Shall: indicates a mandatory requirement without exception in compliance.
Should: indicates a mandatory requirement; exceptions allowed only with documented justification.
May: indicates an optional action.

SyncCrc & High-Level Description

Provides an API interface for other BSW and application level software components to calculate a synchronous CRC calculation using the EA4 hardware peripherals.

Design details of software module

Graphical representation of SyncCrc

Data Flow Diagram

Component level DFD

Function level DFD

Constant Data Dictionary

Program (fixed) Constants

Embedded Constants

Local Constants

Values between the brackets [] are the ranges that the configurable constants could be defined as for a given integration. These values are generated by Configurator before the software build.

Constant Name	Resolution	Units	Value
CRCININVAL8BIT_CNT_U08	Uint8	Cnt	0xFF
CRCININVAL16BIT_CNT_U16	Uint16	Cnt	0xFFFF
CRCININVAL32BIT_CNT_U32	Uint32	Cnt	0xFFFFFFFF
CRCERRVAL_CNT_U08	Uint8	Cnt	0
CRCHWRESVCFGRNG_CNT_U08	Uint8	Cnt	7
INVLDTASKID_CNT_U16	Uint16	Cnt	0xFFFF
NROFCRCHWUNIT_CNT_U08	Uint8	Cnt	4
NROFACTVCRCHWUNIT_CNT_U08	Uint8	Cnt	[0 – 4]*
ARWRPRENAD_CNT_U08	Uint8	Cnt	[STD_OFF – STD_ON]**
CRCOSREF_CNT_U08	Uint8	Cnt	[0-255]***

* Based on the value of “Available CRC Hardware Units” as defined in Configurator.
** Based on the value of “Autosar Wrapper Enable” as defined in Configurator.
***Based on the value of “Crc Os Application Reference” as defined in Configurator.

Variable Data Dictionary

The following type definitions are found in the private header of this component.

User Defined Typedef Definition/Declaration

Typedef Name	Element Name	User Defined Type	Legal Range (min)	Legal Range (max)
NtCrcIdRec	CrcHwIdx	Uint8	0	255
NtResvCallRec	ResvCall	Boolean	FALSE	TRUE

NtCrcIdRec

CrcHwIdx

Uint8

255

NtResvCallRec

ResvCall

Boolean

FALSE

TRUE

User Defined Enumerated Types

Enum Name	Element Name	Value
CrcDataAcsWidth1	CRCDATAACSWIDTH_32BIT	0
	CRCDATAACSWIDTH_16BIT	1
	CRCDATAACSWIDTH_8BIT	2
CrcAlg1	CRCALG_32BITETH	0
	CRCALG_16BIT	1
	CRCALG_8BIT	2
	CRCALG_8BITH2F	3

Software Component Implementation

Sub-Module Functions

Init: SyncCrcInit0

Design Rationale

This function initializes the PIM with the proper status for the CRC hardware units for use by the application components. This function is defined in the CDD_SyncCrcNonRte.c file as it shall be called prior to the RTE Init functions.

Processing

Module Outputs

None

Init: SyncCrcInit1

Design Rationale

Stub function for mapping the server runnable functions within a memory region.

Processing

None

Module Outputs

None

Server Runnables

ResvCrcHwUnit

Design Rationale

This function allows the caller to reserve a single CRC hardware unit until it is released. This will allow features such as the DMA to perform a CRC calculation over a large portion of data and does not need to permanently reserve a CRC hardware unit. This function can be called from within or outside a task. This server runnables must be defined with “can be invoked concurrently” enabled in Developer.

(Processing of function)………

Top Level Logic

Reserve CRC

Release CRC

Module Outputs

None

CRC API Server Runnables

API Design Rationale

The following flow chart is applicable to all CRC API functions in this document. However, the highlighted green squares vary by the API. These differences will be pointed out in each sub-function section. All API client calls must be called from within a task. These server runnables must be defined with “can be invoked concurrently” enabled in Developer.

