Sr. No.	Title	Version
1	EA4 Software Naming Conventions.doc	01.00.00
2	Software Design and Coding Standards.doc	2.1
3	DF001A_FltInj_Design	See Synergy subproject version

Dependencies

SWCs

Module	Required Feature
None

Note : Referencing the external components should be avoided in most cases. Only in unavoidable circumstance external components should be referred. Developer should track the references.

Global Functions(Non RTE) to be provided to Integration Project

None

Configuration REQUIREMeNTS

Build Time Config

Build Constant Name	Notes
FLTINJENA	Set to STD_ON for fault injection software build, set to STD_OFF for normal build. Constant resides in “FltInj.h” file.

Configuration Files to be provided by Integration Project

None

Da Vinci Parameter Configuration Changes

Parameter	Notes	SWC
None

DaVinci Interrupt Configuration Changes

ISR Name	VIM #	Priority Dependency	Notes
None

Manual Configuration Changes

Constant	Notes	SWC
None

Integration DATAFLOW REQUIREMENTS

Required Global Data Inputs

See DataDict.m file

Required Global Data Outputs

See DataDict.m file

Specific Include Path present

Yes

Runnable Scheduling

This section specifies the required runnable scheduling.

Init	Scheduling Requirements	Trigger
None

Runnable	Scheduling Requirements	Trigger
FltInjPer1	None	RTE 2ms
FltInj_f32_Oper	None	On Invocation
FltInj_logl_Oper	None	On Invocation
FltInj_u08_Oper	None	On Invocation
FltInj_u0p16_Oper	None	On Invocation

Memory Map REQUIREMENTS

Mapping

Memory Section	Contents	Notes
FltInj_START_SEC_CODE	Fault Injection code and variables	This code section statement will contain variables that need mapping to GlobalShared memory during fault injection builds (these variables are present when FLTINJENA == STD_ON)

* Each …START_SEC… constant is terminated by a …STOP_SEC… constant as specified in the AUTOSAR Memory Mapping requirements.

Usage

Feature	RAM	ROM

Table 1: ARM Cortex R4 Memory Usage

NvM Blocks

None

Compiler Settings

Preprocessor MACRO

None

Optimization Settings

None

Appendix

<This section is for appendix>

1.2 - FltInj_MDD

Module Design Document

For

FltInj

04/29/2016

Prepared For:

Software Engineering

Nexteer Automotive,

Saginaw, MI, USA

Prepared By:

Krishna Anne,

Nexteer Automotive,

Saginaw, MI, USA
Change History

Description	Author	Version	Date
Initial Version	Lucas Wendling	1.0	08/26/15
Updates are per FDD v2.1.0	Krishna Anne	2.0	04/29/16

Table of Contents

1 Introduction 5

1.1 Purpose 5

1.2 Scope 5

2 <Component Name> & High-Level Description 6

3 Design details of software module 7

3.1 Graphical representation of <Component Name> 7

3.2 Data Flow Diagram 7

3.2.1 Component level DFD 7

3.2.2 Function level DFD 7

4 Constant Data Dictionary 8

4.1 Program (fixed) Constants 8

4.1.1 Embedded Constants 8

5 Software Component Implementation 9

5.1 Sub-Module Functions 9

5.1.1 Init: <Component Name>_Init<n> 9

5.1.1.1 Design Rationale 9

5.1.1.2 Module Outputs 9

5.1.2 Per: <Component Name>_Per<n> 9

5.1.2.1 Design Rationale 9

5.1.2.2 Store Module Inputs to Local copies 9

5.1.2.3 (Processing of function)……… 9

5.1.2.4 Store Local copy of outputs into Module Outputs 9

5.2 Server Runables 9

5.2.1 <Server Runable Name> 9

5.2.1.1 Design Rationale 9

5.2.1.2 (Processing of function)……… 10

5.3 Interrupt Functions 10

5.3.1 Interrupt Function Name 10

5.3.1.1 Design Rationale 10

5.3.1.2 (Processing of the ISR function)….. 10

5.4 Module Internal (Local) Functions 10

5.4.1 Local Function #1 10

5.4.1.1 Design Rationale 10

5.4.1.2 Processing 10

5.5 GLOBAL Function/Macro Definitions 10

5.5.1 GLOBAL Function #1 10

5.5.1.1 Design Rationale 11

5.5.1.2 processing 11

6 Known Limitations with Design 12

7 UNIT TEST CONSIDERATION 13

Appendix A Abbreviations and Acronyms 14

Appendix B Glossary 15

Appendix C References 16

Introduction

Purpose

MDD for FltInj (DF001A).

FltInj High-Level Description

Refer FDD

Design details of software module

Graphical representation of FltInj

Data Flow Diagram

Component level DFD

Function level DFD

Constant Data Dictionary

Program (fixed) Constants

Embedded Constants

Local Constants

Constant Name	Resolution	Units	Value
TICNVN_MICROTOMILLI_F32	Single precision float	MicroToMilli	0.001

For other constants, refer DataDict.m

Software Component Implementation

Sub-Module Functions

Init:

None

Design Rationale

N/A

Module Outputs

N/A

Per: FltInjPer1

Design Rationale

Refer FDD

Store Module Inputs to Local copies

Refer FDD

(Processing of function)………

Refer FDD

Store Local copy of outputs into Module Outputs

Refer FDD

Server Runables

FltInj_f32_Oper

Design Rationale

Refer FDD

(Processing of function)………

Refer FDD

FltInj_logl_Oper

Design Rationale

Refer FDD

(Processing of function)………

Refer FDD

FltInj_u08_Oper

Design Rationale

Refer FDD

(Processing of function)………

Refer FDD

FltInj_u0p16_Oper

Design Rationale

Refer FDD

(Processing of function)………

Refer FDD

Interrupt Functions

None

Interrupt Function Name

N/A

Design Rationale

N/A

(Processing of the ISR function)…..

N/A

Module Internal (Local) Functions

GLOBAL Function/Macro Definitions

Known Limitations with Design

UNIT TEST CONSIDERATION

Unit testing should be performed for when the build constant FLTINJENA is set to STD_ON in order to enable core functionality of this module. This will have to be done by manually altering FltInj.h to change the value of this #define.
The SigPah_Arg signal of the FltInj_f32 server runnable has a special unit test consideration (MIL, SIL, PIL) that the range called out in the data dictionary should only be used for defining "input" vectors, and the range check that is normal done on the "output" is skipped in this special instance. (This second point is copied from the FDD).

Abbreviations and Acronyms

Abbreviation or Acronym	Description

Glossary

Note: Terms and definitions from the source “Nexteer Automotive” take precedence over all other definitions of the same term. Terms and definitions from the source “Nexteer Automotive” are formulated from multiple sources, including the following:

ISO 9000
ISO/IEC 12207
ISO/IEC 15504
Automotive SPICE® Process Reference Model (PRM)
Automotive SPICE® Process Assessment Model (PAM)
ISO/IEC 15288
ISO 26262
IEEE Standards
SWEBOK
PMBOK
Existing Nexteer Automotive documentation

Term	Definition	Source
MDD	Module Design Document
DFD	Data Flow Diagram

References

Ref. #	Title	Version
1	AUTOSAR Specification of Memory Mapping (Link:AUTOSAR_SWS_MemoryMapping.pdf)	v1.3.0 R4.0 Rev 2
2	MDD Guideline	EA4 01.00.00
3	EA4 Software Naming Conventions.doc	01.00.00
4	Software Design and Coding Standards.doc	2.1
4	DF001A_FltInj_Design	See Synergy subproject version

1.3 - FltInj_PeerReview

Overview

Summary Sheet
Synergy Project
Source Code
PolySpace
help
Version History

Sheet 1: Summary Sheet

Rev 2.01

21-Feb-18

Nexteer EA4 SWC Implementation Peer Review Summary Sheet

Component Short Name:

FltInj

Revision / Baseline:

DF001A_FltInj_Impl_2.0.0

Change Owner:

Krzysztof Byrski

Work CR ID:

EA4#21816

Modified File Types:

Check the file types that needed modification for the Work CR(s); macros for the check boxes will populate the appropriate checklist tabs for the review.

