Sr. No.	Title	Version
1	FDD – CM102B FlsMem	See Synergy subproject version
2	Software Naming Conventions	Process 04.04.02
3	Software Coding Standards	Process 04.04.02

Dependencies

SWCs

Module	Required Feature
AR202A MicroCtrlrSuprt	NxtrMcuSuprtLib functions and register definitions
CM800A SyncCrc	CRC HW Module Configuration and Allocation

Note : Referencing the external components should be avoided in most cases. Only in unavoidable circumstance external components should be referred. Developer should track the references.

Global Functions(Non RTE) to be provided to Integration Project

DtsInin - To be defined as a trusted function as the DTS Channel master registers need to be configured in the supervisor mode.

DtsClnUp - To be defined as a trusted function as the DTS registers are being re-configured in the supervisor mode to avoid access protection violation

CodFlsSngBitEcc – Single bit code flash ECC error handler call back function provided to the MCAL driver

Configuration REQUIREMeNTS

Build Time Config

Modules	Notes

Configuration Files to be provided by Integration Project

CDD_FlsMem_Cfg.c

CDD_FlsMem_Cfg_private.h

Da Vinci Parameter Configuration Changes

Parameter	Notes	SWC

/Nexteer/FlsMem/FlashCRCRegnConfig/ StartAddress	Configured with “FlashCRCRegnConfig” Each Flash region(for eg:- Boot, App, Cal1) has a start address where the code resides on the flash	FlsMem
/Nexteer/FlsMem/FlashCRCRegnConfig/Length	Configured with “FlashCRCRegnConfig” Each Flash region has a length defined for the region	FlsMem
/Nexteer/FlsMem/FlashCRCRegnConfig/PredefinedCrcAddress	Configured with “FlashCRCRegnConfig” Each Flash region has a PredefinedCrcAddress defined for the region which is used by the CCT tool for storing the checksum on the flash and serves as the reference location to retrieve the pre calculated CRC and do a comparison with calculated CRC	FlsMem
/Nexteer/FlsMem/FlashCRCRegnConfig/LengthSymbol	Configured with “FlashCRCRegnConfig” Each Flash region has a length defined for the region and accepts linker symbols	FlsMem
/Nexteer/FlsMem/FlashCRCRegnConfig/PredefinedCrcAddressSymbol	Configured with “FlashCRCRegnConfig” Each Flash region has a PredefinedCrcAddress defined for the region which is used by the CCT tool for storing the checksum on the flash and serves as the reference location to retrieve the pre calculated CRC and do a comparison with calculated CRC and accepts linker symbols	FlsMem
/Nexteer/FlsMem/FlashCRCRegnConfig/StartingAddressSymbol	Configured with “FlashCRCRegnConfig” Each Flash region(for eg:- Boot, App, Cal1) has a start address where the code resides on the flash and accepts linker symbol	FlsMem
/Nexteer/FlsMem/FlashCRCRegnConfig/UseSymbolName	Configured with “FlashCRCRegnConfig” to select either the symbol names or the actual values	FlsMem
/Renesas/EcucDefs_Mcu/Mcu/McuModuleConfiguration /McuEcmErrorSourcesCfg/McuEcmErrorSource36	Call back function name is “CodFlsSngBitEcc”. Refer the CM104A Integration manual for the configuration of the error source. (Type of the error, classification of the error eg FENMI or EI information) .
/Nexteer/FlsMem/ApplCRCRegnIdx/ApplCrcRegnNr	The array Index for the application region CRC region definition	FlsMem

DaVinci Interrupt Configuration Changes

ISR Name	VIM #	Priority Dependency	Notes

Manual Configuration Changes

Constant	Notes	SWC
None

Integration DATAFLOW REQUIREMENTS

Required Global Data Inputs

None

Required Global Data Outputs

None

Specific Include Path present

Yes

Runnable Scheduling

This section specifies the required runnable scheduling.

Init	Scheduling Requirements	Trigger
FlsMemInit1	None	Once At Init (RTE)
FlsMemInit2	Non-RTE Init, Called in Startup Sequence*	Function call in Startup Sequence

Runnable	Scheduling Requirements	Trigger
FlsMemPer1	None	100ms(RTE)

*“FlsMemInit2” shall schedule after OS Start – Refer CM100 Start up sequence.

PEG shall be configured before “FlsMemInit2”.

CrcHw Init shall be scheduled before “FlsMemInit2”.

