Requirements#

Communication Requirements		status: valid security: YES safety: ASIL_B
realizes: wp__requirements_feat

doc__communication_requirements		Generic Document

Support for Time-based Architecture		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__app_architectures__support_time, stkh_req__communication__safe
The communication framework shall provide API to support a time-based architecture.
feat_req__com__time_based_arch		Feature Requirement

Support for Data-driven Architecture		status: valid security: NO safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__app_architectures__support_data
The communication framework shall provide API to support a data-driven architecture.
feat_req__com__data_driven_arch		Feature Requirement

Support for Request-driven Architecture		status: valid security: NO safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__app_architectures__support_request
The communication framework shall provide API to support a request-driven architecture.
feat_req__com__request_driven_arch		Feature Requirement

Communication Interfaces		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__app_architectures__support_data, stkh_req__app_architectures__support_time, stkh_req__communication__safe, stkh_req__app_architectures__support_request fulfilled by: feat_arc_sta__com__communication, logic_arc_int__communication__user, logic_arc_int__lifecycle__deadline_monitor_if, logic_arc_int__lifecycle__logical_monitor_if, logic_arc_int__lifecycle__controlif, logic_arc_int__lifecycle__alive_if, logic_arc_int__lifecycle__cfg_params_static, logic_arc_int__orchestration__user
A communication interface consists of a combination of any number of the following elements: Event-Types Methods Signals
feat_req__com__interfaces		Feature Requirement

Event Type		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__app_architectures__support_time
An event-type is part of a communication interface and has: a name a data type The producer can assign a value to it. Consumers can subscribe to value-changed events of the element or poll unseen, cached events.
feat_req__com__event_type		Feature Requirement

Method		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__app_architectures__support_request, stkh_req__communication__safe
A method is part of a communication interface and has: a name a specified application routine with a given set of parameters and a return type When a communication partner issues a call to the method with the required parameters: it shall invoke the application routine with the provided parameters, and return its result to the communication partner A method call shall be possible both synchronously and asynchronously.
feat_req__com__method		Feature Requirement

Signal		status: valid security: NO safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__app_architectures__support_request
A signal is part of a communication interface and has: a name A client can trigger the signal. The service instance offering the trigger can: wait for the signal to be triggered check if the signal was triggered Note Signals can not transport data. They are meant to be fast synchronization mechanism with low setup cost. Thus, depending on the location of the communication partners primitives like Linux Signals or QNX Pulses or Hypervisor Signalling APIs may be chosen.
feat_req__com__signal		Feature Requirement

Producer-Consumer Pattern		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__app_architectures__support_time, stkh_req__communication__safe
Communication shall be cached based on the producer-consumer pattern.
feat_req__com__producer_consumer		Feature Requirement

Service Instance		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
Multiple service instances shall be able to offer the same interface. Note A communication interface that is offered to consumers is called a service instance.
feat_req__com__service_instance		Feature Requirement

Service Instance Names		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
A service instance is offered under one or more unique names by which it can be discovered. Names follow a POSIX path style. Note The resolution from a service instance name to the protocol-specific identifier is handled by the service discovery.
feat_req__com__service_instance_names		Feature Requirement

Versioning		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
The communication framework shall support versioning of service instances: Version information of a service instance is binding-specific. Version information is provided in the deployment configuration. Note Multiple service instances can have the same interface and version.
feat_req__com__versioning		Feature Requirement

Service location transparency		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
The interface to access service instances is agnostic to the binding used to communicate with the service. Note Deployment information may require manual changes based on where the service is located.
feat_req__com__service_location_transparency		Feature Requirement

Stateless communication		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
The communication framework shall support stateless communication. Note In case of events, the producer is not aware of its consumers. In case of RPC, the skeleton is not aware of the proxy, this request originated from.
feat_req__com__stateless_communication		Feature Requirement