Review Checklist Summary:

Reviewed:

At start of review, all items below should be marked "No". At the end of the review, all items should be marked "Yes" or "N/A" where N/A indicates the reviewers have reviewed the existing (unchanged) item and confirmed no updates were needed for the Work CR(s).

N/A

MDD

Yes

Source Code

Yes

PolySpace

N/A

Integration Manual

N/A

Davinci Files

All required reviewers participated

Comments:

Time spent ( to the nearest half hour)

review preparation

review meeting

review follow-up

Change owner:

0.5

Component developer reviewers:

0.5

1.5

Other reviewers:

Total hours

0.5

1.5

Content reviewed

Lines of code:

Changes only

Elements of .arxml content:

Pages of documentation:

General Guidelines:
- The reviews shall be performed over the portions of the component that were modified as a result of the Change Request.
- New components should include SWC Owner and/or SWC Design author and Integrator and/or SW Lead as apart of the Group Review Board (Source Code, Integration Manual, and Davinci Files)
- Enter any rework required into the comment field and select No. When the rework is complete, review again using this same review sheet and select Yes. Add date and additional comment stating that the rework is completed.
- To review a component with multiple source code files use the "Add Source" button to create a Source code tab for each source file.
- .h file should be reviewed with the source file as part of the source file.

Each peer review shall start with a clean copy of the latest peer review checklist template. Save in the doc folder of the component implementation, with the file name in the format SWCShortName_Review.xlsx. If the existing review in Synergy has a different name, the name must be changed IN SYNERGY (rather than by syncing in a new file with the new name) so that the file history will be properly maintained.

Before the peer review, the change owner shall: (NOTE - time for completing these items is to be counted as the Change Owner Review Prep Time)
o Review the previous component peer review and copy any relevant comments to the new review sheet.
o Review all checklist items and make all corrections needed, so that the component is ready for peer review. The expectation is that peer review should find very few issues,
because the change owner has already used the checklist to ensure the component changes are complete and correct.
o Fill in all file name and version information as needed on peer review checklist tabs (file names may be copied from the previous peer review where appropriate)
o Fill in checklist answers (Yes/No/NA pulldowns) ONLY on those items which are NA for the current change. All other checklist items should be blank going into the review
meeting.

During the peer review meeting:
o For each page of the review, first review the items already marked as N/A for this change, to confirm that reviewers agree with this assessment; change the checklist box to
blank if it is found that the item does apply.
o Then review the items with the checklist box blank. After reviewing each of these items, the checklist box will be marked as "Yes", or the checklist box will be marked as
"No" with needed rework indicated or with rationale indicated.
o If any items are marked "No" with rationale indicated, this must be approved by a software supervisor or the software manager; there is a line in the "Review Board" section
of each tab to indicate who approved the "No" items on that tab.

Sheet 2: Synergy Project

Rev 2.01

21-Feb-18

Peer Review Meeting Log (Component Synergy Project Review)

Quality Check Items:

Rationale is required for all answers of No

New baseline version name from Summary Sheet follows

Yes

Comments:

naming convention

Project contains necessary subprojects

Yes

Comments:

Project contains the correct version of subprojects

Yes

Comments:

Design subproject is correct version

Yes

Comments:

.gpj file in tools folder matches .gpj generated by TL109 script

Yes

Comments:

File/folder structure is correct per documentation in

Yes

Comments:

TL109A_SwcSuprt

General Notes / Comments:

Review Board:

Change Owner:

Krzysztof Byrski

Review Date :

03/22/2018

Lead Peer Reviewer:

Marek Brykczyński

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Rationale/justification for items marked "No" approved by:

Sheet 3: Source Code

Rev 2.01

21-Feb-18

Nexteer SWC Implementation Peer Review Meeting Log (Source Code Review)

Source File Name:

FltInj.c

Source File Revision:

Header File Name:

FltInj.h

Header File Revision:

MDD Name:

FltInj_MDD.docx

Revision:

SWC Design Name:

DF001A_FltInj_Design

Revision:

2.4.0

Quality Check Items:

Rationale is required for all answers of No

EA4 Common Naming Convention followed:

Version: 01.01

EA4 Software Naming Convention followed:

Version: 1.02

for variable names

N/A

Comments:

N/A for changes

for constant names

Yes

Comments:

for function names

N/A

Comments:

for other names (component, memory

N/A

Comments:

mapping handles, typedefs, etc.)

Verified no possibility of uninitialized variables being

N/A

Comments:

written to component outputs or IRVs

N/A for changes

Any requirements traceability tags have been removed

N/A

Comments:

from at least the changed areas of code

All variables are declared at the function level.

N/A

Comments:

N/A for changes

Synergy version matches change history

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Yes

Comments:

(including any anomaly number(s) being fixed) and

Work CR number

Code accurately implements SWC Design (Document

Yes

Comments:

or Model) in all areas where code was changed and/or

Simulink model was color-coded as changed and/or

mentioned in SWC Design change log.

Code comparison against previous version matches

Yes

Comments:

changes needed as described by the work CR(s), all

parent CRs and parent anomalies, and the SWC

Design change log.

Verified no Compiler Errors or Warnings

Yes

Comments:

(and verified for all possible combinations

of any conditionally compiled code)

Component.h is included

Yes

Comments:

All other includes are actually needed. (System includes

Yes

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Version: 2.1

Code comments are clear, correct, and adequate

N/A

Comments:

and have been updated for the change: [N40] and

N/A for changes

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

N/A

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

N/A

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

N/A for changes

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Memory mapping for non-RTE code

N/A

Comments:

is per standard

All access of motor control loop data uses macros

N/A

Comments:

generated by the motor control manager

All loops have termination conditions that ensure

N/A

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

N/A

Comments:

if needed: [N65]

All integer division and modulus operations

N/A

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

N/A

Comments:

including all use of fixed point macros and

N/A for changes

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsigned conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

N/A

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

N/A

Comments:

null pointer if needed: [N70]

Component outputs are limited to the legal range

N/A

Comments:

defined in the SWC Design DataDict.m file : [N53]

All code is mapped with SWC Design (all SWC

N/A

Comments:

Design subfunctions and/or model blocks identified

N/A for changes

with code comments; all code corresponds to

some SWC Design subfunction and/or model block):

[N40]

Any other violations of design and coding

N/A

Comments:

standards noticed during the review are noted in the

comments section for rework.

Anomaly or Design Work CR created

N/A

Comments: List Anomaly or CR numbers

for any SWC Design corrections needed

General Notes / Comments:

No functional changes (comments only)

Review Board:

Change Owner:

Krzysztof Byrski

Review Date :

03/22/2018

Lead Peer Reviewer:

Marek Brykczyński

Approved by Reviewer(s):

Yes

SWC owner and/or
SWC Design author:

Comments:

Integrator and or
SW lead:

Comments:

Unit test co-ordinator:

Comments:

Other Reviewer(s):

Rationale/justification for items marked "No" approved by:

Sheet 4: PolySpace

Rev 2.01

21-Feb-18

Nexteer SWC Implementation Peer Review Meeting Log (PolySpace Review)

Source File Name:

FltInj.c

Source File Revision:

Source File Name:

Source File Revision:

Source File Name:

Source File Revision:

EA4 Static Analysis Compliance Guideline version:

1.04

Poly Space version:

2013b

TL109A sub project version:

2.3.0

Quality Check Items:

Rationale is required for all answers of No

tools/local folders' header files are appropriate and

Yes

Comments:

function prototypes match the latest component version

100% Compliance to the EA4 Static Analysis

Yes

Comments:

Compliance Guideline

Are previously added justification and deviation

Yes

Comments:

comments still appropriate

Do all MISRA deviation comments use approved

Yes

Comments:

deviation tags

For any component source files (.c, .h, generated Cfg.c and Cfg.h)

N/A

Comments:

with conditional compilation, has Polyspace been run with all

combinations of build constants that can be used together in a build?

