Sr. No.	Title	Version
1	EA4 Software Naming Conventions	01.01.00
2	Software Design and Coding Standards	2.1
3	ES252A_RvsBattProtn_Design	See Synergy Sub Project Version

Dependencies

SWCs

Module	Required Feature
None	N/A

Note : Referencing the external components should be avoided in most cases. Only in unavoidable circumstance external components should be referred. Developer should track the references.

Global Functions(Non RTE) to be provided to Integration Project

None

Configuration REQUIREMeNTS

Build Time Config

Modules	Notes
None

Configuration Files to be provided by Integration Project

RvsBattProtn_Cfg.h

Da Vinci Parameter Configuration Changes

Parameter	Notes	SWC
RVSBATTPROTN_FAILSTEP_CNT_U16 (/Nexteer/ RvsBattProtn/ RvsBattProtnGeneral/ FAILSTEP)	Debounce NTC set strategy step towards FAIL status	RvsBattProtn
RVSBATTPROTN_GNDMEASDVLTGHILIMN_VOLT_F32 (/Nexteer/ RvsBattProtn/ RvsBattProtnGeneral/ GNDMEASDVLTGHILIMN)	Maximum allowed signal level for ground related measures	RvsBattProtn
RVSBATTPROTN_GNDMEASDVLTGLOLIMN_VOLT_F32 (/Nexteer/ RvsBattProtn/ RvsBattProtnGeneral/ GNDMEASDVLTGLOLIMN)	Minimum allowed signal level for ground related measures	RvsBattProtn
RVSBATTPROTN_PASSSTEP_CNT_U16 (/Nexteer/ RvsBattProtn/ RvsBattProtnGeneral/ PASSSTEP)	Debounce NTC set strategy step towards PASS status	RvsBattProtn
RVSBATTPROTN_RTNMEASDVLTGHILIMN_VOLT_F32 (/Nexteer/ RvsBattProtn/ RvsBattProtnGeneral/ RTNMEASDVLTGHILIMN)	Maximum allowed signal level for battery return related measures	RvsBattProtn
RVSBATTPROTN_RTNMEASDVLTGLOLIMN_VOLT_F32 (/Nexteer/ RvsBattProtn/ RvsBattProtnGeneral/ RTNMEASDVLTGLOLIMN)	Minimum allowed signal level for battery return related measures	RvsBattProtn
RVSBATTPROTN_RVSFLTTHD_VOLT_F32 (/Nexteer/ RvsBattProtn/ RvsBattProtnGeneral/ RVSFLTTHD)	Threshold level for detection of MOSFET malfunction	RvsBattProtn

DaVinci Interrupt Configuration Changes

ISR Name	VIM #	Priority Dependency	Notes
None

Manual Configuration Changes

Constant	Notes	SWC
None

Integration DATAFLOW REQUIREMENTS

Required Global Data Inputs

Refer DataDict.m file

Required Global Data Outputs

Refer DataDict.m file

Specific Include Path present

Runnable Scheduling

This section specifies the required runnable scheduling.

Init	Scheduling Requirements	Trigger
RvsBattProtnInit1	None	RTE (Init)

Runnable	Scheduling Requirements	Trigger
RvsBattProtnPer1	None	RTE(10ms)

Memory Map REQUIREMENTS

Mapping

Memory Section	Contents	Notes
RvsBattProtn_START_SEC_CODE	Code

* Each …START_SEC… constant is terminated by a …STOP_SEC… constant as specified in the AUTOSAR Memory Mapping requirements.

Usage

Feature	RAM	ROM
N/A

Table 1: ARM Cortex R4 Memory Usage

NvM Blocks

*See DataDict.m

Compiler Settings

Preprocessor MACRO

None

Optimization Settings

None

Appendix

None

2 - RvsBattProtn_MDD

Module Design Document

For

RvsBattProtn

October 16, 2017

Prepared For:

Software Engineering

Nexteer Automotive,

Saginaw, MI, USA

Prepared By:

Software Group,

Nexteer Automotive,

Saginaw, MI, USA
Change History

Description	Author	Version	Date
Initial Version	Krzysztof Byrski	1	16-Oct-2017

Table of Contents

1 Introduction 4

1.1 Purpose 4

1.2 Scope 4

2 RvsBattProtn & High-Level Description 5

3 Design details of software module 6

3.1 Graphical representation of RvsBattProtn 6

3.2 Data Flow Diagram 6

3.2.1 Component level DFD 6

3.2.2 Function level DFD 6

4 Constant Data Dictionary 7

4.1 Program (fixed) Constants 7

4.1.1 Embedded Constants 7

5 Software Component Implementation 8

5.1 Sub-Module Functions 8

5.1.1 Init: RvsBattProtn_Init<n> 8

5.1.2 Per: RvsBattProtn_Per<n> 8

5.2 Server Runables 8

5.2.1 <Server Runable Name> 8

5.3 Interrupt Functions 9

5.3.1 Interrupt Function Name 9

5.4 Module Internal (Local) Functions 9

5.4.1 Local Function #1 9

5.5 GLOBAL Function/Macro Definitions 9

5.5.1 GLOBAL Function #1 9

6 Known Limitations with Design 11

7 UNIT TEST CONSIDERATION 12

Appendix A Abbreviations and Acronyms 13

Appendix B Glossary 14

Appendix C References 15

Introduction

Purpose

Module Design Document for ES252A_RvsBattProtn_Impl

Scope

The following definitions are used throughout this document:

Shall: indicates a mandatory requirement without exception in compliance.
Should: indicates a mandatory requirement; exceptions allowed only with documented justification.
May: indicates an optional action.

RvsBattProtn & High-Level Description

Refer FDD.

Design details of software module

This module provides diagnostics of Reverse Battery Protection Module. Main task is to detect opened Reverse Protection MOSFET channel.

Graphical representation of RvsBattProtn

Data Flow Diagram

Refer FDD

Component level DFD

None

Function level DFD

None

Constant Data Dictionary

Program (fixed) Constants

Embedded Constants

Local Constants

Constant Name	Resolution	Units	Value
RVSBATTPROTN_FLTTYPADCFAILD_CNT_U08	1	Cnt	4
RVSBATTPROTN_FLTTYPOOR_CNT_U08	1	Cnt	2
RVSBATTPROTN_FLTTYPRVSFLT_CNT_U08	1	Cnt	1

Software Component Implementation

Sub-Module Functions

The sub-module functions are grouped based on similar functionality that needs to be executed in a given “State” of the system (refer States and Modes). For a given module, the MDD will identify the type and number of sub-modules required. The sub-module types are described below.

Init: RvsBattProtnInit1

Design Rationale

Refer FDD

Module Outputs

Refer FDD

Per: RvsBattProtnPer1

Design Rationale

Refer FDD

Store Module Inputs to Local copies

Refer FDD

(Processing of function)………

Refer FDD

Store Local copy of outputs into Module Outputs

Refer FDD

Server Runables

None

Interrupt Functions

None

Module Internal (Local) Functions

None

GLOBAL Function/Macro Definitions

None

Known Limitations with Design

None

UNIT TEST CONSIDERATION

This component uses config params for some configurable constants. However for testing these in PIL/SIL, please use the following strategy:

Rename the RvsBattProtn_Cfg_PIL.h file in tools/local/include folder to RvsBattProtn_Cfg.h
Replace the RvsBattProtn_Cfg.h file in tools/local/generate folder with the above file.

Now, Tessy must be able to modify the values of these config params. We should then test them with the range that is given in their definition in the DataDict.m file.

Abbreviations and Acronyms

Abbreviation or Acronym	Description
FDD	Functional Design Document. (See references)

Glossary

Note: Terms and definitions from the source “Nexteer Automotive” take precedence over all other definitions of the same term. Terms and definitions from the source “Nexteer Automotive” are formulated from multiple sources, including the following:

ISO 9000
ISO/IEC 12207
ISO/IEC 15504
Automotive SPICE® Process Reference Model (PRM)
Automotive SPICE® Process Assessment Model (PAM)
ISO/IEC 15288
ISO 26262
IEEE Standards
SWEBOK
PMBOK
Existing Nexteer Automotive documentation

Term	Definition	Source
MDD	Module Design Document
DFD	Data Flow Diagram

References

Ref. #	Title	Version
1	AUTOSAR Specification of Memory Mapping (Link:AUTOSAR_SWS_MemoryMapping.pdf)	v1.4.0 R4.0 Rev 3
2	MDD Guideline EA4	01.00.01
3	EA4 Software Naming Conventions	01.01.00
4	Software Design and Coding Standards	2.1
5	ES252A_RvsBattProtn_Design	See Synergy Sub Project Version

