Autosar Layers
advertisement
Aug 27-28, 2009 Implementing AUTOSAR Zhang Enqin Shanghai Automotive Lab TM Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. Structure of this Session ►Autosar Introduction – Goals and motivation ►Freescale AUTOSAR Software Operating System • Microcontroller Abstraction Layer • Configuration Methodology • ►Demo • Autosar MCAL and OS Configuration with EB tresos™ Studio Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 2 AUTOSAR Introduction Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 3 AUTOSAR – An Industry Standard Phase I (2004 – 2006) Basic Software & RTE Specification R2.0 Improvements R2.1 Release 2.0 2H 2005 Release 2.1 1H 2006 2005 2H 2006 2006 Phase II (2007 – 2009) Basic Software & RTE Specification R3.0 Concepts R4.0 Specification R4.0 Release 3.0 1H 2007 2H 2007 2007 Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. Improvements R4.0 Release 3.1 1H 2008 2H 2008 Release 4.0 1H 2009 2008 2H 2009 2009 TM 4 Standards driving E/E Architecture Design ► Technology partnerships and open standards encouraging “plug-and-play” approach FlexRay Protocol • Automotive Open System Architecture (AUTOSAR) • Japan Automotive Software Platform Architecture (JasPar) • ► AUTOSAR Integrates Existing and Emerging Industry Electronics Standards, see next slide for details Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 5 AUTOSAR integration summary Standardization MSR Manufacturer-Supplier Relationship OSEK/VDX Hersteller Initiative Software ASAM ODX FlexRay™ Protocol HIS Local Interconnect Network Media Orientated System Transport Source: Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 6 Worldwide, OEMs and Suppliers Participate in AUTOSAR Core Partners Associate Members CapeWare Premium Members OEM Source: Tier 1 Semiconductors Standard Software Tools , actual status at http://www.AUTOSAR.org Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 7 AUTOSAR partnership objectives ►(AUTomotive Open System ARchitecture) ►Manage increasing E/E complexity associated with growth in functional scope ►Improve flexibility for product modification, upgrade and update ►Improve scalability of solutions within and across product lines ►Improve quality and reliability of E/E systems ►Enable detection of errors in early design phases. Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 8 How is this goal achieved ►Distributed System: Transparent information distribution • Initial focus on Applications divided in software Components • Possible distribution of parts of applications (SW-Components) at development time without the need to change the code of the SWcomponents =>Break standard software and applications down into manageable parts with standardized interfaces => Clearly separate between hardware dependent and hardware independent parts =>Structured & open interfaces for communication & net management Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 9 Autosar Org. ►Depending upon development phase, Autosar defines some work groups in charge of defining specifications, requirements,… ►As an example for phase II: WPII-1.1.1 Software Architecture and VFB WPII-3.1 Basic Software Validation WPII-1.1.2 Vehicle and Application Mode Management WPII-3.2 Template Validation WPII-1.1.3 Debugging WPII-5.1 Problem Management WPII-1.1.4 Error Handling WPII-5.2 Change and Release Management WPII-1.2 General Methodology and Configuration WPII-5.3 Maintenance of Specifications WPII-1.3 Functional Safety and Processes WPII-10.0 Coordination of Application Interfaces WPII-2.1.1 COM Stack WPII-10.1 Body and Comfort WPII-2.1.2 FlexRay WPII-10.2 Powertrain WPII-2.1.3 MCAL WPII-10.3 Chassis Control WPII-2.1.4 Diagnostics WPII-10.4 Pedestrian and Passenger Safety Systems WPII-2.2 Conformance Test Specification WPII-10.5 Multimedia / Telematics / HMI Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 10 AUTOSAR application model ►Application abstraction • Hardware independant • Component based ►ECU / Network view • VFB abstracts from Network topology Hardware constraints Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 11 ECU description: processor specifications, memory resources, peripherals, actuators, sensors, etc. System Constraint: networks (CAN, LIN, FlexRay), the connected ECU’s, etc Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 12 AUTOSAR BSW Architecture—Basic Layers Application Software Component Application Software Component Application Software Component Application Layer Application Software Component Complex Driver Services Layer ECU Abstraction Layer