(Note which conditional compilation results have been archived)

Codemetrics count OK

Yes

Comments:

for all functions in the component per Design

and Coding Standards rule [N47]

General Notes / Comments:

Review Board:

Change Owner:

Krzysztof Byrski

Review Date :

03/22/2018

Lead Peer Reviewer:

Marek Brykczyński

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Rationale/justification for items marked "No" approved by:

Sheet 5: help

Summary sheet:

Intended Use: Identify which component is being reviewed. This should match the component short name from the DataDict.m fileand the middle part of the Synergy project name, e.g. Assi for the SF001A_Assi_Impl Synergy project

Intended Use: Identify the implementation baseline name intended to be used for the changed component when changes are approved E.g. SF001A_Assi_Impl_1.2.0

Intended Use: Identify the developer who made the change(s) being reviewed

Intended Use: Identify the Implementation Work CR whose work is being reviewed (may be more than one)

Intended Use: Intended to identify at a high level to the reviewers which areas of the component have been changed.

Source code:

This item includes looking at all layers of Simulink model for possible color coding not reflected at a higher level, and includes looking at any intermediate SWC Design versions between the version being implemented and the version that was included as a subproject in the previous implementation.

Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified
file in the working project)

Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project)

Intended Use: For SWC Designs, list the Synergy baseline number (just the number part of the Synergy baseline name) of the SWC Design baseline being implemented. E.g., for SF001A_Assi_Design_1.3.1, this field would say "1.3.1"

Intended Use: Indicate that the the versioning was confirmed by the peer reviewer(s).

Intended Use: To confirm no compiler errors or warnings exist for the code under review (warnings from contract header files may be ignored).

Intended Use: list version/revision of latest released Software Design and Coding Standards document.

Davinci Files

Intended Use: Identify if previous version was compared and only the expected change(s) was present. This is for text files only, not binary or GUIs

Polyspace

eg. 2013b

Integration manual

Intended Use: Identify which file is being reviewed

Intended Use: Identify which version of the integration manual has been reviewed.

Synergy

Refer to EA4 Common Naming Conventions document, section “Synergy Baseline Names for core components”

The following subprojects should be included for all component implementations:
• AR200A_ArSuprt_Impl
• AR201A_ArCplrSuprt_Impl
• TL101A_CptRteGen
• TL103A_CplrSuprt
• TL109A_SwcSuprt
• Corresponding _Design project used for the implementation

The following subprojects should be included as needed by each component:
• AR10xx_Nxtr*_Impl library components as needed by each component
• AR202x_MicroCtrlrSuprt_Impl as needed (for register header files for components making direct register access)[add notes about when to add a stub header file]
• Xx999x_xxxxGlbPrm_Impl as needed by each component
• TL105A_Artt for components with generated content

The following should NOT be included as subprojects:
• TL107x_DavinciSuprt (aka StdDef)
• TL100A_QACSuprt (QAC subproject was previously included but should be removed going forward)
• Any other component (not mentioned anywhere above) whose .h file is needed. For these components, a “stub” .h file should be created, containing only the multiple include protection and the definitions and function prototypes actually needed by the component with the #include, and placed in the “including” component’s local\include folder.

misc in Summary sheet

(integrator, designer, unit test coordinator, etc.)

For a new component, use number of lines in all source files reviewed, including files in the src and include folders and any generated cfg.h and cfg.c files. For a changed component, try to add up how many lines, including comments and blank lines, were in the changed areas that were reviewed. Not just the actual changed lines, but the number of lines in the blocks of code you had to look at to review the change.

add up the number of ports, number of PIM variables, number if IRVs, number of runnables, number of NVM blocks in the component (all of them for review of a new component, the new and modified ones for review of a change)

add the number of pages in the MDD and integration manual for a new component; for a modified component, count the number of pages that contained a change.

Reviewer

Required attendance for this type of change

Review spreadsheet tab(s)

Component group peer

All

Component owner and/or SWC Design author

*Initial creation of any new component
*Simulink model changes (any change to the model other than just updating the change log)

Source

Integrator and/or SW lead of first program planning to use the component

*Initial creation of any new component
*new or changed NVM blocks, NVM datatypes, or NVM usage (added or removed or changed NVM API calls in any runnable)
*Major rev (X changed in the X.Y.X design baseline number; means there was a component interface change)
*new or changed config params
*all MM component changes

Davinci files, Integration manual, source for NVM changes and for all MM component changes.

Unit test coordinator

Fixes for coverage issues

Source

SQA

None

For each reviewer category listed on each tab, there should either be
• the name of the reviewer who attended
or
• a comment indicating
o why that reviewer was not required for this change
or
o who approved holding the review without that required reviewer (approval must
be from the software manager or a software supervisor)

Sheet 6: Version History



File Version History
Version	Description	Author(s)	Revision Date	Approved By	Approved Date	Status
						Draft/ Released










Template Version History
Version	Description	Author(s)	Revision Date	Approved By	Approved Date	Status
1.0	Initial Version	SW Engineering team	24-May-15	NA	NA	Released
1.01	Changed name to be EA4 specific	SW Engineering team	25-Jun-15	NA	NA	Released
1.02	Modified Summary Sheet General Guidelines, Clarified wording on first item in Synergy project sheet.	SW Engineering team	30-Jul-15	NA	NA	Released
1.02	Made corrections and clarifications to Source Code check list.	SW Engineering team	30-Jul-15	NA	NA	Released
1.02	updated Davinci, MDD, and Polyspace/QAC tabs	SW Engineering team	30-Jul-15	NA	NA	Released
1.03	Aligned to portal version guidelines	Umesh Sambhari	21-Nov-17	NA	NA	Released
2.00	Summary sheet template: Changed title to indicate Implementation Peer Review Corrected and/or clarified mouse hover comments, added instructions, renamed some fields. Changed the default setting to "No" on the items reviewed	SW Engineering team	29-Nov-17	Lonnie Newton, Steven Horwath, Kevin Smith, Lucas Wendling, Vinod Shankar	NA	Released
	Source code template: Removed hyperlink for naming conventions, corrected name of naming conventions document, added version field for naming conventions document. Changed item about requirements tags to reflect that they should be removed Added clarification that all combinations of conditionally compiled code must be checked Item about accurately implementing SWC Design is modified and a new item added, both to clarify where to look when determining needed changes. Added point for version of common naming conventions Reworded multiple items for clarity	SW Engineering team	29-Nov-17
	Synergy project template: added items for file/folder structure added point on .gpj file in tools folder	SW Engineering team	29-Nov-17
	Davinci files template: Clarified the StdDef item Added new item for OBSOLETE Clarified item on datadict.m comparison Removed the references to .m file helper tool Updated to reflect that all component should now use only implementation data types Added points on PIMs and NVMs	SW Engineering team	29-Nov-17
	All template tabs: Added/clarified/removed mouse hover comments. Updated Review Board section Removed the gridlines from all tabs Updated titles to say "Nexteer SWC Implementation Peer Review" Changed all occurences of "FDD" to "SWC Design"	SW Engineering team	29-Nov-17
2.01	Added a help tab and appropriate links Added field on Summary sheet to report hours spent and content reviewed Changed wording in an item in Polyspace tab and Source code tab	SW Engineering team	21-Feb-18	Lonnie Newton, Steven Horwath, Kevin Smith, Lucas Wendling, Vinod Shankar	21-Feb-18	Released

2 - Component Implementation

Component Implementation

Component Documentation

2.1 - McuErrInj Integration Manual

Integration Manual

For

McuErrInj

VERSION: 2.0

DATE: 24-Jul-2017

Prepared By:

Software Group,

Nexteer Automotive,

Saginaw, MI, USA

Location: The official version of this document is stored in the Nexteer Configuration Management System.

