From 3b9d4797a58f9e25c537a77251249df9ffe01d61 Mon Sep 17 00:00:00 2001 From: "jhr2hi@bosch.com" Date: Tue, 27 Jan 2026 13:31:08 +0100 Subject: [PATCH 1/4] rework ffi requirements --- .../architecture/chklst_arc_inspection.rst | 13 ++++++------- .../docs/architecture/chklst_arc_inspection.rst | 9 +++++++++ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst b/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst index bf1fcafedd..0350ab756d 100644 --- a/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst +++ b/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst @@ -165,18 +165,17 @@ Please note that it is mandatory to fill in the "passed" column with "yes" or "n - - * - ARC_04_01 - - If software partitioning (different operating system processes) is used to implement freedom from interference between the processes with different rating (QM/ASIL), is effectiveness evidence generated during integration and verification tests? + - If your software architectural design includes processes with different safety rating (QM/ASIL) are freedom from interference for shared resources (cpu time, shared memory, ...) are ensured? See also ARC_04_03. - Note: see :need:`std_req__iso26262__software_749` and Annex D for partitioning + Note: see :need:`std_req__iso26262__software_749` and Annex D for partitioning to ensure freedom from interference. - manual - - a) the usage of shared resources (cpu time, shared memory, ...) are checked in a way that freedom from interference between the processes is ensured, - b) check if the operating system supports freedom from interference between the processes + Check lso if the operating system supports freedom from interference between the processes. - - - * - ARC_04_02 - - Is an upper estimation of the required resources (RAM, ROM, non volatile memory, communication) available and documented? + - Does the software architectural design consider its feasibility with respect to the required resources for the embedded software, especially for time critical aspects like startup time, but also including RAM, ROM, non volatile memory, communication bandwidth, and processing time limits according to the requirements or forseeable customer needs? See also ARC_02_05. Note: see :need:`std_req__iso26262__software_7411` - manual @@ -185,11 +184,11 @@ Please note that it is mandatory to fill in the "passed" column with "yes" or "n - - * - ARC_04_03 - - Are the the scheduling properties for the component defined and documented? + - If your software architectural design includes processes and tasks, are their scheduling policies and priorities (at least the needed relation one to another) defined to ensure that timing requirements are met? Please note, that the particular priorities or priority ranges will be probably defined by the project handbook or the software development plan. Note: see :need:`std_req__iso26262__software_743` - manual - - + - Give a reason for these scheduling policies and priorities or explain why not needed. - - - diff --git a/process/folder_templates/modules/module_name/component_name/docs/architecture/chklst_arc_inspection.rst b/process/folder_templates/modules/module_name/component_name/docs/architecture/chklst_arc_inspection.rst index 5c612a3cab..653a976fc0 100644 --- a/process/folder_templates/modules/module_name/component_name/docs/architecture/chklst_arc_inspection.rst +++ b/process/folder_templates/modules/module_name/component_name/docs/architecture/chklst_arc_inspection.rst @@ -170,3 +170,12 @@ Please note that it is mandatory to fill in the "passed" column with "yes" or "n - - - + * - ARC_04_03 + - If your software architectural design of the component includes processes and tasks, are their scheduling policies and priorities (at least the needed relation one to another) defined to ensure that timing requirements are met? Please note, that the particular priorities or priority ranges will be probably defined by the project handbook or the software development plan. + + Note: see :need:`std_req__iso26262__software_743` + - manual + - Give a reason for these scheduling policies and priorities or explain why not needed. + - + - + - From 3d10bf56f8c0b74fdb1f1b1934d63d0bc59d2806 Mon Sep 17 00:00:00 2001 From: "jhr2hi@bosch.com" Date: Tue, 27 Jan 2026 15:25:20 +0100 Subject: [PATCH 2/4] fix spelling --- .../feature_name/architecture/chklst_arc_inspection.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst b/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst index 0350ab756d..76c00f2a47 100644 --- a/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst +++ b/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst @@ -170,7 +170,7 @@ Please note that it is mandatory to fill in the "passed" column with "yes" or "n Note: see :need:`std_req__iso26262__software_749` and Annex D for partitioning to ensure freedom from interference. - manual - - Check lso if the operating system supports freedom from interference between the processes. + Check also if the operating system supports freedom from interference between the processes. - - - From 887e4e7ff8d0c7d494b0063403554a344617e4e6 Mon Sep 17 00:00:00 2001 From: "jhr2hi@bosch.com" Date: Wed, 28 Jan 2026 09:35:21 +0100 Subject: [PATCH 3/4] fix review findings --- .../architecture/chklst_arc_inspection.rst | 10 ++++++---- .../verification/verification_workproducts.rst | 4 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst b/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst index 76c00f2a47..aa03813720 100644 --- a/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst +++ b/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst @@ -165,21 +165,23 @@ Please note that it is mandatory to fill in the "passed" column with "yes" or "n - - * - ARC_04_01 - - If your software architectural design includes processes with different safety rating (QM/ASIL) are freedom from interference for shared resources (cpu time, shared memory, ...) are ensured? See also ARC_04_03. + - If your software architectural design includes processes with different safety rating (QM/ASIL) are freedom from interference for shared resources (cpu time, shared memory, ...) is + ensured? See also ARC_04_03. - Note: see :need:`std_req__iso26262__software_749` and Annex D for partitioning to ensure freedom from interference. + Note: see :need:`std_req__iso26262__software_7411` and :need:`std_req__iso26262__software_749` with Annex D for partitioning to ensure freedom from interference. - manual - - Check also if the operating system supports freedom from interference between the processes. + Check also if the operating system supports freedom from interference between the processes and make sure an "assumption of Use requirement" for this exists in your project, like for example see `score aou_req__platform__process_isolation `_. - - - * - ARC_04_02 - Does the software architectural design consider its feasibility with respect to the required resources for the embedded software, especially for time critical aspects like startup time, but also including RAM, ROM, non volatile memory, communication bandwidth, and processing time limits according to the requirements or forseeable customer needs? See also ARC_02_05. - Note: see :need:`std_req__iso26262__software_7411` + Note: see :need:`std_req__iso26262__software_7413` - manual - + Check if there are any limits for resource consumption or timing aspects in your project, such as startup time, communication bandwidth, or memory usage. If such limits exist, ensure that your architecture takes these limits into account, especially with respect to scalability. - - - diff --git a/process/process_areas/verification/verification_workproducts.rst b/process/process_areas/verification/verification_workproducts.rst index b5e8616ab5..e3e64588d6 100644 --- a/process/process_areas/verification/verification_workproducts.rst +++ b/process/process_areas/verification/verification_workproducts.rst @@ -43,7 +43,7 @@ Platform coverage) has to be reflected in the :need:`wp__verification_plan` and :need:`wp__platform_safety_plan`. If software partitioning (operating system processes) is used to implement freedom from interference - effectiveness evidence shall be generated during integration and verification tests + effectiveness evidence shall be generated during integration tests. .. workproduct:: Platform Verification Report @@ -83,7 +83,7 @@ Feature - performance and resource consumption: i.e. RAM and processor usage on reference HW - If software partitioning (operating system processes) is used to implement freedom from interference - effectiveness evidence shall be generated during integration and verification tests + effectiveness evidence shall be generated during integration tests. Module From 0ba0241de9c2fed52631c8e32cff8aa153799cc5 Mon Sep 17 00:00:00 2001 From: "jhr2hi@bosch.com" Date: Wed, 28 Jan 2026 11:09:54 +0100 Subject: [PATCH 4/4] check grammar and add small how to --- .../architecture/chklst_arc_inspection.rst | 59 ++++++++----------- 1 file changed, 24 insertions(+), 35 deletions(-) diff --git a/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst b/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst index aa03813720..04f04abd2a 100644 --- a/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst +++ b/process/folder_templates/features/feature_name/architecture/chklst_arc_inspection.rst @@ -45,7 +45,7 @@ communication and documentation of architectural decisions to stakeholders. Checklist --------- -Please note that it is mandatory to fill in the "passed" column with "yes" or "no" for each checklist item and additional to add in the remarks why it is passed or not passed. In case of "no" an issue link to the issue tracking system has to be added in the last column. See also :ref:`review_concept` for further information about reviews in general and inspection in particular. +Please note that it is mandatory to fill in the "passed" column with "yes" or "no" for each checklist item. Additionally, provide remarks explaining why it is passed or not passed. In case of "no", a link to the issue tracking system must be added in the last column. See also :ref:`review_concept` for further information about reviews in general and inspection in particular. .. list-table:: Architecture Design Review Checklist :header-rows: 1 @@ -66,15 +66,14 @@ Please note that it is mandatory to fill in the "passed" column with "yes" or "n - - * - ARC_01_02 - - If the architectural element is related to any supplier manuals (incl. safety and