Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ The failure modes to consider are defined by the SCORE process:

> [FMEA Fault Models — Process Description](https://eclipse-score.github.io/process_description/main/process_areas/safety_analysis/guidance/fault_models_guideline.html#id1)

The fault models cover three categories: **messages** (send/receive behaviour), **time constraints** (too early / too late), and **execution** (wrong result, loss, delay, corruption, non-determinism). The `guidewords` enum in the `ScoreReq` model maps each category to a structured label used in the `FailureMode` records.
The fault models cover three categories: **messages** (send/receive behaviour), **time constraints** (too early / too late), and **execution** (wrong result, loss, delay, corruption, non-determinism). The `Guideword` enum in the `ScoreReq` model maps each category to a structured label used in the `FailureMode` records.

The description below covers the FMEA-based **safety** analysis for a software module.

Expand Down Expand Up @@ -78,7 +78,7 @@ package MySeooc
import ScoreReq

ScoreReq.FailureMode FM_001 {
guidewords = [ScoreReq.guidewords.LossOfFunction]
guidewords = [ScoreReq.Guideword.LossOfFunction]
description = "Key-value store returns stale data after power loss"
failureeffect = "Incorrect system state at startup"
safety = ScoreReq.Asil.B
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ package SampleLibrary
import ScoreReq

ScoreReq.FailureMode SampleFailureMode{
guidewords = [ScoreReq.guidewords.LossOfFunction]
guidewords = [ScoreReq.Guideword.LossOfFunction]
description = "SampleFailureMode takes over the world"
failureeffect = "The world as we know it will end"
version = 1
Expand All @@ -24,7 +24,7 @@ ScoreReq.FailureMode SampleFailureMode{
}

ScoreReq.FailureMode SampleFailureMode2{
guideword = ScoreReq.GuideWord.TooLate
guidewords = [ScoreReq.Guideword.TooLate]
description = "SampleFailureMode2 responds too late"
failureeffect = "Downstream consumers time out"
version = 1
Expand Down
1 change: 1 addition & 0 deletions bazel/rules/rules_score/test/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -702,6 +702,7 @@ feature_requirements(
component_requirements(
name = "comp_req_rst",
srcs = ["fixtures/rst_requirements/component_requirements.rst"],
ref_package = "FeatureRequirements",
deps = [
":asr_rst",
":feat_req_rst",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,6 @@ Component Requirements (RST)
:id: comp_req__rst_test__001
:safety: ASIL_B
:status: valid
:derived_from: feat_req__rst_test__001

The mock library shall provide mock_function_1 returning 42 for RST-based fixture validation.
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,12 @@ ScoreReq.ControlMeasure SomeBasicEvent {
}

ScoreReq.PreventiveMeasure SomePreventiveMeasure {
safety = ScoreReq.Asil.QM
description = "A preventive measure that reduces the likelihood of a hazard"
version = 1
}

ScoreReq.Mitigation SomeMitigation {
safety = ScoreReq.Asil.B
description = "A mitigation that reduces the severity of a hazard"
rationale = "Reduces severity by providing an alternative processing path"
version = 1
}

Expand Down
27 changes: 15 additions & 12 deletions bazel/rules/rules_score/trlc/config/score_requirements_model.rsl
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,7 @@ tuple CompReqSourceId {

type CompReq "Component-level requirement allocated to a specific software component." extends RequirementSafety {
derived_from "Versioned references to the FeatReq or AssumedSystemReq items this component requirement is derived from. Omit only for component-internal requirements with no feature-level parent."
optional CompReqSourceId[1 .. *]
mitigates "Reference to the FailureMode or safety concern that this requirement mitigates."
optional String
CompReqSourceId[1 .. *]
}

tuple CompReqId {
Expand All @@ -93,7 +91,7 @@ tuple CompReqId {
// Safety Analyses
///////////////////////////////

enum guidewords "HAZOP-style guide words used to categorize failure mode." {
enum Guideword "HAZOP-style guide words used to categorize failure mode." {

// -------------------------------------------------------------------------
// Message fault models (MF_01_xx)
Expand Down Expand Up @@ -147,7 +145,7 @@ enum guidewords "HAZOP-style guide words used to categorize failure mode." {

type FailureMode "A potential failure of a system function, described using one or more HAZOP guide words." extends ScoreReq.RequirementSafety {
guidewords "One or more HAZOP guide words classifying the nature of this failure."
guidewords[1 .. *]
Guideword[1 .. *]
failureeffect "Description of the consequence of this failure mode on the system or its users."
String
rationale "Explanation of why this failure mode is considered relevant."
Expand All @@ -156,21 +154,26 @@ type FailureMode "A potential failure of a system function, described using one
optional String
}

abstract type Measure "Abstract base type for all safety measures. Cannot be instantiated directly." extends ScoreReq.RequirementSafety {
type ControlMeasure "A design or operational measure that detects, prevents, or limits a failure mode." extends RequirementSafety {
mitigates "Reference to the FailureMode or safety concern that this requirement mitigates."
optional String
}

type ControlMeasure "A design or operational measure that detects, prevents, or limits a failure mode." extends Measure {
type PreventiveMeasure "A measure that prevents a failure mode from occurring in the first place." {
}

type PreventiveMeasure "A measure that prevents a failure mode from occurring in the first place." extends Measure {
type Mitigation "A measure that reduces the severity or probability of a failure mode's effect." extends AssumedSystemReq {
mitigates "Reference to the FailureMode or safety concern that this requirement mitigates."
optional String
}

type Mitigation "A measure that reduces the severity or probability of a failure mode's effect." extends Measure {
type AoU "Assumption of Use — a safety-relevant condition that a user must fulfil." extends ControlMeasure {
}

type AoU "Assumption of Use — a safety-relevant condition that a caller must fulfil when using this component." extends ControlMeasure {
mitigates "Reference to the FailureMode or hazard that is mitigated when this assumption is satisfied."
optional String
tuple Measure {
item [ControlMeasure, PreventiveMeasure, Mitigation]
separator @
version Integer
}

///////////////////////////////
Expand Down
Loading