You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Adjust ``safety`` and ``tags`` according to your needs
36
36
37
+
The DFA for the feature [Your Feature Name] is performed. To show evidence that all failure initiators are considered, the applicability has to be filled out in the
38
+
following tables. For all applicable failure initiators, the DFA has to be performed.
39
+
37
40
Dependent Failure Initiators
38
41
----------------------------
39
42
43
+
Shared resources
44
+
^^^^^^^^^^^^^^^^
45
+
46
+
The dependent failure initiators related to shared resources are not applicable for the features. The shared resources
47
+
will be considered in the platform DFA.
48
+
49
+
Communication between the two elements
50
+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
51
+
52
+
Receiving function is affected by information that is false, lost, sent multiple times, or in the wrong order etc. from the sender.
53
+
54
+
.. list-table:: DFA communication between elements
55
+
:header-rows: 1
56
+
:widths: 10,20,10,20
57
+
58
+
* - ID
59
+
- Violation cause communication between elements
60
+
- Applicability
61
+
- Rationale
62
+
* - CO_01_01
63
+
- Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions (data flow)
64
+
- <yes | no>
65
+
- <Rationale if not applicable, otherwise link to filled out DFA>
66
+
* - CO_01_02
67
+
- Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information
68
+
- <yes | no>
69
+
- <Rationale if not applicable, otherwise link to filled out DFA>
70
+
* - CO_01_03
71
+
- Insertion / sequence of information
72
+
- <yes | no>
73
+
- <Rationale if not applicable, otherwise link to filled out DFA>
74
+
* - CO_01_04
75
+
- Corruption of information, inconsistent data
76
+
- <yes | no>
77
+
- <Rationale if not applicable, otherwise link to filled out DFA>
78
+
* - CO_01_05
79
+
- Asymmetric information sent from a sender to multiple receivers, so that not all defined receivers have the same information
80
+
- <yes | no>
81
+
- <Rationale if not applicable, otherwise link to filled out DFA>
82
+
* - CO_01_06
83
+
- Information from a sender received by only a subset of the receivers
84
+
- <yes | no>
85
+
- <Rationale if not applicable, otherwise link to filled out DFA>
86
+
* - CO_01_07
87
+
- Blocking access to a communication channel
88
+
- <yes | no>
89
+
- <Rationale if not applicable, otherwise link to filled out DFA>
90
+
91
+
Shared information inputs
92
+
^^^^^^^^^^^^^^^^^^^^^^^^^
93
+
94
+
Same information input used by multiple functions.
95
+
96
+
.. list-table:: DFA shared information inputs
97
+
:header-rows: 1
98
+
:widths: 10,20,10,20
99
+
100
+
* - ID
101
+
- Violation cause shared information inputs
102
+
- Applicability
103
+
- Rationale
104
+
* - SI_01_02
105
+
- Configuration data
106
+
- <yes | no>
107
+
- <Rationale if not applicable, otherwise link to filled out DFA>
108
+
* - SI_01_03
109
+
- Constants, or variables, being global to the two software functions
110
+
- <yes | no>
111
+
- <Rationale if not applicable, otherwise link to filled out DFA>
112
+
* - SI_01_04
113
+
- Basic software passes data (read from hardware register and converted into logical information) to two applications software functions
114
+
- <yes | no>
115
+
- <Rationale if not applicable, otherwise link to filled out DFA>
116
+
* - SI_01_05
117
+
- Data / function parameter arguments / messages delivered by software function to more than one other function
118
+
- <yes | no>
119
+
- <Rationale if not applicable, otherwise link to filled out DFA>
120
+
121
+
Unintended impact
122
+
^^^^^^^^^^^^^^^^^
123
+
124
+
Unintended impacts to function due to various failures.
