P1 Critical Gaps from STPA
GAP-ZMS-5: GC restart loses new writes
On power loss during GC, zms_init erases the active sector and restarts GC.
Any write that was being committed is lost.
GAP-ZMS-8: zms_read doesn't hold mutex
Concurrent write + read could return partial/inconsistent data.
GAP-ZMS-10: NO_DOUBLE_WRITE TOCTOU
Reads existing data outside mutex, then writes inside mutex.
References
- docs/safety/stpa-zms-analysis.md
- artifacts/zms_requirements.yaml
P1 Critical Gaps from STPA
GAP-ZMS-5: GC restart loses new writes
On power loss during GC, zms_init erases the active sector and restarts GC.
Any write that was being committed is lost.
GAP-ZMS-8: zms_read doesn't hold mutex
Concurrent write + read could return partial/inconsistent data.
GAP-ZMS-10: NO_DOUBLE_WRITE TOCTOU
Reads existing data outside mutex, then writes inside mutex.
References