Revision History

: ARM Cortex R4 Memory Usage
Sl. No.	Description	Author	Version	Date
1	Initial version	Avinash James	1.0	15-Mar-2017
2	Update to include the tursted function	Avinash James	2.0	24-Jul-2017

Table of Contents

1 Abbrevations And Acronyms 4

2 References 5

3 Dependencies 6

3.1 SWCs 6

3.2 Global Functions(Non RTE) to be provided to Integration Project 6

4 Configuration REQUIREMeNTS 7

4.1 Build Time Config 7

4.2 Configuration Files to be provided by Integration Project 7

4.3 Da Vinci Parameter Configuration Changes 7

4.4 DaVinci Interrupt Configuration Changes 7

4.5 Manual Configuration Changes 7

5 Integration DATAFLOW REQUIREMENTS 8

5.1 Required Global Data Inputs 8

5.2 Required Global Data Outputs 8

5.3 Specific Include Path present 8

6 Runnable Scheduling 9

7 Memory Map REQUIREMENTS 10

7.1 Mapping 10

7.2 Usage 10

7.3 NvM Blocks 10

8 Compiler Settings 11

8.1 Preprocessor MACRO 11

8.2 Optimization Settings 11

9 Appendix 12

Abbrevations And Acronyms

Abbreviation	Description
DFD	Design functional diagram
MDD	Module design Document
FDD	Functional Design Document

References

This section lists the title & version of all the documents that are referred for development of this document

Sr. No.	Title	Version
1	FDD – DF003A McuDiagc	See Synergy subproject version
2	Software Naming Conventions	Process 04.04.02
3	Software Coding Standards	Process 04.04.02

Dependencies

SWCs

Module	Required Feature
None

Note : Referencing the external components should be avoided in most cases. Only in unavoidable circumstance external components should be referred. Developer should track the references.

Global Functions(Non RTE) to be provided to Integration Project

InjVrfyCritRegErr() – Function to Inject micro diagnostic error in Critical Registers

InjMcuVltgMonrErr() – Function to Inject micro diagnostic error in Core voltage monitor

InjClkMonrErr() – Function to Inject micro diagnostic error in Clock Monitors

InjOsTmpGenericRtErr () – Function to Inject Temporary Run time error in Operating System

InjOsPrmntGenericRtErr () – Function to Inject Permanent Run time error in Operating System

InjWdgErr () – Function to Watchdog errors

InjFpuErr () – Function to Inject floating point exceptions

InjMemProtnErr () – Function to Inject Memory protection errors

InjModErr () – Function to Inject mode errors

InjMcuRtErr () – Function to Inject Mcu Run Time errors

InjCodFlsEccErr() – Function to Inject Code flash ECC errors

InjRamMemErr( ) – Function to Inject peripheral and local RAM ECC errors

InjEcmMstChkrRtErr(void) () – Function to Inject micro diagnostic error in ECM Master and Slave

InjUkwnStrtUpDetdErr(void) -() – Function to Inject unknown startup

InjIpgRtErr(void) () – Function to Inject Run time IPG errors

InjRtPegErr(void) – Function to Inject Run time Peg errors

InjDataParErr() – Function to Inject Data Parity errors

InjDmaErr() – Function Dma errors

InjMcuDiagcErr() – Function to Inject loss ofmotor control ISR errors

InjAdcErr() – Function to Inject ADC errors

InjProgSeqErr () – Function to inject program sequence errors

InjPbgRtErr () - Function to inject PBG run time errors

InjSwFpuErr () – Function to inject software Floating point error

McuDiagcTestTrustd() – Trusted function call from OS

Configuration REQUIREMeNTS

Build Time Config

Modules	Notes
MCUDIAGCERRINJ	STD_OFF for other builds STD_ON for uDiag test builds

MCUDIAGCERRINJ

STD_OFF for other builds

STD_ON for uDiag test builds

Configuration Files to be provided by Integration Project

None

Da Vinci Parameter Configuration Changes

Parameter	Notes	SWC
None

DaVinci Interrupt Configuration Changes

ISR Name	VIM #	Priority Dependency	Notes
None

Manual Configuration Changes

Constant	Notes	SWC
OS Memory protection has to be extended to include the reserved RAM & invalid memory area .Also execution from RAM need to be enabled too as per the settings below

(osuint32)0x0100a000UL, /* MPU region 3 */

(osuint32)0x0100bffcUL,

(osuint32)0x03ff00edUL,

(osuint32)0x10020000UL, /* MPU region 4 */

(osuint32)0x10020848UL,

(osuint32)0x03ff00dbUL,

(osuint32)0xfb000000UL, /* MPU region 5 */

(osuint32)0xfebdfffcUL,

(osuint32)0x03ff00d9UL,

(osuint32) 0xF3000000UUL, /* MPU region 6 */

(osuint32) 0xF4000000UL,

(osuint32)0x03ff00dbUL,

(osuint32)&osGlobalShared_StartAddr, /* MPU region Global shared*/

(osuint32)&osGlobalShared_EndAddr,

(osuint32)0x03ff00fbUL,

Integration DATAFLOW REQUIREMENTS

Required Global Data Inputs

Refer DataDict.m file

Required Global Data Outputs

Refer DataDict.m file

Specific Include Path present

Yes

Runnable Scheduling

This section specifies the required runnable scheduling.

Init	Scheduling Requirements	Trigger
McuDiagcInit1	None	RTE (Init)

Runnable	Scheduling Requirements	Trigger
McuDiagcPer1	None	RTE (2 ms)
ClrErrInjReg_Oper	None	On invocation
ReadErrInjReg_Oper	None	On invocation
StrtErrInjCntr_Oper	None	On invocation
UpdErrInjReg_Oper	None	On invocation

Memory Map REQUIREMENTS

Mapping

Memory Section	Contents	Notes
McuErrInj_START_SEC_VAR_INIT_128	Data section for DMA write
McuErrInjGlobalShared_START_SEC_VAR_CLEARED_32	Global shared data access

* Each …START_SEC… constant is terminated by a …STOP_SEC… constant as specified in the AUTOSAR Memory Mapping requirements.

Usage

Feature	RAM	ROM
None

NvM Blocks

None

Compiler Settings

Preprocessor MACRO

None

Optimization Settings

None

Appendix

None

2.2 - McuErrInj Module Design Document

Module Design Document

For

McuErrInj

Jul 25, 2017

Prepared For:

Software Engineering

Nexteer Automotive,

Saginaw, MI, USA

Prepared By:

Software Group,

Nexteer Automotive,

Saginaw, MI, USAChange History

Description	Author	Version	Date
Initial Version	Avinash James	1.0	15-Mar-2017
Added the global functions	Avinash James	2.0	25-Jul-2017

