DFA (Dependent Failure Analysis)#

Baselibs DFA
status: valid
security: YES
safety: ASIL_B
tags: baselibs
realizes: wp__feature_dfa
doc__baselibs_dfa
Generic Document

Dependent Failure Initiators#

The DFA for the feature baselibs is performed. To show evidence that all failure initiators are considered, the applicability has to be filled out in the following tables. For all applicable failure initiators, the DFA has to be performed.

Dependent Failure Initiators#

Shared resources#

Table 3 DFA shared resources (used for Platform DFA)#

ID

Violation cause shared resources

Applicability

Rationale

SR_01_01

Reused software modules

no

Baselibs only uses libraries and not other executable modules.

SR_01_02

Libraries

yes

Baselibs filesystem component may suffer from concurrent access to a file, concurrent file access (feat_saf_dfa__baselibs__conc_file_access)

SR_01_04

Basic software

no

Not a baselibs specific topic, covered on platform level.

SR_01_05

Operating system including scheduler

no

Not a baselibs specific topic, covered on platform level.

SR_01_06

Any service stack, e.g. communication stack

no

Not a baselibs specific topic, covered on platform level.

SR_01_07

Configuration data

no

No shared configuration data for baselibs.

SR_01_09

Execution time

no

Not a baselibs specific topic, covered on platform level.

SR_01_10

Allocated memory

yes

Bitmanipulation component may operate on the same memory, concurrent memory access (feat_saf_dfa__baselibs__conc_memory_access)

Communication between the two elements#

Receiving function is affected by information that is false, lost, sent multiple times, or in the wrong order etc. from the sender.

Table 4 DFA communication between elements#

ID

Violation cause communication between elements

Applicability

Rationale

CO_01_01

Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions (data flow)

no

According to its architecture shown in Baselibs Static View (feat_arc_sta__baselibs__static_view_arch) baselibs do not rely on common input.

CO_01_02

Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information

no

Baselibs are not sending messages between their components.

CO_01_03

Insertion / sequence of information

no

Baselibs are not sending messages between their components.

CO_01_04

Corruption of information, inconsistent data

no

Baselibs are not sending messages between their components. Data eventually shared by function calls are covered by FMEA already.

CO_01_05

Asymmetric information sent from a sender to multiple receivers, so that not all defined receivers have the same information

no

Asymmetric information sending is not done in baselibs.

CO_01_06

Information from a sender received by only a subset of the receivers

no

This is not done in baselibs.

CO_01_07

Blocking access to a communication channel

no

There are no communication channels in baselibs.

Shared information inputs#

Same information input used by multiple functions.

Table 5 DFA shared information inputs#

ID

Violation cause shared information inputs

Applicability

Rationale

SI_01_02

Configuration data

no

There is no shared config data in baselibs.

SI_01_03

Constants, or variables, being global to the two software functions

no

No global variables are used in baselibs.

SI_01_04

Basic software passes data (read from hardware register and converted into logical information) to two applications software functions

no

No shared low level data are used between baselibs.

SI_01_05

Data / function parameter arguments / messages delivered by software function to more than one other function

no

No common input can be seen in architecture of baselibs.

Unintended impact#

Unintended impacts to function due to various failures.

Table 6 DFA unintended impact#

ID

Violation cause unintended impact

Applicability

Rationale

UI_01_01

Memory miss-allocation and leaks

no

Not a specific baselibs topic, therefore covered at platform DFA.

UI_01_02

Read/Write access to memory allocated to another software element

yes

As baselibs are in context of a application, they may access their memory, memory access (feat_saf_dfa__baselibs__memory_access)

UI_01_03

Stack/Buffer under-/overflow

no

Not a specific baselibs topic, therefore covered at platform DFA.

UI_01_04

Deadlocks

yes

shared memory or file access may lead to deadlock, locked ressource (feat_saf_dfa__baselibs__locked_ressource)

UI_01_05

Livelocks

no

Should be covered together with deadlock.

UI_01_06

Blocking of execution

yes

As baselibs are in context of a application, they may block execution, blocked execution (feat_saf_dfa__baselibs__blocked_execution)

UI_01_07

Incorrect allocation of execution time

no

Execution time allocated by (external) OS on platform level, should be covered centrally at platform level.