Microcontroller Abstraction Layer Basic Software AUTOSAR Runtime Environment Microcontroller Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 13 AUTOSAR BSW Architecture—Sub-Layers Application Software Component Application Software Component Application Software Component Application Layer Application Software Component AUTOSAR Runtime Environment (RTE) Communication Services I/O Hardware Abstraction Onboard Device Abstraction Memory Hardware Abstraction Communication Hardware Abstraction Microcontroller Drivers Memory Drivers Communication Drivers I/O Drivers Basic Software Memory Services Complex Driver Operating System System Services Microcontroller Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 14 Autosar Layers ►AUTOSAR RTE The Run-Time Environment (RTE) is at the heart of the AUTOSAR stack. • The RTE provides dedicated services from the lower basic software modules to the AUTOSAR application software-components. • These are services like memory access and intra-and inter-ECU Communication via CAN, LIN and FlexRay. • ApplicationApplication Software Software ComponentComponent Application Layer ApplicationApplication Software Software ComponentComponent Memory Services Communication Services I/O Hardware Abstraction Onboard Device Memory Hardware Communication Hardware Abstraction Abstraction Abstraction Basic Software System Services Complex Driver Operating System AUTOSAR Runtime Environment (RTE) Microcontroller Drivers Memory DriversCommunication Drivers I/O Drivers Microcontroller Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 15 Autosar Layers ►The Service Layer provides mostly μC and ECU independent services like: Application Layer Application Application Software Software Component Component System Services Memory Services Communication Services I/O Hardware Abstraction Onboard DeviceMemory Hardware Communication Hardware Abstraction Abstraction Abstraction Basic Software AUTOSAR Runtime Environment (RTE) Complex Driver Operating System Memory Management Diagnostics Communication Network-Management etc. Operating System • • • • • • ApplicationApplication Software Software Component Component Microcontroller Drivers Memory Drivers Communication Drivers I/O Drivers Microcontroller Services: provided by AUTOSAR OS. Applications written for OSEK OS will run on AUTOSAR OS. AUTOSAR OS provides ScheduleTables, Tasks, Alarms, Resources, Counter, Messages, ISR, Software Free Running Timers. It also supports timing protection and memory protection. ►System Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 16 Autosar Layers ►System Services: • The BSW-Scheduler schedules the BSW modules by triggering main processing functions of the BSW modules. The final realization of the BSW Scheduler has to be done by the Integrator who integrates AUTOSAR BSW and applications on a dedicated ECU. • The ECU State Manager is responsible for Initializing and de-initializing all BSW modules (including OS and RTE)The ECU State Managermanages the ECU states: OFF, RUN, SLEEP, STARTUP, SHUTDOWN. Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 17 Autosar Layers ►ECU Abstraction Layer • interfaces the drivers of the Microcontroller Abstraction Layer. It also contains drivers for external devices.It offers an API to access peripherals and devices regardless oftheir location (μC internal/external) and their connection to the μC (port pin) • Onboard Device Abstraction contains drivers for ECU onboard devices like system basic chip, external watchdog etc. Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 18 Autosar Layers ►Complex • Device Driver implements complex sensor evaluation and actuator control with direct access to the μC using specific interrupts and/or complex μC peripherals (like PCP, TPU), examples: injection control electric valve control incremental position detection ApplicationApplication Software Software ComponentComponent Application Layer ApplicationApplication Software Software ComponentComponent Memory Services Communication Services I/O Hardware Abstraction Onboard Device Memory Hardware Communication Hardware Abstraction Abstraction Abstraction Basic Software System Services Complex Driver Operating System AUTOSAR Runtime Environment (RTE) Microcontroller Drivers Memory DriversCommunication Drivers I/O Drivers Microcontroller Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 19 Autosar Layers ►The Microcontroller Abstraction Layer provides Communication, Memory and Microcontroller specific services Application Application Software Software Component Component Application Application