Table of Contents

1 Introduction 5

1.1 Purpose 5

2 McuDiagc & High-Level Description 6

3 Design details of software module 7

3.1 Graphical representation of McuDiagc 7

3.2 Data Flow Diagram 7

3.2.1 Component level DFD 7

3.2.2 Function level DFD 7

4 Constant Data Dictionary 8

4.1 Program (fixed) Constants 8

4.1.1 Embedded Constants 8

5 Software Component Implementation 9

5.1 Sub-Module Functions 9

5.1.1 Init: McuErrInjInit1 9

5.1.1.1 Design Rationale 9

5.1.1.2 Module Outputs 9

5.1.2 Per: McuErrInjPer1 9

5.1.2.1 Design Rationale 9

5.1.2.2 Store Module Inputs to Local copies 9

5.1.2.3 (Processing of function)……… 9

5.1.2.4 Store Local copy of outputs into Module Outputs 9

5.1.2.5 Store Local copy of outputs into Module Outputs 9

5.2 Server Runnable 10

5.2.1 ClrErrInjReg_Oper 10

5.2.1.1 Design Rationale 10

5.2.1.2 Store Module Inputs to Local copies 10

5.2.1.3 (Processing of function)……… 10

5.2.1.4 Store Local copy of outputs into Module Outputs 10

5.2.1 ReadErrInjReg_Oper 10

5.2.1.1 Design Rationale 10

5.2.1.2 Store Module Inputs to Local copies 10

5.2.1.3 (Processing of function)……… 10

5.2.1.4 Store Local copy of outputs into Module Outputs 10

5.2.1 UpdErrInjReg_Oper 10

5.2.1.1 Design Rationale 10

5.2.1.2 Store Module Inputs to Local copies 10

5.2.1.3 (Processing of function)……… 10

5.2.1.4 Store Local copy of outputs into Module Outputs 10

5.2.1 StrtErrInjCntr 11

5.2.1.1 Design Rationale 11

5.2.1.2 Store Module Inputs to Local copies 11

5.2.1.3 (Processing of function)……… 11

5.2.1.4 Store Local copy of outputs into Module Outputs 11

5.3 Interrupt Functions 11

5.4 Module Internal (Local) Functions 11

5.5 GLOBAL Function/Macro Definitions 11

5.5.1 GLObAL Function #1 11

5.5.1.1 Description 11

6 Known Limitations with Design 12

7 UNIT TEST CONSIDERATION 13

Appendix A Abbreviations and Acronyms 14

Appendix B Glossary 15

Appendix C References 17

Introduction

Purpose

Module design document for Micro Controller Diagnostics Error Injection

McuDiagc & High-Level Description

Refer the Design.

Design details of software module

Graphical representation of McuDiagc

Data Flow Diagram

Component level DFD

N/A

Function level DFD

N/A

Constant Data Dictionary

Program (fixed) Constants

Embedded Constants

Local Constants

Constant Name	Resolution	Units	Value
MCUERRINJ_TESTRSTUKWN_CNT_U32	1	Cnt
SHIFTBYWORD_CNT_U08	1	Cnt	16U
SHIFTBYBYTE_CNT_U08	1	Cnt	8U
Refer .m file

Global

Currently the FDD has not been updated to show define the global constants. However the header file includes all the necessary global constants

Software Component Implementation

Sub-Module Functions

The sub-module functions are grouped based on similar functionality that needs to be executed in a given “State” of the system (refer States and Modes). For a given module, the MDD will identify the type and number of sub-modules required. The sub-module types are described below.

Init: McuErrInjInit1

Design Rationale

Refer to FDD

Module Outputs

Refer to FDD

Per: McuErrInjPer1

Design Rationale

None

Store Module Inputs to Local copies

Refer to FDD

(Processing of function)………

Refer to FDD

Store Local copy of outputs into Module Outputs

Refer to FDD

Store Local copy of outputs into Module Outputs

Refer to FDD

Server Runnable

ClrErrInjReg_Oper

Design Rationale

Refer FDD

Store Module Inputs to Local copies

Refer FDD

(Processing of function)………

Refer FDD

Store Local copy of outputs into Module Outputs

None

ReadErrInjReg_Oper

Design Rationale

Refer FDD. The function returns a 0 value in the case when the MCUERRINJ is defined as STD_OFF. This is done for static compliance as the actual functional code returns the value of BRAMDAT2 when MCUERRINJ is defined as STD_ON which is encapsulated under the compiler define and when its STD_OFF for the pointer variable to have a default value, we return 0.

Store Module Inputs to Local copies

Refer FDD

(Processing of function)………

Refer FDD

Store Local copy of outputs into Module Outputs

None

UpdErrInjReg_Oper

Design Rationale

Refer FDD

Store Module Inputs to Local copies

Refer FDD

(Processing of function)………

Refer FDD

Store Local copy of outputs into Module Outputs

None

StrtErrInjCntr

Design Rationale

Refer FDD

Store Module Inputs to Local copies

Refer FDD

(Processing of function)………

Refer FDD

Store Local copy of outputs into Module Outputs

None

Interrupt Functions

None

Module Internal (Local) Functions

None

GLOBAL Function/Macro Definitions

GLObAL Function #1

Function Name	McuDiagcTestTrustd	Type	Min	Max
Arguments Passed	None
Return Value	N/A

Description

Trusted function that performs the tests which need to run in supervisor mode of the processor as some tests needs register access at supervisor level.

GLObAL Functions

InjVrfyCritRegErr()

InjMcuVltgMonrErr()

InjClkMonrErr()

InjOsTmpGenericRtErr ()

InjOsPrmntGenericRtErr ()

InjWdgErr ()

InjFpuErr ()

InjMemProtnErr ()

InjModErr ()

InjMcuRtErr ()

InjProgSeqErr ()

InjPbgRtErr ()

InjRamErr()

InjEcmMstChkrRtErr()

InjUkwnStrtUpDetdErr()

InjIpgRtErr()

InjRtPegErr()

InjDataParErr()

InjDmaErr()

InjMcuDiagcErr()

InjAdcErr()
InjSwFpuErr()

Description

The above list is the list of global functions which are used for error injection which gets defined in multiple FDDs based of the NTC they are trying to set. These global functions are only enabled when the #define MCUDIAGCERRINJ is made STD_ON in the McuDiagcErrInj header file. So, DF003A FDD is the owner of these global functions though they are defined in multiple files. Return type and parameter lists are both void for the above defined ones

Known Limitations with Design

UNIT TEST CONSIDERATION

Abbreviations and Acronyms

Abbreviation or Acronym	Description
DFD	Design functional diagram
MDD	Module design Document

Glossary

ISO 9000
ISO/IEC 12207
ISO/IEC 15504
Automotive SPICE® Process Reference Model (PRM)
Automotive SPICE® Process Assessment Model (PAM)
ISO/IEC 15288
ISO 26262
IEEE Standards
SWEBOK
PMBOK
Existing Nexteer Automotive documentation

Term	Definition	Source
MDD	Module Design Document
DFD	Data Flow Diagram

References

Ref. #	Title	Version
1	AUTOSAR Specification of Memory Mapping (Link:AUTOSAR_SWS_MemoryMapping.pdf)	v1.3.0 R4.0 Rev 2
2	MDD Guideline	EA4 01.00.01
3	Software Naming Conventions.doc	1.0
4	Software Design and Coding Standards.doc	2.1
5	FDD – ES002A McuDiagc	See Synergy subproject version

2.3 - McuErrInj Peer Review Checklists

Overview

Summary Sheet
Synergy Project
Src - McuErrInj
MDD
PolySpace
Integration Manual

Sheet 1: Summary Sheet

Rev 1.2

8-Jun-15

Peer Review Summary Sheet

Synergy Project Name:

kzshz2: Intended Use: Identify which component is being reviewed. This should be the Module Short Name from Synergy Rationale: Required for traceability. It will help to ensure this form is not attaced to the the wrong change request. DF003A_McuErrInj_Impl

Revision / Baseline:

kzshz2: Intended Use: Identify which Synergy revision of this component is being reviewed Rationale: Required for traceability. It will help to ensure this form is not attaced to the the wrong change request. DF003A_McuErrInj_Impl_1.1.0

Change Owner:

kzshz2: Intended Use: Identify the developer who made the change(s) Rationale: A change request may have more than one resolver, this will help identify who made what change. Change owner identification may be required by indusrty standards. Avinash James

Work CR ID:

EA4#13348

kzshz2: Intended Use: Intended to identify at a high level to the reviewers which areas of the component have been changed. Rationale: This will be good information to know when ensuring appropriate reviews have been completed. Modified File Types:

kzshz2: Intended Use: Identify who where the reviewers, what they reviewed, and if the reviewed changes have been approved to release the code for testing. Comments here should be at a highlevel, the specific comments should be present on the specific review form sheet. Rationale: Since this Form will be attached to the Change Request it will confirm the approval and provides feedback in case of audits. ADD DR Level Move reviewer and approval to individual checklist form Review Checklist Summary:

Reviewed:

Yes

MDD

Yes

Source Code

Yes

PolySpace

Yes

Integration Manual

N/A

Davinci Files

Comments:

General Guidelines:
- The reviews shall be performed over the portions of the component that were modified as a result of the Change Request.
- New components should include FDD Owner and Integrator as apart of the Group Review Board (Source Code, Integration Manual, and Davinci Files)
- Enter any rework required into the comment field and select No. When the rework is complete, review again using this same review sheet and select Yes. Add date and additional comment stating that the rework is completed.
- To review a component with multiple source code files use the "Add Source" button to create a Source code tab for each source file.
- .h file should be reviewed with the source file as part of the source file.

