diff --git a/MODULE.bazel b/MODULE.bazel index 66bd0876087..d75d3499acb 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -79,8 +79,8 @@ single_version_override( version = "4.0.1", ) -bazel_dep(name = "score_process", version = "1.5.3") +bazel_dep(name = "score_process", version = "1.5.4") single_version_override( module_name = "score_process", - version = "1.5.3", + version = "1.5.4", ) diff --git a/docs/features/persistency/index.rst b/docs/features/persistency/index.rst index 36074b9e8f9..ed070624de5 100644 --- a/docs/features/persistency/index.rst +++ b/docs/features/persistency/index.rst @@ -30,7 +30,7 @@ Persistency (v0.5 beta) requirements/chklst_req_inspection.rst safety_analysis/fmea.rst safety_analysis/dfa.rst - safety_analysis/safety_analysis_fdr.rst + safety_analysis/feature_safety_analysis_fdr.rst safety_planning/index.rst security_planning/index.rst security_analysis/stride.rst diff --git a/docs/features/persistency/safety_analysis/feature_safety_analysis_fdr.rst b/docs/features/persistency/safety_analysis/feature_safety_analysis_fdr.rst new file mode 100644 index 00000000000..0b5feeca66f --- /dev/null +++ b/docs/features/persistency/safety_analysis/feature_safety_analysis_fdr.rst @@ -0,0 +1,178 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Safety Analysis Checklist +========================= + +.. document:: Persistency Safety Analysis Checklist + :id: doc__persistency_safety_analysis_fdr + :status: valid + :safety: ASIL_B + :security: YES + :realizes: wp__fdr_reports + :tags: persistency + +**Purpose** +The purpose of this Safety Analysis (DFA and FMEA) checklist template is to collect the topics to be checked during verification of the Safety Analysis. + +**Conduct** + +As described in :need:`wf__p_formal_rv`, the formal document review is performed by an "external" safety manager: + +- reviewer: Uwe Maucher, Volker Häussler + +**Checklist** + +Please note that the "passed" column must contain "yes" or "no" for each checklist item. Additionally, the remarks column must explain why item passed or did not passed. In case of "no" an issue link to the issue tracking system has to be added in the last column. See also :need:`doc_concept__wp_inspections` for further information about reviews in general and inspection in particular. + +.. list-table:: General Checklist + :header-rows: 1 + :widths: 10,10,30,30,20 + + * - ID + - Safety analysis activity + - Compliant to ISO 26262? + - Reference + - Comment + + * - 1 + - Are the safety analysis performed according to the defined process and templates? See :need:`gd_req__saf_structure` and also :need:`doc__feature_name_fmea` and :need:`doc__feature_name_dfa` + - YES + - :need:`[[title]] ` + - Templates for safety analysis are used and the process is followed. + + * - 2 + - Is the result of the safety analysis indicate if the safety requirements are complied? + - YES + - :need:`[[title]] ` + - The safety analysis results indicate compliance with the requirements. + + * - 3 + - Are for all not complied safety requirements mitigations defined to resolute the non-compliance? The mitigations shall have a direct influence on the violation by prevention, detection or mitigation to reduce the risk to an acceptable level. + - YES + - :need:`[[title]] ` + - Yes. All non-compliances have defined mitigations. + + * - 4 + - Are the mitigations effective and implemented? + - YES + - :need:`[[title]] ` + - The mitigations are effective and have been implemented. + + * - 5 + - Are newly identified hazards adressed to be considered in HARA in the safety manual? + - NO + - :need:`[[title]] ` + - HARA is out of scope / tailored out for this project. + + * - 6 + - Are additional safety-related test cases determined by potential results of the safety analyses? + - NO + - :need:`[[title]] ` + - There are no additional safety-related test cases determined by potential results of the safety analyses. + + +.. list-table:: DFA Checklist + :header-rows: 1 + :widths: 10,10,30,30,20 + + * - ID + - Safety analysis activity + - Compliant to ISO 26262? + - Reference + - Comment + + * - 1 + - Are the potential dependent failures identified by performming a DFA? + - YES + - :need:`[[title]] ` + - The potential dependent failures have been identified by performing the DFA. + + * - 2 + - Is it plausible that each potential identified dependent failure that has been identified, will lead to a dependent failure which cause a violation of FFI? + - YES + - :need:`[[title]] ` + - The identified potential dependent failures are plausible and could lead to a violation of FFI. + + * - 3 + - Are applicable operational situations and operating modes considered? + - NO + - :need:`[[title]] ` + - Not applicable for the project. + + * - 4 + - Are the failure initiators :need:`[[title]] ` suitable and applied? + - YES + - :need:`[[title]] ` + - Failure initiators are suitable and have been applied in the DFA. + + * - 5 + - Is a rationale provided for each identified potential dependent failure? + - YES + - :need:`[[title]] ` + - A rationale is provided for each identified potential dependent failure. + + * - 6 + - Are measures defined to resolute the identified potential dependent failures? + - YES + - :need:`[[title]] `, :need:`[[title]] ` + - Measures are defined to resolute the identified potential dependent