3 - RvsBattProtn_Review

Overview

Summary Sheet
Synergy Project
Davinci Files
Source Code
MDD
PolySpace
Integration Manual

Sheet 1: Summary Sheet

Rev 1.2

8-Jun-15

Peer Review Summary Sheet

Synergy Project Name:

kzshz2: Intended Use: Identify which component is being reviewed. This should be the Module Short Name from Synergy Rationale: Required for traceability. It will help to ensure this form is not attaced to the the wrong change request. ES252A_RvsBattProtn_Impl

Revision / Baseline:

kzshz2: Intended Use: Identify which Synergy revision of this component is being reviewed Rationale: Required for traceability. It will help to ensure this form is not attaced to the the wrong change request. ES252A_RvsBattProtn_Impl_1.0.0

Change Owner:

kzshz2: Intended Use: Identify the developer who made the change(s) Rationale: A change request may have more than one resolver, this will help identify who made what change. Change owner identification may be required by indusrty standards. Krzysztof Byrski

Work CR ID:

EA4#14474

kzshz2: Intended Use: Intended to identify at a high level to the reviewers which areas of the component have been changed. Rationale: This will be good information to know when ensuring appropriate reviews have been completed. Modified File Types:

kzshz2: Intended Use: Identify who where the reviewers, what they reviewed, and if the reviewed changes have been approved to release the code for testing. Comments here should be at a highlevel, the specific comments should be present on the specific review form sheet. Rationale: Since this Form will be attached to the Change Request it will confirm the approval and provides feedback in case of audits. ADD DR Level Move reviewer and approval to individual checklist form Review Checklist Summary:

Reviewed:

Yes

MDD

Yes

Source Code

Yes

PolySpace

Yes

Integration Manual

Yes

Davinci Files

Comments:

General Guidelines:
- The reviews shall be performed over the portions of the component that were modified as a result of the Change Request.
- New components should include FDD Owner and Integrator as apart of the Group Review Board (Source Code, Integration Manual, and Davinci Files)
- Enter any rework required into the comment field and select No. When the rework is complete, review again using this same review sheet and select Yes. Add date and additional comment stating that the rework is completed.
- To review a component with multiple source code files use the "Add Source" button to create a Source code tab for each source file.
- .h file should be reviewed with the source file as part of the source file.

Sheet 2: Synergy Project

Peer Review Meeting Log (Component Synergy Project Review)

Quality Check Items:

Rationale is required for all answers of No

New baseline version name from Summary Sheet follows

Yes

Comments:

naming convention

ES252A_RvsBattProtn_Impl_1.0.0

Project contains necessary subprojects

Yes

Comments:

AR200A, AR201A, TL101A, TL103A, TL105A, TL109A

Project contains the correct version of subprojects

Yes

Comments:

Latest versions

Design subproject is correct version

Yes

Comments:

ES252A_RvsBattProtn_Design_1.0.0

General Notes / Comments:

LN: Intended Use: Identify who were the reviewers and if the reviewed changes have been approved. Rationale: Since this Form will be attached to the Change Request it will confirm the approval and provides feedback in case of audits. KMC: Group Review Level removed in Rev 4.0 since the design review is not checked in until approved, so it would always be DR4. Review Board:

Change Owner:

Krzysztof Byrski

Review Date :

10/18/2017

Lead Peer Reviewer:

Mateusz Bartocha

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 3: Davinci Files

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Davinci Review)

Quality Check Items:

Rationale is required for all answers of No

Only StdDef Port types are used

Yes

Comments:

For components not using application data types, do all

Yes

Comments:

port interface names end in PortIf and a sequence number

Non-program-specific components saved

Yes

Comments:

in Autosar 4.0.3 format

*Cfg.arxml.TT: Verfied Davinci Configurator imported the

N/A

Comments:

change correctly

Not integration project

*Cfg.h.TT: Verfied Davinci Configurator generates

N/A

Comments:

the configuration header(s) file correctly

kzshz2: Either a generic sandbox or a baselined integration project can be used to verify

Not integration project

kzshz2: Either a generic sandbox or a baselined integration project can be used to verify

All changed files have been compared against previous

N/A

Comments:

versions (If available)

kzshz2: Intended Use: Identify if previous version was compared and only the expected change(s) was present. This is for text files only, not binary or GUIs Rationale: This is helpful in identifying unapproved (intended or mistaken) changes.