Service instance_granularity		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
The communication framework shall support multiple service instances per software architecture element. Note A software architecture element is for example an application, activity, proces, …
feat_req__com__service_instance_granularity		Feature Requirement

Service discovery		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
The communication framework shall provide service discovery to find available services during runtime. Service discovery shall consider version compatibility. Service discovery shall be handled implicitly (where possible). Note The service discovery may be restricted/impacted by availability of deployment information.
feat_req__com__service_discovery		Feature Requirement

Mixed-Criticality safety systems#

Safe communication over criticality levels		status: valid security: YES safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
The communication framework shall support safe communication involving communication partners on the same or multiple criticality levels.
feat_req__com__safe_communication		Feature Requirement

Data Corruption		status: valid security: YES safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
Consumers with lower criticality shall not be able to corrupt data consumed by partners with higher criticality.
feat_req__com__data_corruption		Feature Requirement

Data Reordering		status: valid security: YES safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
Consumers with lower criticality shall not be able to modify the order of data consumed by partners with higher criticality.
feat_req__com__data_reordering		Feature Requirement

Data Repetition		status: valid security: YES safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
Consumers with lower criticality shall not be able to duplicate data consumed by other communication partners with higher criticality.
feat_req__com__data_repetition		Feature Requirement

Data Loss		status: valid security: YES safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
Consumers with lower criticality shall not be able to drop data before it is consumed by partners with higher criticality.
feat_req__com__data_loss		Feature Requirement

Performance#

Zero-Copy Approach		status: valid security: NO safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__app_architectures__support_data, stkh_req__app_architectures__support_request
The communication framework shall enable Zero-Copy communication without copying to-be-transferred data. Note It has to be evaluated on binding level if a Zero-Copy approach is applicable for the respective binding.
feat_req__com__zero_copy		Feature Requirement

User friendly API for information exchange#

Support for multiple programming languages		status: valid security: NO safety: QM
tags: com reqtype: Non-Functional satisfies: stkh_req__dev_experience__prog_languages
The communication framework shall provide a public API for each supported programming language of S-CORE.
feat_req__com__multi_lang		Feature Requirement

Support for programming language idioms		status: valid security: NO safety: QM
tags: com reqtype: Non-Functional satisfies: stkh_req__dev_experience__prog_languages
Each public API shall support the idioms of the programming language it is written in.
feat_req__com__lang_idioms		Feature Requirement

Use programming language infrastructure		status: valid security: NO safety: QM
tags: com reqtype: Non-Functional satisfies: stkh_req__dev_experience__prog_languages
Each public API shall use core infrastructure of its programming language and accompanying standard libraries, whenever possible and meaningful. Note This includes error handling.
feat_req__com__lang_infra		Feature Requirement

Full testability for the user facing API#

Fully mockable public API		status: valid security: NO safety: QM
tags: com reqtype: Non-Functional satisfies: stkh_req__communication__inter_process
The public API shall be fully mockable.
feat_req__com__testability_mock_api		Feature Requirement

Fake binding		status: valid security: NO safety: QM
tags: com reqtype: Non-Functional satisfies: stkh_req__communication__inter_process
The communication framework shall provide a fake binding.
feat_req__com__testability_fake_binding		Feature Requirement

Multi-binding support#

Multi-binding support		status: valid security: NO safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process
The communication framework shall support multiple bindings. Note A binding performs the conversion of user communication to the respective communication protocol. It does this either directly or via a gateway approach.
feat_req__com__multi_binding_support		Feature Requirement

Binding-agnostic public API		status: valid security: NO safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process
The public API of the communication framework shall be binding-agnostic. Note Binding-agnostic in this context means, that the public API is independent of the binding underneath. E.g., if the binding is exchanged, the public API remains syntactically and semantically unchanged.
feat_req__com__binding_agnostic_api		Feature Requirement

Multi-binding deployment configuration		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process
The association of a service instance and the appropriate binding shall be specified in the deployment configuration.
feat_req__com__multi_binding_depl		Feature Requirement