UI_01_08

Incorrect execution flow

no

Execution flow controlled by (external) OS on platform level, should be covered centrally at platform level.

UI_01_09

Incorrect synchronization between software elements

no

There is no need for synchronization for baselibs.

UI_01_10

CPU time depletion

yes

Baselibs may deplete or suffer from depletion, CPU starvation (feat_saf_dfa__baselibs__cpu_starvation)

UI_01_11

Memory depletion

no

Not a specific baselibs topic, therefore covered at platform DFA.

UI_01_12

Other HW unavailability

no

No special HW used for baselibs.

DFA#

For all identified applicable failure initiators, the DFA is performed in the following section.

memory access
status: valid
tags: baselibs
failure_effect: memory of using component may be corrupted leading to safety requirement violation
failure_id: UI_01_02
mitigation_issue: https://github.com/eclipse-score/score/issues/2816
sufficient: no
violates: feat_arc_sta__baselibs__static_view_arch

All the baselibs components have to be developed to ASIL_B standard to maintain Freedom From Interference, out of bounds access should be detected by unit testing/sanitizers.
feat_saf_dfa__baselibs__memory_access
Feature DFA (Dependent Failure Analysis)
locked ressource
status: valid
tags: baselibs
failure_effect: Deadlock/Livelock leads to stalling of the execution
failure_id: UI_01_04
sufficient: yes
mitigated_by: feat_req__baselibs__memory_library, aou_req__platform__flow_monitoring
violates: feat_arc_sta__baselibs__static_view_arch

Only components “filesystem” and “memory_shared” should have the problem (“bitmanipulation” should not be affected due to shortness of execution) “memory_shared” cares for this by above linked feature requirement and Atomic Operations in Shared... (comp_req__memory__atomic_ops). “filesystem” component may fail on this but this is covered by common platform aou linked above.
feat_saf_dfa__baselibs__locked_ressource
Feature DFA (Dependent Failure Analysis)
concurrent file access
status: valid
tags: baselibs
failure_effect: Concurrent file access may lead to corruption of the file
failure_id: SR_01_02
sufficient: yes
mitigated_by: aou_req__filesystem__thread_safety
violates: feat_arc_sta__baselibs__static_view_arch

The user has to care for concurrent file access. This is not covered by the filesytem library.
feat_saf_dfa__baselibs__conc_file_access
Feature DFA (Dependent Failure Analysis)
concurrent memory access
status: valid
tags: baselibs
failure_effect: Concurrent memory access may lead to corruption of the memory
failure_id: SR_01_10
sufficient: yes
mitigated_by: aou_req__bitmanipulation__concurrent_access
violates: feat_arc_sta__baselibs__static_view_arch

The user has to care for concurrent memory access. This is not covered by the bitmanipulation library.
feat_saf_dfa__baselibs__conc_memory_access
Feature DFA (Dependent Failure Analysis)
blocked execution
status: valid
tags: baselibs
failure_effect: Using application is blocked from execution and thus cannot fulfill its safety function
failure_id: UI_01_06
mitigation_issue: https://github.com/eclipse-score/score/issues/2816
sufficient: no
violates: feat_arc_sta__baselibs__static_view_arch

All the baselibs components have to be developed to ASIL_B standard to maintain Freedom From Interference, all blocks should be detected by unit testing.
feat_saf_dfa__baselibs__blocked_execution
Feature DFA (Dependent Failure Analysis)
CPU starvation
status: valid
tags: baselibs
failure_effect: CPU starvation leads to delayed execution and may violate safety timing requirements.
failure_id: UI_01_10
sufficient: yes
mitigated_by: aou_req__platform__flow_monitoring
violates: feat_arc_sta__baselibs__static_view_arch

Some care is taken to avoid using too much CPU time, but this cannot be covered fully. Platform level AoU asks applications with timing requirements to cover this by program flow monitoring.
feat_saf_dfa__baselibs__cpu_starvation
Feature DFA (Dependent Failure Analysis)