Initial version

Automated validation check is performed

Yes

Comments:

Naming conventions followed. All names should

Yes

Comments:

match DataDict.m

Sender/Receiver port properties match DataDict.m

Yes

Comments:

file (use .m file helper tool)

Calibration port properties match DataDict.m

N/A

Comments:

file (use .m file helper tool)

No calibrations used

Components using application data types:

Sender/Receiver port initialization values match

N/A

Comments:

DataDict.m file

Application data types has not been used

Calibration port initialization values match

N/A

Comments:

DataDict.m file

Application data types has not been used

Components not using application data types:

Sender/Receiver port initialization values match

Yes

Comments:

DataDict.m file and have been converted to counts

for fixed point types

Calibration port initialization values match

Yes

Comments:

DataDict.m file and have been converted to counts

No calibrations used

for fixed point types

Mapping set and all unused items have been

Yes

Comments:

removed

All sender/receiver port read/writes using direct

Yes

Comments:

read/writes(List justification if not)

Runnable calling frequencies match FDD

Yes

Comments:

DataDict.m display variables: created as

Yes

Comments:

PerInstanceMemory. Matches the FDD

Component is correct component type

Yes

Comments:

General Notes / Comments:

Change Owner:

Krzysztof Byrski

Review Date :

10/18/2017

Component Type :

Application

Lead Peer Reviewer:

Mateusz Bartocha

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 4: Source Code

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Source Code Review)

Source File Name:

RvsBattProtn.c

Source File Revision:

Header File Name:

Header File Revision:

kzshz2: Intended Use: Identify which version of the source file is being review. Rationale: Required for traceability between source code and review. Auditors will likely require this. -

MDD Name:

RvsBattProtn_MDD.docx

Revision:

FDD/SCIR/DSR/FDR/CM Name:

ES252A_RvsBattProtn_Design

Revision:

1.0.0

Quality Check Items:

Rationale is required for all answers of No

Working EA4 Software Naming Convention followed:

for variable names

Yes

Comments:

for constant names

Yes

Comments:

for function names

Yes

Comments:

for other names (component, memory

Yes

Comments:

mapping handles, typedefs, etc.)

All paths assign a value to outputs, ensuring

Yes

Comments:

all outputs are initialized prior to being written

Requirements Tracability tags in code match the requirements tracability in the FDD

N/A

Comments:

requirements tracability in the FDD

N/A for EA4

All variables are declared at the function level.

Yes

Comments:

Synergy version matches change history

kzshz2: Intended Use: Indicate that the the versioning was confirmed by the peer reviewer(s). Rationale: There have been many occassions where versions were not updated in files and as a result Unit Test were referencing wrong versions. This often time leads to the need to re-run of batch tests.

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

N/A

Comments:

and Work CR number

Initial version

Code accurately implements FDD (Document or Model)

Yes

Comments:

Verified no Compiler Errors or Warnings

KMC: Intended Use: To confirm no compiler errors or warnings exist for the code under review (warnings from contract header files may be ignored). Rationale: This is needed to ensure there will be no errors discovered at the time of integration. A Sandox project should be used; QAC can find compiler errors but not warnings.

Yes

Comments:

Component.h is included

N/A

Comments:

All other includes are actually needed. (System includes

Yes

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Version:

Code comments are clear, correct, and adequate

Yes

Comments:

and have been updated for the change: [N40] and

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

Yes

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Yes

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Memory mapping for non-RTE code

N/A

Comments:

is per standard

All execution-order-dependent code can be

Yes

Comments:

recognized by the compiler: [N80]

All loops have termination conditions that ensure

N/A

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

N/A

Comments:

if needed: [N65]

All integer division and modulus operations

N/A

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

N/A

Comments:

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsiged conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

N/A

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

N/A

Comments:

null pointer if needed: [N70]

Component outputs are limited to the legal range

N/A

Comments:

defined in the FDD DataDict.m file : [N53]

All code is mapped with FDD (all FDD

Yes

Comments:

subfunctions and/or model blocks identified

with code comments; all code corresponds to

some FDD subfunction and/or model block): [N40]

