From 5b8e4885e73e7aef263e6a731c1d368d99e16a2d Mon Sep 17 00:00:00 2001 From: Andreas Zwinkau Date: Wed, 27 May 2026 10:15:10 +0200 Subject: [PATCH 1/4] feat: Satisfy gd_req__arch_linkage_safety --- docs/internals/requirements/requirements.rst | 11 +++ src/extensions/score_metamodel/metamodel.yaml | 12 +++ .../rst/graph/test_arch_safety_belongs_to.rst | 96 +++++++++++++++++++ 3 files changed, 119 insertions(+) create mode 100644 src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst diff --git a/docs/internals/requirements/requirements.rst b/docs/internals/requirements/requirements.rst index 382cb8f03..0920239b1 100644 --- a/docs/internals/requirements/requirements.rst +++ b/docs/internals/requirements/requirements.rst @@ -715,6 +715,17 @@ Architecture Attributes Docs-as-Code shall enforce that valid safety architectural elements (Safety != QM) can only be linked against valid safety architectural elements. +.. tool_req:: Check safety architecture view belongs_to a safety parent + :id: tool_req__docs_arch_link_safety_belongs_to + :tags: Architecture + :implemented: YES + :version: 1 + :satisfies: gd_req__arch_linkage_safety + :parent_covered: YES + + Enforce that valid ASIL architecture views link only + to ASIL architecture elements via ``belongs_to``. + .. tool_req:: Security: Restrict linkage :id: tool_req__docs_arch_link_security :tags: Architecture diff --git a/src/extensions/score_metamodel/metamodel.yaml b/src/extensions/score_metamodel/metamodel.yaml index 7d82bde3b..fac9bc307 100644 --- a/src/extensions/score_metamodel/metamodel.yaml +++ b/src/extensions/score_metamodel/metamodel.yaml @@ -1026,6 +1026,18 @@ graph_checks: fulfils: safety != QM explanation: An QM architecture element cannot implement ASIL requirements. + # req-Id: tool_req__docs_arch_link_safety_belongs_to + tool_req__docs_arch_link_safety_belongs_to: + needs: + include: feat_arc_sta, feat_arc_dyn, comp_arc_sta, comp_arc_dyn + condition: + and: + - safety != QM + - status == valid + check: + belongs_to: safety != QM + explanation: Safety architecture views must belong to safety architecture elements. + # req-Id: tool_req__docs_req_arch_link_safety_to_arch tool_req__docs_req_arch_link_safety_to_arch: needs: diff --git a/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst b/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst new file mode 100644 index 000000000..aa99ec924 --- /dev/null +++ b/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst @@ -0,0 +1,96 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +#CHECK: check_metamodel_graph + +.. feat:: QM Feature Parent + :id: feat__test__qm_parent + :safety: QM + :security: NO + :status: valid + +.. feat:: Safety Feature Parent + :id: feat__test__asil_parent + :safety: ASIL_B + :security: NO + :status: valid + +.. comp:: QM Component Parent + :id: comp__test__qm_parent + :safety: QM + :security: NO + :status: valid + :belongs_to: feat__test__qm_parent + +.. comp:: Safety Component Parent + :id: comp__test__asil_parent + :safety: ASIL_B + :security: NO + :status: valid + :belongs_to: feat__test__asil_parent + + +.. Negative Test: Safety feat_arc_sta belongs_to a QM feat — should warn. +#EXPECT: feat_arc_sta__test__safety_to_qm: Parent need `feat__test__qm_parent` does not fulfill condition `safety != QM`. + +.. feat_arc_sta:: Safety view with QM parent + :id: feat_arc_sta__test__safety_to_qm + :safety: ASIL_B + :security: NO + :status: valid + :belongs_to: feat__test__qm_parent + + +.. Positive Test: Safety feat_arc_sta belongs_to a safety feat — should not warn. +#EXPECT-NOT: Safety architecture views must belong to safety