FEO Component Requirements		status: draft security: NO safety: ASIL_B
tags: component_feo realizes: wp__requirements_comp

doc__component_feo_requirements		Generic Document

FEO Component Requirements#

Application Processes		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__application fulfilled by: comp_arc_sta__feo__main, comp_arc_dyn__feo__main, real_arc_int__feo__primary_config, real_arc_int__feo__primary, real_arc_int__feo__secondary_config, real_arc_int__feo__secondary
An application consists of one or more activities executed in one or multiple operating system processes. In particular it consists of the primary process which handles the lifecycle, configuration and execution management. It may optionally consist of one or more secondary processes. The purpose of secondary processes is to run code in separate address spaces (Freedom From Interference) for safety reasons. Each process (primary and secondary) belongs to exactly one application. Each process contains one ore more operating system threads.
comp_req__feo__application		Component Requirement

Activity		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__activity fulfilled by: real_arc_int__feo__activity
Each activitiy is mapped to exactly one thread within the primary or one of the secondary processes. Each activity provides the following functions: init: Initialization of the activity. step: Execution of the activity. shutdown: Shutdown of the activity.
comp_req__feo__activity		Component Requirement

Task Chain		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__task_chain fulfilled by: comp_arc_sta__feo__main, comp_arc_dyn__feo__main, real_arc_int__feo__primary_config, real_arc_int__feo__primary, real_arc_int__feo__secondary_config, real_arc_int__feo__secondary
All activities within an application are arranged within a Task Chain. There is exactly one task chain per application. The task chain configuration defines the execution order of the activities. In particular it defines when the task chain is activated (typically in a cyclic manner) and in which order the activities will run. Every task chain may have one or multiple input service activities which will run in the beginning. The purpose of an input service activity is to collect external input signals and provide them to the other activities during task chain execution. Every task may have one or more output service activities which will run in the end. The purpose of an output service activity is to collect signals produced by activities within the task chain and send them to external entities.
comp_req__feo__task_chain		Component Requirement

Scheduler aka Executor		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__application, feat_req__feo__agent fulfilled by: comp_arc_sta__feo__main, comp_arc_dyn__feo__main
The component shall implement a scheduler (aka executor) that manages the execution of activities in correct order.
comp_req__feo__scheduler		Component Requirement

Service Activity		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__service_activity
The component shall enable the implementation and execution of Service Activities, which are a means to interact with the outside world, e.g. via network communication, direct sensor input or direct actuator output. A Service Activity shall be enabled to use APIs external to the framework (e.g. networking APIs, reading from external sensor devices, writing HW I/O, etc.)
comp_req__feo__service_activity		Component Requirement

Agent		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__agent fulfilled by: comp_arc_sta__feo__main, comp_arc_dyn__feo__main
In order to execute activities in secondary processes, the Scheduler shall use agents running in the secondary processes. There shall be exactly one agent for each secondary process. The Agent in a secondary process shall receive commands from the Scheduler, invoke actions on Activities within its process and report back to the Scheduler. Each Activity that is part of the task chain in a secondary process shall be associated with an Agent, which takes over the task to wait for a trigger from the Scheduler. When the Agent gets a step request from the Scheduler, it calls the Step function of the Activity.
comp_req__feo__agent		Component Requirement

Mapping of Activities to threads		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__activity_init, feat_req__feo__activitiy_step, feat_req__feo__activity_shutdown, feat_req__feo__activity
Each activity shall be mapped to one thread. The mapping cannot be changed at runtime. Each activity’s init, step and shutdown functions shall be executed in the assigned thread.
comp_req__feo__activitiy_thread		Component Requirement

Application Lifecycle Phases		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__application_lifecycle fulfilled by: comp_arc_dyn__feo__main
The Application Lifecycle shall consists of 3 phases: Init, Run and Shutdown.
comp_req__feo__application_lifecycle		Component Requirement

Initialization of Activities		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__activity_init fulfilled by: comp_arc_dyn__feo__main
Initialization of Activities shall be done during application initialization. Each Activity shall be initialized by a call to its init function. The init function shall be invoked in the thread to which the activity is mapped.
comp_req__feo__activity_init		Component Requirement

Stepping of Activities		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__activitiy_step, feat_req__feo__activity_init, feat_req__feo__activity fulfilled by: comp_arc_dyn__feo__main
Each Activity shall be stepped once within each execution of the Task Chain they belong to. Stepping is done by a call to an activity’s step function. The step function shall be invoked in the thread to which the activity is mapped.
comp_req__feo__activitiy_step		Component Requirement

