FEO Feature Requirements		status: valid security: NO safety: ASIL_B
tags: frameworks_feo realizes: wp__requirements_feat

doc__frameworks_feo_feat_reqs		Generic Document

FEO Feature Requirements#

Definitions#

Definition: Application		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data satisfied by: comp_req__feo__application, comp_req__feo__scheduler fulfilled by: feat_arc_sta__feo__main, feat_arc_dyn__feo__main, logic_arc_int__feo__activity, logic_arc_int__feo__prim_agent, logic_arc_int__feo__sec_agent
An application consists of one or more activities. An application consists of one or more operating system processes. In particular it consists of the primary process which handles the lifecycle, configuration and execution management. It may optionally consist of one or more secondary processes. The purpose of secondary processes is to run code in separate address spaces (Freedom From Interference) for safety reasons. Each process (primary and secondary) belongs to exactly one application. Each process contains one ore more operating system threads.
feat_req__feo__application		Feature Requirement

Definition: Activity		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data satisfied by: comp_req__feo__activity, comp_req__feo__activitiy_thread, comp_req__feo__activitiy_step, comp_req__feo__comp_cfg, comp_req__feo__comp_cfg_file, comp_req__feo__act_map_cfg fulfilled by: feat_arc_sta__feo__main, feat_arc_dyn__feo__main, logic_arc_int__feo__activity, logic_arc_int__feo__prim_agent, logic_arc_int__feo__sec_agent
Activities are mapped to threads within primary or secondary processes. Each activity is mapped to exactly one thread and provides the following functions: init: Initialization of the activity. step: Execution of the activity. shutdown: Shutdown of the activity. The mapping is done in a configuration file and cannot be changed at runtime.
feat_req__feo__activity		Feature Requirement

Definition: Task Chain		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data, stkh_req__execution_model__processes satisfied by: comp_req__feo__task_chain, comp_req__feo__comp_cfg fulfilled by: feat_arc_sta__feo__main, feat_arc_dyn__feo__main, logic_arc_int__feo__prim_agent, logic_arc_int__feo__sec_agent
All activities within an application are arranged within a Task Chain. There is exactly one task chain per application. The task chain configuration defines the execution order of the activities. In particular it defines when the task chain is activated (typically in a cyclic manner) and in which order the activities will run. Every task chain may have one or multiple input service activities which will run in the beginning. The purpose of an input service activity is to collect external input signals and provide them to the other activities during task chain execution. Every task may have one or more output service activities which will run in the end. The purpose of an output service activity is to collect signals produced by activities within the task chain and send them to external entities.
feat_req__feo__task_chain		Feature Requirement

Definition: Service Activity		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data satisfied by: comp_req__feo__service_activity
Service activities are a means to interact with the outside world, e.g. via network communication, direct sensor input or direct actuator output Service activities may also use APIs external to the framework (e.g. networking APIs, reading from external sensor devices, writing HW I/O, etc.)
feat_req__feo__service_activity		Feature Requirement

Definition: Agent		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data satisfied by: comp_req__feo__scheduler, comp_req__feo__agent fulfilled by: feat_arc_sta__feo__main, feat_arc_dyn__feo__main, logic_arc_int__feo__prim_agent, logic_arc_int__feo__sec_agent
In order to execute activities in secondary processes, the executor makes use of an Agent for each secondary process and possibly also the primary process. The agent receives commands from the executor, invokes actions on activities within its process and reports back to the executor. Each Activity that is part of the task chain is associated with an Agent, which takes over the task to wait for a trigger from its corresponding Executor. When the Agent gets a step request from the Executor, it calls the Step function of the Activity There is exactly one agent for each secondary process. The primary can but doesn’t have to be associated with an agent.
feat_req__feo__agent		Feature Requirement

Dynamic Architecture#

The lifecycle of an `Application` consists of 3 phases: Init, Run and Shutdown.		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data, stkh_req__execution_model__processes satisfied by: comp_req__feo__application_lifecycle fulfilled by: logic_arc_int__feo__lifecycle
The Application Lifecycle consists of 3 phases: Init, Run and Shutdown.
feat_req__feo__application_lifecycle		Feature Requirement

Initialization of activities		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data, stkh_req__execution_model__processes satisfied by: comp_req__feo__activitiy_thread, comp_req__feo__activity_init, comp_req__feo__activitiy_step
Initialization of activities is done during application initialization. Each activity is initialized by a call to its init function. The init function will be invoked in the thread to which the activity is mapped. Note that init, step and shutdown functions will be run in the same thread.
feat_req__feo__activity_init		Feature Requirement

