FMEA (Failure Modes and Effects Analysis)#
result FMEA
|
status: valid
security: NO
safety: ASIL_B
|
||||
Failure Mode List#
- Fault Models for sequence diagrams
Table 55 Fault Models for sequence diagrams :header-rows: 1 :widths: 10,20,10,20# ID
Failure Mode
Applicability
Rationale
MF_01_01
message is not received (is a subset/more precise description of MF_01_05)
no
If set result was not received before the get value/error are called, this will lead to an exception/terminate. In case of the get value user defined defaults are provided.
MF_01_02
message received too late (only relevant if delay is a realistic fault)
no
Do not see this as a problem for result lib, would lead to the same consideration as in MF_01_01
MF_01_03
message received too early (usually not a problem)
no
No problem for result lib
MF_01_04
message not received correctly by all recipients (different messages or messages partly lost). Only relevant if the same message goes to multiple recipients.
no
No multiple recipients (maybe from different threads?)
MF_01_05
message is corrupted
yes
Error message string is destroyed before accessing it by the user - see Result Error Message Unavai... (comp_saf_fmea__result__error_message_unavail)
MF_01_06
message is not sent
yes
Value or error are not returned - see Result No Return (comp_saf_fmea__result__no_return)
MF_01_07
message is unintended sent
no
not applicable for a library
CO_01_01
minimum constraint boundary is violated
yes
Used enum types may not match - see Result Enum Type Mismatch (comp_saf_fmea__result__enum_type_mismatch)
CO_01_02
maximum constraint boundary is violated
yes
same as above
EX_01_01
Process calculates wrong result(s) (is a subset/more precise description of MF_01_05 or MF_01_04). This failure mode is related to the analysis if e.g. internal safety mechanisms are required (level 2 function, plausibility check of the output, …) because of the size / complexity of the feature.
no
Due to low complexity of the component this error is completely eliminated by testing. Low complex architecture according to criteria in gd_chklst__arch_inspection_checklist ARC_03_03 and design complexity below numbers as in gd_req__impl_complexity_analysis
EX_01_02
processing too slow (only relevant if timing is considered)
no
Due to the small functionality, being too slow is no likely issue.
EX_01_03
processing too fast (only relevant if timing is considered)
no
Get functions only deliver data when called, no “too fast” is possible.
EX_01_04
loss of execution
yes
Loss of execution leads to the same error as MF_01_06
EX_01_05
processing changes to arbitrary process
no
Not a problem of result lib as this is a libray and not a process
EX_01_06
processing is not complete (infinite loop)
yes
User gives back a function as return which induces stop of user execution - see Result Stop User (comp_saf_fmea__result__stop_user)
FMEA#
For all identified applicable failure initiators, the FMEA is performed in the following section.
Result Enum Type Mismatch
|
status: valid
|
||||
Only if the user would use the error information not only for debug reasons but for selecting the type of error reaction this error may have an error impact. We need to make the user aware of this. |
|||||
Result Error Message Unavailability
|
status: valid
|
||||
The linked AoU cares about unavailability of other return objects, but also the error message may be unavailable. |
|||||
Result No Return
|
status: valid
|
||||
If a value or a error is not returned this will be noticed by the user and reacted upon. This is ensured additionally by the provided AoU. |
|||||
Result Stop User
|
status: valid
|
||||
Stopping its own execution has to be managed by the user via program flow monitoring, see AoU. |
|||||