FlsMemInit1 should be called before DiagcMgrInit1

Memory Map REQUIREMENTS

Mapping

Memory Section	Contents	Notes
CDD_FlsMem_START_SEC_CODE
CDD_FlsMem_START_SEC_CONST_UNSPECIFIED		Constant section for constant variable
CDD_FlsMemNonRte_START_SEC_VAR_INIT_128	Data that a DMA channel writes to during CRC test	This gets mapped to a “.data_dma_128” section and/or a “.sdata_dma_128” section (depending on compiler settings) that will need to be explicitly added to the linker file. The intent of these sections is to be placed in a RAM memory section that only the DMA has write access to (processor in user mode only has read access). Additionally, since these are initialized data sections, the appropriate ROM sections will need to be added to the linker to allow initial values to be copied from Flash to RAM during startup for these sections. e.g.: .ROM_data_dma_128 ROM(.data_dma_128) FILL(0xFF) :{}>. and .ROM_sdata_dma_128 ROM(.sdata_dma_128) FILL(0xFF) :{}>.

* Each …START_SEC… constant is terminated by a …STOP_SEC… constant as specified in the AUTOSAR Memory Mapping requirements.

Usage

Feature	RAM	ROM

Table 1: ARM Cortex R4 Memory Usage

NvM Blocks

None

Compiler Settings

Preprocessor MACRO

None

Optimization Settings

None

Appendix

2 - FlsMem Module Design Document

Module Design Document

For

FlsMem

Dec 07 , 2017

Prepared For:

Software Engineering

Nexteer Automotive,

Saginaw, MI, USA

Prepared By:

Software Group,

Nexteer Automotive,

Saginaw, MI, USA
Change History

Description	Author	Version	Date
Initial Version	Avinash James	1.0	11/12/2017
Updated unit test consideration	Avinash James	2.0	12/07/2017

Table of Contents1 Introduction 5

1.1 Purpose 5

1.2 Scope 5

2 FlsMem & High-Level Description 6

3 Design details of software module 7

3.1 Graphical representation of FlsMem 7

3.2 Data Flow Diagram 7

3.2.1 Component level DFD 7

3.2.2 Function level DFD 7

4 Constant Data Dictionary 8

4.1 Program (fixed) Constants 8

4.1.1 Embedded Constants 8

5 Variable Data Dictionary 9

5.1 User defined typedef definition/declaration 9

5.2 Variable definition for enumerated types 9

6 Software Component Implementation 10

6.1 Sub-Module Functions 10

6.1.1 Init: FlsMemInit1 10

6.1.1.1 Design Rationale 10

6.1.1.2 Module Outputs 10

6.1.2 Init: FlsMemInit2 10

6.1.2.1 Design Rationale 10

6.1.2.2 Module Outputs 10

6.1.3 Per: FlsMemPer2 10

6.1.3.1 Design Rationale 10

6.1.3.2 Store Module Inputs to Local copies 10

6.1.3.3 (Processing of function)……… 10

6.1.3.4 Store Local copy of outputs into Module Outputs 10

6.2 Server Runnables 11

6.3 Interrupt Functions 11

6.4 Module Internal (Local) Functions 11

6.4.1 Local Function #1 11

6.4.1.1 Design Rationale 11

6.4.1.2 Processing 11

6.5 GLOBAL Function/Macro Definitions 11

6.5.1 DTSInit 11

6.5.1.1 Design Rationale 11

6.5.1.2 Processing 14

6.5.2 DTSClnUp 14

6.5.2.1 Design Rationale 14

6.5.2.2 Processing 14

7 Known Limitations with Design 15

8 UNIT TEST CONSIDERATION 16

Appendix A Abbreviations and Acronyms 17

Appendix B Glossary 18

Appendix C References 19

Introduction

Purpose

Scope

The following definitions are used throughout this document:

Shall: indicates a mandatory requirement without exception in compliance.
Should: indicates a mandatory requirement; exceptions allowed only with documented justification.
May: indicates an optional action.

