Skip to content

Split Safety Features Stkh Req #2635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
aschemmel-tech wants to merge 1 commit into
base: main
Choose a base branch
from
+170 −46
Draft

Split Safety Features Stkh Req #2635

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 12 additions & 12 deletions docs/features/frameworks/feo/requirements/feature_req.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ Supervision
:reqtype: Functional
:security: NO
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data
:satisfies: stkh_req__dependability__safety_features_1, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data
:status: valid

The framework shall provide the functionality to enable the reporting of
Expand All @@ -186,7 +186,7 @@ Supervision
:reqtype: Functional
:security: NO
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data
:satisfies: stkh_req__dependability__safety_features_1, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data
:status: valid

The framework shall provide the functionality to enable the reporting of
Expand All @@ -198,7 +198,7 @@ Supervision
:reqtype: Functional
:security: NO
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data
:satisfies: stkh_req__dependability__safety_features_1, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data
:status: valid

The framework shall provide the functionality to enable the reporting of
Expand All @@ -210,7 +210,7 @@ Supervision
:reqtype: Functional
:security: NO
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data
:satisfies: stkh_req__dependability__safety_features_1, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data
:status: valid

The framework shall provide mechanisms to check after the computation of
Expand All @@ -228,7 +228,7 @@ Error Handling for S-CORE v0.5
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes
:satisfies: stkh_req__dependability__safety_features_4, stkh_req__dependability__availability, stkh_req__execution_model__processes
:status: valid

If the primary process receives a termination signal, it shall call the shutdown
Expand All @@ -242,7 +242,7 @@ Error Handling for S-CORE v0.5
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes
:satisfies: stkh_req__dependability__safety_features_4, stkh_req__dependability__availability, stkh_req__execution_model__processes
:status: valid

If not all secondary processes connect to the primary in time, the primary shall terminate itself.
Expand All @@ -254,7 +254,7 @@ Error Handling for S-CORE v0.5
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes
:satisfies: stkh_req__dependability__safety_features_4, stkh_req__dependability__availability, stkh_req__execution_model__processes
:status: valid

If an error occurs during the execution of a startup function, the primary process shall abort calling
Expand All @@ -268,7 +268,7 @@ Error Handling for S-CORE v0.5
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes
:satisfies: stkh_req__dependability__safety_features_4, stkh_req__dependability__availability, stkh_req__execution_model__processes
:status: valid

During initialization (i.e. in the startup function of an activity), activities shall check for resource allocation
Expand All @@ -280,7 +280,7 @@ Error Handling for S-CORE v0.5
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes
:satisfies: stkh_req__dependability__safety_features_1, stkh_req__dependability__safety_features_4, stkh_req__dependability__availability, stkh_req__execution_model__processes
:status: valid

If a timeout occurs during startup, stepping or shutdown of an activity, the primary process shall shutdown all
Expand All @@ -292,7 +292,7 @@ Error Handling for S-CORE v0.5
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes
:satisfies: stkh_req__dependability__safety_features_4, stkh_req__dependability__availability, stkh_req__execution_model__processes
:status: valid

If not all activities reach their initialized state within a certain period of time (startup timeout),
Expand All @@ -304,7 +304,7 @@ Error Handling for S-CORE v0.5
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes
:satisfies: stkh_req__dependability__safety_features_1, stkh_req__dependability__availability, stkh_req__execution_model__processes
:status: valid

If an activity fails in the step function, the primary process shall call shutdown for all activities
Expand All @@ -316,7 +316,7 @@ Error Handling for S-CORE v0.5
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes
:satisfies: stkh_req__dependability__safety_features_4, stkh_req__dependability__availability, stkh_req__execution_model__processes
:status: valid

If an activity fails in the shutdown function, the primary process shall shutdown all remaining activities
Expand Down
2 changes: 1 addition & 1 deletion docs/features/lifecycle/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ The Lifecycle feature addresses the following stakeholder requirements:

• :need:`stkh_req__functional_req__file_based`: Modular configuration file support allowing changes without rebuilding software, enabling flexible system setup and module management

• :need:`stkh_req__dependability__safety_features`: Implementation of monitoring safety mechanisms
• :need:`stkh_req__dependability__safety_features_1`: Implementation of monitoring safety mechanisms

A second task of the lifecycle system is to supervise the aliveness of the processes, which are started and to initiate appropriate actions in case of a failure, which might result in many cases in a change of the operting mode.

Expand Down
6 changes: 3 additions & 3 deletions docs/features/lifecycle/requirements/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ Launching Processes
:reqtype: Functional
:security: NO
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features
:satisfies: stkh_req__dependability__safety_features_4
:status: invalid

The :term:`Launch Manager` shall provide support to be started with security
Expand Down Expand Up @@ -214,7 +214,7 @@ Launching Processes
:reqtype: Functional
:security: NO
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features
:satisfies: stkh_req__dependability__safety_features_4
:status: invalid

The :term:`Launch Manager` shall provide support for launching a process with a
Expand Down Expand Up @@ -259,7 +259,7 @@ Launching Processes
:reqtype: Functional
:security: NO
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features
:satisfies: stkh_req__dependability__security_features
:status: invalid

