AoU on SW platform level on OS integrator #1931
Conversation
|
|
|
The created documentation from the pull request is available at: docu-html |
| This includes to make sure the OS safety functions S-CORE needs matches with the OS provided ones (as in :need:`aou_req__platform__os_safety_functions`) | ||
| and to make sure the AoUs relevant for these functions (as in :need:`aou_req__platform__os_safety_aou`) are fulfilled by the S-CORE SW platform. | ||
|
|
||
| Note1: A list of OS safety functions needed is compiled by the S-CORE project here (TBD). |
There was a problem hiding this comment.
May refer to aou_req__platform__os_safety_features, there is the same note?
There was a problem hiding this comment.
Correct: aou_req__platform__os_safety_features is now a duplicate, missed to delete it.
|
|
||
| Note2: The integrator can expect that for the reference OS this AoU is fulfilled by S-CORE SW Platform already. | ||
|
|
||
| .. aou_req:: integrator safety anomaly reporting |
There was a problem hiding this comment.
Cosmetic: Start with big letter, Integrator
| In this section assumptions are described which need to be fulfilled by the applications running on top of the SW platform. | ||
|
|
||
| TBD | ||
| .. aou_req:: integrator safety aou |
There was a problem hiding this comment.
Cosmetic: Start with big letter, Integrator
|
|
||
| The integrator shall describe in his safety manual (or similar document) the AoUs which need to be covered by the user (applications) for all the components (incl. the OS) he integrates. | ||
|
|
||
| Note: The integrator can expect that for the reference OS this AoU is fulfilled by S-CORE SW Platform already. |
There was a problem hiding this comment.
reference OS is mentioned several times, would it be not better to add a link to where is this defined?
| :status: valid | ||
|
|
||
| The OS supplier shall provide all the levels AoUs in a safe way (i.e. the "safety" attribute will be raised to the level in this AoU). | ||
| The OS supplier and integrator shall provide all the levels AoUs in a safe way (i.e. the "safety" attribute will be raised to the level in this AoU). |
There was a problem hiding this comment.
do we have any os supplier which gives us the AoUs?
There was a problem hiding this comment.
There is the AoU on the integrator to ensure that the OS AoUs are followed: aou_req__platform__os_safety_features - he needs to license the OS for commercial use and aquire its Safety Manual.
6f9ff74 to
2aee1ae
Compare
There was a problem hiding this comment.
@aschemmel-tech thanks for the update - however, I believe there’s been a misunderstanding of the original intent described in the comment on issue #1691.
The intention was that S-CORE itself performs the OS integration and therefore provides corresponding guarantees for the supported OSes (based on its tier). In the current wording, the responsibility for OS integration and related AoUs is placed on the integrator using S-CORE, which effectively reverses the intended responsibility model.
To clarify the rationale behind this:
- S-CORE is defined as a SEooC that spans the middleware level. As such, we want to demonstrate that, when placed into context, it adheres to the safety manual of the underlying OS. Therefore, S-CORE itself should perform the integration with the OS as part of its scope, not delegate it outward. This integration establishes the confidence argument that S-CORE behaves correctly when used on the supported OSes (for Tier 1).
- The functional responsibility for performing and validating this integration lies with S-CORE (for Tier 2 & 1, not for Tier 3).
- External integrators or customers would only need to demonstrate equivalence or report deviations if they choose a non-reference OS or make local adaptations.
There was a problem hiding this comment.
Hello @qor-lb : In my last commit I tried to sharpen the AoU descriptions, but I think it (already) matches your intention. For example aou_req__platform__os_safety_matching : "The Integrator shall integrate the SW platform with an OS providing safety functions ... Note2: ... for the safe S-CORE reference OS this AoU is fulfilled by S-CORE SW Platform already"
I would not agree to your statement "S-CORE ... provides corresponding guarantees" - we cannot give guarantees, therefore we also do not "qualify" the SW platform SEooC. This must be done by the integrator "in context".
The work that we in S-CORE do to integrate the OS I think we need to document in a Feature like "OS integration", where we for example also document a decision if we want to have an OS abstraction level. But this I think is rather a topic for the architects community.
In case you cannot approve still, I propose you invite me to a Tech or Project lead circle to discuss.
8d1a219 to
486afc6
Compare
Resolves: #1740