Functional Safety Concept — Assumed FSRs¶
Derived from ASG_0001 / ASG_0002 per ISO 26262-3 §8. Each AFSR carries the post-decomposition ASIL of Element A: ASIL B(D).
The AFSRs are assumed — they describe the item-level functional safety obligations that an integrator’s real item HARA must confirm (AOU_0006). Taktora’s own technical refinement onto its crates lives in Technical Safety Concept — TSRs.
Assumed Functional Safety Requirement: Spatial Freedom From Interference between integrity levels AFSR_0001
|
Taktora shall enforce spatial Freedom From Interference between safety-critical hosted items and QM-grade hosted items co-located in the same workspace, such that no QM-grade item can mutate the address-space or in-memory state observed by a safety-critical item. |
Taktora shall enforce channel directionality on all inter-item
shared-memory communication, such that a reader of integrity level
|
Taktora shall isolate memory-allocation failures between integrity levels, such that allocation pressure from QM-grade items cannot cause a safety-critical item to encounter an allocation failure it would not otherwise have encountered. |
Taktora shall detect and propagate internal framework faults — allocator exhaustion, missed deadlines, connector disconnect, item panic, channel corruption — to an integrator-observable surface within FTTI/2 (at most 50 ms given the assumed 100 ms FTTI). |
Taktora shall verify that the spatial-isolation context is intact before admitting a safety-critical item into the executor’s runnable set on each cold start. |