Add STPA risk analysis to TT-Expectations.#23
Draft
ThomasClausnitzer wants to merge 1 commit intoeclipse-score:mainfrom
Draft
Add STPA risk analysis to TT-Expectations.#23ThomasClausnitzer wants to merge 1 commit intoeclipse-score:mainfrom
ThomasClausnitzer wants to merge 1 commit intoeclipse-score:mainfrom
Conversation
ThomasClausnitzer
requested review from
4og,
aschemmel-tech and
masc2023
as code owners
github-actions
bot
added
the
documentation
masc2023
requested changes
Mar 12, 2026
There was a problem hiding this comment.
Defects Found
Nr Issue Severity
1 AOU-31 referenced in C4 does not exist in the TSF tree Must fix
2 JLS-54 and JLS-55 referenced in Section 9.4 do not exist Must fix
3 Typo "Ecplise" in drawio/png diagram Should fix
4 Independent STPA + SME review still pending (Section 10.2) Process gap — review needed before final approval
|
|
||
| The nodes: | ||
|
|
||
| - `TA-CONSTRAINTS` → `AOU-01..AOU-31` |
There was a problem hiding this comment.
https://github.com/eclipse-score/nlohmann_json/tree/main/TSF/trustable/assumptions-of-use
AOU-31, where is that?
Author
There was a problem hiding this comment.
These files were submitted as part of PR #22, where this risk analysis was originally part of. We just excluded the risk analysis and the diagram and put it in a separate PR, as they are currently on pause while @aschemmel-tech is finishing a condensed revamp of the risk analysis, which will then be used as the base for optimisation. I will make this more clear in the description of this PR, and change its status to Draft to reflect the current pause in development on my side.
| - **Likelihood (L)**: plausibility given the existing test and analysis evidence, | ||
| - **Exposure (E)**: how often S-CORE relies on the behaviour in normal operation. | ||
|
|
||
| As justification we use a **qualitative** assessment that is consistent with the TSF evidence model: likelihood is judged primarily from test/analysis coverage, process controls, and (where applicable) CI-based indicators (`JLS-54`, `JLS-55`). The purpose of the table below is therefore *prioritisation and transparency* (“why do we think this is acceptable?”), not a precise probabilistic safety case. |
There was a problem hiding this comment.
https://github.com/eclipse-score/nlohmann_json/tree/main/TSF/trustable/statements
JLS-54, JLS-55, where are they define?
| | Review type | Reviewer | Date | Findings (summary) | Resulting actions | | ||
| |---|---|---|---|---| | ||
| | Analyst | Thomas Clausnitzer | 20.02.2026 | All steps of the RAFIA STPA procedure were followed. Correct traceability between L/H/C/UCA/CS/M is explicit using IDs. | Prepare for independent review | | ||
| | Independent STPA practitioner | | | | | |
There was a problem hiding this comment.
How is the review planned, who will be they person to review here?
aschemmel-tech
requested changes
Mar 16, 2026
aschemmel-tech
left a comment
aschemmel-tech
left a comment
There was a problem hiding this comment.
More lightweight version in preparation. Will be shared soon.
aschemmel-tech
pushed a commit
that referenced
this pull request
Mar 16, 2026
* Bring PR score-json#24 content onto upstream/main This commit ports the content of score-json/nlohmann_json (score-json#24) onto a fresh upstream/main baseline. Why this is one commit: - The downstream and upstream histories diverged significantly. - Replaying the full original chain would cause many unrelated conflicts. - This keeps the upstream PR diff clean and reviewable while preserving provenance below. Combined original commits from downstream branch: - 18e1f0d Halnasri resolve tt confidence feedback (#21) - caefeae Resolve TT-CONSTRUCTION Feedback (#23) - 28c4ccc Erikhu1 add missing links (nlohmann#25) - 748b55a Resolve TT-PROVENANCE Feedback (#14) - df946d2 halnasri-Revisit TT-RESULTS (#17) - 6ec3d20 added TA-Releases -> JLS-53 link (nlohmann#27) - ad3d3e9 Erikhu1 sync with prod (nlohmann#31) - 2ddacb3 Removed multiple validators from statements by splitting them up (nlohmann#35) - 849f855 Erikhu1 sync with prod (nlohmann#38) - 8f0d8cd Resolve TA-Analysis comments (nlohmann#39) - afccbfb started with TA-Misbehaviours - 3ba9098 Filled out Checklist for TA-Behaviours - 8c9508f filled out checklist for TA-Misbehaviours - df823a3 added additional context information - b6a6227 added checklist answers for TA-Behaviours and TA-Constraints - c11a978 cosmetic changes to TA-BEHAVIOURS - 693adb1 small updates to TA-Misbehaviours - 544f6d0 created JLS-54 to JLS-60 - 20ff2b7 cosmetic change to JLS-54 - 379c542 update - 65bc51c improved checklist and evidence for TA-Behaviour - e181ee7 worked on TA-Misbehaviours - bf67eec added JLS-70 and JLS-71 - 1baed11 added JLS-72 - b5895e7 Worked on Context file of TA-Constraints - 603a563 worked on misbehaviours context file - 225e46a halnasri-Revisit_TT_INDICATORS (nlohmann#28) - 03d7107 remove references to parent workflow for JLS-54 and