Review did not identify violations of other

Yes

Comments:

coding standard rules

Anomaly or Design Work CR created

Yes

Comments: List Anomaly or CR numbers

for any FDD corrections needed

General Notes / Comments:

Change Owner:

Krzysztof Byrski

Review Date :

10/18/2017

Lead Peer Reviewer:

Mateusz Bartocha

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 5: MDD

Rev 1.2

8-Jun-15

Peer Review Meeting Log (MDD Review)

MDD Name:

RvsBattProtn_MDD.docx

MDD Revision:

Source File Name:

RvsBattProtn.c

Source File Revision:

Source File Name:

Source File Revision:

Source File Name:

Source File Revision:

Quality Check Items:

Rationale is required for all answers of No

Synergy version matches document

Yes

Comments:

Change log contains detailed description of changes

N/A

Comments:

Initial version

Changes Highlighted (for Unit Tester)

N/A

Comments:

Initial version

Diagrams have been included per MDD Guideline

Yes

Comments:

and reviewed

All Design Exceptions and Limitations are listed

Yes

Comments:

Design rationale given for all global

Yes

Comments:

data not communicated through RTE ports, per

Design and Coding Standards rules [N9] and [N10].

All implementation details that differ from the FDD are

Yes

Comments:

noted and explained in Design Rationale

All Unit Test Considerations have been described

Yes

Comments:

General Notes / Comments:

Change Owner:

Krzysztof Byrski

Review Date :

10/18/2017

Lead Peer Reviewer:

Mateusz Bartocha

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 6: PolySpace

Rev 1.2

8-Jun-15

Peer Review Meeting Log (QAC/PolySpace Review)

Source File Name:

RvsBattProtn.c

Source File Revision:

Source File Name:

Source File Revision:

Source File Name:

Source File Revision:

EA4 Static Analysis Compliance Guideline version:

01.02.00

Poly Space version:

Windows User: eg. 2013b 2013b

Polyspace sub project version:

Windows User: eg. TL108a_PolyspaceSuprt_1.0.0 TL108A_PolyspaceSuprt_2.0.1

QAC version:

Windows User: eg 8.1.1-R N/A

QAC sub project version:

Windows User: eg. TL_100A_1.1.0 N/A

Quality Check Items:

Rationale is required for all answers of No

Contract Folder's header files are appropriate and

kzshz2: Intended Use: Identify that the contract folder contains only the information required for this component. All other variables, constants, function prototypes, etc. should be removed. Rationale: This will help avoid unit testers having to considers object not used. It will also avoid having other files required for QAC.

Yes

Comments:

function prototypes match the latest component version

100% Compliance to the EA4 Static Analysis

Yes

Comments:

Compliance Guideline

Are previously added justification and deviation

N/A

Comments:

comments still appropriate

Initial version

Do all MISRA deviation comments use approved

Yes

Comments:

deviation tags

Cyclomatic complexity and Static path count OK

Creager, Kathleen: use Browse Function Metrics, STCYC and STPTH

Yes

Comments:

for all functions in the component per Design

Cyclomatic complexity: 5, static path: 8.

and Coding Standards rule [N47]

General Notes / Comments:

Change Owner:

Krzysztof Byrski

Review Date :

10/18/2017

Lead Peer Reviewer:

Mateusz Bartocha

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 7: Integration Manual

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Integration Manual Review)

Integration Manual Name:

kzshz2: Intended Use: Identify which file is being reviewed Rationale: Required for traceability. It will help to ensure this sheet is not attached to the wrong design review form. RvsBattProtn_IntegrationManual.doc

Integration Manual Revision:

kzshz2: Intended Use: Identify which version of the integration manual has been reviewed. Rationale: Required for traceability between the MDD and review. Auditors will likely require this. 1

Quality Check Items:

Rationale is required for all answers of No

Synergy version matches header

Yes

Comments:

Latest template used

Yes

Comments:

Change log contains detailed description of changes

N/A

Comments:

Initial version

Changes Highlighted (for Integrator)

N/A

Comments:

Initial version

General Notes / Comments:

Change Owner:

Krzysztof Byrski

Review Date :

10/18/2017

Lead Peer Reviewer:

Mateusz Bartocha

Approved by Reviewer(s):

Yes

Other Reviewer(s):