FlsMem & High-Level Description

See FDD

Design details of software module

Graphical representation of FlsMem

Data Flow Diagram

Component level DFD

See FDD

Function level DFD

See FDD

Constant Data Dictionary

Program (fixed) Constants

Embedded Constants

Local Constants

Constant Name	Resolution	Units	Value
CPU1PEID_CNT_U32	1	uint32	0x01U
CODFLSTOCRCSPID_CNT_U32	1	uint32	0x04U
CRCTOLCLRAMSPID_CNT_U32	1	uint32	0x03U
USRMODDIS_CNT_U32	1	uint32	0x00U
FLSBLKLEN_CNT_U32	1	uint32	0x0003FFFCU
DTSDATALEN_CNT_U32	1	uint32	4U
CRCCHKMAXALLWDTI_CNT_U32	1	uint32	2000
MAXNROFDTSCH_CNT_U32	1	uint32	32
TOUTCRCCALCN_CNT_U08	1	uint08	0xFFU
READADRCASE0_CNT_U08	1	uint08	0
READADRCASE1_CNT_U08	1	uint08	1
READADRCASE2_CNT_U08	1	uint08	2
READADRCASE3_CNT_U08	1	uint08	3
ERRADRMASK_CNT_U32	1	Uint32	((uint32)0x80UL)
NROFADRCHK_CNT_U08	1	uint08	((uint8)4U)

Variable Data Dictionary

User defined typedef definition/declaration

<This section documents any user types uniquely used for the module.>

Typedef Name	Element Name	User Defined Type	Legal Range (max)
FlsCrcCfgBlkRec	CrcFlsBlkStrtAdr	uint32	0xFFFFFFFFH
	CrcFlsBlkLen	uint32	0xFFFFFFFFH
	PreCalcnCrcFlsAdr	uint32	0xFFFFFFFFH

FlsCrcCfgBlkRec

CrcFlsBlkStrtAdr

uint32

0xFFFFFFFFH

CrcFlsBlkLen

uint32

0xFFFFFFFFH

PreCalcnCrcFlsAdr

uint32

0xFFFFFFFFH

Variable definition for enumerated types

Enum Name	Element Name	Value
<(Name given for the user defined typdef of type struct/union) (Variable name qualified in refer[2])>	<(Variable name qualified Refer[2])>	<Define the value >

<(Name given for the user defined typdef of type struct/union)

(Variable name qualified in refer[2])>

<(Variable name qualified Refer[2])>

Software Component Implementation

Sub-Module Functions

Init: FlsMemInit1

Design Rationale

Function to return the application region CRC to Diag Manager

Module Outputs

None

Init: FlsMemInit2

Design Rationale

The FlsMemInit2 function is a non RTE function which shall be called to set up the DTS configuration for the Flash CRC check. The DTS channel configuration has to be applied only when the system is waking up from a Power On Reset or after a flash programming reset. In such a scenario a Hardware CRC unit is allocated by function call to the CRC module and once a hardware assignment is successful, the DTS channels are configured for chaining for the entire definition of the flash blocks (Boot, App, Cal1, Cal2 etc.). Record the time when the DTS transfer is initiated so that a check on a timeout can be made in the periodic function where a maximum timeout of 200 ms is checked for

This function shall be called in the startup sequence. Hence it is a non RTE function

See FDD for more.

Module Outputs

None

Per: FlsMemPer1

Design Rationale

See FDD

Store Module Inputs to Local copies

Refer to FDD

(Processing of function)………

Refer to FDD

Store Local copy of outputs into Module Outputs

Refer to FDD

Server Runnables - CodFlsSngBitEcc

Design Rationale

See FDD

Store Module Inputs to Local copies

Refer to FDD

(Processing of function)………

Refer to FDD

Store Local copy of outputs into Module Outputs

Refer to FDD

Interrupt Functions

None

Module Internal (Local) Functions

Local Function #1

Function Name	(Exact name used)	Type	Min	Max
Arguments Passed	None	<Refer MDD guidelines[1]>	<Refer MDD guidelines[1]>	<Refer MDD guidelines[1]>

Return Value

Design Rationale

Processing

GLOBAL Function/Macro Definitions

DtsInin

Function Name	DTSInit	Type	Min	Max
Arguments Passed	CrcHwIdxInReg	uint32	0	0xFFFFFFFF
	CrcHwIdxOutReg	uint32	0	0xFFFFFFFF
Return Value	None

Design Rationale

Trusted function that performs all register initialization from the CM102B_FlsMem_DTSPeripheralCfg.xlsx spreadsheet in the FDD. The DTSMstrCfg channel master registers can be written only in supervisor mode. After the Channel master register for a given channel has been written, the selected Processor Element can write to that channel’s registers. However, for simplicity, all DTS register initialization and chaining is being done in one trusted function.

