Safety Manual#

Rust Base Libraries Safety Manual
status: draft
security: NO
safety: ASIL_B
tags: baselibs_rust
realizes: wp__module_safety_manual
doc__baselibs_rust_safety_manual
Generic Document

Introduction/Scope#

This manual covers Rust Base Libraries module.

Assumed Platform Safety Requirements#

For the Rust Base Libraries the following safety related stakeholder requirements are assumed to define the top level functionality (purpose) of the Rust Base Libraries.
I.e. from these all the feature and component requirements implemented are derived.
<List here all the stakeholder requirements, with safety not equal to QM, the module’s components requirements are derived from.>

Assumptions of Use#

Assumptions on the Environment#

Generally the assumption of the project platform SEooC is that it is integrated in a safe system, i.e. the POSIX OS it runs on is qualified and also the HW related failures are taken into account by the system integrator, if not otherwise stated in the module’s safety concept.
<List here all the OS calls the project platform expects to be safe.>

List of AoUs expected from the environment the module runs on:

Title

ID

Status

Application deadlock

aou_req__persistency__appl_design

valid

Application execution

aou_req__persistency__appl_exec

valid

Persistency Error handling

aou_req__persistency__error_handling

valid

Assumptions on the User#

As there is no assumption on which specific OS and HW is used, the integration testing of the stakeholder and feature requirements is expected to be performed by the user of the platform SEooC. Tests covering all stakeholder and feature requirements performed on a reference platform (tbd link to reference platform specification), reviewed and passed are included in the platform SEooC safety case.
Additionally the components of the platform may have additional specific assumptions how they are used. These are part of every module documentation: Module Documents. Assumptions from components to their users can be fulfilled in two ways:
1. There are assumption which need to be fulfilled by all SW components, e.g. “every user of an IPC mechanism needs to make sure that he provides correct data (including appropriate ASIL level)” - in this case the AoU is marked as “platform”.
2. There are assumption which can be fulfilled by a safety mechanism realized by some other project platform component and are therefore not relevant for an user who uses the whole platform. But those are relevant if you chose to use the module SEooC stand-alone - in this case the AoU is marked as “module”. An example would be the “JSON read” which requires “The user shall provide a string as input which is not corrupted due to HW or QM SW errors.” - which is covered when using together with safe project platform persistency feature.

List of AoUs on the user of the platform features or the module of this safety manual:

Title

ID

Status

Access control

aou_req__json__access_control

valid

aragen not safe

aou_req__communication__27

valid

bazel tooling

aou_req__platform__bazel_tooling

valid

bug fixing

aou_req__platform__bug_fixing

valid

bug interface

aou_req__platform__bug_interface

valid

Check for nullptr on Allocate()

aou_req__communication__14

valid

Checking for possible message overflow

aou_req__communication__8

valid

Config on a safe filesystem

aou_req__communication__10

valid

Correctly configured ASIL Level

aou_req__communication__4

valid

Correctly configured events/fields per service type

aou_req__communication__34

valid

Correctly configured maximum number of maximum elements per subscriber

aou_req__communication__3

valid

Correctly Configured Maximum Number of Subscribers

aou_req__communication__2

valid

Different user for ASIL and QM processes

aou_req__communication__9

valid

Error Domain Implementation

aou_req__result__error_domain_implementation

valid

Event or Field reception via GenericProxy needs specific care

aou_req__communication__32

valid

Event Subscription active while holding SamplePtr

aou_req__communication__19

valid

FEO something

aou_req__component_feo__anything

valid

FEO something

aou_req__feature_feo__something

valid

integration assistance

aou_req__platform__integration_assistance

valid

integration levels

aou_req__platform__levels

valid

integration manual

aou_req__platform__os_integration_manual

valid

Integrator safety anomaly reporting

aou_req__platform__integration_safety_anomaly

valid

JSON data integrity

aou_req__json__data_integrity

valid

LoLa Memory only accessed through LoLa

aou_req__communication__24

valid

LoLa specific QNX Messaging End-Points only accessed through LoLa

aou_req__communication__26

valid

Monotonic Semi-Dynamic Memory Allocation

aou_req__communication__1

valid

Next Title

aou_req__component_name__next_title

invalid

No APIs from Implementation Namespace

aou_req__communication__6

valid

No Copy-Send() while holding AllocateePtr.

aou_req__communication__16

valid

No guarantee in availability of services

aou_req__communication__12

valid

No guarantee on execution time

aou_req__communication__29

valid

No guarantees for notifications

aou_req__communication__7

valid

No notification on termination of producer

aou_req__communication__13

valid

No shared memory allocation in namespace lola

aou_req__communication__25

valid

No static context support

aou_req__communication__11

valid

Non-Terminating callbacks

aou_req__communication__20

valid

None reentrant methods per event instance

aou_req__communication__17

valid

on_target_crates

aou_req__feo__on_target_crates

invalid

One producer only one AllocateePtr

aou_req__communication__15

valid

Only LoLa supported types

aou_req__communication__5

valid

OS safety anomaly reporting

aou_req__platform__os_safety_anomaly

valid

Quality of data is dependent on producer

aou_req__communication__22

valid

Resource Lifetime

aou_req__result__resource_lifetime

valid

Result Value Handling

aou_req__result__value_handling

valid

rust_core_lib

aou_req__feo__rust_core_lib

valid

rust_std_lib_modules

aou_req__feo__rust_std_lib_modules

invalid

safety AoU

aou_req__platform__safety_aou

valid

safety functions

aou_req__platform__safety_functions

valid

safety integration

aou_req__platform__os_safety_integration

valid

safety matching

aou_req__platform__safety_matching

valid

Same compiler settings for provider and consumer side

aou_req__communication__31

valid

Skeleton alive while its AllocateePtr being used

aou_req__communication__18

valid

Some Other Title

aou_req__feature_name__some_other_title

invalid

SW platform integration bug reporting

aou_req__platform__bug_report

valid

SW platform testing

aou_req__platform__testing

valid

Thread Safety

aou_req__result__thread_safety

valid

unsupported data-types

aou_req__communication__28

valid

Usage of configuration "oversubscription"

aou_req__communication__30

valid

Valid callbacks while proxy alive

aou_req__communication__21

valid

Validity of pointer on LoLa pointer

aou_req__communication__23

valid

Safety concept of the SEooC#

<Describe here the safety concept incl. which faults are taken care of, reactions of the implemented functions under anomalous operating conditions … if this is not already documented sufficiently in the feature documentation “safety impact” section of all the features the module is used in.>

Safety Anomalies#

Anomalies (bugs in ASIL SW, detected by testing or by users, which could not be fixed) known before release are documented in the platform/module release notes <add link to release note>.

References#

<link to the user manual>
<other links>