JLS-55 - a5a6349 Added TODOs/Comments to TA-Behaviours and TA-Constraints Context files - c633504 created JLS-56 - 4d0ded3 resolved TODOs in TA-Behaviours - 3ce7f40 edited JLS 71 - 70cfb5f JLS-70 and JLS-72 - c19d526 documented misunderstandings - 14dc8ad added https validator to JLS 70 and 71 - e153c07 added JLS-73 - 08ae742 small fix - ff1df9e added references to JLS 24 and 31 - 1282cee edited zthe checklist of TA-Misbehaviour - 025d035 added https validator to JLS-24 - 1695462 typos - 00a8c81 fix pr count gate and coverage gate and add check_artifact_exists evidence to statements JLS-54 and JLS-55 - e9f9109 edited artifact output for the coverage gate - ee4b7a7 version control for PR and coverage gate workflow - b919c7d fix file naming in workflows - af24784 fix answers to the checklist of TA-CONSTRAINTS - 4f34209 edited JLS 72 - b0faaaa edited references for JLS 56 - fea0fd7 TA-constraints edited checklist - f8e2657 set pr count gate to 15 open PRs - 38dd6fa small fixes - ef31e3d exception handling tests evidence - c82acbc TA-Misbehaviours stress tests - fb306b2 TA-Misbehaviours list of misbehaviours - f78941e edited answer about risk analyses in TA-INDICATORS - b8c9aa8 added JLS-76 and comments to TT-Misbehaviours - 17cf293 removed JLS-69, its link and replace context answer with JLS-11. - 5650e92 replaced JLS-69 by JLS-11 in TA-Indicators context file - 40bb11a added link of TA-Misbehaviours to JLS-11 - d635790 added explanation of why there are no incentives to manipulate information - 6b0a4f1 added answer for undiscovered expectations - b0bedd9 answered new expectation identification question - f3ba14f added test data to answer - cbc4546 test repo renaming effects - 2cdda56 filled out remaining answer in TA-Constraints - 02a2ca6 answered to TA-Behaviours - 995183d answered result evaluation question in TA-Misbehaviours - 2ff3f10 added answer to fault induction test misbehaviour - c2fd098 answered ta-misbehaviour question, added evidence to JLS-76 - 80f4108 add risk analysis - daa774b small fixes - 438687e rewrite steps overview - 1e8025f replace - with comma in TA-Behaviours context file - 68e8252 Change phrasing of JLS-24 - 4c1ff69 changed risk analysis AOU-07 formulation - f4e3fec delete unnecessary section in risk analysis - 22d926b deleted unnecessary section in risk analysis - f202d6b changed naming of first risk analysis step - 840152b changed referrals to risk_analysis in ta-indicators and ta-misbehaviours - 67900e5 changed links from legacy gitlab TSF documentation to new ecplise TSF documentation. - 440a1ea Added a control structure diagram both as drawio/png and embedded it in the risk_analysis. - f5a0021 Change risk_analysis headers and structure to fit expected steps of RAFIA STPA procedure. - 398a02c Remade part 4 Unsafe Control Actions to fit review. - 8fa7394 Add step 5 Controller Constraints. - 802ec9d Add step 6 Control loops to risk_analysis - 8975d49 Add step 8 Causal Scenario Constrains to risk analysis - 59f4e69 Add step 10 Review of STPA results to risk analysis. - 780b797 Reworked step 9 Misbehaviours and Expectations in risk analysis to be in line with the STPA review guide. - 0a820ce Update markdown tables of risk_analysis to follow column names and order of STPA results schema in TSF documentation. - bb554ea Add additional Controller Functional Constraints under 5) Device Cotroller Constraints for risk_analysis to fulfill STPA review requirements. - 38fc8fa Updated step 7) Causal Scenarios to follow review guidelines in risk_analysis - ce03617 TA-Constraints: add AOU-31 resource/time budget assumption - c7d94f3 Removed typos and irregularities for review changes. - 5c0eb10 Replace legacy UCA IDs with current combined IDs as in review. - 48d149d Changed minor remarks from review. - 1bd7fa3 Changed failure description in 6) Control Loops and Sequences in risk_analysis - dfc804d Changed minor errors in STPA diagram. * Fix legacy links in trudag dotstop.dot * Changes in TA-BEHAVIOURS_CONTEXT because of review comments. * Additional Changes in TA-BEHAVIOURS_CONTEXT because of review comments. * Changes in TA-INDICATORS_CONTEXT because of review comments. * Add changes in TA-MISBEHAVIOURS_CONTEXT because of review. * Fix bug in publish_documentation workflow to correctly use context files from the branch that is updated and not outdated files from save_historical_data branch. * Delete risk analysis and related graph files from current PR. * Fix bug in parent workflow to not skip coverage gate workflow when pushing to main.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was created out of the existing PR 22 to isolate the risk analysis and related files from the other changes.
Important (12.03): Currently this PR is on pause while @aschemmel-tech is finishing a condensed revamp of the risk analysis which will be linked here.
Note:
https://pages.eclipse.dev/eclipse/tsf/tsf/extensions/rafia/risk-analysis.html#risk-evaluation