failures. + + * - 7 + - Can be the required level of independence shown for the identified potential dependent failures? + - YES + - :need:`[[title]] ` + - The required level of independence can be shown for the identified potential dependent failures. + + * - 8 + - Are the templates for DFA used? See :need:`doc__feature_name_dfa` and also :need:`gd_req__saf_structure` + - YES + - :need:`[[title]] ` + - The templates for DFA are used. + + * - 9 + - Is the DFA performed in a systematic way to identify the potential dependent failures and their effects? Are the failure effect and the mitigation described? + - YES + - :need:`[[title]] ` + - The DFA is performed in a systematic way to identify the potential dependent failures and their effects. The failure effect and the mitigation are described. + + +.. list-table:: FMEA Checklist + :header-rows: 1 + :widths: 10,10,30,30,20 + + * - ID + - Safety analysis activity + - Compliant to ISO 26262? + - Reference + - Comment + + * - 1 + - Are the fault models suitable and applied for the FMEA? See :need:`gd_guidl__fault_models` and also :need:`gd_req__saf_structure` + - YES + - :need:`[[title]] ` + - The fault models are suitable and have been applied for the FMEA. + + * - 2 + - Is the FMEA performed in a systmatic way to identify the potential failure modes and their effects? Are the failure effect and the mitigation described? + - YES + - :need:`[[title]] ` + - The FMEA is performed in a systematic way to identify the potential failure modes and their effects. The failure effect and the mitigation are described. + + * - 3 + - Are the templates for FMEA used? See :need:`doc__feature_name_fmea` and also :need:`gd_req__saf_structure` + - YES + - :need:`[[title]] `, :need:`[[title]] ` + - The templates for FMEA are used. diff --git a/docs/features/persistency/safety_analysis/safety_analysis_fdr.rst b/docs/features/persistency/safety_analysis/safety_analysis_fdr.rst deleted file mode 100644 index a56b53f356a..00000000000 --- a/docs/features/persistency/safety_analysis/safety_analysis_fdr.rst +++ /dev/null @@ -1,83 +0,0 @@ -.. - # ******************************************************************************* - # Copyright (c) 2025 Contributors to the Eclipse Foundation - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # SPDX-License-Identifier: Apache-2.0 - # ******************************************************************************* - - -Safety Analysis Checklist -========================= - -.. document:: Persistency Safety Analysis Checklist - :id: doc__persistency_safety_analysis_fdr - :status: valid - :safety: ASIL_B - :security: YES - :realizes: wp__fdr_reports - :tags: persistency - -**Purpose** -The purpose of this Safety Analysis (DFA and FMEA) checklist template is to collect the topics to be checked during verification of the Safety Analysis. - -**Checklist** - -.. list-table:: Safety Analysis Checklist - :header-rows: 1 - :widths: 10,30,30,15,8,8 - - * - Review ID - - Acceptance Criteria - - Guidance - - Passed - - Remarks - - Issue link - * - REQ_01_01 - - Is / are the attribute sufficient set correctly? - - The mitigations shall have a direct influence ont the violation by prevention, detection or mitigation to reduce the risk to an acceptable level. - - The mitigations are sufficient. - - yes - - - * - REQ_01_02 - - Are the templates for DFA and/or FMEA used? - - See :need:`gd_temp__plat_saf_dfa` / :need:`gd_temp__feat_saf_dfa` / :need:`gd_temp__comp_saf_dfa` and also :need:`gd_temp__feat_saf_fmea` / :need:`gd_temp__comp_saf_fmea` - - Templates are used to generate the DFA or / and FMEA. - - yes - - - * - REQ_01_03 - - Were the failure initiators / fault models applied? - - See :need:`gd_guidl__dfa_failure_initiators` / :need:`gd_guidl__fault_models` - - The applicable items of the failure initiators / fault models are used to ensure a structured analysis. For all not applicable items an argument shall be given in the content of the document. - - yes - - - * - REQ_01_04 - - Are the failure effects clearly and completely described? - - Use the generic failure effect descriptions and enlarge the description if it's applicable to the considered element. - - The effects of the failure is described completely. The effect can be recognized easily. - - yes - - - * - REQ_01_06 - - Is the attribute "mitigated by" linked correct? - - Check if the correct failure effect is linked via "mitigated by". - - The "mitigated by" link is correct. - - yes - - - * - REQ_01_07 - - Is the sufficiency of the "mitigated by" (prevention, detection or mitigation) described or can it be recognized easily? - - The sufficiency of the "mitigated by" is described in the content of the document. It can be recognized easily. - - The "mitigated by" shows clearly that a fault / failure can be mitigated by the linked requirement by prevention, detection or mitigation. It shall be described in the contend. - - yes - - - * - REQ_01_08 - - Is the overall result of the Safety Analysis described in the report? - - It shall be shown in the report if the Safety Analysis are finished and if all artifacts are "valid" and "sufficient". - - The results of the Safety Analysis are described in the report. The report is available :need:`wp__verification_platform_ver_report`. - - no - - Platform verification report is missing