API Processing

Calc8BitCrc_Oper

DCRA[CrcHwIdx_Cnt_T_u08].CTL.BIT.ISZ = CRCDATAACSWIDTH_8BIT;

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.POL = CRCALG_8BIT;

DCRA [CrcHwIdx_Cnt_T_u08].COUT = CRCININVAL8BIT_CNT_U16;

Calc8BitCrc0X2F_Oper

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.ISZ = CRCDATAACSWIDTH_8BIT;

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.POL = CRCALG_8BITH2F;

DCRA [CrcHwIdx_Cnt_T_u08].COUT = CRCININVAL8BIT_CNT_U16;

Calc16BitCrc_u08_Oper

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.ISZ = CRCDATAACSWIDTH;

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.POL = CRCALG_16BIT;

DCRA [CrcHwIdx_Cnt_T_u08].COUT = CRCININVAL16BIT_CNT_U16;

Calc16BitCrc_u16_Oper

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.ISZ = CRCDATAACSWIDTH_16BIT;

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.POL = CRCALG_16BIT;

DCRA [CrcHwIdx_Cnt_T_u08].COUT = CRCININVAL16BIT_CNT_U16;

Calc32BitCrc_u08_Oper

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.ISZ = CRCDATAACSWIDTH;

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.POL = CRCALG_32BITETH;

DCRA [CrcHwIdx_Cnt_T_u08].COUT = CRCININVAL32BIT_CNT_U16;

Calc32BitCrc_u16_Oper

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.ISZ = CRCDATAACSWIDTH_16BIT;

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.POL = CRCALG_32BITETH;

DCRA [CrcHwIdx_Cnt_T_u08].COUT = CRCININVAL32BIT_CNT_U16;

Calc32BitCrc_u32_Oper

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.ISZ = CRCDATAACSWIDTH_32BIT;

DCRA [CrcHwIdx_Cnt_T_u08].CTL.BIT.POL = CRCALG_32BITETH;

DCRA [CrcHwIdx_Cnt_T_u08].COUT = CRCININVAL32BIT_CNT_U16;

Interrupt Functions

None

Module Internal (Local) Functions

RelsCrcHwUnit

Function Name	RelsCrcHwUnit	Type	Min	Max
Arguments Passed	CrcHwIdx_Cnt_T_u08	Uint8	0	3
Return Value	N/A

Design Rationale

To minimize time in Exclusive areas, the Enter and Exit calls were placed within this function. All API server runnables that use this function are defined in Developer to have access to the exclusive area.

Processing

NONTRUSTED_NtWrapS_SyncCrc_RelsCrcHwUnit

Function Name	NONTRUSTED_NtWrapS_SyncCrc_RelsCrcHwUnit	Type	Min	Max
Arguments Passed	FunctionIndex	Uint16	0	65535
	FunctionParams	Void*	0	2^32-1
Return Value	N/A

Design Rationale

Function is required to prevent MPU violations when the API modifies the per-instance-memory used by all API functions.

Processing

GetAvlCrcHwUnit

Function Name	GetAvlCrcHwUnit	Type	Min	Max
Arguments Passed	N/A
Return Value	N/A

Design Rationale

Processing

NONTRUSTED_NtWrapS_SyncCrc_GetAvlCrcHwUnit

Function Name	NONTRUSTED_NtWrapS_SyncCrc_GetAvlCrcHwUnit	Type	Min	Max
Arguments Passed	FunctionIndex	Uint16	0	65535
	FunctionParams	Void*	0	2^32-1
Return Value	N/A

Design Rationale

Function is required to prevent MPU violations when the API modifies the per-instance-memory used by all API functions.

Processing

CrcRegCfg

Function Name	CrcRegCfg	Type	Min	Max
Arguments Passed	CrcHwIdx_Arg	Uint8	0	255
	CrcCfg_Arg	CrcHwResvCfg1	0	6
	StrtVal_Arg	Uint32	0	4294967295
Return Value	N/A

Design Rationale

Function created to reduce the complexity of the ResvCrcHwUnit_Oper function.

Processing

GLOBAL Function/Macro Definitions

None

Known Limitations with Design

API client calls, except ResvCrcHwUnit, must be called from within a task.
To meet design and coding standards, ‘For’ loops called out by the FDD were implemented with ‘While’ loops to break out of the loops without using the ‘break’ keyword.

UNIT TEST CONSIDERATION

The constants NROFACTVCRCHWUNIT_CNT_U08, ARWRPRENAD_CNT_U08, and CRCOSREF_CNT_U08 shall be tested to their full range as defined in the constant section.