security) - are the relevant parts covered? + - If the architectural element is related to any supplier manuals (including safety and security), are the relevant parts covered? - manual - If the architecture makes use of supplied elements, their manuals (like safety) have to be considered (i.e. its provided functionality matches the expectation and assumptions are fulfilled). Note that in case of safety component this means that assumed Technical Safety Requirements and AoUs of the safety manual are covered. - - - * - ARC_01_03 - - Is the architectural element traceable to the lower level artifacts as defined by the workproduct traceability? + - Is the architectural element traceable to the lower-level artifacts as defined by the work product traceability? - automated - Will be removed from checklist once the requirement (:need:`Correlations of the architectural building blocks `) is implemented by automated tool check. See `Tool Requirements `_. Details of possible linking can be depicted from :ref:`traceability concept `. @@ -82,78 +81,68 @@ Please note that it is mandatory to fill in the "passed" column with "yes" or "n - - * - ARC_02_01 - - Is the software architecture design compliant with the (overall) feature architecture? + - Is the software architecture design compliant with the overall feature architecture? - manual - On component level check against the feature architecture, on feature level check other features with common components used. - - - * - ARC_02_02 - - Is appropriate and comprehensible operation/interface naming present in the architectural design? + - Is appropriate and comprehensible operation and interface naming present in the architectural design? - manual - Check :need:`gd_guidl__arch_design` - - - * - ARC_02_03 - - Are correctness of data flow and control flow within the architectural elements considered? + - Are the correctness of data flow and control flow within the architectural elements considered? - manual - - E.g. examine definitions, transformations, integrity, and interaction of data; check error handling, data - exchange between elements, correct response to inputs and documented decision making. - Note: consistency is ensured by the process/tooling, by defining each interface only once. + - For example, examine definitions, transformations, integrity, and interaction of data; check error handling, data exchange between elements, correct response to inputs, and documented decision making. + Note: Consistency is ensured by the process/tooling, by defining each interface only once. - - - * - ARC_02_04 - - Are the interfaces between the software architectural element and other architectural elements well-defined? + - Are the interfaces between the software architectural element and other architectural elements well defined? - manual - - Check if the interface reacts on non-defined behavior or errors; can established protocols be used; are the - interfaces for inputs, outputs, error codes documented; is loose coupling considered and only limited exposure; - can unit or integration test be written against the interface; data amount transferred; no sensitive data - exposure; + - Check if the interface handles undefined behavior or errors; can established protocols be used; are the interfaces for inputs, outputs, and error codes documented; is loose coupling considered and only limited exposure; can unit or integration tests be written against the interface; data amount transferred; ensure no sensitive data is exposed; - - - * - ARC_02_05 - Does the software architectural element consider the timing constraints (from the parent requirement)? - manual - - If there are hard requirements on the timing a programming time estimation should be performed and also - deadline supervision considered. + - If there are strict timing requirements, a programming time estimation should be performed and deadline supervision should be considered. - - - * - ARC_02_06 - - Is the documentation of the software architectural element, including textual and graphical descriptions - (e.g., UML diagrams), comprehensible and complete? + - Is the documentation of the software architectural element, including textual and graphical descriptions (e.g., UML diagrams), clear and complete? - manual - - Use of semi-formal notation is expected for architectural elements with an allocated ASIL level. - Is the architecture template correctly filled? + - Use of semi-formal notation is expected for architectural elements with an allocated ASIL level. Is the architecture template correctly filled? - - - * - ARC_03_01 - Is the architectural element modular and encapsulated? - manual - - Check e.g. that only minimal interfaces are used. Design should be object oriented. Interfaces and interactions are clearly defined. Usage of access types (private, protected) properly set. Limited global variables. + - Check, for example, that only minimal interfaces are used. The design should be object oriented. Interfaces and interactions are clearly defined. Usage of access types (private, protected) is properly set. Limited global variables. - - - * - ARC_03_02 - Is the suitability of the software architecture for future modifications and maintainability considered? - manual - - Check for e.g. loose