|
24 | 24 | The above directive must be updated according to your Feature. |
25 | 25 |
|
26 | 26 | - Modify ``Your Feature Name`` to be your Feature Name |
27 | | - - Modify ``id`` to be your Feature Name in upper snake case preceded by ``doc__`` and followed by ``_req_inspection`` |
| 27 | + - Modify ``id`` to be your Feature Name in lower snake case preceded by ``doc__`` and followed by ``_req_inspection`` |
28 | 28 | - Adjust ``status`` to be ``valid`` |
29 | 29 | - Adjust ``safety`` and ``tags`` according to your needs |
30 | 30 |
|
31 | | -[Your Feature Name] Requirement Inspection Checklist |
32 | | -====================================================== |
| 31 | +Requirement Inspection Checklist |
| 32 | +================================ |
33 | 33 |
|
34 | 34 | **Purpose** |
| 35 | + |
35 | 36 | The purpose of this requirement inspection checklist is to collect the topics to be checked during requirements inspection. |
36 | 37 |
|
| 38 | + **Conduct** |
| 39 | + |
| 40 | + As described in the concept :need:`doc_concept__wp_inspections` the following "inspection roles" are expected to be filled: |
| 41 | + |
| 42 | + - author: these are the persons who did the last commits on the requirements in scope (can be derived from version mgt tool) |
| 43 | + - reviewer: these are all persons committing into this inspection document or giving a pull request verdict on it (can be derived from version mgt tool) |
| 44 | + - moderator: only needed for conflict resolution between author and reviewers, is the safety manager, security manager or quality manager called in as a reviewer (can be derived from version mgt tool) |
| 45 | + - test expert: <one of the reviewers explicitly named here, to cover REQ_08_01 as described> |
| 46 | + |
37 | 47 | **Checklist** |
38 | 48 |
|
39 | 49 | .. list-table:: Feature Requirement Inspection Checklist |
|
47 | 57 | - Remarks |
48 | 58 | - Issue link |
49 | 59 | * - REQ_01_01 |
50 | | - - Is the requirement sentence template used? |
| 60 | + - Is the requirement formulation template used? |
51 | 61 | - see :need:`gd_temp__req_formulation`, this includes the use of "shall". |
52 | 62 | - |
53 | 63 | - |
|
66 | 76 | - |
67 | 77 | * - REQ_02_03 |
68 | 78 | - Is the requirement description *atomic* ? |
69 | | - - A good way to think about this is to consider if the requirement may be tested by one (positive) test case or needs more of these. The sentence template should also avoid being non-atomic already. Note that there are cases where also non-atomic requirements are the better ones, for example if those are better understandable. |
| 79 | + - A good way to think about this is to consider if the requirement may be tested by one (positive) test case or needs more of these. The requirement formulation template should also avoid being non-atomic already. Note that there are cases where also non-atomic requirements are the better ones, for example if those are better understandable. |
70 | 80 | - |
71 | 81 | - |
72 | 82 | - |
73 | 83 | * - REQ_02_04 |
74 | 84 | - Is the requirement description *feasible* ? |
75 | | - - Expectation is that at the time of the inspection the requirement has already some implementation. This can be checked via traces, but also :need:`gd_req__req_attr_impl` shows this. In case the requirement is not mature enough at the time of inspection (i.e. not implemented at least as "proof-of-concept"), a development expert should be invited to the Pull-Request review to explicitly check this item. |
| 85 | + - If at the time of the inspection the requirement has already some implementation, the answer is yes. This can be checked via traces, but also :need:`gd_req__req_attr_impl` shows this. In case the requirement has no implementation at the time of inspection (i.e. not implemented at least as "proof-of-concept"), a development expert should be invited to the Pull-Request review to explicitly check this item. |
76 | 86 | - |
77 | 87 | - |
78 | 88 | - |
|
84 | 94 | - |
85 | 95 | * - REQ_03_01 |
86 | 96 | - For stakeholder requirements: Is the *rationale* correct? |
87 | | - - Rationales explain why the top level requirements were invented. Do those cover the requirement? |
| 97 | + - Rationales explain why the top level requirements were created. Do those cover the requirement? |
88 | 98 | - |
89 | 99 | - |
90 | 100 | - |
91 | 101 | * - REQ_03_02 |
92 | | - - For other requirements: Is the *linkage to the parent requirement* correct? |
| 102 | + - For feature/component requirements: Is the *linkage to the parent requirement* correct? |
93 | 103 | - Linkage to correct levels and ASIL attributes is checked automatically, but it needs checking if the child requirement implements (at least) a part of the parent requirement. |
94 | 104 | - |
95 | 105 | - |
|
101 | 111 | - |
102 | 112 | - |
103 | 113 | * - REQ_05_01 |
104 | | - - Do the software requirements consider *timing constraints of the parent requirement*? |
105 | | - - This bullet point encourages to think about timing constraints even if those are not explicitly mentioned in the parent requirement. If the reviewer of a requirement already knows or suspects that the implementation will be time consuming, one should think of the expectation of a "user". |
| 114 | + - Do the software requirements consider *timing constraints*? |
| 115 | + - This checkpoint encourages to think about timing constraints even if those are not explicitly mentioned in the parent requirement. If the reviewer of a requirement already knows or suspects that the code execution will be consuming a lot of time, one should think of the expectation of a "user". |
106 | 116 | - |
107 | 117 | - |
108 | 118 | - |
109 | 119 | * - REQ_06_01 |
110 | | - - Does the Requirement consider *external interfaces*? |
111 | | - - The SW platform's external interfaces (to the user) are defined in the Feature Architecture, so the Feature and Component Requirements should determine the data consumed and set on these interfaces. Are output values completely defined? |
| 120 | + - Does the requirement consider *external interfaces*? |