The chaining is done in the following manner

Consider the first flash region to have the CRC calculated
Calculate the number of DTS chains required for the length of the CRC region. Each DTS channel can address up to a maximum of 0x3FFFC bytes of data (0xFFFF maximum transfer count multiplied by 4 bytes of data in each transfer).

Hence number of channel is equal to Region length/0x3FFFC + {1} if (Region length % 0x3FFFC is non zero)

Clear the DTS Transfer flag to make sure no pending requests are present for all the used channels
Configure the DTS channels starting from 0 using the configuration defined as per CM102B_FlsMem_DTSPeripheralCfg.xlsx for the above calculated number of chains
Configure the next DTS channel to transfer the CRC result from CRC HW output register to Per Instance Memory
Configure the next DTS channel to transfer zero value to the CRC HW output register to clear the output register to continue with next flash region operation
Repeat Step 1 thru 5 for all the flash regions(Boot, App, Cal1, Cal2 etc) The definition of the flash region is in the generated file CDD_FlsMem_Cfg.c which takes inputs defined in the Vector configurator Tool
Disable chaining on the last channel
Enable the Interrupt on the second last channel
Clear the interrupt status register which shall be monitored in the periodic
Start the DTS transfer

Processing

DtsClnUp

Function Name	DTSClnUp	Type	Min	Max
Arguments Passed	None

Return Value	None

Design Rationale

None

Processing

None

Known Limitations with Design

We have made use of a static constant global variable (static const uint32 CrcClrData_M = 0U) for the purpose of clearing the CRC hardware as mentioned in the FDD in the function FlsMemInit2.

Also the result array (HwCrcCalcdRes_C[8]) has been also declared as a global array for the purpose of DTS write access in the Dma Write MemMap memory map section

There is a polyspace warning which exist showing the array DTSMstrCfg could go out of bounds. However, we have considered the fact that we wouldn’t need more than 32 channels of DTS registers and hence this is not a functional problem .

UNIT TEST CONSIDERATION

Register file definitions are in the P1Xc/include folder of AR202A since this component is designed for P1X-c micro.

Abbreviations and Acronyms

Abbreviation or Acronym	Description

Glossary

Note: Terms and definitions from the source “Nexteer Automotive” take precedence over all other definitions of the same term. Terms and definitions from the source “Nexteer Automotive” are formulated from multiple sources, including the following:

ISO 9000
ISO/IEC 12207
ISO/IEC 15504
Automotive SPICE® Process Reference Model (PRM)
Automotive SPICE® Process Assessment Model (PAM)
ISO/IEC 15288
ISO 26262
IEEE Standards
SWEBOK
PMBOK
Existing Nexteer Automotive documentation

Term	Definition	Source
MDD	Module Design Document
DFD	Data Flow Diagram

References

Ref. #	Title	Version
1	AUTOSAR Specification of Memory Mapping (Link:AUTOSAR_SWS_MemoryMapping.pdf)	v1.3.0 R4.0 Rev 2
2	MDD Guideline	EA4 01.00.00
3	Software Naming Conventions.doc	1.0
4	Software Design and Coding Standards.doc	2.1
5	CM102B_FlsMem_Design	See Synergy Sub project version

3 - FlsMem Peer Review Checklists

Overview

Summary Sheet
Synergy Project
Source Code-CDD_FlsMemNonRte.c
Source Code-CDD_FlsMem_Cfg.c
Source Code-CDD_FlsMem.c
PolySpace

Sheet 1: Summary Sheet

Rev 2.00

29-Nov-17

Nexteer SWC Implementation Peer Review Summary Sheet

Component Short Name:

Windows User: Intended Use: Identify which component is being reviewed. This should match the component short name from the DataDict.m fileand the middle part of the Synergy project name, e.g. Assi for the SF001A_Assi_Impl Synergy project

FlsMem

Revision / Baseline:

Windows User: Intended Use: Identify the implementation baseline name intended to be used for the changed component when changes are approved E.g. SF001A_Assi_Impl_1.2.0

CM102B_FlsMem_Impl_1.2.0

Change Owner:

Windows User: Intended Use: Identify the developer who made the change(s) being reviewed

Avinash James

Work CR ID:

Windows User: Intended Use: Identify the Implementation Work CR whose work is being reviewed (may be more than one)

EA4#21563

kzshz2: Intended Use: Intended to identify at a high level to the reviewers which areas of the component have been changed. Rationale: This will be good information to know when ensuring appropriate reviews have been completed. Modified File Types:

Check the file types that needed modification for the Work CR(s); macros for the check boxes will populate the appropriate checklist tabs for the review.

kzshz2: Intended Use: Identify who where the reviewers, what they reviewed, and if the reviewed changes have been approved to release the code for testing. Comments here should be at a highlevel, the specific comments should be present on the specific review form sheet. Rationale: Since this Form will be attached to the Change Request it will confirm the approval and provides feedback in case of audits. ADD DR Level Move reviewer and approval to individual checklist form Review Checklist Summary:

Reviewed:

At start of review, all items below should be marked "No". At the end of the review, all items should be marked "Yes" or "N/A" where N/A indicates the reviewers have reviewed the existing (unchanged) item and confirmed no updates were needed for the Work CR(s).