125
+
126
+
.. list-table:: DFA unintended impact
127
+
:header-rows: 1
128
+
:widths: 10,20,10,20
129
+
130
+
* - ID
131
+
- Violation cause unintended impact
132
+
- Applicability
133
+
- Rationale
134
+
* - UI_01_01
135
+
- Memory miss-allocation and leaks
136
+
- <yes | no>
137
+
- <Rationale if not applicable, otherwise link to filled out DFA>
138
+
* - UI_01_02
139
+
- Read/Write access to memory allocated to another software element
140
+
- <yes | no>
141
+
- <Rationale if not applicable, otherwise link to filled out DFA>
142
+
* - UI_01_03
143
+
- Stack/Buffer under-/overflow
144
+
- <yes | no>
145
+
- <Rationale if not applicable, otherwise link to filled out DFA>
146
+
* - UI_01_04
147
+
- Deadlocks
148
+
- <yes | no>
149
+
- <Rationale if not applicable, otherwise link to filled out DFA>
150
+
* - UI_01_05
151
+
- Livelocks
152
+
- <yes | no>
153
+
- <Rationale if not applicable, otherwise link to filled out DFA>
154
+
* - UI_01_06
155
+
- Blocking of execution
156
+
- <yes | no>
157
+
- <Rationale if not applicable, otherwise link to filled out DFA>
158
+
* - UI_01_07
159
+
- Incorrect allocation of execution time
160
+
- <yes | no>
161
+
- <Rationale if not applicable, otherwise link to filled out DFA>
162
+
* - UI_01_08
163
+
- Incorrect execution flow
164
+
- <yes | no>
165
+
- <Rationale if not applicable, otherwise link to filled out DFA>
166
+
* - UI_01_09
167
+
- Incorrect synchronization between software elements
168
+
- <yes | no>
169
+
- <Rationale if not applicable, otherwise link to filled out DFA>
170
+
* - UI_01_10
171
+
- CPU time depletion
172
+
- <yes | no>
173
+
- <Rationale if not applicable, otherwise link to filled out DFA>
174
+
* - UI_01_11
175
+
- Memory depletion
176
+
- <yes | no>
177
+
- <Rationale if not applicable, otherwise link to filled out DFA>
178
+
* - UI_01_12
179
+
- Other HW unavailability
180
+
- <yes | no>
181
+
- <Rationale if not applicable, otherwise link to filled out DFA>
182
+
183
+
184
+
DFA
185
+
===
186
+
187
+
For all identified applicable failure initiators, the DFA is performed in the following section.
Copy file name to clipboardExpand all lines: process/folder_templates/features/feature_name/safety_analysis/fmea.rst
+77Lines changed: 77 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,9 +34,86 @@ FMEA (Failure Modes and Effects Analysis)
34
34
- Adjust ``status`` to be ``valid``
35
35
- Adjust ``safety`` and ``tags`` according to your needs
36
36
37
+
The FMEA for the feature [Your Feature Name] is performed. To show evidence that all failure initiators are considered, the applicability has to be filled out in the
38
+
following tables. For all applicable failure initiators, the FMEA has to be performed.
39
+
37
40
Failure Mode List
38
41
-----------------
39
42
43
+
Fault Models for sequence diagrams
44
+
.. list-table:: Fault Models for sequence diagrams
45
+
:header-rows: 1
46
+
:widths: 10,20,10,20
47
+
48
+
* - ID
49
+
- Failure Mode
50
+
- Applicability
51
+
- Rationale
52
+
* - MF_01_01
53
+
- message is not received (is a subset/more precise description of MF_01_05)
54
+
- <yes | no>
55
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
56
+
* - MF_01_02
57
+
- message received too late (only relevant if delay is a realistic fault)
58
+
- <yes | no>
59
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
60
+
* - MF_01_03
61
+
- message received too early (usually not a problem)
62
+
- <yes | no>
63
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
64
+
* - MF_01_04
65
+
- message not received correctly by all recipients (different messages or messages partly lost). Only relevant if the same message goes to multiple recipients.
66
+
- <yes | no>
67
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
68
+
* - MF_01_05
69
+
- message is corrupted
70
+
- <yes | no>
71
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
72
+
* - MF_01_06
73
+
- message is not sent
74
+
- <yes | no>
75
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
76
+
* - MF_01_07
77
+
- message is unintended sent
78
+
- <yes | no>
79
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
80
+
* - CO_01_01
81
+
- minimum constraint boundary is violated
82
+
- <yes | no>
83
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
84
+
* - CO_01_02
85
+
- maximum constraint boundary is violated
86
+
- <yes | no>
87
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
88
+
* - EX_01_01
89
+
- Process calculates wrong result(s) (is a subset/more precise description of MF_01_05 or MF_01_04). This failure mode is related to the analysis if e.g. internal safety mechanisms are required (level 2 function, plausibility check of the output, …) because of the size / complexity of the feature.
90
+
- <yes | no>
91
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
92
+
* - EX_01_02
93
+
- processing too slow (only relevant if timing is considered)
94
+
- <yes | no>
95
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
96
+
* - EX_01_03
97
+
- processing too fast (only relevant if timing is considered)
98
+
- <yes | no>
99
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
100
+
* - EX_01_04
101
+
- loss of execution
102
+
- <yes | no>
103
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
104
+
* - EX_01_05
105
+
- processing changes to arbitrary process
106
+
- <yes | no>
107
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
108
+
* - EX_01_06
109
+
- processing is not complete (infinite loop)
110
+
- <yes | no>
111
+
- <Rationale if not applicable, otherwise link to filled out FMEA>
112
+
113
+
FMEA
114
+
----
115
+
For all identified applicable failure initiators, the FMEA is performed in the following section.
0 commit comments