Cross-VM Extensions#

One-way data sharing into a VM		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
The system shall support one-way data sharing into a Virtual Machine (VM) for vehicle state read-only for the VM (snapshot state).
feat_req__com__one_way_sharing		Feature Requirement

Read-only access for VM		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
The consumer (VM) shall have read-only access to the shared data.
feat_req__com__readonly_vm		Feature Requirement

Consistent data-sets		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
The system shall support consistent data-sets, allowing the consumer to obtain a consistent version of related data items.
feat_req__com__consistent_data		Feature Requirement

Lock-free access		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
Consistent access to data must be lock-free.
feat_req__com__lock_free_access		Feature Requirement

Producer time stamps		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
Producer time stamps shall be available for related data-sets.
feat_req__com__producer_timestamps		Feature Requirement

Streamed data based on shared queues		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
The system shall support streamed data based on shared queues (stream of events or data).
feat_req__com__streamed_data		Feature Requirement

Configurable queues		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
Queues shall be configurable by the client (VM), including the number of elements and buffer allocation.
feat_req__com__configurable_queues		Feature Requirement

Lock-free queue access		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
Queues shall support lock-free access to data elements.
feat_req__com__lock_free_queue		Feature Requirement

Bi-directional communication		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
The system shall support bi-directional communication via writable data elements by the client.
feat_req__com__bi_directional_comm		Feature Requirement

Asynchronous support		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
The system shall provide asynchronous bi-directional support via multiple queues.
feat_req__com__async_support		Feature Requirement

Shared memory chunks		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
The system shall support multiple chunks of shared memory to allow required access control.
feat_req__com__shared_memory		Feature Requirement

Data update notifications		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
Notifications for data updates shall be available (virtual IRQs in a VM).
feat_req__com__data_notifications		Feature Requirement

Configurable notifications		status: valid security: NO safety: QM
tags: com reqtype: Functional valid_from: v1.0.0 satisfies: stkh_req__communication__inter_process
Notifications shall be configurable by consumers of data (using flags or watermarks in shared memory from client to producer).
feat_req__com__config_notifications		Feature Requirement

Dynamic deployment at runtime#

Deployment configuration at runtime		status: valid security: YES safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe fulfilled by: feat_arc_dyn__communication__ipc
Deployment configuration shall be read from an integrity-checked configuration file at runtime.
feat_req__com__depl_config_runtime		Feature Requirement

Tracing#

Support for Tracing		status: valid security: NO safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__dev_experience__tracing_of_comm, stkh_req__communication__safe
The communication framework shall provide infrastructure to enable binding-agnostic, zero-copy, read-only tracing of communication.
feat_req__com__tracing		Feature Requirement

Security Impact#

Access Control List Placement		status: valid security: YES safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__dependability__security_features
The communication framework shall support an Access Control Lists in the deployment configuration.
feat_req__com__acl_placement		Feature Requirement

Access Control List per service instance		status: valid security: YES safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__dependability__security_features
The communication framework shall support an Access Control List per service instance.
feat_req__com__acl_per_service_instance		Feature Requirement

Access Control List for producer		status: valid security: YES safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__dependability__security_features
The communication framework shall support an Access Control List for the communication partner offering a service instance (producer). An entry in the ACL corresponds to an allowed consumer.
feat_req__com__acl_for_producer		Feature Requirement

Access Control List for consumer		status: valid security: YES safety: QM
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__dependability__security_features
The communication framework shall support an Access Control List for the communication partner consuming a service instance. An entry in the ACL corresponds to an allowed producer.
feat_req__com__acl_for_consumer		Feature Requirement

Safety Impact#

Communication ASIL level		status: valid security: YES safety: ASIL_B
tags: com reqtype: Functional satisfies: stkh_req__communication__inter_process, stkh_req__communication__safe
The communication framework shall support safe communication up to ASIL-B.
feat_req__com__asil		Feature Requirement