N/A

MDD

N/A

Source Code

N/A

PolySpace

N/A

Integration Manual

N/A

Davinci Files

Comments:

The component is being baselined without the formal review process due to timing constraints.

Approved devaition by Lonnie Newton

General Guidelines:
- The reviews shall be performed over the portions of the component that were modified as a result of the Change Request.
- New components should include SWC Owner and/or SWC Design author and Integrator and/or SW Lead as apart of the Group Review Board (Source Code, Integration Manual, and Davinci Files)
- Enter any rework required into the comment field and select No. When the rework is complete, review again using this same review sheet and select Yes. Add date and additional comment stating that the rework is completed.
- To review a component with multiple source code files use the "Add Source" button to create a Source code tab for each source file.
- .h file should be reviewed with the source file as part of the source file.

Each peer review shall start with a clean copy of the latest peer review checklist template. Before the peer review, the change owner shall:
o Review the previous component peer review and copy any relevant comments to the new review sheet.
o Review all checklist items and make all corrections needed, so that the component is ready for peer review. The expectation is that peer review should find very few issues,
because the change owner has already used the checklist to ensure the component changes are complete and correct.
o Fill in all file name and version information as needed on peer review checklist tabs (file names may be copied from the previous peer review where appropriate)
o Fill in checklist answers (Yes/No/NA pulldowns) ONLY on those items which are NA for the current change. All other checklist items should be blank going into the review
meeting.

During the peer review meeting:
o For each page of the review, first review the items already marked as N/A for this change, to confirm that reviewers agree with this assessment; change the checklist box to
blank if it is found that the item does apply.
o Then review the items with the checklist box blank. After reviewing each of these items, the checklist box will be marked as "Yes", or the checklist box will be marked as
"No" with needed rework indicated or with rationale indicated.
o If any items are marked "No" with rationale indicated, this must be approved by a software supervisor or the software manager; there is a line in the "Review Board" section
of each tab to indicate who approved the "No" items on that tab.

Sheet 2: Synergy Project

Rev 2.00

29-Nov-17

Peer Review Meeting Log (Component Synergy Project Review)

Quality Check Items:

Rationale is required for all answers of No

New baseline version name from Summary Sheet follows

Yes

Comments:

naming convention

Project contains necessary subprojects

Yes

Comments:

Project contains the correct version of subprojects

Yes

Comments:

Design subproject is correct version

Yes

Comments:

.gpj file in tools folder matches .gpj generated by TL109 script

Yes

Comments:

File/folder structure is correct per documentation in

Yes

Comments:

TL109A_SwcSuprt

General Notes / Comments:

Review Board:

Change Owner:

Avinash James

Review Date :

12/08/17

Lead Peer Reviewer:

Shruthi R

Approved by Reviewer(s):

Other Reviewer(s):

Xin Liu

Rationale/justification for items marked "No" approved by:

Sheet 3: Source Code-CDD_FlsMemNonRte.c

Rev 2.00

29-Nov-17

Nexteer SWC Implementation Peer Review Meeting Log (Source Code Review)

Source File Name:

CDD_FlsMemNonRte.c

Source File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 1

Header File Name:

CDD_FlsMem.h

Header File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 1

Header File Name:

CDD_FlsMemNonRte_MemMap.h

Header File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 1

Header File Name:

NxtrDtsCh_RegDefns.h

Header File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 2

MDD Name:

FlsMem Module Design Document

Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 2

SWC Design Name:

CM102B_FlsMem_Design

Revision:

Windows User: Intended Use: For FDDs, list the Synergy baseline number (just the number part of the Synergy baseline name) of the FDD baseline being implemented. E.g., for SF001A_Assi_Design_1.3.1, this field would say "1.3.1" 1.1.0

Quality Check Items:

Rationale is required for all answers of No

EA4 Common Naming Convention followed:

Version:

EA4 Software Naming Convention followed:

Version:

for variable names

Yes

Comments:

for constant names

Yes

Comments:

for function names

Yes

Comments:

for other names (component, memory

Yes

Comments:

mapping handles, typedefs, etc.)