architecture elements + +.. feat_arc_sta:: Safety view with safety parent + :id: feat_arc_sta__test__safety_to_asil + :safety: ASIL_B + :security: NO + :status: valid + :belongs_to: feat__test__asil_parent + + +.. Positive Test: QM feat_arc_sta — check does not apply to QM elements. +#EXPECT-NOT: Safety architecture views must belong to safety architecture elements + +.. feat_arc_sta:: QM view with QM parent + :id: feat_arc_sta__test__qm_to_qm + :safety: QM + :security: NO + :status: valid + :belongs_to: feat__test__qm_parent + + +.. Negative Test: Safety comp_arc_sta belongs_to a QM comp — should warn. +#EXPECT: comp_arc_sta__test__safety_to_qm: Parent need `comp__test__qm_parent` does not fulfill condition `safety != QM`. + +.. comp_arc_sta:: Safety component view with QM parent + :id: comp_arc_sta__test__safety_to_qm + :safety: ASIL_B + :security: NO + :status: valid + :belongs_to: comp__test__qm_parent + + +.. Positive Test: Safety comp_arc_sta belongs_to a safety comp — should not warn. +#EXPECT-NOT: Safety architecture views must belong to safety architecture elements + +.. comp_arc_sta:: Safety component view with safety parent + :id: comp_arc_sta__test__safety_to_asil + :safety: ASIL_B + :security: NO + :status: valid + :belongs_to: comp__test__asil_parent From f0d3ddd740d146634f13c0811d30c0acdeb5eac3 Mon Sep 17 00:00:00 2001 From: Andreas Zwinkau Date: Wed, 27 May 2026 14:19:21 +0200 Subject: [PATCH 2/4] fix: review feedback --- docs/internals/requirements/requirements.rst | 7 +- src/extensions/score_metamodel/metamodel.yaml | 8 +- .../rst/graph/test_arch_safety_belongs_to.rst | 107 +++++++++++++----- 3 files changed, 85 insertions(+), 37 deletions(-) diff --git a/docs/internals/requirements/requirements.rst b/docs/internals/requirements/requirements.rst index 0920239b1..bde200c97 100644 --- a/docs/internals/requirements/requirements.rst +++ b/docs/internals/requirements/requirements.rst @@ -715,16 +715,15 @@ Architecture Attributes Docs-as-Code shall enforce that valid safety architectural elements (Safety != QM) can only be linked against valid safety architectural elements. -.. tool_req:: Check safety architecture view belongs_to a safety parent - :id: tool_req__docs_arch_link_safety_belongs_to +.. tool_req:: Check safety architecture view fulfils only safety requirements + :id: tool_req__docs_arch_link_safety_fulfils :tags: Architecture :implemented: YES :version: 1 :satisfies: gd_req__arch_linkage_safety :parent_covered: YES - Enforce that valid ASIL architecture views link only - to ASIL architecture elements via ``belongs_to``. + Enforce that valid ASIL architecture views fulfil only ASIL requirements. .. tool_req:: Security: Restrict linkage :id: tool_req__docs_arch_link_security diff --git a/src/extensions/score_metamodel/metamodel.yaml b/src/extensions/score_metamodel/metamodel.yaml index fac9bc307..347879184 100644 --- a/src/extensions/score_metamodel/metamodel.yaml +++ b/src/extensions/score_metamodel/metamodel.yaml @@ -1026,8 +1026,8 @@ graph_checks: fulfils: safety != QM explanation: An QM architecture element cannot implement ASIL requirements. - # req-Id: tool_req__docs_arch_link_safety_belongs_to - tool_req__docs_arch_link_safety_belongs_to: + # req-Id: tool_req__docs_arch_link_safety_fulfils + tool_req__docs_arch_link_safety_fulfils: needs: include: feat_arc_sta, feat_arc_dyn, comp_arc_sta, comp_arc_dyn condition: @@ -1035,8 +1035,8 @@ graph_checks: - safety != QM - status == valid check: - belongs_to: safety != QM - explanation: Safety architecture views must belong to safety architecture elements. + fulfils: safety != QM + explanation: Safety architecture views must only fulfil safety architecture elements. # req-Id: tool_req__docs_req_arch_link_safety_to_arch tool_req__docs_req_arch_link_safety_to_arch: diff --git a/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst b/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst index aa99ec924..8dd18fdec 100644 --- a/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst +++ b/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst @@ -1,6 +1,6 @@ .. # ******************************************************************************* - # Copyright (c) 2025 Contributors to the Eclipse Foundation + # Copyright (c) 2026 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -14,83 +14,132 @@ #CHECK: check_metamodel_graph -.. feat:: QM Feature Parent - :id: feat__test__qm_parent +.. feat_req:: QM Feature Requirement Parent + :id: feat_req__test__qm_parent :safety: QM - :security: NO :status: valid -.. feat:: Safety Feature Parent - :id: feat__test__asil_parent +.. feat_req:: Safety Feature Requirement Parent + :id: feat_req__test__asil_parent :safety: ASIL_B - :security: NO :status: valid -.. comp:: QM Component Parent - :id: comp__test__qm_parent +.. comp_req:: QM Component Requirement Parent + :id: comp_req__test__qm_parent :safety: QM - :security: NO :status: valid - :belongs_to: feat__test__qm_parent -.. comp:: Safety Component Parent - :id: comp__test__asil_parent +.. comp_req:: Safety Component Requirement Parent + :id: comp_req__test__asil_parent :safety: ASIL_B - :security: NO :status: valid - :belongs_to: feat__test__asil_parent -.. Negative Test: Safety feat_arc_sta belongs_to a QM feat — should warn. -#EXPECT: feat_arc_sta__test__safety_to_qm: Parent need `feat__test__qm_parent` does not fulfill condition `safety != QM`. +.. Negative Test: Safety feat_arc_sta fulfils a QM feat_req — should warn. +#EXPECT: feat_arc_sta__test__safety_to_qm: Parent need `feat_req__test__qm_parent` does not fulfill condition `safety != QM`. .. feat_arc_sta:: Safety view with QM parent :id: feat_arc_sta__test__safety_to_qm :safety: ASIL_B :security: NO :status: valid - :belongs_to: feat__test__qm_parent + :fulfils: feat_req__test__qm_parent -.. Positive Test: Safety feat_arc_sta belongs_to a safety feat — should not warn. -#EXPECT-NOT: Safety architecture views must belong to safety architecture elements +.. Positive Test: Safety feat_arc_sta fulfils a safety feat_req — should not warn. +#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements .. feat_arc_sta:: Safety view with safety parent :id: feat_arc_sta__test__safety_to_asil :safety: ASIL_B :security: NO :status: valid - :belongs_to: feat__test__asil_parent + :fulfils: feat_req__test__asil_parent .. Positive Test: QM feat_arc_sta — check does not apply to QM elements. -#EXPECT-NOT: Safety architecture views must belong to safety architecture elements +#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements .. feat_arc_sta:: QM view with QM parent :id: feat_arc_sta__test__qm_to_qm :safety: QM :security: NO :status: valid - :belongs_to: feat__test__qm_parent + :fulfils: feat_req__test__qm_parent + + +.. Negative Test: Safety feat_arc_dyn fulfils a QM feat_req — should warn. +#EXPECT: feat_arc_dyn__test__safety_to_qm: Parent need `feat_req__test__qm_parent` does not fulfill condition `safety != QM`. + +.. feat_arc_dyn:: Safety dynamic view with QM parent + :id: feat_arc_dyn__test__safety_to_qm + :safety: ASIL_B + :security: NO + :status: valid + :fulfils: feat_req__test__qm_parent + + +.. Positive Test: Safety feat_arc_dyn fulfils a safety feat_req — should not warn. +#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements + +.. feat_arc_dyn:: Safety dynamic view with safety parent + :id: feat_arc_dyn__test__safety_to_asil + :safety: ASIL_B + :security: NO + :status: valid + :fulfils: feat_req__test__asil_parent + + +.. Positive Test: QM feat_arc_dyn — check does not apply to QM elements. +#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements + +.. feat_arc_dyn:: QM dynamic view with QM parent + :id: feat_arc_dyn__test__qm_to_qm + :safety: QM + :security: NO + :status: valid + :fulfils: feat_req__test__qm_parent -.. Negative Test: Safety comp_arc_sta belongs_to a QM comp — should warn. -#EXPECT: comp_arc_sta__test__safety_to_qm: Parent need `comp__test__qm_parent` does not fulfill condition `safety != QM`. +.. Negative Test: Safety comp_arc_sta fulfils a QM comp_req — should warn. +#EXPECT: comp_arc_sta__test__safety_to_qm: Parent need `comp_req__test__qm_parent` does not fulfill condition `safety != QM`. .. comp_arc_sta:: Safety component view with QM parent :id: comp_arc_sta__test__safety_to_qm :safety: ASIL_B :security: NO :status: valid - :belongs_to: comp__test__qm_parent + :fulfils: comp_req__test__qm_parent -.. Positive Test: Safety comp_arc_sta belongs_to a safety comp — should not warn. -#EXPECT-NOT: Safety architecture views must belong to safety architecture elements +.. Positive Test: Safety comp_arc_sta fulfils a safety comp_req — should not warn. +#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements .. comp_arc_sta:: Safety component view with safety parent :id: comp_arc_sta__test__safety_to_asil :safety: ASIL_B :security: NO :status: valid - :belongs_to: comp__test__asil_parent + :fulfils: comp_req__test__asil_parent + + +.. Negative Test: Safety comp_arc_dyn fulfils a QM comp_req — should warn. +#EXPECT: comp_arc_dyn__test__safety_to_qm: Parent need `comp_req__test__qm_parent` does not fulfill condition `safety != QM`. + +.. comp_arc_dyn:: Safety dynamic component view with QM parent + :id: comp_arc_dyn__test__safety_to_qm + :safety: ASIL_B + :security: NO + :status: valid + :fulfils: comp_req__test__qm_parent + + +.. Positive Test: Safety comp_arc_dyn fulfils a safety comp_req — should not warn. +#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements + +.. comp_arc_dyn:: Safety dynamic component view with safety parent + :id: comp_arc_dyn__test__safety_to_asil + :safety: ASIL_B + :security: NO + :status: valid + :fulfils: comp_req__test__asil_parent From b694aacc6803ff922ba28f06cf72f4f725bec710 Mon Sep 17 00:00:00 2001 From: Andreas Zwinkau Date: Thu, 28 May 2026 09:17:10 +0200 Subject: [PATCH 3/4] fix: review feedback --- docs/internals/requirements/requirements.rst | 6 ++++-- src/extensions/score_metamodel/metamodel.yaml | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/internals/requirements/requirements.rst b/docs/internals/requirements/requirements.rst index bde200c97..1c22dc0ac 100644 --- a/docs/internals/requirements/requirements.rst +++ b/docs/internals/requirements/requirements.rst @@ -723,7 +723,9 @@ Architecture Attributes :satisfies: gd_req__arch_linkage_safety :parent_covered: YES - Enforce that valid ASIL architecture views fulfil only ASIL requirements. + Enforce that valid ASIL architecture views + (``feat_arc_sta``, ``feat_arc_dyn``, ``comp_arc_sta``, ``comp_arc_dyn``) + "fulfil" only ASIL requirements. .. tool_req:: Security: Restrict linkage :id: tool_req__docs_arch_link_security @@ -749,7 +751,7 @@ Architecture Attributes gd_req__arch_viewpoints, :parent_covered: YES - Docs-as-Code shall enable the rendering of diagrams for the following architecture views: + Enable the rendering of diagrams