Software Software Component Component Application Layer AUTOSAR Runtime Environment (RTE) Communication Services I/O Hardware Abstraction Onboard Device Abstraction Microcontroller Drivers Memory Hardware Communication Hardware Abstraction Abstraction Memory Drivers Communication Drivers I/O Drivers Basic Software Memory Services Complex Driver MCAL Operating System System Services Microcontroller Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 20 Autosar Documents ►Released Autosar documents can be found on www.autosar.org ►2 documents exist for each BSW module: SRS: Software requirement specification • SWS: Software Specification • The SRSdescribes requirements, that must be fulfilled by a Basic Software Module (BSW). ► Chapters of SRS –documents ► • • • • • Chapter 1 defines the area of application of the BSW Chapter 2 defines the structure of the document Chapter 3 defines the acronyms used in that document Chapter 4 is the main chapter. It starts with a brief description of the function that should be realized by the BSW and continuous with the requirements. Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 21 Autosar Documents ►2 • • documents exist for each BSW module: SRS: Software requirement specification SWS: Software Specification ► The SWS(Software Specification) contains the most detailed information for each Basic Software Module ► Each SWS document is structured as follows: • Chapter 1 –introduction and brief overview of functional behavior of the BSW Chapter 2 –used acronyms Chapter 3 –referenced documents Chapter 4 –restrictions and applicability for the automotive domain Chapter 5 –relation to other BSW modules and the file structure of the BSW Chapter 6 –requirement matrix containing links to requirements from the related SRS document Chapter 7 & 8 –contain the description of the: functional behavior of the BSW applications programming interface (API) Chapter 9 –Message sequence charts are used to describe the sequential behavior of a SWC in relation to other SWCs Chapter 10 –possibilities of configuration are defined • Chapter 11 –Release changes are documented • • • • • • • • Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 22 Freescale‘s offering is based on AUTOSAR Basic Software AUTOSAR software „product“ packages from Freescale ► • • MCAL Operating System Application Software Component Application Software Component Application Application Software Software Component Component Application Layer Memory Services Communication Services I/O Hardware Abstraction Onboard Device Abstraction Memory Hardware Abstraction Communication Hardware Abstraction Microcontroller Drivers Memory Drivers Communication Drivers I/O Drivers Basic Software System Services Complex Driver Operating System AUTOSAR Runtime Environment (RTE) Microcontroller Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 23 Freescale Involvement in Industry Consortia ► Driving member of the OSEK/VDXTM consortium, with own operating system implementation ► Founding member of the LINTM consortium ► Founding member of FLEXRAYTM partnership ► First semiconductor vendor to join AUTOSARTM partnership Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 24 Freescale AUTOSAR Ecosystem: Partners ►Elektrobit Automotive (EBA) We are reselling their AUTOSAR configuration tool (EB Tresos) and integrate our MCAL, OS modules with this tool • EBA shares demos with higher level BSW modules • ►Vector • Uses our MPC MCALs, have their own MCAL for S12X, have own OS and AUTOSAR configuration tool ►Geensys (Embedded company providing tools, consulting and engineering services developping Autosar tool chains as well, they recently launched their first AUTOSAR Development Kit for S12x, using Freescale MCal and OS). • Requesting MCAL and OS ►Others • • (no direct partners today) Infosys KPITCummins Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 25 Static configuration Generator .xml .oil .h .c Configuration parameters .h.h #Defines, Data Structures .c.h Static code files ► Static configuration allowes to change code behaviour dependent on configuration parameters ► Functionality can be designed to be statically defined instead of definition during runtime, e.g. Creating tasks in configuration instead of during runtime with a function ► lower memory footprint, faster execution, scalable/tailored to the application needs Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 26 Basic Software Configuration Process Vehicle- or Networklevel Design Tool RTE Generator .h .c OS Generator .h .c ECU Configuration Description (XML) AUTOSAR BSW