Verified no possibility of uninitialized variables being

Yes

Comments:

written to component outputs or IRVs

Any requirements traceability tags have been removed

Yes

Comments:

from at least the changed areas of code

All variables are declared at the function level.

Comments:

Constant moved to module level so that compiler

generates the const in flash.Component level variable for DMA mem mapped section only accessible in this component

Synergy version matches change history

kzshz2: Intended Use: Indicate that the the versioning was confirmed by the peer reviewer(s). Rationale: There have been many occassions where versions were not updated in files and as a result Unit Test were referencing wrong versions. This often time leads to the need to re-run of batch tests.

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Yes

Comments:

(including any anomaly number(s) being fixed) and

Work CR number

Code accurately implements SWC Design (Document or Model)

Yes

Comments:

in all areas where code was changed and/or Simulink

model was color-coded as changed and/or mentioned

in SWC Design change log. (This item includes looking at all

layers of Simulink model for possible color coding not

reflected at a higher level, and includes looking at any

intermediate SWC Design versions between the version being

implemented and the version that was included as a

subproject in the previous implementation.)

Code comparison against previous version matches

N/A

Comments:

changes needed as described by the work CR(s), all

Initial version

parent CRs and parent anomalies, and the SWC

Design change log.

Verified no Compiler Errors or Warnings

KMC: Intended Use: To confirm no compiler errors or warnings exist for the code under review (warnings from contract header files may be ignored). Rationale: This is needed to ensure there will be no errors discovered at the time of integration. A Sandox project should be used.

Yes

Comments:

(and verified for all possible combinations

of any conditionally compiled code)

Component.h is included

Yes

Comments:

All other includes are actually needed. (System includes

Yes

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Windows User: Intended Use: list version/revision of latest released Software Design and Coding Standards document. Version:2.1

Code comments are clear, correct, and adequate

Yes

Comments:

and have been updated for the change: [N40] and

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

Yes

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Yes

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Used for registers

Memory mapping for non-RTE code

Yes

Comments:

is per standard

All access of motor control loop data uses macros

N/A

Comments:

generated by the motor control manager

All loops have termination conditions that ensure

Yes

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

Yes

Comments:

if needed: [N65]

All integer division and modulus operations

N/A

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

N/A

Comments:

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsigned conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

N/A

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

N/A

Comments:

null pointer if needed: [N70]

Component outputs are limited to the legal range

Yes

Comments:

defined in the SWC Design DataDict.m file : [N53]

All code is mapped with SWC Design (all SWC

Yes

Comments:

Design subfunctions and/or model blocks identified

with code comments; all code corresponds to

some SWC Design subfunction and/or model block):

[N40]

Any other violations of design and coding

N/A

Comments:

standards noticed during the review are noted in the

comments section for rework.

Anomaly or Design Work CR created

N/A

Comments: List Anomaly or CR numbers

for any SWC Design corrections needed

General Notes / Comments:

For compilation, sandbox project had to be manually updated for special include paths that are not in the standard sandbox project for P1MC Micro _ Approved by Steve Horwarth 11/20/2017

Review Board:

Change Owner:

Avinash James

Review Date :

12/08/17

Lead Peer Reviewer:

Shruthi R

Approved by Reviewer(s):

SWC owner and/or
SWC Design author:

Comments:

Michal L

Integrator and or
SW lead:

Xin Liu

Comments:

Unit test co-ordinator:

Comments:

Other Reviewer(s):

Rationale/justification for items marked "No" approved by:

Sheet 4: Source Code-CDD_FlsMem_Cfg.c

Rev 2.00

29-Nov-17

Nexteer SWC Implementation Peer Review Meeting Log (Source Code Review)

Source File Name:

CDD_FlsMem_Cfg.c generated from CDD_FlsMem_Cfg.c.tt

Source File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 1

Header File Name:

CDD_FlsMem_Cfg_private.h (generated from CDD_FlsMem_Cfg_private.h.tt)

Header File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 1

Header File Name:

Header File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project)

MDD Name:

FlsMem Module Design Document

Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 2

SWC Design Name:

CM102B_FlsMem_Design

Revision:

Quality Check Items:

Rationale is required for all answers of No

EA4 Common Naming Convention followed:

Version:

EA4 Software Naming Convention followed:

Version:

for variable names

Yes

Comments:

for constant names

Yes

Comments:

for function names

N/A

Comments:

for other names (component, memory

Yes

Comments:

mapping handles, typedefs, etc.)

