Persistency FMEA#

FMEA
status: valid
security: NO
safety: ASIL_B
tags: persistency
realizes: wp__feature_fmea
doc__persistency_fmea
Generic Document

For the FMEA analysis where the fault models gd_guidl__fault_models are used. The following fault models doesn’t apply to the persistency feature:

Fault models

  • MF_01_03: Message received too early: Failure initiator not applicable at persistency, so no mitigation is needed.

  • MF_01_04: message not received correctly by all recipients (different messages or messages partly lost): Failure initiator not applicable at persistency, so no mitigation is needed.

  • MF_01_07: Message is unintended sent: Failure initiator not applicable at persistency. Feature developed fully deterministic, so no unintended messages are expected.

  • CO_01_01: Minimum constraint boundary is violated: Failure initiator not applicable at persistency, so no mitigation is needed.

  • CO_01_02: Maximum constraint boundary is violated: Failure initiator not applicable at persistency, so no mitigation is needed.

  • EX_01_01: Process calculates wrong result(s): Failure initiator not applicable at persistency, so no mitigation is needed. The feature is developed fully deterministic, so no wrong results are expected caused by persistency

  • EX_01_02: Processing too slow: Failure initiator not applicable at persistency. The feature is developed fully deterministic, so no processing too slow is expected caused by persistency.

  • EX_01_03: Processing too fast: Failure initiator not applicable at persistency, so no mitigation is needed. The feature is developed fully deterministic, so no processing too fast is expected caused by persistency.

  • EX_01_04: Loss of execution: Failure initiator not applicable at persistency, so no mitigation is needed. The feature is developed fully deterministic, so no loss of execution is expected caused by persistency.

  • EX_01_05: Processing changes to arbitrary process: Failure initiator not applicable at persistency, so no mitigation is needed.

  • EX_01_06: Processing is not complete (infinite loop): Failure initiator not applicable at persistency, so no mitigation is needed. The feature is developed fully deterministic, so no infinite loop is expected caused by persistency.

Persistency
status: valid
failure_effect: Message is not received so the feature persistency is not available.
fault_id: MF_01_01
sufficient: yes
mitigated_by: aou_req__persistency__error_handling
violates: feat_arc_dyn__persistency__check_key_default, feat_arc_dyn__persistency__delete_key, feat_arc_dyn__persistency__flush, feat_arc_dyn__persistency__read_key, feat_arc_dyn__persistency__read_from_storage, feat_arc_dyn__persistency__write_key, feat_arc_dyn__persistency__snapshot_restore

User is not able to use the feature. Middleware cant be used. User is not able to use the feature. Middleware cant be used. Loss of execution can only be caused by the application, not by the persistency feature itself. Failure handling is addressed to the application by the aou_req__persistency__error_handling.
feat_saf_fmea__persistency__message_nreived
Feature FMEA (Failure Mode and Effects Analysis)
Persistency
status: valid
failure_effect: message received too late.
fault_id: MF_01_02
sufficient: yes
mitigated_by: aou_req__persistency__error_handling
violates: feat_arc_dyn__persistency__check_key_default, feat_arc_dyn__persistency__delete_key, feat_arc_dyn__persistency__flush, feat_arc_dyn__persistency__read_key, feat_arc_dyn__persistency__read_from_storage, feat_arc_dyn__persistency__write_key, feat_arc_dyn__persistency__snapshot_restore

Subset of MF_01_01 if the delay is to long.
feat_saf_fmea__persistency__late_message
Feature FMEA (Failure Mode and Effects Analysis)
Persistency
status: valid
failure_effect: message is corrupted so the feature persistency is not available.
fault_id: MF_01_05
sufficient: yes
mitigated_by: aou_req__persistency__error_handling
violates: feat_arc_dyn__persistency__check_key_default, feat_arc_dyn__persistency__delete_key, feat_arc_dyn__persistency__flush, feat_arc_dyn__persistency__read_key, feat_arc_dyn__persistency__read_from_storage, feat_arc_dyn__persistency__write_key, feat_arc_dyn__persistency__snapshot_restore

Covered by MF_01_01
feat_saf_fmea__persistency__corrupted_message
Feature FMEA (Failure Mode and Effects Analysis)
Persistency
status: valid
failure_effect: message is not sent so the feature persistency is not available.
fault_id: MF_01_06
sufficient: yes
mitigated_by: aou_req__persistency__error_handling
violates: feat_arc_dyn__persistency__check_key_default, feat_arc_dyn__persistency__delete_key, feat_arc_dyn__persistency__flush, feat_arc_dyn__persistency__read_key, feat_arc_dyn__persistency__read_from_storage, feat_arc_dyn__persistency__write_key, feat_arc_dyn__persistency__snapshot_restore

Covered by MF_01_01 because the violation cause is the same.
feat_saf_fmea__persistency__not_sent
Feature FMEA (Failure Mode and Effects Analysis)
Persistency
status: valid
failure_effect: loss of execution will lead to an unavailability of the persistency feature.
fault_id: EX_01_04
sufficient: yes
mitigated_by: aou_req__persistency__error_handling
violates: feat_arc_dyn__persistency__check_key_default, feat_arc_dyn__persistency__delete_key, feat_arc_dyn__persistency__flush, feat_arc_dyn__persistency__read_key, feat_arc_dyn__persistency__read_from_storage, feat_arc_dyn__persistency__write_key, feat_arc_dyn__persistency__snapshot_restore

User is not able to use the feature. Middleware cant be used. Loss of execution can only be caused by the application, not by the persistency feature itself. Failure handling is addressed to the application by the aou_req__persistency__error_handling.
feat_saf_fmea__persistency__err_handl
Feature FMEA (Failure Mode and Effects Analysis)