Sheet 2: Synergy Project

Peer Review Meeting Log (Component Synergy Project Review)

Quality Check Items:

Rationale is required for all answers of No

New baseline version name from Summary Sheet follows

Yes

Comments:

naming convention

Project contains necessary subprojects

Yes

Comments:

Project contains the correct version of subprojects

Yes

Comments:

Design subproject is correct version

Yes

Comments:

General Notes / Comments:

LN: Intended Use: Identify who were the reviewers and if the reviewed changes have been approved. Rationale: Since this Form will be attached to the Change Request it will confirm the approval and provides feedback in case of audits. KMC: Group Review Level removed in Rev 4.0 since the design review is not checked in until approved, so it would always be DR4. Review Board:

Change Owner:

Avinash James

Review Date :

07/26/17

Lead Peer Reviewer:

Krishna Anne

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 3: Src - McuErrInj

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Source Code Review)

Source File Name:

McuErrInj.c

Source File Revision:

Header File Name:

McuErrInj.h

Header File Revision:

kzshz2: Intended Use: Identify which version of the source file is being review. Rationale: Required for traceability between source code and review. Auditors will likely require this. 3

MDD Name:

McuErrInj Module Design Document.docx

Revision:

FDD/SCIR/DSR/FDR/CM Name:

DF003A_McuErrInj_Design

Revision:

1.2.0

Quality Check Items:

Rationale is required for all answers of No

Working EA4 Software Naming Convention followed:

for variable names

Yes

Comments:

for constant names

Yes

Comments:

for function names

Yes

Comments:

for other names (component, memory

Yes

Comments:

mapping handles, typedefs, etc.)

All paths assign a value to outputs, ensuring

N/A

Comments:

all outputs are initialized prior to being written

Requirements Tracability tags in code match the requirements tracability in the FDD

N/A

Comments:

Not Required

requirements tracability in the FDD

All variables are declared at the function level.

Comments:

Global variable used in the error injection code.This wont be a part of the production code as it will be compiled out for regualare builds and available only for the special build testing

Synergy version matches change history

kzshz2: Intended Use: Indicate that the the versioning was confirmed by the peer reviewer(s). Rationale: There have been many occassions where versions were not updated in files and as a result Unit Test were referencing wrong versions. This often time leads to the need to re-run of batch tests.

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Yes

Comments:

and Work CR number

Code accurately implements FDD (Document or Model)

Yes

Comments:

Verified no Compiler Errors or Warnings

KMC: Intended Use: To confirm no compiler errors or warnings exist for the code under review (warnings from contract header files may be ignored). Rationale: This is needed to ensure there will be no errors discovered at the time of integration. A Sandox project should be used; QAC can find compiler errors but not warnings.

Yes

Comments:

Component.h is included

Yes

Comments:

All other includes are actually needed. (System includes

Yes

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Version: 2.1

Code comments are clear, correct, and adequate

Yes

Comments:

and have been updated for the change: [N40] and

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

Yes

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Yes

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Memory mapping for non-RTE code

Yes

Comments:

is per standard

All execution-order-dependent code can be

N/A

Comments:

recognized by the compiler: [N80]

All loops have termination conditions that ensure

N/A

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

N/A

Comments:

if needed: [N65]

All integer division and modulus operations

N/A

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

N/A

Comments:

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsiged conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

N/A

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

N/A

Comments:

null pointer if needed: [N70]

Component outputs are limited to the legal range

N/A

Comments:

defined in the FDD DataDict.m file : [N53]

All code is mapped with FDD (all FDD

N/A

Comments:

subfunctions and/or model blocks identified

with code comments; all code corresponds to

some FDD subfunction and/or model block): [N40]

Review did not identify violations of other

Yes

Comments:

coding standard rules

Anomaly or Design Work CR created

N/A

Comments:

for any FDD corrections needed

ICR 10196 created for making the magic numbers as #defines

General Notes / Comments:

Changes only reviewed

Change Owner:

Avinash James

Review Date :

07/26/17

Lead Peer Reviewer:

Krishna Anne

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 4: MDD

Rev 1.2

8-Jun-15

Peer Review Meeting Log (MDD Review)

MDD Name:

McuErrInj Module Design Document.doc

MDD Revision:

Source File Name:

McuErrInj.c

Source File Revision:

Source File Name:

Source File Revision:

Source File Name:

Source File Revision:

Quality Check Items:

Rationale is required for all answers of No

Synergy version matches document

Yes

Comments:

Change log contains detailed description of changes

Yes

Comments:

Changes Highlighted (for Unit Tester)

Yes

Comments:

Diagrams have been included per MDD Guideline

Yes

Comments:

and reviewed

All Design Exceptions and Limitations are listed

Yes

Comments:

Design rationale given for all global

Yes

Comments:

data not communicated through RTE ports, per

Design and Coding Standards rules [N9] and [N10].

All implementation details that differ from the FDD are

Yes

Comments:

noted and explained in Design Rationale

All Unit Test Considerations have been described

Yes

Comments:

General Notes / Comments:

Change Owner:

Avinash James

Review Date :

07/26/17

Lead Peer Reviewer:

Krishna Anne

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 5: PolySpace

Rev 1.2

8-Jun-15

Peer Review Meeting Log (QAC/PolySpace Review)

Source File Name:

McuErrInj.c

Source File Revision:

Source File Name:

Source File Revision:

Source File Name:

Source File Revision:

Source File Name:

Source File Revision:

EA4 Static Analysis Compliance Guideline version:

01.03.00_Draft

Poly Space version:

Windows User: eg. 2013b 2013B

Polyspace sub project version:

Windows User: eg. TL108a_PolyspaceSuprt_1.0.0 NA

Quality Check Items:

Rationale is required for all answers of No

Contract Folder's header files are appropriate and

kzshz2: Intended Use: Identify that the contract folder contains only the information required for this component. All other variables, constants, function prototypes, etc. should be removed. Rationale: This will help avoid unit testers having to considers object not used. It will also avoid having other files required for QAC.