Verified no possibility of uninitialized variables being

N/A

Comments:

written to component outputs or IRVs

Any requirements traceability tags have been removed

Yes

Comments:

from at least the changed areas of code

All variables are declared at the function level.

Yes

Comments:

Synergy version matches change history

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Yes

Comments:

(including any anomaly number(s) being fixed) and

Work CR number

Code accurately implements SWC Design (Document or Model)

Yes

Comments:

in all areas where code was changed and/or Simulink

model was color-coded as changed and/or mentioned

in SWC Design change log. (This item includes looking at all

layers of Simulink model for possible color coding not

reflected at a higher level, and includes looking at any

intermediate SWC Design versions between the version being

implemented and the version that was included as a

subproject in the previous implementation.)

Code comparison against previous version matches

N/A

Comments:

changes needed as described by the work CR(s), all

Initial version

parent CRs and parent anomalies, and the SWC

Design change log.

Verified no Compiler Errors or Warnings

Yes

Comments:

(and verified for all possible combinations

of any conditionally compiled code)

Component.h is included

Yes

Comments:

All other includes are actually needed. (System includes

Yes

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Windows User: Intended Use: list version/revision of latest released Software Design and Coding Standards document. Version:2.1

Code comments are clear, correct, and adequate

Yes

Comments:

and have been updated for the change: [N40] and

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

Yes

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Yes

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Memory mapping for non-RTE code

N/A

Comments:

is per standard

All access of motor control loop data uses macros

N/A

Comments:

generated by the motor control manager

All loops have termination conditions that ensure

Yes

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

N/A

Comments:

if needed: [N65]

All integer division and modulus operations

N/A

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

N/A

Comments:

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsigned conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

N/A

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

N/A

Comments:

null pointer if needed: [N70]

Component outputs are limited to the legal range

Yes

Comments:

defined in the SWC Design DataDict.m file : [N53]

All code is mapped with SWC Design (all SWC

Yes

Comments:

Design subfunctions and/or model blocks identified

with code comments; all code corresponds to

some SWC Design subfunction and/or model block):

[N40]

Any other violations of design and coding

N/A

Comments:

standards noticed during the review are noted in the

comments section for rework.

Anomaly or Design Work CR created

N/A

Comments: List Anomaly or CR numbers

for any SWC Design corrections needed

General Notes / Comments:

Review Board:

Change Owner:

Avinash James

Review Date :

12/08/17

Lead Peer Reviewer:

Shruthi R

Approved by Reviewer(s):

SWC owner and/or
SWC Design author:

Comments:

Michal L

Integrator and or
SW lead:

Xin Liu

Comments:

Unit test co-ordinator:

Comments:

Other Reviewer(s):

Rationale/justification for items marked "No" approved by:

Sheet 5: Source Code-CDD_FlsMem.c

Rev 2.00

29-Nov-17

Nexteer SWC Implementation Peer Review Meeting Log (Source Code Review)

Source File Name:

CDD_FlsMem.c

Source File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 1

Header File Name:

CDD_FlsMem.h

Header File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 1

Header File Name:

NxtrDtsCh_RegDefns.h

Header File Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 2

MDD Name:

FlsMem Module Design Document

Revision:

Windows User: Intended Use: Synergy version number of the file being reviewed. (Version number that Synergy displays on the checked out or unmodified file in the working project) 2

SWC Design Name:

CM102B_FlsMem_Design

Revision:

Quality Check Items:

Rationale is required for all answers of No

EA4 Common Naming Convention followed:

Version:

EA4 Software Naming Convention followed:

Version:

for variable names

Yes

Comments:

for constant names

Yes

Comments:

for function names

Yes

Comments:

for other names (component, memory

Yes

Comments:

mapping handles, typedefs, etc.)

Verified no possibility of uninitialized variables being

Yes

Comments:

written to component outputs or IRVs

Any requirements traceability tags have been removed

Yes

Comments:

from at least the changed areas of code

All variables are declared at the function level.

