diff --git a/score/message_passing/dependability/requirements/component_requirements.trlc b/score/message_passing/dependability/requirements/component_requirements.trlc index e12e30d97..3fdf73b7a 100644 --- a/score/message_passing/dependability/requirements/component_requirements.trlc +++ b/score/message_passing/dependability/requirements/component_requirements.trlc @@ -20,9 +20,249 @@ import MessagePassingSEooC // Server Unit and Client Unit requirements /////////////////////////////// -ScoreReq.CompReq REQ_MP_COMP_001 { - description = "The message passing server shall accept connections from clients on a configurable resource path." +section "System Requirements" { + +ScoreReq.CompReq SafetyCertifiedTransportMechanismUnderQNX { + description = "Under QNX, the message passing component shall use a safety-certified transport mechanism as the underlying IPC." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SafetyCertifiedTransportMechanism@1] + version = 1 +} + +ScoreReq.CompReq OSProvidedSenderIdentity { + description = "The message passing server shall be able to identify the sender of each received message by the sender's OS-provided UID." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.ServerInterface@1] + version = 1 +} + +ScoreReq.CompReq UnforgableSenderIdentity { + description = "The transport mechanism shall ensure that the UID used to identify a message, cannot be forged by the client." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.ServerInterface@1] + version = 1 +} + +} + +section "Behaviour Requirements" { + +ScoreReq.CompReq ServerCallbacksAreSequential { + description = "The server shall serialize all callbacks belonging to the same IServer instance, such that no two such callbacks execute concurrently." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.ServerInterface@1] + version = 1 +} + +ScoreReq.CompReq ServerProcessesSinglePendingRequest { + description = "The server shall not dispatch a new sent-with-reply message callback on a given IServerConnection until the preceding request has been replied to via `IServerConnection::Reply()`." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SynchronousBidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq ClientConnectionMaintainsStateMachine { + description = "The `ClientConnection` shall maintain a state machine with the states `Starting`, `Ready`, `Stopping`, and `Stopped`." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.OSIndependentAPI@1] + version = 1 +} + +ScoreReq.CompReq SynchronousSendBlocksUntilServerReceives { + description = "The `ClientConnection` shall block the calling thread during a `Send` call until the message has been and accepted by the server's receive buffer, when no client-side send queue is configured." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SynchronousUnidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq AsynchronousSendReturnsAfterLocalAcceptance { + description = "The `ClientConnection` shall return from a Send call after the message has been accepted by the local message passing layer, when a client-side send queue is configured." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.AsynchronousUnidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq SendWaitReplyBlocksUntilServerReply { + description = "The ClientConnection shall block the calling thread during a SendWaitReply call until a reply from the server is received or an error is detected." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SynchronousBidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq MessageOrderPreservationPerConnection { + description = "The message passing component shall deliver messages of the same delivery type from the same `IClientConnection` instance to the server in the order they were sent." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.PointToPointConnections@1] + version = 1 +} + +ScoreReq.CompReq SingleServerInstancePerServiceIdentifier { + description = "The message passing component shall prevent more than one active `IServer` instance serves a any given service identifier at any point in time." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.PointToPointConnections@1] + version = 1 +} + +} + +section "API Requirements" { + +ScoreReq.CompReq IServerStartListeningAPI { + description = "`IServer` shall provide a `StartListening` method that registers connection, disconnection, fire-and-forget message, and sent-with-reply message callbacks." safety = ScoreReq.Asil.B derived_from = [MessagePassingSEooC.ServerInterface@1] version = 1 } + +ScoreReq.CompReq IServerStopListeningAPI { + description = "`IServer` shall provide a `StopListening` method that releases all registered callbacks and closes all active server connections." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.ServerInterface@1] + version = 1 +} + +ScoreReq.CompReq IClientConnectionSendAPI { + description = "`IClientConnection` shall provide a Send method that accepts a byte-span message and transmits it to the server." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SynchronousUnidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq IClientConnectionSendWaitReplyAPI { + description = "`IClientConnection` shall provide a `SendWaitReply` method that accepts a message byte span and a reply buffer span and returns the received reply payload trimmed to its actual size." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SynchronousBidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq IClientConnectionSendWithCallbackAPI { + description = "`IClientConnection` shall provide a `SendWithCallback` method that accepts a message byte span and a reply callback and returns after the message has been accepted by the local message passing layer." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.AsynchronousUnidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq IServerConnectionReplyAPI { + description = "`IServerConnection` shall provide a Reply method that accepts a byte-span message and delivers it as the reply to the pending REQUEST from the client." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SynchronousBidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq IServerConnectionNotifyAPI { + description = "`IServerConnection` shall provide a `Notify` method that accepts a byte-span message and sends it as an asynchronous notification to the client." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.ServerInterface@1] + version = 1 +} + +ScoreReq.CompReq ClientFactoryCreateAPI { + description = "`IClientFactory` shall provide a `Create` method that accepts a `ServiceProtocolConfig` and a `ClientConfig` and returns a new `IClientConnection` instance configured for the service specified by the `ServiceProtocolConfig`." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.OSIndependentAPI@1] + version = 1 +} + +ScoreReq.CompReq ServerFactoryCreateAPI { + description = "`IServerFactory` shall provide a `Create` method that accepts a `ServiceProtocolConfig` and a `ServerConfig` and returns a new `IServer` instance configured for the service specified by the `ServiceProtocolConfig`." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.OSIndependentAPI@1] + version = 1 +} + +ScoreReq.CompReq IClientConnectionGetStateAPI { + description = "`IClientConnection` shall provide a `GetState` method that returns the current connection state." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.OSIndependentAPI@1] + version = 1 +} + +} + +section "Server Unit Requirements" { + +ScoreReq.CompReq ServerPreallocatesConnectionObjects { + description = "The server shall preallocate memory for the number of `IServerConnection` objects specified by `ServerConfig::pre_alloc_connections` at construction time, without allocating additional memory for each incoming client connection." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.AllowsBoundedMonotonicMemoryAllocation@1] + version = 1 +} + +ScoreReq.CompReq ServerRingBufferQueueSizeConfigurable { + description = "The server shall implement the shared incoming message queue as a ring buffer with the number of slots equal to `ServerConfig::max_queued_sends`, configured at construction time." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.AllowsBoundedMonotonicMemoryAllocation@1] + version = 1 +} + +ScoreReq.CompReq ServerConnectionRefusal { + description = "The server shall enable the connection callback to reject an incoming client connection by returning an error, without establishing a server connection for the rejected client." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.ServerInterface@1] + version = 1 +} + +ScoreReq.CompReq ServerIConnectionHandlerDispatch { + description = "The server shall invoke the `IConnectionHandler` virtual methods of the `UserData` object for a given `IServerConnection` in place of the server-wide callbacks, when the UserData holds an `IConnectionHandler` instance." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.ServerInterface@1] + version = 1 +} + +} + +section "Client Unit Requirements (client_connection)" { + +ScoreReq.CompReq ClientConnectionSendQueuePreallocation { + description = "The `ClientConnection` shall preallocate send queue storage for the number of asynchronous messages specified by `ClientConfig::max_queued_sends` at construction time." + note = "This requirement is intended to ensure a design that avoids dynamic memory allocation for the send queue, after the construction." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.AllowsBoundedMonotonicMemoryAllocation@1] + version = 1 +} + +ScoreReq.CompReq ClientConnectionSharedResourceEngineInjection { + description = "The `ClientConnection` shall accept an `ISharedResourceEngine` instance as a constructor parameter, which shouldbe the exclusive provider forall shared resources." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SingletonFreeImplementation@1] + version = 1 +} + +ScoreReq.CompReq ClientConnectionMockInjectionForTesting { + description = "The `ClientConnection` shall use the `ISharedResourceEngine` interface for all OS interactions." + note="This enables injection of mock implementations for unit testing." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.AllowsResourceMockInjectionForTesting@1] + version = 1 +} + +ScoreReq.CompReq ClientConnectionSendFailsWhenStopped { + description = "The `ClientConnection` shall return an error for a Send call when the connection is in the `Stopped` state." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SynchronousUnidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq ClientConnectionSendWaitReplyFailsWhenStopped { + description = "The `ClientConnection` shall return an error for a `SendWaitReply` call when the connection is in the `Stopped` state." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.SynchronousBidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq ClientConnectionSendWithCallbackFailsWhenStopped { + description = "The `ClientConnection` shall return an error for a `SendWithCallback` call when the connection is in the `Stopped` state." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.AsynchronousUnidirectionalCommunication@1] + version = 1 +} + +ScoreReq.CompReq ClientConnectionStateCallbackInvocation { + description = "The `ClientConnection` shall invoke the registered `StateCallback` each time the connection state changes, passing the new state as the argument." + safety = ScoreReq.Asil.B + derived_from = [MessagePassingSEooC.OSIndependentAPI@1] + version = 1 +} + +} +