Configuration Tool ECU Parameter ECU Definitions Parameter ECU (XML) Definitions Parameter (XML) Definitions (XML) Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. Communication Services Generator .h MCAL Generators .h .c .c TM 27 AUTOSAR specification status ► New • in V3.0 Harmonisation/ Bugfixing, mainly for: ECU Wake-up/ Network Start-up ECU Configuration Parameter • • Modeling Guide for Application Interfaces Requirements for CTA (Conformance Test Agency) Accreditation Bodies ► Not • defined in AUTOSAR specifications today (V3.0) Planned for AUTOSAR V4.0 end of 2009 Memory protection in RTE Dual/Multi core support (RTE, OS) Configuration dependencies description Debug interface Conformance test I/O Hardware Abstraction Layer • Not planned: OCU output compare driver Startup code Bootloader/flashloader Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 28 Microcontroller Abstraction Layer (MCAL) Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 29 AUTOSAR MCAL Package ► ► All MCAL drivers (1) + Flash EEPROM Emulation Delivered with AUTOSAR conformant configuration tool. Memory Hardware Abstraction Flash EEPROM Emulation ADC Driver DIO Driver PORT Driver DIO PORTS ICU Driver Timer ADC FlexRay™ Driver FlexRay PWM Driver CAN Driver CAN PWM LIN Driver LIN / SCI Internal Flash Driver Flash Microcontroller Hardware I/O Drivers SPI Driver MCU Driver MCU Power & Clock Unit Communication Drivers SPI Watchdog Driver Memory Drivers WDT GPT GPT Driver Microcontroller Drivers (1) V2.1 package does not contain RAM Test module Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 30 BSW Configuration Classes ► Pre-compile configuration • • ► Link-time configuration • • • ► Configuration parameters can not be changed after compilation Example: Mapping of microcontroller pins to signals Configuration is determined by linker scripts Configuration parameters can not be changed after link process Purpose: provides capability to deliver object code to the integrator Post-build configuration • Post-build time loadable Configuration parameters can be changed after build process without complete re-flash of ECU • Post-build time selectable Configuration parameter set is selected from multiple configuration sets during boot time All possible configuration sets need to be included at compile time Configuration parameters are stored at a known memory location Post-build configuration class BSW modules might also contain pre-compile or link-time parameters (not all parameters have to be post-build) • Purpose: use one software package in different vehicles • • Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 31 AUTOSAR Operating System Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 32 AUTOSAR Operating System • • • Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. Diagnostic Error Tracer Diagnostic Event Manager Watchdog Manager SC1 – deterministic RTOS baseline (tasks, events, counters, alarms, messages) SC2 – timing based task determinism (lowlatency, precise timing for periodic tasks) SC3 – protected memory (MMU/MPU) for tasks avoids memory collisions for safety systems SC4 – timing and memory protected tasks, utilizes the full capabilities of the silicon for secure and protected RTOS designed specifically for the automobile. Function Inhibition Manager • ECU State Manager Available in Scalability Classes 1, 2, 3, 4 to fit the needs of different applications System Services Communication Manager ► Configurable in AUTOSAR-conformant configuration tool Operating System ► CRC Library TM 33 AUTOSAR OS overview ►AUTOSAR • OS is OSEK/VDX™ OS plus: New core features Software and hardware counters Schedule tables with time synchronisation Stack monitoring • Protection features Timing protection, memory protection and service protection OS applications, trusted and non-trusted code Protection hook Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 34 OSEK OS executes in a single ECU T Task Management, Scheduler I ISR Management Resource Management Counters Memory MCU I/O Power 3 Alarms Events Communication ECU 12 ! Error Handling, Hook Routines OSEK OS SERVICES Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM Extensions to the OSEK OS Standard ►Counters Configurable as hardware-based or software-based – Software ► count value held in software counter ► Ticked using a defined API : IncrementCounter() – Hardware ► Count value held in hardware register ► No standardised interface in OS for manipulating hardware counters ► GPT can be configured to trigger an OS counter (V2.1) Added new APIs for SWFT support (V2.1) – – GetCounterValue () GetElapsedCounterValue () ►Alarms SetRelAlarm() with increment parameter equal to 0 now defined to mean a full wrap of the underlying counter Have a 4th action of INCREMENTCOUNTER to allow counter cascading for software counters Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 36 Extensions to the OSEK OS Standard ►Interrupt manipulation API Disable(Enable)AllInterrupts() and Suspend(Resume)AllInterrupts() can be called before StartOS() is called Added new APIs for Interrupt Source manipulation: – DisableInterruptSource(<ISR ID>) – EnableInterruptSource(<ISR ID>) ►Hook Functions The OS Hook Routines STARTUPHOOK; SHUTDOWNHOOK and ERRORHOOK can be defined per OS-Application. If Hook Routines STARTUPHOOK_<AppID>; SHUTDOWNHOOK _<AppID> or ERRORHOOK _<AppID> are defined, theses versions are called after the OS level Hook routines. The OS-Application level Hook routines are executed with the access rights of the OS-Application. Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 37 Extensions to the OSEK OS – Schedule Tables • A static definition of alarm expiries called expiry points Each expiry point holds 1 or more statically defined actions – • ACTIVATETASK or SETEVENT allowed Define period of repetition E.g. Schedule has a period of 25 milliseconds • Alarms defined at offsets within schedule Activate TaskB at 3ms, 17ms and 199ms • Tied to either a unique hardware counter or a software counter But counter can be driven any source – Local time, network (global) time, ABS pulses, crank rotations, error conditions, button presses etc. Options to synchronise the schedule with global time when underlying counter is driven by local time Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 38 Extensions to the OSEK OS – Schedule Tables • Starting absolute • Starting relative Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 39 Extensions to the OSEK OS – Schedule Tables • Synchronizing with a global Time • Asynchronous start with hard synchronization Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 40 Extensions to the OSEK OS – Schedule Tables • Synchronizing with a global Time Asynchronous start with smooth synchronization Synchronous start New API in V2.1 StartScheduleTable Synchron () Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 41 Extensions to the OSEK OS – Protection ► The AUTOSAR concept requires that software components are isolated from each other at runtime Eases integration debugging issues Allows arguments about prevention of fault propagation to be made in the system safety case Prevents loss of significant proportion of vehicle functionality due to single “rogue” software component ► AUTOSAR OS provide protection facilities to isolate software components and protect the integrity of the OS itself Memory Protection – Timing Protection – Service Protection – Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 42 Extensions to the OSEK OS - Trusted and Non-Trusted code ► Integrity level: Concept of Trusted and Non-Trusted code ► The OS itself is „trusted“ code ► OS-Application: A block of software including Tasks, interrupts, hooks and trusted functions that form a cohesive functional unit. Only trusted applications can provide trusted functions and Category1 ISRs. Trusted: An OS-Application that is executed in privileged mode and has unrestricted access to the API and hardware resources. Non-trusted: An OS-Application (its Tasks and ISRs) that is executed in nonprivileged mode has restricted access to the API and hardware resources. ► Trusted Function A service provided by a trusted OS-Application that can be used by other OS-Applications (trusted or non-trusted). Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 43 Extensions to the OSEK OS - memory protection ► Scheme is largely aimed at protecting ► multiple peer SW-Cs resident on the same ► microcontroller ► Protection managed at level of smallest ► object Tasks/ISRs (minimum OS-Application) ► Each OS task/ISR has Its own stack space Its own private data ► Tasks/ISRs are also grouped into “OS-Applications” Essentially to define a memory protection region Tasks/ISRs in the same OS-Application can read/write to shared memory ► Implementations can optionally prevent read access to OS-Application data ► Implementations can optionally prevent execution of OS-Application code Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 44 Protection Hook ►The Protection Hook • ProtectionReturnType ProtectionHook ( StatusType Fatalerror ) • is called on protection errors (Fatalerror), • is impemeted by the application and defines the action by the return value: Kill the faulty Task/Category 2 ISR OR Kill the faulty OS-Application OR Kill the faulty OS-Application and restart the OS-Application. OR Call ShutdownOS(). If the faulty Task/ISR cannot be found, the OS-Application is killed, if the faulty OS-Application cannot be found, ShutdownOS() is called. • If no Protection hook is defined, • ShutdownOS() is called. Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 45 Usage of Memory Protection ►A Non-trusted OS application task Can only access the memory it needs • Therefore not this OS application task is protected, but all other tasks are protected from it • ►Memory protection can be used, e.g., To separarate different applications on one MCU • For isolating controller functionality from independent sub-suppliers • To fulfill safety constraints • As a debug feature (faulty memory access is prevented, stack overflow is prevented, protection hook is called) • ►Memory protection MUST be supported by on-chip MPU Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 46 Extensions to the OSEK OS - Service protection ►Prevent one OS-Application manipulating the objects of another OSApplication All OS objects are assigned to at most one OS-Application Access permissions are defined between objects in OS-Applications ►Check for invalid (not allowed in context) calls to be made on OS objects E.g. activating a task that you are not configured to activate ►Additional API calls checks (in addition to the OSEK OS extended status) for Undefined OSEK OS behaviour is defined – ►Only E.g. leaving the scope of a task entry function without calling TerminateTask() in conjunction with memory protection And requires OS to run in OSEK “Extended” status for full protection There is no service protection with “Standard” status because it would have to check all “Extended” status issues anyway ► Protection Hook is called upon detection of a service protection error Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 47 Extensions to the OSEK OS – Hardware protection; Trusted Functions ►Hardware protection (if supported by hardware) The OS shall execute non-trusted OS-Applications in non-privileged mode Access control registers cannot be accessed by non-trusted OS-Applications and trusted OS-Applications can only access the necessary. If an instruction exception occurs (e.g. division by zero), the Protection hook is also called ►Trusted Functions Must be defined in trusted OS-Applications Can be called from non-trusted OS-Applications – Only by granting access and using special API: StatusType CallTrustedFunction (FunctionIndex, FunctionParams) The OS does not support »non-trusted services« Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 48 Usage of Timing Protection & Global Time ►Timing • Protection Execution time enforcement Bounds the execution of ISRs, resource locks and interrupt disabled sections at runtime to a statically configured value („time budget“) • Arrival rate enforcement Bounds the number of times that an ISR can execute in a given timeframe to a statically configured limit • Protection Hook is called upon detection of a timing protection error ►Global Time / Synchronization Support Requires a global time source, e.g. the FlexRay network time • This feature allows schedule tables to be synchronized with a global time through special OS service calls • Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 49 Extensions to the OSEK OS – General Implications ► AUTOSAR means that application software components don’t see the OS directly They only see and communicate through the RTE Only basic software will use the OS interface directly ► If memory protection is used, all SW-C’s must be subject to protection mechanisms If not, they would have direct access to memory-mapped I/O and violate the AUTOSAR goal of SW-Cs only communicating with hardware via an AUTOSAR interface – ► Rather like Windows 3.11 ☺ All SW-C runnables mapped to a task must belong to the same protection boundary There is no protection between runnables in the same task ► Timing protection means no unmanaged ISRs (Category 1 ISRs in OSEK terminology) Not managed by OS so difficult to account for in protection schemes – Adding management would make them almost Category 2 anyway Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 50 Scalability Class 4 Scalability Class 3 Scalability Class 2 Scalability Class 1 AUTOSAR OS Scalability Classes 1–4 OSEK OS (all conformance classes) Counter Interface Schedule Tables Stack Monitoring Protection Hook Timing Protection