coupling, separation of concerns, high cohesion, versioning strategy for interfaces, - decision records, use of established design patterns. + - Check for, for example, loose coupling, separation of concerns, high cohesion, versioning strategy for interfaces, decision records, and use of established design patterns. - - - * - ARC_03_03 - Are simplicity and avoidance of unnecessary complexity present in the software architecture? - manual - - Indicators for complexity are: number of use cases (corresponding to dynamic diagrams) - allocated to single design element, number of interfaces and operations in an interface, - function parameters, global variables, complex types, limited comprehensibility. + - Indicators of complexity include: the number of use cases (corresponding to dynamic diagrams) allocated to a single design element, the number of interfaces and operations in an interface, function parameters, global variables, complex types, and limited comprehensibility. - Note: If the "number" above exceeds "3" a design rationale is mandatory (for all types). + Note: If any of the numbers above exceed 3, a design rationale is mandatory (for all types). - - - @@ -165,32 +154,32 @@ Please note that it is mandatory to fill in the "passed" column with "yes" or "n - - * - ARC_04_01 - - If your software architectural design includes processes with different safety rating (QM/ASIL) are freedom from interference for shared resources (cpu time, shared memory, ...) is - ensured? See also ARC_04_03. + - If your software architectural design includes processes with different safety ratings (QM/ASIL), is freedom from interference for shared resources (CPU time, shared memory, etc.) ensured? See also ARC_04_03. Note: see :need:`std_req__iso26262__software_7411` and :need:`std_req__iso26262__software_749` with Annex D for partitioning to ensure freedom from interference. + Note: Modules should not mix ASIL and QM processes unless justified otherwise; therefore, this question is only relevant on the feature level. - manual - - Check also if the operating system supports freedom from interference between the processes and make sure an "assumption of Use requirement" for this exists in your project, like for example see `score aou_req__platform__process_isolation `_. + Also check if the operating system supports freedom from interference between the processes and make sure an "Assumption of Use requirement" for this exists in your project. For example, see `score aou_req__platform__process_isolation `_. - - - * - ARC_04_02 - - Does the software architectural design consider its feasibility with respect to the required resources for the embedded software, especially for time critical aspects like startup time, but also including RAM, ROM, non volatile memory, communication bandwidth, and processing time limits according to the requirements or forseeable customer needs? See also ARC_02_05. + - Does the software architectural design consider its feasibility with respect to the required resources for the embedded software, especially for time-critical aspects like startup time, but also including RAM, ROM, non-volatile memory, communication bandwidth, and processing time limits according to the requirements or foreseeable customer needs? See also ARC_02_05. Note: see :need:`std_req__iso26262__software_7413` - manual - - Check if there are any limits for resource consumption or timing aspects in your project, such as startup time, communication bandwidth, or memory usage. If such limits exist, ensure that your architecture takes these limits into account, especially with respect to scalability. + Check if there are any limits for resource consumption or timing aspects in your project, such as startup time, communication bandwidth, or memory usage. If such limits exist, ensure that your architecture takes these limits into account, especially with respect to scalability. For this, make an estimation of the required resources based on the architectural design and a prototypical implementation or a measurement of an existing implementation, and compare it to the defined limits or planned scalability. Check if any bottlenecks are present in the architecture that could lead to resource overuse or timing violations. - - - * - ARC_04_03 - - If your software architectural design includes processes and tasks, are their scheduling policies and priorities (at least the needed relation one to another) defined to ensure that timing requirements are met? Please note, that the particular priorities or priority ranges will be probably defined by the project handbook or the software development plan. + - If your software architectural design includes processes and tasks, are their scheduling policies and priorities (at least the necessary relationships between them) defined to ensure that timing requirements are met? Please note that the particular priorities or priority ranges will probably be defined by the project handbook or the software development plan. Note: see :need:`std_req__iso26262__software_743` - manual - - Give a reason for these scheduling policies and priorities or explain why not needed. + - Provide a rationale for these scheduling policies and priorities, or explain why they are not needed. - - -