Stepping of activities		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data, stkh_req__execution_model__processes satisfied by: comp_req__feo__activitiy_thread, comp_req__feo__activitiy_step
Each activity is stepped once within each execution of the task chain they belong to. Stepping is done by a call to an activity’s step function.
feat_req__feo__activitiy_step		Feature Requirement

Shutdown of activities		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data, stkh_req__execution_model__processes satisfied by: comp_req__feo__activitiy_thread, comp_req__feo__activity_shutdown
Shutdown of activities is done during application shutdown. Each activity is shut down by a call to its shutdown function. The shutdown function will be invoked in the thread to which the activity is mapped.
feat_req__feo__activity_shutdown		Feature Requirement

Supervision#

Alive supervision		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data satisfied by: comp_req__feo__alive_supervision
The framework shall provide the functionality to enable the reporting of alive supervision checkpoint to an external health management system (e.g. watchdog)
feat_req__feo__alive_supervision		Feature Requirement

Support of deadline supervision checkpoints		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data satisfied by: comp_req__feo__deadline_supervision
The framework shall provide the functionality to enable the reporting of deadline supervision checkpoints to an external health management system (e.g. watchdog)
feat_req__feo__deadline_supervision		Feature Requirement

Support of logical supervision		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data satisfied by: comp_req__feo__logical_supervision
The framework shall provide the functionality to enable the reporting of logical supervision checkpoints to an external health management system (e.g. watchdog)
feat_req__feo__logical_supervision		Feature Requirement

Trustable computation		status: valid security: NO safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__app_architectures__support_time, stkh_req__app_architectures__support_data satisfied by: comp_req__feo__trustable_computation
The framework shall provide mechanisms to check after the computation of an Activity if the result is trustable. This can be done e.g. via evaluation of floating point exceptions, checking of hardware registers or status information of the software platform.
feat_req__feo__trustable_computation		Feature Requirement

Error Handling for S-CORE v0.5#

Response to termination request		status: valid security: YES safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes satisfied by: comp_req__feo__response_term_request
If the primary process receives a termination signal, it shall call the shutdown function of all remaining activities in arbitrary sequence and terminate itself. If a secondary process receives a termination signal, it shall terminate itself.
feat_req__feo__response_term_request		Feature Requirement

Secondary connection timeout		status: valid security: YES safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes satisfied by: comp_req__feo__secondary_conn_timeout
If not all secondary processes connect to the primary in time, the primary shall terminate itself. The startup functions shall not be triggered.
feat_req__feo__secondary_conn_timeout		Feature Requirement

Activity startup error		status: valid security: YES safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes satisfied by: comp_req__feo__act_startup_error
If an error occurs during the execution of a startup function, the primary process shall abort calling startup functions and terminate itself. For all of the activities whose startup functions have already been called successfully, the corresponding shutdown functions shall be executed in arbitrary sequence.
feat_req__feo__act_startup_error		Feature Requirement

Activity resource allocation error		status: valid security: YES safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes satisfied by: comp_req__feo__act_alloc_error
During initialization (i.e. in the startup function of an activity), activities shall check for resource allocation and report an error to the executor in case of failure.
feat_req__feo__act_alloc_error		Feature Requirement

Activity timeout		status: valid security: YES safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes satisfied by: comp_req__feo__act_timeout
If a timeout occurs during startup, stepping or shutdown of an activity, the primary process shall shutdown all successfully started activities in arbitrary sequence and terminate itself.
feat_req__feo__act_timeout		Feature Requirement

Startup timeout		status: valid security: YES safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes satisfied by: comp_req__feo__startup_timeout
If not all activities reach their initialized state within a certain period of time (startup timeout), the primary process shall shutdown all successfully started activities in arbitrary sequence and terminate itself.
feat_req__feo__startup_timeout		Feature Requirement

Activity stepping error		status: valid security: YES safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes satisfied by: comp_req__feo__act_stepping_error
If an activity fails in the step function, the primary process shall call shutdown for all activities in arbitrary sequence and terminate itself.
feat_req__feo__act_stepping_error		Feature Requirement

Activity shutdown error		status: valid security: YES safety: ASIL_B
tags: frameworks_feo reqtype: Functional satisfies: stkh_req__dependability__safety_features, stkh_req__dependability__availability, stkh_req__execution_model__processes satisfied by: comp_req__feo__act_shutdown_error
If an activity fails in the shutdown function, the primary process shall shutdown all remaining activities in arbitrary sequence and terminate itself.
feat_req__feo__act_shutdown_error		Feature Requirement