Comments:

One component-level variable is needed in this component

can't be PIM because need to control the memory mapping for DTS write to local RAM

Synergy version matches change history

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Yes

Comments:

(including any anomaly number(s) being fixed) and

Work CR number

Code accurately implements SWC Design (Document or Model)

Yes

Comments:

in all areas where code was changed and/or Simulink

model was color-coded as changed and/or mentioned

in SWC Design change log. (This item includes looking at all

layers of Simulink model for possible color coding not

reflected at a higher level, and includes looking at any

intermediate SWC Design versions between the version being

implemented and the version that was included as a

subproject in the previous implementation.)

Code comparison against previous version matches

N/A

Comments:

changes needed as described by the work CR(s), all

Initial version

parent CRs and parent anomalies, and the SWC

Design change log.

Verified no Compiler Errors or Warnings

Yes

Comments:

(and verified for all possible combinations

of any conditionally compiled code)

Component.h is included

Yes

Comments:

All other includes are actually needed. (System includes

Yes

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Windows User: Intended Use: list version/revision of latest released Software Design and Coding Standards document. Version:2.1

Code comments are clear, correct, and adequate

Yes

Comments:

and have been updated for the change: [N40] and

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

Yes

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Yes

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Memory mapping for non-RTE code

N/A

Comments:

is per standard

All access of motor control loop data uses macros

N/A

Comments:

generated by the motor control manager

All loops have termination conditions that ensure

Yes

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

N/A

Comments:

if needed: [N65]

All integer division and modulus operations

N/A

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

N/A

Comments:

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsigned conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

N/A

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

N/A

Comments:

null pointer if needed: [N70]

Component outputs are limited to the legal range

Yes

Comments:

defined in the SWC Design DataDict.m file : [N53]

All code is mapped with SWC Design (all SWC

Yes

Comments:

Design subfunctions and/or model blocks identified

with code comments; all code corresponds to

some SWC Design subfunction and/or model block):

[N40]

Any other violations of design and coding

N/A

Comments:

standards noticed during the review are noted in the

comments section for rework.

Anomaly or Design Work CR created

N/A

Comments: List Anomaly or CR numbers

for any SWC Design corrections needed

General Notes / Comments:

For compilation, sandbox project had to be manually updated for special include paths that are not in the standard sandbox project for P1MC Micro _ Approved by Steve Horwarth 11/20/2017

Review Board:

Change Owner:

Avinash James

Review Date :

12/08/17

Lead Peer Reviewer:

Shruthi R

Approved by Reviewer(s):

SWC owner and/or
SWC Design author:

Comments:

Michal L

Integrator and or
SW lead:

Xin Liu

Comments:

Unit test co-ordinator:

Comments:

Other Reviewer(s):

Rationale/justification for items marked "No" approved by:

Sheet 6: PolySpace

Rev 2.00

29-Nov-17

Nexteer SWC Implementation Peer Review Meeting Log (PolySpace Review)

Source File Name:

CDD_FlsMem.c

Source File Revision:

Source File Name:

CDD_FlsMemNonRte.c

Source File Revision:

Source File Name:

CDD_FlsMem_Cfg.c (generated)

Source File Revision:

EA4 Static Analysis Compliance Guideline version:

01.03.00

Poly Space version:

Windows User: eg. 2013b

2013b

TL109A sub project version:

2.2

Quality Check Items:

Rationale is required for all answers of No

tools/local folders' header files are appropriate and

Yes

Comments:

function prototypes match the latest component version

100% Compliance to the EA4 Static Analysis

Yes

Comments:

Compliance Guideline

Are previously added justification and deviation

Yes

Comments:

comments still appropriate

Do all MISRA deviation comments use approved

Yes

Comments:

deviation tags

For any component source files (.c, .h, generated Cfg.c and Cfg.h)

Yes

Comments:

with conditional compilation, has Polyspace been run with all

combinations of build constants that can be used together in a build?

(Note which conditional compilation results have been archived)

Cyclomatic complexity and Static path count OK

Yes

Comments:

for all functions in the component per Design

and Coding Standards rule [N47]

General Notes / Comments:

1.Code Prover complains of out of bound access but we are not going over the functional limit of 32 channels for DTS which has 128 channels for the cuurent configuration of FlsMem
2. 3.4 Warning present for #pragma statements - reviewed and okay
3. For compilation, polyspace projects had to be manually updated for special include paths that are not in the standard project for P1MC Micro _ Approved by Steve Horwarth 11/20/2017

Review Board:

Change Owner:

Avinash James

Review Date :

12/08/17

Lead Peer Reviewer:

Shruthi R

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Xin Liu

Rationale/justification for items marked "No" approved by: