Stefan Lohmaier
fb2c083551
Validate / build-test (macos-latest) (push) Failing after 3s
Validate / build-test (windows-latest) (push) Failing after 15s
Validate / build-test (ubuntu-latest) (push) Successful in 17s
Validate / reports (push) Successful in 50s
Release / release (push) Successful in 50s
Phase 2 of the English translation: Word documents (filled, EPB-specific): - 8 plans (PID, PM, QA, SWE, Test, Project Manual, CM, RM) - 6 safety docs (HARA, Safety Case, FMEDA, MISRA Compliance, Verification Report, Tool Qualification Cppcheck) - 2 manuals (User, Service) - 3 audit artefacts (Review minutes, NC-001, MISRA-REC-001) - All regenerated via pandoc from English markdown sources Code, tests, headers: - All file headers, struct comments, function docstrings in English - All test names (TEST_BEGIN strings) translated - Inline comments translated - 46 tests still green after translation CI workflows: - All step names in English - Step descriptions, comments, release notes template in English README.md fully rewritten in English with proper guided tour. Phase 3 (still pending): dev-process repo templates + toolstack/setup docs.
2.2 KiB
2.2 KiB
nc-id, project, date-discovered, severity, status
| nc-id | project | date-discovered | severity | status |
|---|---|---|---|---|
| NC-001 | demo-epb | 2026-05-11 | Critical | Closed |
Non-Conformity NC-001: Step counter overflow not documented
| Field | Value |
|---|---|
| NC ID | NC-001 |
| Project | demo-epb |
| Date discovered | 2026-05-11 |
| Discovered by | Review REV-001 |
| Affected artefact | src/apply_controller.c |
| Requirement | SWE-002 (watchdog) |
| Severity | Critical |
| Status | Closed |
1. Description
step_count in the apply controller is declared as uint32_t and is monotonically incremented in apply_ctrl_step_50ms. At 50 ms/tick the counter overflows after 2^32 * 50 ms ≈ 6.8 years. The watchdog in SWA-002 only compares the delta between two reads (wrap-around safe), but the behaviour is not documented in the header and may lead to errors in subsequent maintenance.
2. Risk assessment
| Aspect | Assessment |
|---|---|
| Effect | In theory false-negative watchdog on wrap-around comparison |
| Likelihood | Very low (6.8 years lifetime) |
| Safety contribution | Indirect — watchdog is part of the SG-01 implementation |
3. Immediate action
Header comment in apply_controller.h extended: explicit description of wrap-around behaviour. The watchdog implementation (in SWA-001) must use uint32_t subtraction for delta comparison (wrap-safe).
4. Corrective action (root cause)
Add the checklist item "document integer overflow behaviour" to the code-review checklist. Verify in subsequent reviews.
5. Verification
- Comment in
apply_controller.hv1.1 (commit<hash>) - Watchdog in SWA-001 uses
uint32_tsubtraction (see SWA-001 §4) - Review checklist updated
6. Closure
Closed on 2026-05-11 by S. Lohmaier after verification.