Add abstract control structure diagram for Linux-based OS

safety-analysis/linux-abstract-control-structure.dot

@@ -0,0 +1,110 @@
+digraph G {
+node [shape=box width=0.8 height=0.5 labelloc=c margin=0.1
+      fontname="Open Sans" fontsize=14 style=filled fillcolor=white]
+graph [splines=ortho ranksep=0.6 nodesep=0.6]
+edge [fontname="Open Sans" fontsize=12]
+layout=dot; overlap=false;
+ordering=out; compound=true; newrank=true;
+
+subgraph cluster_user {
+    label="Application workloads running on the OS" labeljust=l penwidth=2 fillcolor=lightseagreen
+    fontname="Open Sans" fontsize=16 style=filled margin=15
+    rvc [label="Safety workloads" width=4 fillcolor=red fontcolor=yellow]
+    ivi [label="Other workloads" width=5.95]
+    }
+
+subgraph cluster_os {
+    label="OS" labeljust=l fillcolor=lightblue
+    fontname="Open Sans" fontsize=16 margin=15 style=filled color=lightgrey
+
+    subgraph cluster_services {
+    pencolor=black fillcolor=palegoldenrod penwidth=2
+    label="Services" labeljust=l labelloc=b margin=15
+        servman [label="Service manager" width=3.6]
+        services [label="Other\nservices" width=1.5]
+        safeserv [label="Safety-related\nservice(s)" width=1.5 fillcolor=red fontcolor=yellow]
+        }
+
+    subgraph cluster_kernel {
+        pencolor=black fillcolor=lightgreen penwidth=2
+        label="Linux Kernel" labeljust=l labelloc=b margin=15
+        inmman [label="" width=0 height=0 style=invis]
+        mman [label="Memory\nmanagement"]
+        outmman [label="" width=0 height=0 style=invis]
+        subgraph cluster_kernel_sub {
+            label=""
+            acon [label="Access control\n(user, groups, etc)" width=3.9]
+            dcon [label="Device control\n(drivers, etc)"]
+            tcon [label="Task control\n(processes, etc)"]
+            dint [label="Device interfaces\n(filesystems, etc)" width=3.9]
+            }
+        }
+    syscall [shape=circle width=0.2 height=0.2 fontsize=11
+        label="" xlabel="syscall,\nsysfs,\nprocfs,\n etc." fontcolor=darkgreen]
+    interrupt [shape=circle width=0.2 height=0.2 fontsize=11
+        label="" xlabel="IRQ, NMI\nException" fontcolor=darkgreen]
+    }
+
+subgraph cluster_hardware {
+    label="Hardware directly controlled by OS"
+    style=filled penwidth=2 fillcolor=lightgrey labelloc=t labeljust=l
+    fontname="Open Sans" fontsize=16 margin=11
+    Storage [width=1.35]
+    memory [label="Memory"]
+    Bus [label="External\nDevice Bus"]
+    processor [label="CPU"]
+    GPU [label="Graphics"]
+    Network
+    Other
+    }
+
+xsystem [label="Other system"]
+Watchdog
+
+{rank=same; rvc; ivi;}
+{rank=same; servman; syscall;}
+{rank=same; safeserv; services; inmman; acon}
+{rank=same; mman; dcon; tcon;}
+{rank=same; interrupt; outmman; dint}
+{rank=same; Other; GPU; memory; processor; Bus; Network; Storage;}
+{rank=same; xsystem; Watchdog;}
+
+rvc -> servman [ltail=cluster_user lhead=cluster_services]
+rvc -> servman [dir=back style=dashed ltail=cluster_user lhead=cluster_services]
+ivi -> syscall [dir=none ltail=cluster_user]
+ivi -> acon [dir=back style=dashed ltail=cluster_user lhead=cluster_kernel]
+rvc -> ivi [dir=both color=blue]
+
+syscall -> inmman [lhead=cluster_kernel weight=3]
+
+servman -> syscall [dir=none ltail=cluster_services weight=2]
+safeserv -> mman [dir=back style=dashed ltail=cluster_services lhead=cluster_kernel]
+
+servman -> safeserv
+servman -> safeserv [dir=back style=dashed]
+servman -> services
+servman -> services [dir=back style=dashed]
+safeserv -> services [dir=both color=blue]
+
+inmman -> acon [dir=none lhead=cluster_kernel_sub]
+mman -> outmman [dir=none style=dashed]
+outmman -> dint [style=dashed lhead=cluster_kernel_sub]
+inmman -> mman
+
+acon -> dcon
+acon -> tcon
+dcon -> dint
+dcon -> dint [dir=back style=dashed]
+tcon -> dint
+tcon -> dint [dir=back style=dashed]
+
+interrupt -> Network [dir=none lhead=cluster_hardware weight=2]
+interrupt -> outmman [lhead=cluster_kernel weight=1]
+
+dint -> memory [lhead=cluster_hardware weight=1]
+dint -> memory [dir=back style=dashed lhead=cluster_hardware]
+
+Network -> xsystem [dir=both color=blue weight=2]
+xsystem -> Watchdog [style=invis]
+Bus -> Watchdog [weight=2]
+}

safety-analysis/linux-abstract-control-structure.md

@@ -0,0 +1,15 @@
+# Linux abstract architectural design model
+
+This is an abstract architectural design model for Linux-based operating systems.
+
+It shows a generic control structure for exploring the interactions between the OS components, hardware components and userspace applications running on the OS. This is intended to guide safety analysis focusing on specific applications or components at this level of abstraction, as informed by the results of e.g. STPA at a higher level, and to provide a consistent framework for creating a set of such diagrams.
+
+* Boxes are an abstraction of a function, component or subsystem
+  - Usually a logical role rather than a concrete component
+* Red highlights show where safety-certified components may be included
+* Solid black arrows indicate *control actions*
+* Dashed black arrows indicate *feedback*
+* Blue arrows indicate *information or data flow*
+* Circles labelled in green are interface details for control actions
+
+![STPA control structure diagram](linux-abstract-control-structure.dot.png)