From f8bf7c8a0fed98deb1a39f4312f395b77868205d Mon Sep 17 00:00:00 2001 From: Jochen Hoenle Date: Thu, 2 Jul 2026 09:56:18 +0200 Subject: [PATCH] [rules score] adapt rsl for safety analysis --- .../docs/user_guide/dependability_analysis.md | 4 +-- .../sample_fmea_failure_modes.trlc | 4 +-- bazel/rules/rules_score/test/BUILD | 1 + .../component_requirements.rst | 1 + .../seooc_test/safety_measures_fixtures.trlc | 4 +-- .../trlc/config/score_requirements_model.rsl | 27 ++++++++++--------- 6 files changed, 22 insertions(+), 19 deletions(-) diff --git a/bazel/rules/rules_score/docs/user_guide/dependability_analysis.md b/bazel/rules/rules_score/docs/user_guide/dependability_analysis.md index 0f6cf0da..992fcbec 100644 --- a/bazel/rules/rules_score/docs/user_guide/dependability_analysis.md +++ b/bazel/rules/rules_score/docs/user_guide/dependability_analysis.md @@ -35,7 +35,7 @@ The failure modes to consider are defined by the SCORE process: > [FMEA Fault Models — Process Description](https://eclipse-score.github.io/process_description/main/process_areas/safety_analysis/guidance/fault_models_guideline.html#id1) -The fault models cover three categories: **messages** (send/receive behaviour), **time constraints** (too early / too late), and **execution** (wrong result, loss, delay, corruption, non-determinism). The `guidewords` enum in the `ScoreReq` model maps each category to a structured label used in the `FailureMode` records. +The fault models cover three categories: **messages** (send/receive behaviour), **time constraints** (too early / too late), and **execution** (wrong result, loss, delay, corruption, non-determinism). The `Guideword` enum in the `ScoreReq` model maps each category to a structured label used in the `FailureMode` records. The description below covers the FMEA-based **safety** analysis for a software module. @@ -78,7 +78,7 @@ package MySeooc import ScoreReq ScoreReq.FailureMode FM_001 { - guidewords = [ScoreReq.guidewords.LossOfFunction] + guidewords = [ScoreReq.Guideword.LossOfFunction] description = "Key-value store returns stale data after power loss" failureeffect = "Incorrect system state at startup" safety = ScoreReq.Asil.B diff --git a/bazel/rules/rules_score/examples/seooc/safety_analysis/sample_fmea_failure_modes.trlc b/bazel/rules/rules_score/examples/seooc/safety_analysis/sample_fmea_failure_modes.trlc index 5e4cef42..c95ab6f2 100644 --- a/bazel/rules/rules_score/examples/seooc/safety_analysis/sample_fmea_failure_modes.trlc +++ b/bazel/rules/rules_score/examples/seooc/safety_analysis/sample_fmea_failure_modes.trlc @@ -15,7 +15,7 @@ package SampleLibrary import ScoreReq ScoreReq.FailureMode SampleFailureMode{ - guidewords = [ScoreReq.guidewords.LossOfFunction] + guidewords = [ScoreReq.Guideword.LossOfFunction] description = "SampleFailureMode takes over the world" failureeffect = "The world as we know it will end" version = 1 @@ -24,7 +24,7 @@ ScoreReq.FailureMode SampleFailureMode{ } ScoreReq.FailureMode SampleFailureMode2{ - guideword = ScoreReq.GuideWord.TooLate + guidewords = [ScoreReq.Guideword.TooLate] description = "SampleFailureMode2 responds too late" failureeffect = "Downstream consumers time out" version = 1 diff --git a/bazel/rules/rules_score/test/BUILD b/bazel/rules/rules_score/test/BUILD index 627b4ed8..ee636cf0 100644 --- a/bazel/rules/rules_score/test/BUILD +++ b/bazel/rules/rules_score/test/BUILD @@ -702,6 +702,7 @@ feature_requirements( component_requirements( name = "comp_req_rst", srcs = ["fixtures/rst_requirements/component_requirements.rst"], + ref_package = "FeatureRequirements", deps = [ ":asr_rst", ":feat_req_rst", diff --git a/bazel/rules/rules_score/test/fixtures/rst_requirements/component_requirements.rst b/bazel/rules/rules_score/test/fixtures/rst_requirements/component_requirements.rst index c3c986eb..d80407e1 100644 --- a/bazel/rules/rules_score/test/fixtures/rst_requirements/component_requirements.rst +++ b/bazel/rules/rules_score/test/fixtures/rst_requirements/component_requirements.rst @@ -19,5 +19,6 @@ Component Requirements (RST) :id: comp_req__rst_test__001 :safety: ASIL_B :status: valid + :derived_from: feat_req__rst_test__001 The mock library shall provide mock_function_1 returning 42 for RST-based fixture validation. diff --git