a981d73 100644 --- a/docs/modules/baselibs/language/safecpp/docs/safety_analysis/dfa.rst +++ b/docs/modules/baselibs/language/safecpp/docs/safety_analysis/dfa.rst @@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis) .. document:: SafeCpp DFA :id: doc__safecpp_dfa - :status: draft + :status: valid :safety: ASIL_B - :security: NO + :security: YES :realizes: wp__sw_component_dfa .. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram. @@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis) Dependent Failure Initiators ---------------------------- -.. code-block:: rst - - .. comp_saf_dfa:: <Title> - :violates: <Component architecture> - :id: comp_saf_dfa__<Component>__<Element descriptor> - :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> - :failure_effect: "description of failure effect of the failure initiator on the element" - :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement> - :mitigation_issue: <ID from Issue Tracker> - :sufficient: <yes|no> - :status: <valid|invalid> - -.. note:: argument is inside the 'content'. Therefore content is mandatory - -.. attention:: - The above directive must be updated according to your component DFA. - - - The above "code-block" directive must be updated - - Fill in all the needed information in the <brackets> +As the component's archtitecture does not have a decomposition into further components, +there are no failures additional to the ones analyzed on feature level. diff --git a/docs/modules/baselibs/result/docs/safety_analysis/dfa.rst b/docs/modules/baselibs/result/docs/safety_analysis/dfa.rst index a3f8180434a..4bd11121bf2 100644 --- a/docs/modules/baselibs/result/docs/safety_analysis/dfa.rst +++ b/docs/modules/baselibs/result/docs/safety_analysis/dfa.rst @@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis) .. document:: result DFA :id: doc__result_dfa - :status: draft + :status: valid :safety: ASIL_B - :security: NO + :security: YES :realizes: wp__sw_component_dfa .. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram. @@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis) Dependent Failure Initiators ---------------------------- -.. code-block:: rst - - .. comp_saf_dfa:: <Title> - :violates: <Component architecture> - :id: comp_saf_dfa__<Component>__<Element descriptor> - :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> - :failure_effect: "description of failure effect of the failure initiator on the element" - :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement> - :mitigation_issue: <ID from Issue Tracker> - :sufficient: <yes|no> - :status: <valid|invalid> - -.. note:: argument is inside the 'content'. Therefore content is mandatory - -.. attention:: - The above directive must be updated according to your component DFA. - - - The above "code-block" directive must be updated - - Fill in all the needed information in the <brackets> +As the component's archtitecture does not have a decomposition into further components, +there are no failures additional to the ones analyzed on feature level. diff --git a/docs/modules/baselibs/static_reflection_with_serialization/docs/safety_analysis/dfa.rst b/docs/modules/baselibs/static_reflection_with_serialization/docs/safety_analysis/dfa.rst index 37e5dd512e4..174d0325267 100644 --- a/docs/modules/baselibs/static_reflection_with_serialization/docs/safety_analysis/dfa.rst +++ b/docs/modules/baselibs/static_reflection_with_serialization/docs/safety_analysis/dfa.rst @@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis) .. document:: Static Reflection DFA :id: doc__static_reflection_dfa - :status: draft + :status: valid :safety: ASIL_B - :security: NO + :security: YES :realizes: wp__sw_component_dfa .. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram. @@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis) Dependent Failure Initiators ---------------------------- -.. code-block:: rst - - .. comp_saf_dfa:: <Title> - :violates: <Component architecture> - :id: comp_saf_dfa__<Component>__<Element descriptor> - :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> - :failure_effect: "description of failure effect of the failure initiator on the element" - :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement> - :mitigation_issue: <ID from Issue Tracker> - :sufficient: <yes|no> - :status: <valid|invalid> - -.. note:: argument is inside the 'content'. Therefore content is mandatory - -.. attention:: - The above directive must be updated according to your component DFA. - - - The above "code-block" directive must be updated - - Fill in all the needed information in the <brackets> +As the component's archtitecture does not have a decomposition into further components, +there are no failures additional to the ones analyzed on feature level. diff --git a/docs/modules/baselibs/utils/docs/safety_analysis/dfa.rst b/docs/modules/baselibs/utils/docs/safety_analysis/dfa.rst index 706653173d4..065c5fa670a 100644 --- a/docs/modules/baselibs/utils/docs/safety_analysis/dfa.rst +++ b/docs/modules/baselibs/utils/docs/safety_analysis/dfa.rst @@ -18,9 +18,9 @@ DFA (Dependent Failure Analysis) .. document:: utils DFA :id: doc__utils_dfa - :status: draft + :status: valid :safety: ASIL_B - :security: NO + :security: YES :realizes: wp__sw_component_dfa .. note:: Use the content of the document to describe e.g. why a fault model is not applicable for the diagram. @@ -29,22 +29,5 @@ DFA (Dependent Failure Analysis) Dependent Failure Initiators ---------------------------- -.. code-block:: rst - - .. comp_saf_dfa:: <Title> - :violates: <Component architecture> - :id: comp_saf_dfa__<Component>__<Element descriptor> - :failure_id: <ID from DFA failure initiators :need:`gd_guidl__dfa_failure_initiators`> - :failure_effect: "description of failure effect of the failure initiator on the element" - :mitigated_by: <ID from Component Requirement | ID from AoU Component Requirement> - :mitigation_issue: <ID from Issue Tracker> - :sufficient: <yes|no> - :status: <valid|invalid> - -.. note:: argument is inside the 'content'. Therefore content is mandatory - -.. attention:: - The above directive must be updated according to your component DFA. - - - The above "code-block" directive must be updated - - Fill in all the needed information in the <brackets> +As the component's archtitecture does not have a decomposition into further components, +there are no failures additional to the ones analyzed on feature level.