Abbreviations and Acronyms

Abbreviation or Acronym	Description

Glossary

Note: Terms and definitions from the source “Nexteer Automotive” take precedence over all other definitions of the same term. Terms and definitions from the source “Nexteer Automotive” are formulated from multiple sources, including the following:

ISO 9000
ISO/IEC 12207
ISO/IEC 15504
Automotive SPICE® Process Reference Model (PRM)
Automotive SPICE® Process Assessment Model (PAM)
ISO/IEC 15288
ISO 26262
IEEE Standards
SWEBOK
PMBOK
Existing Nexteer Automotive documentation

Term	Definition	Source
MDD	Module Design Document
DFD	Data Flow Diagram

References

Ref. #	Title	Version
1	AUTOSAR Specification of Memory Mapping (Link:AUTOSAR_SWS_MemoryMapping.pdf)	v1.3.0 R4.0 Rev 2
2	MDD Guideline	EA4 01.00.01
3	Software Naming Conventions.doc	1.0
4	Software Design and Coding Standards.doc	2.1

2 - CM800A_SyncCrc_Integration_Manual

Integration Manual

For

CM800A SyncCrc

VERSION: 2.0

DATE: 11-Jan-2016

Prepared By:

Kevin Smith

Nexteer Automotive,

Saginaw, MI, USA

Location: The official version of this document is stored in the Nexteer Configuration Management System.

Revision History

Sl. No.	Description	Author	Version	Date	Approved By
1	Initial version	K. Smith	1.0	05-Oct-15	-
2	Added exclusive area details and updates for version 1.0.0 of the component design.	K. Smith	2.0	11-Jan-16	-

Table of Contents

1 Abbrevations And Acronyms 4

2 References 5

3 Dependencies 6

3.1 SWCs 6

3.2 Global Functions(Non RTE) to be provided to Integration Project 6

4 Configuration REQUIREMeNTS 7

4.1 Build Time Config 7

4.2 Configuration Files to be provided by Integration Project 7

4.3 Da Vinci Parameter Configuration Changes 7

4.4 DaVinci Interrupt Configuration Changes 7

4.5 Manual Configuration Changes 7

4.6 Exclusive Area Changes 7

5 Integration DATAFLOW REQUIREMENTS 8

5.1 Required Global Data Inputs 8

5.2 Required Global Data Outputs 8

5.3 Specific Include Path present 8

6 Runnable Scheduling 9

7 Memory Map REQUIREMENTS 10

7.1 Mapping 10

7.2 Usage 10

7.3 NvM Blocks 10

8 Compiler Settings 11

8.1 Preprocessor MACRO 11

8.2 Optimization Settings 11

9 Appendix 12

Abbrevations And Acronyms

Abbreviation	Description
DFD	Design functional diagram
MDD	Module design Document

References

This section lists the title & version of all the documents that are referred for development of this document

Sr. No.	Title	Version
1	MDD Guidelines	Process 04.02.00
2	Software Naming Conventions	Process 04.02.00
3	Coding standards	Process 04.02.00
4	CM800A_SyncCrc_Design	See Synergy subproject version

Dependencies

SWCs

Module	Required Feature
None

Note : Referencing the external components should be avoided in most cases. Only in unavoidable circumstance external components should be referred. Developer should track the references.

Global Functions(Non RTE) to be provided to Integration Project

SyncCrcInit0*

Calc16BitCrc_u16_Oper

Calc16BitCrc_u08_Oper

Calc32BitCrc_u16_Oper

Calc32BitCrc_u32_Oper

Calc32BitCrc_u08_Oper

Calc8BitCrc0X2F_Oper

Calc8BitCrc_Oper

ResvCrcHwUnit_Oper*

The following functions are available if the Autosar Wrapper is enabled

Crc_CalculateCRC8

Crc_CalculateCRC8H2F

Crc_CalculateCRC16

Crc_CalculateCRC32

*All functions except marked must be called from within a task.