The :term:`Launch Manager` shall provide support for launching process with
Expand Down
4 changes: 2 additions & 2 deletions docs/features/persistency/requirements/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -459,7 +459,7 @@ Requirements
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features
:satisfies: stkh_req__dependability__safety_features_11
:status: valid

The Persistency shall support the development mode.
Expand All @@ -470,7 +470,7 @@ Requirements
:reqtype: Functional
:security: YES
:safety: ASIL_B
:satisfies: stkh_req__dependability__safety_features
:satisfies: stkh_req__dependability__safety_features_11
:status: valid

The Persistency shall support the production mode.
Expand Down
11 changes: 5 additions & 6 deletions docs/modules/os/operating_systems/docs/community/autosd.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
:security: YES
:safety: QM
:status: valid
:implements: aou_req__platform__integration_assistance, aou_req__platform__os_integration_manual, aou_req__platform__bug_interface

AutoSD
######
Expand Down Expand Up @@ -79,7 +78,7 @@ Sample usage:
.. code:: bash

export OCI_IMAGE=localhost/score:latest
export AIB_DISTRO=autosd10-sig
export AIB_DISTRO=autosd10-sig

aib build-builder --distro ${AIB_DISTRO}
aib build --target qemu --distro ${AIB_DISTRO} image.aib.yml ${OCI_IMAGE}
Expand All @@ -97,7 +96,7 @@ You can then replace the usage of "aib" with "auto-image-builder.sh" (requires s
.. code:: bash

export OCI_IMAGE=localhost/score:latest
export AIB_DISTRO=autosd10-sig
export AIB_DISTRO=autosd10-sig
# set the container storage to the local "_builder" directory to avoid permissions issues
export AIB_LOCAL_CONTAINER_STORAGE=$PWD/_build/containers-storage

Expand Down Expand Up @@ -139,16 +138,16 @@ Sample usage (MODULE.bazel file):
module_name = "os_autosd",
path = "/path/to/inc_os_autosd/"
)

bazel_dep(name = "os_autosd", version = "1.0.0")

# Configure AutoSD 9 GCC toolchain
autosd_10_gcc = use_extension("@os_autosd//toolchain/autosd_10_gcc:extensions.bzl", "autosd_10_gcc_extension")
autosd_10_gcc.configure(
c_flags = ["-Wall", "-Wno-error=deprecated-declarations", "-Werror", "-fPIC"],
cxx_flags = ["-Wall", "-Wno-error=deprecated-declarations", "-Werror", "-fPIC"],
)

use_repo(autosd_10_gcc, "autosd_10_gcc_repo")
register_toolchains("@autosd_10_gcc_repo//:gcc_toolchain_linux_x86_64")

Expand Down
16 changes: 11 additions & 5 deletions docs/requirements/platform_assumptions/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,7 @@ In this section assumptions are described which need to be fulfilled by the appl
Note1: Reasons for not needing program flow monitoring could be an OS scheduler with timing and execution guarantees.
Or that in case of non/late execution of the application the safety integrity of the system is not affected.

Note2: The SW-Platform supports this - see :need:`stkh_req__dependability__safety_features` "live, deadline, logical supervision"
Note2: The SW-Platform supports this - see :need:`stkh_req__dependability__safety_features_1`

Assumptions on Safety System
----------------------------
Expand All @@ -310,9 +310,15 @@ In this section assumptions are described which need to be fulfilled by the syst
:safety: ASIL_B
:status: valid

If the system using the SW-platform has safety goals, the system shall provide state-of-the art hardware safety mechanisms.
If the system using the SW-platform has safety goals, the system shall provide state-of-the art hardware safety mechanisms, namely

Note1: A selection of hardware safety mechanisms is collected in :need:`stkh_req__dependability__safety_features`
- :need:`stkh_req__dependability__safety_features_3`
- :need:`stkh_req__dependability__safety_features_4`
- :need:`stkh_req__dependability__safety_features_5`
- :need:`stkh_req__dependability__safety_features_6`
- :need:`stkh_req__dependability__safety_features_7`
- :need:`stkh_req__dependability__safety_features_8`
- :need:`stkh_req__dependability__safety_features_10`

Note2: These safety mechanisms are mostly OS/Hypervisor/HW specific, so the system integrator can only expect S-CORE support for the reference OS/Hypervisor/HW combination.

Expand All @@ -325,7 +331,7 @@ In this section assumptions are described which need to be fulfilled by the syst

If the system using the SW-platform has safety goals, the system shall provide an external health management element which is able to initiate a safe system state.

Note: This can be an "External Hardware Watchdog"
Note: This can be an "External Hardware Watchdog" and/or "Voltage Moditoring" (see :need:`stkh_req__dependability__safety_features_10`)

.. aou_req:: Process Isolation
:id: aou_req__platform__process_isolation
Expand All @@ -346,7 +352,7 @@ In this section assumptions are described which need to be fulfilled by the syst

If the system using the SW-platform has safety goals, the used os module shall offer the following safety related functions:

- configuration of HW safety mechanisms as in :need:`stkh_req__dependability__safety_features`
- configuration of HW safety mechanisms as in :need:`aou_req__platform__hardware_safety`
- startup of OS
- loading and starting of processes
- management and restriction of process privileges
Expand Down
Loading