for the following architecture views: * Feature Package Diagram (feat_arc_sta) * Feature Sequence Diagram (feat_arc_dyn) diff --git a/src/extensions/score_metamodel/metamodel.yaml b/src/extensions/score_metamodel/metamodel.yaml index 347879184..a085f33cc 100644 --- a/src/extensions/score_metamodel/metamodel.yaml +++ b/src/extensions/score_metamodel/metamodel.yaml @@ -1036,7 +1036,7 @@ graph_checks: - status == valid check: fulfils: safety != QM - explanation: Safety architecture views must only fulfil safety architecture elements. + explanation: Safety-critical architecture views must only "fulfil" safety-critical architecture elements. # req-Id: tool_req__docs_req_arch_link_safety_to_arch tool_req__docs_req_arch_link_safety_to_arch: From 1f5467d8d67e7e83221b0f8adce77e038eab617a Mon Sep 17 00:00:00 2001 From: Andreas Zwinkau Date: Fri, 29 May 2026 09:06:55 +0200 Subject: [PATCH 4/4] fix: expect-not and metamodel --- src/extensions/score_metamodel/metamodel.yaml | 2 +- .../tests/rst/graph/test_arch_safety_belongs_to.rst | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/extensions/score_metamodel/metamodel.yaml b/src/extensions/score_metamodel/metamodel.yaml index a085f33cc..c95144574 100644 --- a/src/extensions/score_metamodel/metamodel.yaml +++ b/src/extensions/score_metamodel/metamodel.yaml @@ -1023,7 +1023,7 @@ graph_checks: include: feat_arc_sta, logic_arc_int, logic_arc_int_op, comp_arc_sta, real_arc_int, real_arc_int_op condition: safety == QM check: - fulfils: safety != QM + fulfils: safety == QM explanation: An QM architecture element cannot implement ASIL requirements. # req-Id: tool_req__docs_arch_link_safety_fulfils diff --git a/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst b/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst index 8dd18fdec..a87894fb5 100644 --- a/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst +++ b/src/extensions/score_metamodel/tests/rst/graph/test_arch_safety_belongs_to.rst @@ -47,7 +47,7 @@ .. Positive Test: Safety feat_arc_sta fulfils a safety feat_req — should not warn. -#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements +#EXPECT-NOT: fulfil .. feat_arc_sta:: Safety view with safety parent :id: feat_arc_sta__test__safety_to_asil @@ -58,7 +58,7 @@ .. Positive Test: QM feat_arc_sta — check does not apply to QM elements. -#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements +#EXPECT-NOT: fulfil .. feat_arc_sta:: QM view with QM parent :id: feat_arc_sta__test__qm_to_qm @@ -80,7 +80,7 @@ .. Positive Test: Safety feat_arc_dyn fulfils a safety feat_req — should not warn. -#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements +#EXPECT-NOT: fulfil .. feat_arc_dyn:: Safety dynamic view with safety parent :id: feat_arc_dyn__test__safety_to_asil @@ -91,7 +91,7 @@ .. Positive Test: QM feat_arc_dyn — check does not apply to QM elements. -#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements +#EXPECT-NOT: fulfil .. feat_arc_dyn:: QM dynamic view with QM parent :id: feat_arc_dyn__test__qm_to_qm @@ -113,7 +113,7 @@ .. Positive Test: Safety comp_arc_sta fulfils a safety comp_req — should not warn. -#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements +#EXPECT-NOT: fulfil .. comp_arc_sta:: Safety component view with safety parent :id: comp_arc_sta__test__safety_to_asil @@ -135,7 +135,7 @@ .. Positive Test: Safety comp_arc_dyn fulfils a safety comp_req — should not warn. -#EXPECT-NOT: Safety architecture views must only fulfil safety architecture elements +#EXPECT-NOT: fulfil .. comp_arc_dyn:: Safety dynamic component view with safety parent :id: comp_arc_dyn__test__safety_to_asil