Shutdown of activities		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__activity_shutdown fulfilled by: comp_arc_dyn__feo__main
Shutdown of activities shall be done during application shutdown. Each activity shall be shut down by a call to its shutdown function. The shutdown function shall be invoked in the thread to which the activity is mapped.
comp_req__feo__activity_shutdown		Component Requirement

Component Configuration		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__activity, feat_req__feo__task_chain fulfilled by: comp_arc_sta__feo__main, real_arc_int__feo__primary_config, real_arc_int__feo__primary, real_arc_int__feo__secondary_config, real_arc_int__feo__secondary
The component shall provide a configuration mechanism that supports configuring the mapping of activities to threads the execution order of activities when the task chain is activated (e.g. a cycle time for cyclic execution)
comp_req__feo__comp_cfg		Component Requirement

Component Configuration from File		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__activity
It shall be possible to define the component configuration in a pre-defined configuration file.
comp_req__feo__comp_cfg_file		Component Requirement

Activity Mapping Configuration		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__activity fulfilled by: comp_arc_sta__feo__main, real_arc_int__feo__primary_config, real_arc_int__feo__primary, real_arc_int__feo__secondary_config, real_arc_int__feo__secondary
The mapping of activities to threads is done in the component configuration and cannot be changed at runtime.
comp_req__feo__act_map_cfg		Component Requirement

Alive supervision		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__alive_supervision
The component shall provide the functionality to enable the reporting of alive supervision checkpoint to an external health management system (e.g. watchdog)
comp_req__feo__alive_supervision		Component Requirement

Support of deadline supervision checkpoints		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__deadline_supervision
The component shall provide the functionality to enable the reporting of deadline supervision checkpoints to an external health management system (e.g. watchdog)
comp_req__feo__deadline_supervision		Component Requirement

Support of logical supervision		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__logical_supervision
The component shall provide the functionality to enable the reporting of logical supervision checkpoints to an external health management system (e.g. watchdog)
comp_req__feo__logical_supervision		Component Requirement

Trustable computation		status: valid security: NO safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__trustable_computation
The component shall provide mechanisms to check after the computation of an Activity if the result is trustable. This can be done e.g. via evaluation of floating point exceptions, checking of hardware registers or status information of the software platform.
comp_req__feo__trustable_computation		Component Requirement

Error Handling for S-CORE v0.5#

Response to termination request		status: valid security: YES safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__response_term_request
If the primary process receives a termination signal, it shall call the shutdown function of all remaining activities in arbitrary sequence and terminate itself. If a secondary process receives a termination signal, it shall terminate itself.
comp_req__feo__response_term_request		Component Requirement

Secondary connection timeout		status: valid security: YES safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__secondary_conn_timeout
If not all secondary processes connect to the primary in time, the primary shall terminate itself. The startup functions shall not be triggered.
comp_req__feo__secondary_conn_timeout		Component Requirement

Activity startup error		status: valid security: YES safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__act_startup_error
If an error occurs during the execution of a startup function, the primary process shall abort calling startup functions and terminate itself. For all of the activities whose startup functions have already been called successfully, the corresponding shutdown functions shall be executed in arbitrary sequence.
comp_req__feo__act_startup_error		Component Requirement

Activity resource allocation error		status: valid security: YES safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__act_alloc_error
During initialization (i.e. in the startup function of an activity), activities shall check for resource allocation and report an error to the executor in case of failure.
comp_req__feo__act_alloc_error		Component Requirement

Activity timeout		status: valid security: YES safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__act_timeout
If a timeout occurs during startup, stepping or shutdown of an activity, the primary process shall shutdown all successfully started activities in arbitrary sequence and terminate itself.
comp_req__feo__act_timeout		Component Requirement

Startup timeout		status: valid security: YES safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__startup_timeout
If not all activities reach their initialized state within a certain period of time (startup timeout), the primary process shall shutdown all successfully started activities in arbitrary sequence and terminate itself.
comp_req__feo__startup_timeout		Component Requirement

Activity stepping error		status: valid security: YES safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__act_stepping_error
If an activity fails in the step function, the primary process shall call shutdown for all activities in arbitrary sequence and terminate itself.
comp_req__feo__act_stepping_error		Component Requirement

Activity shutdown error		status: valid security: YES safety: ASIL_B
tags: component_feo reqtype: Functional satisfies: feat_req__feo__act_shutdown_error
If an activity fails in the shutdown function, the primary process shall shutdown all remaining activities in arbitrary sequence and terminate itself.
comp_req__feo__act_shutdown_error		Component Requirement