Global Time/Synchronization Support Memory Protection OS Applications Service Protection CallTrustedFunction Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 51 AUTOSAR Configuration Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 52 EB tresos Studio ►EB tresos Studio is a easy-to-use tool for ECU standard software configuration, validation and code generation Full support for the AUTOSAR standard ► Full support for the Freescale AUTOSAR software and the EB tresos AutoCore ► Will be used by Freescale for both OS and Mcal configuration, starting in August 2008 ► Integrated, graphical user interface ► Based upon Eclipse and open standards ► Online-help and parameter-specific help ► Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 53 Main Window Editor Project Browser Node Outline Parameter Information Error & Problem Messages Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 54 Errors & Warnings User corrects the problem Interactive problem resolution Link to error or warning Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 55 Parameter Definition Jump to link Parameter "OsCounterType" … and its corresponding entry in the description file (*.EPD) Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 56 Parameter Description Files – EPD/EPC Legend EPD AUTOSAR Files BSW Module Description Elektrobit Files BSW Module Configuration read Generated Files EB tresos Studio Configurator write EPC read read EB tresos Studio Generator write c, h Generated Code read c, h templates Code Templates Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 57 Parameter Description Files – XDM Legend convert XDM EPD BSW Module Description read AUTOSAR Files Elektrobit Files EPC import/ export BSW Module Configuration Generated Files EB tresos Studio Configurator write XDM read read EB tresos Studio Generator write c, h Generated Code read c, h templates Code Templates Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 58 Parameter Description Files – Beyond MCAL Legend XDM convert EPD BSW Module Description read AUTOSAR Files EPC import/ export Elektrobit Files BSW Module Configuration Generated Files EB tresos Studio Configurator XDM write import read read dbc, ldf, fibex1) Legacy Description read Generated Code EB tresos Studio arxml Generator read (RTE Generator only) write SW-C Description read System Description c, h write html doc xml read arxml c, h templates Code Templates Generated Documentation (optional) 1) Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. currently in development TM 59 Configuration Checking Error: ID does not start with zero Hard-to-find errors detected instantly Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 60 Generate Project Generate code via command line cl i c k Generate code from GUI Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 61 EB tresos Studio - Summary ► User-Friendly GUI helps to avoid errors easy navigation one integrated tool environment ► Open Interfaces integration of user-specific BSW modules integration of user-specific importers and exporters customizable through Java plug-ins ► Integrated Environment complete AUTOSAR standard core configuration planned to be extended with more EB tools by Elektrobit (SW-C Editor, Inspector, etc.) Source: Elektrobit Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 62 Folder Structure of MCAL Package .plugins plugins eclipse Adc_TS_T2D4M1I3R0 adc_freescale_mpc5516 Can_TS_T2D4M1I3R0 canif_freescale_mpc5516 Dio_TS_T2D4M1I3R0 common_freescale_mpc5516 Fee_TS_T2D4M1I3R0 dio_freescale_mpc5516 ► Parameter description files ► Parameter description files fee_freescale_mpc5516 Wdg_TS_T2D4M1I3R0 (.epd/.epc (.epd/.epc++.xdm) .xdm) ► Generators for WdgIf_TS_T2D4M1I3R0 Pre-Compile, ► Generators for Pre-Compile, Post-Build, Post-Build,Link-Time Link-Time ► EB tresos Studio Plugin ► EB tresos Studio Plugin fls_freescale_mpc5516 fr_freescale_mpc5516 gpt_freescale_mpc5516 autosar Can.epd config Can.epc Can.xdm generate_LT src generate_PB generate_PC plugin.xml can_freescale_mpc5516 cfg1 inc src ssc doc include include src Can_PBCfg.c include Can_Cfg.h src Can_Cfg.h Can_PBcfg.c AUTOSAR_MPC5516_CAN_UM.pdf AUTOSAR_MPC5516_CAN_IM.pdf inc ► Complete source code ► Complete source code ► Makefile ► Makefile ► User Manual ► User Manual ► Integration Manual ► Integration Manual Can.h lib can_Irq.h mak Makefile src Can.c Can_Irq.c Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 63 Live Demo Freescale™ and the Freescale logo are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © Freescale Semiconductor, Inc. 2009. TM 64 TM