Yes

Comments:

function prototypes match the latest component version

100% Compliance to the EA4 Static Analysis

Yes

Comments:

Compliance Guideline

Are previously added justification and deviation

Yes

Comments:

comments still appropriate

Do all MISRA deviation comments use approved

Yes

Comments:

deviation tags

Cyclomatic complexity and Static path count OK

Creager, Kathleen: use Browse Function Metrics, STCYC and STPTH

Comments:

see comments below

for all functions in the component per Design

and Coding Standards rule [N47]

General Notes / Comments:

Rule 3.4 - pragma comments are pesent in McuErrInj.c - reviewed and ok

Trusted function has a compleity of 31 and path count 31, because of a 31-case switch stmt. No change needed - this is conceptually less complex than

splitting up the function

Change Owner:

Avinash James

Review Date :

07/26/17

Lead Peer Reviewer:

Krishna Anne

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 6: Integration Manual

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Integration Manual Review)

Integration Manual Name:

kzshz2: Intended Use: Identify which file is being reviewed Rationale: Required for traceability. It will help to ensure this sheet is not attached to the wrong design review form. McuErrInj Integration Manual.doc

Integration Manual Revision:

kzshz2: Intended Use: Identify which version of the integration manual has been reviewed. Rationale: Required for traceability between the MDD and review. Auditors will likely require this. 2

Quality Check Items:

Rationale is required for all answers of No

Synergy version matches header

Yes

Comments:

Latest template used

Yes

Comments:

Change log contains detailed description of changes

Yes

Comments:

Changes Highlighted (for Integrator)

Yes

Comments:

General Notes / Comments:

Change Owner:

Avinash James

Review Date :

07/26/17

Lead Peer Reviewer:

Krishna Anne

Approved by Reviewer(s):

Yes

Other Reviewer(s):

3 - Component Implementation

Component Implementation

Component Documentation

3.1 - Swp_DesignReview

Overview

Summary Sheet
Synergy Project
Source Code
PolySpace

Sheet 1: Summary Sheet

Rev 1.2

8-Jun-15

Peer Review Summary Sheet

Synergy Project Name:

Revision / Baseline:

Change Owner:

Work CR ID:

EA4#12393

Reviewed:

N/A

MDD

Yes

Source Code

Yes

PolySpace

N/A

Integration Manual

N/A

Davinci Files

Comments:

Reviewed changes only

Sheet 2: Synergy Project

Peer Review Meeting Log (Component Synergy Project Review)

Quality Check Items:

Rationale is required for all answers of No

New baseline version name from Summary Sheet follows

Yes

Comments:

naming convention

Project contains necessary subprojects

Yes

Comments:

Project contains the correct version of subprojects

Yes

Comments:

Design subproject is correct version

Yes

Comments:

General Notes / Comments:

Change Owner:

Krishna Anne

Review Date :

05/31/17

Lead Peer Reviewer:

Matt Leser

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Brendon Binder

Brionna Spencer

Shawn Penning

Sheet 3: Source Code

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Source Code Review)

Source File Name:

Swp.c

Source File Revision:

Header File Name:

Swp.h

Header File Revision:

kzshz2: Intended Use: Identify which version of the source file is being review. Rationale: Required for traceability between source code and review. Auditors will likely require this. 1

MDD Name:

Swp_MDD

Revision:

FDD/SCIR/DSR/FDR/CM Name:

DF002A_Swp_Design

Revision:

1.8.0

Quality Check Items:

Rationale is required for all answers of No

Working EA4 Software Naming Convention followed:

for variable names

Yes

Comments:

for constant names

Yes

Comments:

for function names

Yes

Comments:

for other names (component, memory

Yes

Comments:

mapping handles, typedefs, etc.)

All paths assign a value to outputs, ensuring

Yes

Comments:

all outputs are initialized prior to being written

Requirements Tracability tags in code match the requirements tracability in the FDD

N/A

Comments:

requirements tracability in the FDD

Req Tags are not available in the design.

All variables are declared at the function level.

Yes

Comments:

Synergy version matches change history

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Yes

Comments:

and Work CR number

init version

Code accurately implements FDD (Document or Model)

Yes

Comments:

Verified no Compiler Errors or Warnings

Yes

Comments:

Component.h is included

Yes

Comments:

All other includes are actually needed. (System includes

Yes

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Version:

Code comments are clear, correct, and adequate

Yes

Comments:

and have been updated for the change: [N40] and

Deviations exist for DFs

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

Yes

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Yes

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Memory mapping for non-RTE code

Yes

Comments:

is per standard

All execution-order-dependent code can be

Yes

Comments:

recognized by the compiler: [N80]

All loops have termination conditions that ensure

N/A

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

Yes

Comments:

if needed: [N65]

All integer division and modulus operations

Yes

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

Yes

Comments:

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsiged conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

Yes

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

Yes

Comments:

null pointer if needed: [N70]

Component outputs are limited to the legal range

Yes

Comments:

defined in the FDD DataDict.m file : [N53]

All code is mapped with FDD (all FDD

Yes

Comments:

subfunctions and/or model blocks identified

with code comments; all code corresponds to

some FDD subfunction and/or model block): [N40]

Review did not identify violations of other

Yes

Comments:

coding standard rules

Anomaly or Design Work CR created

N/A

Comments: List Anomaly or CR numbers

for any FDD corrections needed

General Notes / Comments:

Init1 function functionally matches the code as we are initializing all _F and _M variables in respective periodic calls.

Change Owner:

Krishna Anne

Review Date :

05/31/17

Lead Peer Reviewer:

Matt Leser

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Brendon Binder

Brionna Spencer

Shawn Penning

Sheet 4: PolySpace

Rev 1.2

8-Jun-15

Peer Review Meeting Log (QAC/PolySpace Review)

Source File Name:

Swp.c

Source File Revision:

Source File Name:

Source File Revision:

Source File Name:

Source File Revision:

EA4 Static Analysis Compliance Guideline version:

01.01.00

Poly Space version:

Windows User: eg. 2013b 2103b

Polyspace sub project version:

Windows User: eg. TL108a_PolyspaceSuprt_1.0.0 TL108A_PolyspaceSuprt_1.0.0

QAC version:

Windows User: eg 8.1.1-R 8.1.1

QAC sub project version:

Windows User: eg. TL_100A_1.1.0 TL100A_QACSuprt_1.2.0

Quality Check Items:

Rationale is required for all answers of No

Contract Folder's header files are appropriate and

Yes

Comments:

function prototypes match the latest component version

100% Compliance to the EA4 Static Analysis

Yes

Comments:

Compliance Guideline

Are previously added justification and deviation

N/A

Comments:

comments still appropriate

Do all MISRA deviation comments use approved

Yes

Comments:

deviation tags

Cyclomatic complexity and Static path count OK

Creager, Kathleen: use Browse Function Metrics, STCYC and STPTH

Yes

Comments:

for all functions in the component per Design

and Coding Standards rule [N47]

General Notes / Comments:

Change Owner:

Krishna Anne

Review Date :

05/31/17

Lead Peer Reviewer:

Matt Leser

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Brendon Binder

Brionna Spencer

Shawn Penning

3.2 - Swp_IntegrationManual

Integration Manual

For

Swp

VERSION: 2.0

DATE: 01-Feb-2016

Prepared By:

Krishna Kanth Anne,

Software Engineering,

Nexteer Automotive,

Saginaw, MI, USA

Location: The official version of this document is stored in the Nexteer Configuration Management System.

Revision History

Sl. No.	Description	Author	Version	Date
1	Initial version	Krishna Kanth Anne	1.0	20-Oct-15
2	Fix for anomaly EA4#2461	Krishna Kanth Anne	2.0	01-Feb-16

Table of Contents

1 Abbrevations And Acronyms 4

2 References 5

3 Dependencies 6

3.1 SWCs 6

3.2 Global Functions(Non RTE) to be provided to Integration Project 6

4 Configuration REQUIREMeNTS 7

4.1 Build Time Config 7

4.2 Configuration Files to be provided by Integration Project 7

4.3 Da Vinci Parameter Configuration Changes 7

4.4 DaVinci Interrupt Configuration Changes 7

4.5 Manual Configuration Changes 7

5 Integration DATAFLOW REQUIREMENTS 8

5.1 Required Global Data Inputs 8

5.2 Required Global Data Outputs 8

5.3 Specific Include Path present 8

6 Runnable Scheduling 9

7 Memory Map REQUIREMENTS 10

7.1 Mapping 10

7.2 Usage 10

7.3 Non RTE NvM Blocks 10

7.4 RTE NvM Blocks 10

8 Compiler Settings 11

8.1 Preprocessor MACRO 11

8.2 Optimization Settings 11

9 Appendix 12

Abbrevations And Acronyms

Abbreviation	Description
DFD	Design functional diagram
MDD	Module design Document

References

This section lists the title & version of all the documents that are referred for development of this document

Sr. No.	Title	Version
1	MDD Guidelines	Process 04.02.00
2	Software Naming Conventions	Process 04.02.00
3	Coding standards	Process 04.02.00
4	FDD : DF002A_Swp_Design	See Synergy Subproject version

Dependencies

SWCs

Module	Required Feature
None

Global Functions(Non RTE) to be provided to Integration Project

None

Configuration REQUIREMeNTS

Build Time Config

Modules	Notes
Swp	Set to STD_ON for Sweep software build, set to STD_OFF for normal build. Constant resides in “Swp.h” file.