| 121 | + - The SW platform's external interfaces (to the user) are defined in the Feature Architecture, so the Feature and Component Requirements should determine the input data use and setting of output data for these interfaces. Are all output values defined? |
112 | 122 | - |
113 | 123 | - |
114 | 124 | - |
115 | 125 | * - REQ_07_01 |
116 | | - - Is the *ASIL Attribute* set correctly? |
117 | | - - Derived requirements are checked automatically, see :need:`gd_req__req_linkage_safety`. But for the top level requirements this needs to be checked for correctness. Also AoU from external components need check for correct ASIL as those are the "origin" of safety requirements towards the SW platform. |
| 126 | + - Is the *safety* attribute set correctly? |
| 127 | + - Derived requirements are checked automatically, see :need:`gd_req__req_linkage_safety`. But for the top level requirements (and also all AoU) this needs to be checked manually for correctness. |
118 | 128 | - |
119 | 129 | - |
120 | 130 | - |
121 | 131 | * - REQ_07_02 |
122 | 132 | - Is the attribute *security* set correctly? |
123 | | - - Stakeholder requirements security attribute should be set based on Threat Analysis and Risk Assessment (TARA) (process is TBD). Checklist item is supported by automated check: "Every requirement which satisfies a requirement with security attribute set to YES inherits this". Expectation is that the feature/component requirements/architecture may also be subject to a Software Security Criticality Analysis (process is TBD). |
| 133 | + - Stakeholder requirements security attribute should be set based on Threat Analysis and Risk Assessment (TARA) (process is TBD). For feature/component requirements this checklist item is supported by automated check: "Every requirement which satisfies a requirement with security attribute set to YES inherits this". But the feature/component requirements/architecture may additionally also be subject to a Software Security Criticality Analysis (process is TBD). |
124 | 134 | - |
125 | 135 | - |
126 | 136 | - |
127 | 137 | * - REQ_08_01 |
128 | 138 | - Is the requirement *verifiable*? |
129 | | - - Expectation is that at the time of the inspection already tests are created for the requirement. This can be checked via traces, but also :need:`gd_req__req_attr_test_covered` shows this. In case the requirement is not mature enough at the time of inspection (i.e. missing test cases), a test expert should be invited to the Pull-Request review to explicitly check this item. |
| 139 | + - If at the time of the inspection already tests are created for the requirement, the answer is yes. This can be checked via traces, but also :need:`gd_req__req_attr_test_covered` shows this. In case the requirement is not sufficiently traced to test cases already, a test expert is invited to the inspection to give his opinion whether the requirement is formulated in a way that supports test development and the available test infrastructure is sufficient to perform the test. |
130 | 140 | - |
131 | 141 | - |
132 | 142 | - |
133 | 143 | * - REQ_09_01 |
134 | 144 | - For stakeholder requirements: Do those cover assumed safety mechanisms needed by the hardware and system? |
135 | | - - Note that the feature/component requirements also cover safety mechanisms in case those are needed to mitigate failures found during :need:`gd_chklst__safety_analysis` |
| 145 | + - Note that stakeholder requirements covering safety mechanisms come from rationales, whereas feature/component requirements are covering safety mechanisms coming from :need:`gd_chklst__safety_analysis` |
136 | 146 | - |
137 | 147 | - |
138 | 148 | - |
139 | 149 | * - REQ_09_02 |
140 | | - - For other requirements: Do the requirements defining a safety mechanism contain the error reaction leading to a safe state? |
| 150 | + - For feature/component requirements: Do the requirements defining a safety mechanism contain the error reaction leading to a safe state? |
141 | 151 | - Alternatively to the safe state there could also be "repair" mechanisms. Also do not forget to consider REQ_05_01 for these. |
142 | 152 | - |
143 | 153 | - |
|
148 | 158 | The above checklist entries must be filled according to your component requirements in scope. |
149 | 159 | Also the need links mentioned in the checklist must be renamed to PROCESS_<old id> to point to the process documentation. |
150 | 160 |
|
151 | | -The following (valid) requirements are in the scope of this inspection: |
| 161 | +Note: If a Review ID is not applicable for your requirement, then state ""n/a" in status and comment accordingly in remarks. For example "no stakeholder requirement (no rationale needed)" |
| 162 | + |
| 163 | +The following requirements in "valid" state and with "inspected" tag set are in the scope of this inspection: |
152 | 164 |
|
153 | 165 | .. needtable:: |
154 | | - :filter: "feature_name" in docname and "requirements" in docname and docname is not None |
| 166 | + :filter: "feature_name" in docname and "requirements" in docname and docname is not None and status == "valid" |
155 | 167 | :style: table |
156 | 168 | :types: feat_req |
157 | 169 | :tags: feature_name |
158 | 170 | :columns: id;status;tags |
159 | 171 | :colwidths: 25,25,25 |
160 | 172 | :sort: title |
| 173 | + |
| 174 | +And also the following AoUs in "valid" state and with "inspected" tag set (for these please answer the questions above as if the AoUs are requirements, except questions REQ_03_01 and REQ_03_02): |
| 175 | + |
| 176 | +.. needtable:: |
| 177 | + :filter: "feature_name" in docname and "requirements" in docname and docname is not None and status == "valid" |
| 178 | + :style: table |
| 179 | + :types: aou_req |
| 180 | + :tags: feature_name |
| 181 | + :columns: id;status;tags |
| 182 | + :colwidths: 25,25,25 |
| 183 | + :sort: title |
| 184 | + |
| 185 | +.. attention:: |
| 186 | + The above tables filtering must be updated according to your Feature. |
| 187 | + |
| 188 | + - Modify ``feature_name`` to be your Feature Name in lower snake case |
0 commit comments