DFA (Dependent Failure Analysis)#

Baselibs DFA		status: valid security: YES safety: ASIL_B
tags: baselibs realizes: wp__feature_dfa

doc__baselibs_dfa		Generic Document

Dependent Failure Initiators#

The DFA for the feature baselibs is performed. To show evidence that all failure initiators are considered, the applicability has to be filled out in the following tables. For all applicable failure initiators, the DFA has to be performed.

Dependent Failure Initiators#

Shared resources#

The dependent failure initiators related to shared resources are not applicable for the features. The shared resources will be considered in the platform DFA.

Communication between the two elements#

Receiving function is affected by information that is false, lost, sent multiple times, or in the wrong order etc. from the sender.

Table 3 DFA communication between elements#
ID	Violation cause communication between elements	Applicability	Rationale
CO_01_01	Information passed via argument through a function call, or via writing/reading a variable being global to the two software functions (data flow)	no	According to its architecture shown in Baselibs Static View (feat_arc_sta__baselibs__static_view_arch) baselibs do not rely on common input.
CO_01_02	Data or message corruption / repetition / loss / delay / masquerading or incorrect addressing of information	no	Baselibs are not sending messages between their components.
CO_01_03	Insertion / sequence of information	no	Baselibs are not sending messages between their components.
CO_01_04	Corruption of information, inconsistent data	no	Baselibs are not sending messages between their components. Data eventually shared by function calls are covered by FMEA already.
CO_01_05	Asymmetric information sent from a sender to multiple receivers, so that not all defined receivers have the same information	no	Asymmetric information sending is not done in baselibs.
CO_01_06	Information from a sender received by only a subset of the receivers	no	This is not done in baselibs.
CO_01_07	Blocking access to a communication channel	no	There are no communication channels in baselibs.

Shared information inputs#

Same information input used by multiple functions.

Table 4 DFA shared information inputs#
ID	Violation cause shared information inputs	Applicability	Rationale
SI_01_02	Configuration data	no	There is no shared config data in baselibs.
SI_01_03	Constants, or variables, being global to the two software functions	no	No global variables are used in baselibs.
SI_01_04	Basic software passes data (read from hardware register and converted into logical information) to two applications software functions	no	No shared low level data are used between baselibs.
SI_01_05	Data / function parameter arguments / messages delivered by software function to more than one other function	no	No common input can be seen in architecture of baselibs.

Unintended impact#

Unintended impacts to function due to various failures.

Table 5 DFA unintended impact#
ID	Violation cause unintended impact	Applicability	Rationale
UI_01_01	Memory miss-allocation and leaks	no	Not a specific baselibs topic, therefore covered at platform DFA.
UI_01_02	Read/Write access to memory allocated to another software element	yes	As baselibs are in context of a application, they may access their memory, memory access (feat_saf_dfa__baselibs__memory_access)
UI_01_03	Stack/Buffer under-/overflow	no	Not a specific baselibs topic, therefore covered at platform DFA.
UI_01_04	Deadlocks	yes	shared memory or file access may lead to deadlock, locked ressource (feat_saf_dfa__baselibs__locked_ressource)
UI_01_05	Livelocks	no	Should be covered together with deadlock.
UI_01_06	Blocking of execution	yes	As baselibs are in context of a application, they may block execution, blocked execution (feat_saf_dfa__baselibs__blocked_execution)
UI_01_07	Incorrect allocation of execution time	no	Execution time allocated by (external) OS on platform level, should be covered centrally at platform level.
UI_01_08	Incorrect execution flow	no	Execution flow controlled by (external) OS on platform level, should be covered centrally at platform level.
UI_01_09	Incorrect synchronization between software elements	no	There is no need for synchronization for baselibs.
UI_01_10	CPU time depletion	yes	Baselibs may deplete or suffer from depletion, CPU starvation (feat_saf_dfa__baselibs__cpu_starvation)
UI_01_11	Memory depletion	no	Not a specific baselibs topic, therefore covered at platform DFA.
UI_01_12	Other HW unavailability	no	No special HW used for baselibs.

DFA#

For all identified applicable failure initiators, the DFA is performed in the following section.

memory access		status: valid
tags: baselibs failure_effect: memory of using component may be corrupted leading to safety requirement violation failure_id: UI_01_02 mitigation_issue: https://github.com/eclipse-score/score/issues/2816 sufficient: no violates: feat_arc_sta__baselibs__static_view_arch
All the baselibs components have to be developed to ASIL_B standard to maintain Freedom From Interference, out of bounds access should be detected by unit testing/sanitizers.
feat_saf_dfa__baselibs__memory_access		Feature DFA (Dependent Failure Analysis)

locked ressource		status: valid
tags: baselibs failure_effect: Deadlock/Livelock leads to stalling of the execution failure_id: UI_01_04 sufficient: yes mitigated_by: aou_req__filesystem__thread_safety, feat_req__baselibs__memory_library violates: feat_arc_sta__baselibs__static_view_arch
Only components “filesystem” and “memory_shared” should have the problem. These care for this by above linked AoU and Atomic Operations in Shared... (comp_req__memory__atomic_ops).
feat_saf_dfa__baselibs__locked_ressource		Feature DFA (Dependent Failure Analysis)

blocked execution		status: valid
tags: baselibs failure_effect: Using application is blocked from execution and thus cannot fulfill its safety function failure_id: UI_01_06 mitigation_issue: https://github.com/eclipse-score/score/issues/2816 sufficient: no violates: feat_arc_sta__baselibs__static_view_arch
All the baselibs components have to be developed to ASIL_B standard to maintain Freedom From Interference, all blocks should be detected by unit testing.
feat_saf_dfa__baselibs__blocked_execution		Feature DFA (Dependent Failure Analysis)

CPU starvation		status: valid
tags: baselibs failure_effect: CPU starvation leads to delayed execution and may violate safety timing requirements. failure_id: UI_01_10 sufficient: yes mitigated_by: aou_req__platform__flow_monitoring violates: feat_arc_sta__baselibs__static_view_arch
Some care is taken to avoid using too much CPU time, but this cannot be covered fully. Platform level AoU asks applications with timing requirements to cover this by program flow monitoring.
feat_saf_dfa__baselibs__cpu_starvation		Feature DFA (Dependent Failure Analysis)