Configuration Files to be provided by Integration Project

None

Da Vinci Parameter Configuration Changes

Parameter	Notes	SWC
NA

DaVinci Interrupt Configuration Changes

ISR Name	VIM #	Priority Dependency	Notes
NA

Manual Configuration Changes

Constant	Notes	SWC
NA

Integration DATAFLOW REQUIREMENTS

Required Global Data Inputs

Please refer DataDict.m file

Required Global Data Outputs

Please refer DataDict.m file

Specific Include Path present

Swp.h file shall have to be included.

Runnable Scheduling

This section specifies the required runnable scheduling.

Init	Scheduling Requirements	Trigger
SwpInit1		RTE_Init

Runnable	Scheduling Requirements	Trigger
SwpPer1	None	RTE(2ms)

Runnable	Scheduling Requirements	Trigger
SwpPer2	None	RTE(2ms)

Memory Map REQUIREMENTS

Mapping

Memory Section	Contents	Notes
Swp_START_SEC_CODE	Swp code and variables	This code section statement will contain variables that need mapping to GlobalShared memory during Sweep builds (these variables are present when SWPENA == STD_ON)

* Each …START_SEC… constant is terminated by a …STOP_SEC… constant as specified in the AUTOSAR Memory Mapping requirements.

Usage

Feature	RAM	ROM
None

Table 1: ARM Cortex R4 Memory Usage

NvM Blocks

None.

Compiler Settings

Preprocessor MACRO

None

Optimization Settings

None

Appendix

None

3.3 - Swp_MDD

Module Design Document

For

Swp

Jan 20, 2016

Prepared For:

Software Engineering

Nexteer Automotive,

Saginaw, MI, USA

Prepared By:

Krishna Kanth Anne,

Nexteer Automotive,

Saginaw, MI, USA
Change History

Description	Author	Version	Date
Initial Version	Krishna Kanth Anne	1.0.0	20-Oct-2015
Fix for anomaly EA4#2461	Krishna Kanth Anne	1.1.0	20-Jan-2016

Table of Contents

1 Introduction 4

1.1 Purpose 4

1.2 Scope 4

2 PullCmpActv & High-Level Description 5

3 Design details of software module 6

3.1 Graphical representation of PullCmpActv 6

3.2 Data Flow Diagram 6

3.2.1 Component level DFD 6

3.2.2 Function level DFD 6

4 Constant Data Dictionary 7

4.1 Program (fixed) Constants 7

4.1.1 Embedded Constants 7

5 Software Component Implementation 8

5.1 Sub-Module Functions 8

5.1.1 Init: SwpInit1 8

5.1.2 Per: SwpPer1 8

5.1.3 Per: SwpPer2 8

5.2 Module Internal (Local) Functions 8

5.2.1 Local Function #1 8

5.2.1.1 Design Rationale 8

5.2.1.2 Processing 8

6 Known Limitations with Design 9

7 UNIT TEST CONSIDERATION 10

Appendix A Abbreviations and Acronyms 11

Appendix B Glossary 12

Appendix C References 13

Introduction

Purpose

MDD for Sweep function

Scope

NA

Swp & High-Level Description

Please refer FDD.

Design details of software module

Please refer FDD.

Graphical representation of Swp

Data Flow Diagram

Please refer FDD.

Component level DFD

Please refer FDD.

Function level DFD

Please refer FDD.

Constant Data Dictionary

Program (fixed) Constants

Embedded Constants

Local Constants

Constant Name	Resolution	Units	Value
Please refer DF002A_Swp_DataDict.m	NA	NA	NA
SWPSTRT_CNT_U16	NA	NA	0
SWPTRAN_CNT_U16	NA	NA	1
SWPDWELL_CNT_U16	NA	NA	2
SWPSTOP_CNT_U16	NA	NA	3
SWPRAMP_CNT_U16	NA	NA	4
SWPDONE_CNT_U16	NA	NA	5

Software Component Implementation

Please refer FDD.

Sub-Module Functions

Init: SwpInit1

Please refer FDD.

Design Rationale

Dummy Initialization function to correlate with the FDD (.m file)

Per: SwpPer1

Please refer FDD.

Design Rationale

For DFs, it was decided to use the module level variables in place of PIMs defined in the FDD (PIM section of .m file), This is a deviation from regular EA4 process. This is to give control over MemMap to avoid MPU violations while writing these variables using xcp.
All of the given PIMs from .m file are either defined as of Function level variables (if used in only one function) or Module level variables (if used in more than one function) in DFs.
Each of the Function level and Module level variables shall be volatile only when they are intended to be user modifiable as per the data dictionary .m file.
Deviations exist in the naming conventions for all of Function level and Module level variables from regular EA4 naming conventions.

Per: SwpPer2

Please refer FDD.

Design Rationale

For DFs, it was decided to use the module level variables in place of PIMs defined in the FDD (PIM section of .m file), This is a deviation from regular EA4 process. This is to give control over MemMap to avoid MPU violations while writing these variables using xcp.
All of the given PIMs from .m file are either defined as of Function level variables (if used in only one function) or Module level variables (if used in more than one function) in DFs.
Each of the Function level and Module level variables shall be volatile only when they are intended to be user modifiable as per the data dictionary .m file.
Deviations exist in the naming conventions for all of Function level and Module level variables from regular EA4 naming conventions.

Known Limitations with Design

None.

UNIT TEST CONSIDERATION

Please refer Init.txt file in the FDD design: DF002A_Swp_Design for initial values of Function level and Module level variables.
For DFs, it was decided to use the module level variables in place of PIMs defined in the FDD (PIM section of .m file), This is a deviation from regular EA4 process.
All of the given PIMs from .m file are either defined as of Function level variables (if used in only one function) or Module level variables (if used in more than one function) in DFs.
Each of the Function level and Module level variables shall be volatile only when they are intended to be user modifiable as per the data dictionary .m file.
Deviations exist in the naming conventions for all of Function level and Module level variables from regular EA4 naming conventions.

Abbreviations and Acronyms

Abbreviation or Acronym	Description

Glossary

ISO 9000
ISO/IEC 12207
ISO/IEC 15504
Automotive SPICE® Process Reference Model (PRM)
Automotive SPICE® Process Assessment Model (PAM)
ISO/IEC 15288
ISO 26262
IEEE Standards
SWEBOK
PMBOK
Existing Nexteer Automotive documentation

Term	Definition	Source
MDD	Module Design Document
DFD	Data Flow Diagram

References

Ref. #	Title	Version
1	AUTOSAR Specification of Memory Mapping (Link:AUTOSAR_SWS_MemoryMapping.pdf)	v1.3.0 R4.0 Rev 2
2	MDD Guideline	EA4 01.00.00
3	Software Naming Conventions.doc	1.0
4	Software Design and Coding Standards.doc	2.0
5	FDD: SF002A_Swp_Design	See Synergy SubProject version