Configuration REQUIREMeNTS

Build Time Config

Modules	Notes
None

Configuration Files to be provided by Integration Project

CDD_SyncCrc_Cfg_private.h

Da Vinci Parameter Configuration Changes

Parameter	Notes	SWC
/Nexteer/EcucDefs_SyncCrc/SyncCrc/SyncCrcCommon/AutosarWrapperEnable	Enables the AUTOSAR API Wrapper functions. This should only be enabled if the Crc BSW is not to be used in a project	SyncCrc
/Nexteer/EcucDefs_SyncCrc/SyncCrc/SyncCrcCommon/AvailableCRCHardwareUnits	Defines the number of CRC hardware units the application can use. Four (4) shall be used as a default value unless there is a specific need to reserve one or more units for other software components. For example, if this was set to 3, the indexes 0-2 would be available to components and index 3 would be reserved. This feature is disabled and hard coded to 4.	SyncCrc
/Nexteer/EcucDefs_SyncCrc/SyncCrc/SyncCrcCommon/CrcOsApplicationReference	Value shall be the application in which the SyncCrc is integrated. Due to the nature of CRC usage, an ASIL D application should be selected unless the program is directed otherwise.	SyncCrc

DaVinci Interrupt Configuration Changes

ISR Name	VIM #	Priority Dependency	Notes
None

Manual Configuration Changes

Constant	Notes	SWC
None

Exclusive Area Changes

Name	Notes	SWC
SyncCrcExclusiveArea	The exclusive area defined in this component is used by all API functions. The area is used to prevent interruption when searching for an available CRC hardware unit. Presently MtrCtrl function design should not be performing CRC calculations. As a result, the area shall be configured to block all OS related interrupts.	SyncCrc

Integration DATAFLOW REQUIREMENTS

Required Global Data Inputs

Required Global Data Outputs

Specific Include Path present

Yes

Runnable Scheduling

This section specifies the required runnable scheduling.

Init	Scheduling Requirements	Trigger
CDD_SyncCrcInit1		RTE Init
CDD_SyncCrcInit0	Shall be scheduled outside of the RTE before any components use the SyncCrc API	Non-RTE Init

Runnable	Scheduling Requirements	Trigger
None	None	N/A

Memory Map REQUIREMENTS

Mapping

Memory Section	Contents	Notes
None

* Each …START_SEC… constant is terminated by a …STOP_SEC… constant as specified in the AUTOSAR Memory Mapping requirements.

Usage

Feature	RAM	ROM
None

Table 1: ARM Cortex R4 Memory Usage

NvM Blocks

*See DataDict.m

Compiler Settings

Preprocessor MACRO

None

Optimization Settings

None

Appendix

<This section is for appendix>

3 - SyncCrc Review

Overview

Summary Sheet
Synergy Project
Davinci Files
Source Code - SyncCRC
Source Code - SyncCRCNonRte
MDD
PolySpace
Integration Manual

Sheet 1: Summary Sheet

Rev 1.2

8-Jun-15

Peer Review Summary Sheet

Synergy Project Name:

kzshz2: Intended Use: Identify which component is being reviewed. This should be the Module Short Name from Synergy Rationale: Required for traceability. It will help to ensure this form is not attaced to the the wrong change request. CM800A_SyncCrc_Impl

Revision / Baseline:

kzshz2: Intended Use: Identify which Synergy revision of this component is being reviewed Rationale: Required for traceability. It will help to ensure this form is not attaced to the the wrong change request. CM800A_SyncCrc_Impl_1.0.0

Change Owner:

kzshz2: Intended Use: Identify the developer who made the change(s) Rationale: A change request may have more than one resolver, this will help identify who made what change. Change owner identification may be required by indusrty standards. K. Smith

Work CR ID:

EA4#5405

kzshz2: Intended Use: Intended to identify at a high level to the reviewers which areas of the component have been changed. Rationale: This will be good information to know when ensuring appropriate reviews have been completed. Modified File Types:

kzshz2: Intended Use: Identify who where the reviewers, what they reviewed, and if the reviewed changes have been approved to release the code for testing. Comments here should be at a highlevel, the specific comments should be present on the specific review form sheet. Rationale: Since this Form will be attached to the Change Request it will confirm the approval and provides feedback in case of audits. ADD DR Level Move reviewer and approval to individual checklist form Review Checklist Summary:

Reviewed:

Yes

MDD

Yes

Source Code

Yes

PolySpace

Yes

Integration Manual

Yes

Davinci Files

Comments:

General Guidelines:
- The reviews shall be performed over the portions of the component that were modified as a result of the Change Request.
- New components should include FDD Owner and Integrator as apart of the Group Review Board (Source Code, Integration Manual, and Davinci Files)
- Enter any rework required into the comment field and select No. When the rework is complete, review again using this same review sheet and select Yes. Add date and additional comment stating that the rework is completed.
- To review a component with multiple source code files use the "Add Source" button to create a Source code tab for each source file.
- .h file should be reviewed with the source file as part of the source file.

Sheet 2: Synergy Project

Peer Review Meeting Log (Component Synergy Project Review)

Quality Check Items:

Rationale is required for all answers of No

New baseline version name from Summary Sheet follows

Yes

Comments:

naming convention

Project contains necessary subprojects

Yes

Comments:

Project contains the correct version of subprojects

Yes

Comments:

Design subproject is correct version

Yes

Comments:

General Notes / Comments:

Need to add design component when baseline is complete. Done 1/14

LN: Intended Use: Identify who were the reviewers and if the reviewed changes have been approved. Rationale: Since this Form will be attached to the Change Request it will confirm the approval and provides feedback in case of audits. KMC: Group Review Level removed in Rev 4.0 since the design review is not checked in until approved, so it would always be DR4. Review Board:

Change Owner:

K. Smith

Review Date :

01/14/16

Lead Peer Reviewer:

Kathleen Creager

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 3: Davinci Files

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Davinci Review)

Quality Check Items:

Rationale is required for all answers of No

Only StdDef Port types are used

Yes

Comments:

new types have not been added to StdDef yet (done 1/13/16)

array data type name does not meet conventions - done 1/8/16

For components not using application data types, do all

Yes

Comments:

port interface names end in PortIf and a sequence number

Non-program-specific components saved

Yes

Comments:

in Autosar 4.0.3 format

*Cfg.arxml.TT: Verfied Davinci Configurator imported the

N/A

Comments:

change correctly

*Cfg.h.TT: Verfied Davinci Configurator generates

Yes

Comments:

the configuration header(s) file correctly

kzshz2: Either a generic sandbox or a baselined integration project can be used to verify

All changed files have been compared against previous

N/A

Comments:

versions (If available)

kzshz2: Intended Use: Identify if previous version was compared and only the expected change(s) was present. This is for text files only, not binary or GUIs Rationale: This is helpful in identifying unapproved (intended or mistaken) changes.

Automated validation check is performed

Yes

Comments:

Naming conventions followed. All names should

Yes

Comments:

match DataDict.m

Sender/Receiver port properties match DataDict.m

N/A

Comments:

file (use .m file helper tool)

Calibration port properties match DataDict.m

N/A

Comments:

file (use .m file helper tool)

Components using application data types:

Sender/Receiver port initialization values match

N/A

Comments:

DataDict.m file

Calibration port initialization values match

N/A

Comments:

DataDict.m file

Components not using application data types:

Sender/Receiver port initialization values match

N/A

Comments:

DataDict.m file and have been converted to counts

for fixed point types

Calibration port initialization values match

N/A

Comments:

DataDict.m file and have been converted to counts

for fixed point types

Mapping set and all unused items have been

Yes

Comments:

removed

All sender/receiver port read/writes using direct

N/A

Comments:

read/writes(List justification if not)

Runnable calling frequencies match FDD

N/A

Comments:

DataDict.m display variables: created as

N/A

Comments:

PerInstanceMemory. Matches the FDD

Component is correct component type

Yes

Comments:

General Notes / Comments:

do any of the APIs need to be available outside the RTE? -- yes -- done 1/8/16

enum types need changes for naming conventions - done 1/8/16

anything visible to Developer to be defined in Developer -- CrcHwSts1 still pending (1/8/16);

anything visible in the API needs to be in StdDef (still pending as of 1/8/16)

ResvCrcFctLockOut -- change name to ResvCrcFctLockdOut, make a boolean -- this PIM has been removed -- 1/8/16

CDD_SyncCrc_private.h.tt -- remove #define CRCHWUNIT -- just use DCRA - done 1/8/16

move non-configurable items out of the Cfg.h template files - done 1/8/16

make "AvailableCRCHardwareUnits" grayed out in Configurator -- leave functionality for possible future use, but don't want to start using it now -- done 1/8/16

make the check on number of active hw units vs available a generated check i.e.. generate the #error if values are wrong - done 1/8/16

Change Owner:

K. Smith

Review Date :

01/13/16

Component Type :

CDD

Lead Peer Reviewer:

Kathleen Creager

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Archana

Lucas Wendling

Sheet 4: Source Code - SyncCRC

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Source Code Review)

Source File Name:

CDD_SyncCrc.c

Source File Revision:

Header File Name:

CDD_SyncCrc.h, CDD_SyncCRC_private.h

Header File Revision:

kzshz2: Intended Use: Identify which version of the source file is being review. Rationale: Required for traceability between source code and review. Auditors will likely require this. 1, 1

MDD Name:

CM800A_SyncCrc_MDD

Revision:

FDD/SCIR/DSR/FDR/CM Name:

CM800A_SyncCrc_Design

Revision:

1.0.0

Quality Check Items:

Rationale is required for all answers of No

Working EA4 Software Naming Convention followed:

for variable names

Yes

Comments:

for constant names

Yes

Comments:

for function names

Comments:

OK that the AUTOSAR wrapper functions

use the names defined in the AUTOSAR API

for other names (component, memory

Comments:

OK that the AUTOSAR wrapper functions'

mapping handles, typedefs, etc.)

arguments use the names defined in the AUTOSAR API

All paths assign a value to outputs, ensuring

N/A

Comments:

no outputs

all outputs are initialized prior to being written

Requirements Tracability tags in code match the requirements tracability in the FDD

Yes

Comments:

requirements tracability in the FDD

All variables are declared at the function level.

Yes

Comments:

Synergy version matches change history

kzshz2: Intended Use: Indicate that the the versioning was confirmed by the peer reviewer(s). Rationale: There have been many occassions where versions were not updated in files and as a result Unit Test were referencing wrong versions. This often time leads to the need to re-run of batch tests.

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Yes

Comments:

and Work CR number

Code accurately implements FDD (Document or Model)

Yes

Comments:

Verified no Compiler Errors or Warnings

KMC: Intended Use: To confirm no compiler errors or warnings exist for the code under review (warnings from contract header files may be ignored). Rationale: This is needed to ensure there will be no errors discovered at the time of integration. A Sandox project should be used; QAC can find compiler errors but not warnings.

Yes

Comments:

warnings from Renesas header files -- ok

Component.h is included

Comments:

ok -- both RTE and component.h are

included in the other source file -- verifies that declarations match

All other includes are actually needed. (System includes

Yes

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Version: 2.1

Code comments are clear, correct, and adequate

Yes

Comments:

and have been updated for the change: [N40] and

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

Yes

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Yes

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Memory mapping for non-RTE code

Yes

Comments:

is per standard

All execution-order-dependent code can be

Yes

Comments:

recognized by the compiler: [N80]

All loops have termination conditions that ensure

Yes

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

Yes

Comments:

if needed: [N65]

All integer division and modulus operations

Yes

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

Yes

Comments:

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsiged conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

N/A

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

Comments:

functions assume the pointers that are

null pointer if needed: [N70]

passed in as arguments are non-null; ok for source

pointer (may need to be zero); future version to consider

checking pointer where result is written

Component outputs are limited to the legal range

N/A

Comments:

no component outputs

defined in the FDD DataDict.m file : [N53]

all server runnable outputs have full range

All code is mapped with FDD (all FDD

Yes

Comments:

subfunctions and/or model blocks identified

with code comments; all code corresponds to

some FDD subfunction and/or model block): [N40]

Review did not identify violations of other

Yes

Comments:

coding standard rules

Anomaly or Design Work CR created

N/A

Comments: List Anomaly or CR numbers

for any FDD corrections needed

FDD updates to be completed and baselined

before implementation baseline

General Notes / Comments:

requirements tags should refer to requirement numbers. Should also have comments mapping to FDD paragraph numbers. - done 1/8/16

add design rationale comment regarding why exclusive area not needed in static function for releasing a hw unit -- 1/8 added the exclusive area instead - done 1/8/16

move enter/exit exclusive area inside GetAvlCrcHwUnit instead of around calls. Done 1/8/16
Document design rationale for "can enter" access in all the functions that call this function - to be done in MDD - done 1/13/16

document restriction - GetAvlCrcHwUnit has to be called from a task context - done 1/8/16

remove "break" to get out of loops; must use while instead of for loop - done 1/8/16

move "Autosar wrapper" functions to a "NonRte" source file - done 1/8/16

some parameter names need to change in the function calls inside the AUTOSAR wrapper functions-- param names checked, ok 1/8/16