a/bazel/rules/rules_score/test/fixtures/seooc_test/safety_measures_fixtures.trlc b/bazel/rules/rules_score/test/fixtures/seooc_test/safety_measures_fixtures.trlc index e0c41c5a..c81da33e 100644 --- a/bazel/rules/rules_score/test/fixtures/seooc_test/safety_measures_fixtures.trlc +++ b/bazel/rules/rules_score/test/fixtures/seooc_test/safety_measures_fixtures.trlc @@ -29,14 +29,12 @@ ScoreReq.ControlMeasure SomeBasicEvent { } ScoreReq.PreventiveMeasure SomePreventiveMeasure { - safety = ScoreReq.Asil.QM - description = "A preventive measure that reduces the likelihood of a hazard" - version = 1 } ScoreReq.Mitigation SomeMitigation { safety = ScoreReq.Asil.B description = "A mitigation that reduces the severity of a hazard" + rationale = "Reduces severity by providing an alternative processing path" version = 1 } diff --git a/bazel/rules/rules_score/trlc/config/score_requirements_model.rsl b/bazel/rules/rules_score/trlc/config/score_requirements_model.rsl index f6c3b474..3a2d44ce 100644 --- a/bazel/rules/rules_score/trlc/config/score_requirements_model.rsl +++ b/bazel/rules/rules_score/trlc/config/score_requirements_model.rsl @@ -78,9 +78,7 @@ tuple CompReqSourceId { type CompReq "Component-level requirement allocated to a specific software component." extends RequirementSafety { derived_from "Versioned references to the FeatReq or AssumedSystemReq items this component requirement is derived from. Omit only for component-internal requirements with no feature-level parent." - optional CompReqSourceId[1 .. *] - mitigates "Reference to the FailureMode or safety concern that this requirement mitigates." - optional String + CompReqSourceId[1 .. *] } tuple CompReqId { @@ -93,7 +91,7 @@ tuple CompReqId { // Safety Analyses /////////////////////////////// -enum guidewords "HAZOP-style guide words used to categorize failure mode." { +enum Guideword "HAZOP-style guide words used to categorize failure mode." { // ------------------------------------------------------------------------- // Message fault models (MF_01_xx) @@ -147,7 +145,7 @@ enum guidewords "HAZOP-style guide words used to categorize failure mode." { type FailureMode "A potential failure of a system function, described using one or more HAZOP guide words." extends ScoreReq.RequirementSafety { guidewords "One or more HAZOP guide words classifying the nature of this failure." - guidewords[1 .. *] + Guideword[1 .. *] failureeffect "Description of the consequence of this failure mode on the system or its users." String rationale "Explanation of why this failure mode is considered relevant." @@ -156,21 +154,26 @@ type FailureMode "A potential failure of a system function, described using one optional String } -abstract type Measure "Abstract base type for all safety measures. Cannot be instantiated directly." extends ScoreReq.RequirementSafety { +type ControlMeasure "A design or operational measure that detects, prevents, or limits a failure mode." extends RequirementSafety { + mitigates "Reference to the FailureMode or safety concern that this requirement mitigates." + optional String } -type ControlMeasure "A design or operational measure that detects, prevents, or limits a failure mode." extends Measure { +type PreventiveMeasure "A measure that prevents a failure mode from occurring in the first place." { } -type PreventiveMeasure "A measure that prevents a failure mode from occurring in the first place." extends Measure { +type Mitigation "A measure that reduces the severity or probability of a failure mode's effect." extends AssumedSystemReq { + mitigates "Reference to the FailureMode or safety concern that this requirement mitigates." + optional String } -type Mitigation "A measure that reduces the severity or probability of a failure mode's effect." extends Measure { +type AoU "Assumption of Use — a safety-relevant condition that a user must fulfil." extends ControlMeasure { } -type AoU "Assumption of Use — a safety-relevant condition that a caller must fulfil when using this component." extends ControlMeasure { - mitigates "Reference to the FailureMode or hazard that is mitigated when this assumption is satisfied." - optional String +tuple Measure { + item [ControlMeasure, PreventiveMeasure, Mitigation] + separator @ + version Integer } ///////////////////////////////