test to make sure the writes to .CIN of uint16 or uint8 work correctly without a cast to uint32 -- tested ok done 1/8/16

note in some design documentation that the Calc*_Oper runnables need to be set up in DaVinci for able to be invoked concurrently - to be done in MDD - done 1/13/16

add "can be invoked concurrently" property to the ResvCrcHwUnit_Oper runnable - done 1/8/16

in ResvCrcHwUnit_Oper, move the switch case stmt outside of the loop to make exclusive area as small as possible; also change to while loop and remove break 1/8/16

above change will restructure the whole function -- need to re-review all logic at that point - done 1/8/16

casting of argument in switch (in ResvCrcHwUnit) should go away after putting enum type in Developer - done 1/8/16

In ResvCrcHwUnit, set all outputs to known values even if no hw unit was available; set address args to zero - done 1/8/16

release logic needs to change to make sure the correct unit is released (not erroneously called by someone that didn't succeed on their initial resv call) - done 1/8/16

consider using task id in resv function; may not be able to depending on whether flash crc is going to start before the RTE -- 1/8/16 - leave as is - ok

add DET in the last else of the ResvCrcHwUnit_Oper -- done 12/16

Change Owner:

K. Smith

Review Date :

01/13/16

Lead Peer Reviewer:

Kathleen Creager

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Archana

Lucas Wendling

Sheet 5: Source Code - SyncCRCNonRte

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Source Code Review)

Source File Name:

CDD_SyncCrcNonRte.c

Source File Revision:

Header File Name:

CDD_SyncCrc.h, CDD_SyncCRC_private.h

Header File Revision:

kzshz2: Intended Use: Identify which version of the source file is being review. Rationale: Required for traceability between source code and review. Auditors will likely require this. 1, 1

MDD Name:

CM800A_SyncCrc_MDD

Revision:

FDD/SCIR/DSR/FDR/CM Name:

CM800A_SyncCrc_Design

Revision:

1.0.0

Quality Check Items:

Rationale is required for all answers of No

Working EA4 Software Naming Convention followed:

for variable names

Yes

Comments:

for constant names

Yes

Comments:

for function names

Comments:

OK that the AUTOSAR wrapper functions

use the names defined in the AUTOSAR API

for other names (component, memory

Comments:

OK that the AUTOSAR wrapper functions'

mapping handles, typedefs, etc.)

arguments use the names defined in the AUTOSAR API

All paths assign a value to outputs, ensuring

N/A

Comments:

no outputs

all outputs are initialized prior to being written

Requirements Tracability tags in code match the requirements tracability in the FDD

Yes

Comments:

requirements tracability in the FDD

All variables are declared at the function level.

Yes

Comments:

Synergy version matches change history

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Yes

Comments:

and Work CR number

Code accurately implements FDD (Document or Model)

Yes

Comments:

Verified no Compiler Errors or Warnings

Yes

Comments:

Component.h is included

Yes

Comments:

All other includes are actually needed. (System includes

Yes

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Version: 2.1

Code comments are clear, correct, and adequate

Yes

Comments:

and have been updated for the change: [N40] and

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

Yes

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Yes

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Memory mapping for non-RTE code

Yes

Comments:

is per standard

All execution-order-dependent code can be

Yes

Comments:

recognized by the compiler: [N80]

All loops have termination conditions that ensure

Yes

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

Yes

Comments:

if needed: [N65]

All integer division and modulus operations

Yes

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

Yes

Comments:

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsiged conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

N/A

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

Yes

Comments:

null pointer if needed: [N70]

Component outputs are limited to the legal range

N/A

Comments:

no component outputs

defined in the FDD DataDict.m file : [N53]

all server runnable outputs have full range

All code is mapped with FDD (all FDD

Yes

Comments:

subfunctions and/or model blocks identified

with code comments; all code corresponds to

some FDD subfunction and/or model block): [N40]

Review did not identify violations of other

Yes

Comments:

coding standard rules

Anomaly or Design Work CR created

N/A

Comments: List Anomaly or CR numbers

for any FDD corrections needed

FDD updates to be completed and baselined

before implementation baseline

General Notes / Comments:

all comments for both source files were captured in SyncCRC source code tab.

Change Owner:

K. Smith

Review Date :

01/13/16

Lead Peer Reviewer:

Kathleen Creager

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Archana

Lucas Wendling

Sheet 6: MDD

Rev 1.2

8-Jun-15

Peer Review Meeting Log (MDD Review)

MDD Name:

CM800A_SyncCrc_MDD.docx

MDD Revision:

Source File Name:

CDD_SyncCrc.c

Source File Revision:

Source File Name:

CDD_SyncCrcNonRte.c

Source File Revision:

Source File Name:

Source File Revision:

Quality Check Items:

Rationale is required for all answers of No

Synergy version matches document

Yes

Comments:

Change log contains detailed description of changes

Yes

Comments:

Changes Highlighted (for Unit Tester)

Comments:

previous version not unit tested

Diagrams have been included per MDD Guideline

Yes

Comments:

and reviewed

All Design Exceptions and Limitations are listed

Yes

Comments:

Design rationale given for all global

N/A

Comments:

data not communicated through RTE ports, per

Design and Coding Standards rules [N9] and [N10].

All implementation details that differ from the FDD are

Yes

Comments:

while loop vs for loop explained in

noted and explained in Design Rationale

Design Limitations

All Unit Test Considerations have been described

Yes

Comments:

General Notes / Comments:

Change Owner:

K. Smith

Review Date :

01/13/16

Lead Peer Reviewer:

Kathleen Creager

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Archana

Sheet 7: PolySpace

Rev 1.2

8-Jun-15

Peer Review Meeting Log (QAC/PolySpace Review)

Source File Name:

CDD_SyncCrc.c

Source File Revision:

Source File Name:

CDD_SyncCrcNonRte.c

Source File Revision:

Source File Name:

Source File Revision:

EA4 Static Analysis Compliance Guideline version:

1.0.0

Poly Space version:

Windows User: eg. 2013b 2013b

Polyspace sub project version:

Windows User: eg. TL108a_PolyspaceSuprt_1.0.0 NA

QAC version:

Windows User: eg 8.1.1-R 8.1.1-R

QAC sub project version:

Windows User: eg. TL_100A_1.1.0 TL100A_1.2.0

Quality Check Items:

Rationale is required for all answers of No

Contract Folder's header files are appropriate and

kzshz2: Intended Use: Identify that the contract folder contains only the information required for this component. All other variables, constants, function prototypes, etc. should be removed. Rationale: This will help avoid unit testers having to considers object not used. It will also avoid having other files required for QAC.

Yes

Comments:

function prototypes match the latest component version

100% Compliance to the EA4 Static Analysis

Comments:

during review, approved additional

Compliance Guideline

deviations not yet in compliance guideline

Are previously added justification and deviation

N/A

Comments:

comments still appropriate

Do all MISRA deviation comments use approved

Yes

Comments:

during review, approved additional

deviation tags

deviations not yet in compliance guideline

Cyclomatic complexity and Static path count OK

Creager, Kathleen: use Browse Function Metrics, STCYC and STPTH

Yes

Comments:

for all functions in the component per Design

and Coding Standards rule [N47]

General Notes / Comments:

run static analysis with configurator parameters set up as variables in the contract header files, and with conditional compile constant set both ways - done 1/13/16

Change Owner:

K. Smith

Review Date :

01/13/16

Lead Peer Reviewer:

Kathleen Creager

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 8: Integration Manual

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Integration Manual Review)

Integration Manual Name:

kzshz2: Intended Use: Identify which file is being reviewed Rationale: Required for traceability. It will help to ensure this sheet is not attached to the wrong design review form. CM800A_SyncCrc_Integration_Manual

Integration Manual Revision:

kzshz2: Intended Use: Identify which version of the integration manual has been reviewed. Rationale: Required for traceability between the MDD and review. Auditors will likely require this. 2

Quality Check Items:

Rationale is required for all answers of No

Synergy version matches header

Yes

Comments:

Latest template used

Yes

Comments:

Change log contains detailed description of changes

Yes

Comments:

Changes Highlighted (for Integrator)

Comments:

initial version was very generic --

essentially all content is new

General Notes / Comments:

note which functions can only be called from a task context - done 1/13/16

Change Owner:

K. Smith

Review Date :

01/13/16

Lead Peer Reviewer:

Kathleen Creager

Approved by Reviewer(s):

Other Reviewer(s):