Instructions for Functional Design Package Peer Review

PRE-MEETING
	Function Owner	Confirm that requirements are reviewed and approved PRIOR to the FDP peer review
	Function Owner	Start with latest version of the template for any "first reviews" - Continue to use existing temmplate for re-reviews
	Function Owner	Provide the functional design package (changed documents) to the invited attendees 1-2 working days in advance of review
	Function Owner	Notify the assigned peer reviewer and make sure they are prepared to do their function in the meeting
	Function Owner	Identify necessary attendance and invite to meeting
	Function Owner	Complete the "Author" column information for sections 1 through 3 prior to the review
	Function Owner	Complete the attendance invitation list in section 5
	Function Owner	For Re-reviews only: Complete the column "remarks by author" to identify actions taken to address items found in earlier reviews.

DURING MEETING
	Function Owner	Present document changes to the review team
	Peer Reviewer	Capture attendance of the review
	Peer Reviewer	Capture actions and issues in section 4. Identify issue summary, Document type, Reference (Requirement ID, section number, etc), Defect Type and indicate status as "OPEN"

POST MEETING
	Function Owner	Follow up on all "open" items. Update "Summary of Resolution" to indicate what was done or decided.
	Function Owner	Schedule follow up review OR review open items with peer reviewer and obtain agreement to close
	Peer Reviewer	Close change request in system and confirm all associated tasks are complete. Upload peer review checklist (this document) with any FDP updates

Sheet 2: Technical Review Checklist

Technical Review Checklist - Template Version 02.00.00

Product Name

Electric Power Steering

Electrical Arch.

Review Scope

Defect Type

Numbers

Yes

Closed

Function ID

NM100A_MotVelCtrl

1.Increased PIM ranges for PrevAntiWdupCmd,PrevDerivtvOutp and PrevIntgtrInp. 2. Saturation block for Anti-windup command and Derivative command.

Requirement

Rejected

FDD

Long Name

Motor Velocity Control

Interface

Open

Model

Version that you started from. NOT the version you hope to release. If this will be v1.0.0, enter NA. Starting Baseline

1.3.0

Effort

Design

FMEA

Author

Chang Wang

Review Effort(Hrs.)

Standards

*.m File

Corr+Verf effort(Hrs.)

Documentation

Cal Process

Total Effort (Hrs.)

0.00

Others

Total

Checklist No.

Description of Check

Author: This column is for Self review. Author shall fill Yes/No/NA against each point in checklist. Author

Author: This column is for reviewer. Reviewer shall fill Yes/No/NA against each point in checklist. Reviewer

Author: Detailed Description of the finding shall be provided by the reviewer. Description of finding by reviewer

Author: Defect type to be selected. Defect Type

Author: What action is taken to fix the comment & other remarks need to be filled by author. Remarks By Author

Author: Data in this column shall be filled by reviewer after checking whether the rework is completed. Status

Section 1: Data Dictionary

Is Filename of Data Dictionary in correct format?

Yes

Is the FDD.Version property correctly updated?

Yes

Is the Data Dictionary Verification report error free?

Yes

Does FDD Long Name, Short Name, and Description match requirements?

Yes

Are all runnables defined?

Yes

Do runnables have the correct time step?

Yes

Do server runnables correctly define arguments?

Yes

Are all clients defined?

Yes

Do client definitions match the corresponding server runnable?

Yes

Does name and metadata of every signal match its corresponding interface signal?

Yes

Do output signal ranges match requirements (check DOOR min/max attributes too)?

Yes

Are calibration tables named correctly (e.g. AssiX and AssiY)?

Yes

Do all calibrations have correct values for all metadata?

Yes

Is NVM defined in the appropriate number of blocks?

Are constants defined with proper scope (local vs global)?

Yes

Are all dependent constants and calibrations included in one file?

Yes

Does FDD.DesignASIL match requirements?

Yes

Section 2: Model

Author: This column is for Self review. Author shall fill Yes/No/NA against each point in checklist. Author

Author: This column is for reviewer. Reviewer shall fill Yes/No/NA against each point in checklist. Reviewer

Author: Detailed Description of the finding shall be provided by the reviewer. Description of finding by reviewer

Author: Defect type to be selected. Defect Type

Author: What action is taken to fix the comment & other remarks need to be filled by author. Remarks By Author

Author: Data in this column shall be filled by reviewer after checking whether the rework is completed. Status

Is filename of model in correct format?

Yes

Is Top level of model annotated with Requirements Baseline?

Yes

Is the Top level of the model annotated with Tool Dependencies?

Yes

Is Top level of model annotated with Change Log or History?

Yes

Does the Component shortname match data dictionary FDD metadata?

Yes

Is the 2nd level of model free from subsystems that are not Function-Call Subsystems?

Yes

Is the 2nd level of model free from arithmetic and logic operations?

Yes

Are the Runnable trigger signals named as "call_<Runnable>"?

Yes

Does 2nd level of model have a properly updated annotation with name, description, and intended baseline number?

Yes

Are all data flow layers free of Function-Call Subsystems and Memory Store blocks?

Yes

Does the Model have the confidentiality and copyright information inside all its Subsystems?

Yes

Are all the Memory Store blocks for PIM and Display Variables located on the 2nd level of model?

Yes

Do all Memory Store blocks for PIM and Display Variables have the "Data store name must resolve to Simulink signal object" setting checked to true?

Yes

Is each diagnostic (NTC) capable of being set to "PASS"?

Does non-zero intialization of PIM occur in the function's Init runnable?

Yes

Does design properly include Set Ram Block Status when NVM RAM values change?

Does model include appropriate logic for dealing with missing or corrupted NVM data?

Does model execute without errors/warnings after loading NxtrMBDConfig configuration set?

Yes

Section 3: Requirements Linking

Author: This column is for Self review. Author shall fill Yes/No/NA against each point in checklist. Author

Author: This column is for reviewer. Reviewer shall fill Yes/No/NA against each point in checklist. Reviewer

Author: Detailed Description of the finding shall be provided by the reviewer. Description of finding by reviewer

Author: Defect type to be selected. Defect Type

Author: What action is taken to fix the comment & other remarks need to be filled by author. Remarks By Author

Author: Data in this column shall be filled by reviewer after checking whether the rework is completed. Status

Are all requirements links of the format <FDDNumber>_<ObjectID>?

Yes

Does requirements HTML report reference only the DOORS module of this component for all links in the design?

Yes

Are linked blocks linked to the correct requirements(s)? (watch for problems due to copy/pasted blocks)

Yes

Is the list of unlinked blocks acceptable?

Yes

Section 4: Model Advisor

Author: This column is for Self review. Author shall fill Yes/No/NA against each point in checklist. Author

Author: This column is for reviewer. Reviewer shall fill Yes/No/NA against each point in checklist. Reviewer

Author: Detailed Description of the finding shall be provided by the reviewer. Description of finding by reviewer

Author: Defect type to be selected. Defect Type

Author: What action is taken to fix the comment & other remarks need to be filled by author. Remarks By Author

Author: Data in this column shall be filled by reviewer after checking whether the rework is completed. Status

Was Model Advisor run with the correct configuration settings?

Yes

Is the Model Advisor rerport free from "Fails".

Yes

Are Model Advisor report "Warnings" acceptable?

Yes

Section 5: Delivery Package

Author: This column is for Self review. Author shall fill Yes/No/NA against each point in checklist. Author

Author: This column is for reviewer. Reviewer shall fill Yes/No/NA against each point in checklist. Reviewer

Author: Detailed Description of the finding shall be provided by the reviewer. Description of finding by reviewer

Author: Defect type to be selected. Defect Type

Author: What action is taken to fix the comment & other remarks need to be filled by author. Remarks By Author

Author: Data in this column shall be filled by reviewer after checking whether the rework is completed. Status

Does Design folder contain only the model, data dictionary, and (optionally) a simulation setup script?

Yes

Does Doc folder contain a zipped HTML webview model?

Yes

Was webview model created without requirements highlighted?

Yes

Does Reports folder contain only the data dictionary verification report, zipped Model Advisor report, and zipped requirements traceability report?

Yes

Section 6: Other Issus/Actions Identified

Document

Reference

Summary of resolution

Author: Defect type to be selected. Defect Type

Author: What action is taken to fix the comment & other remarks need to be filled by author. Remarks By Author

Author: Data in this column shall be filled by reviewer after checking whether the rework is completed. Status

4.1

4.2

4.3

4.4

4.5

4.6

4.7

4.8

4.9

4.10

4.11

4.12

4.13

4.14

4.15

4.16

4.17

4.18

4.19

4.20

4.21

4.22

4.23

4.24

4.25

Section 7: APPROVALS

Role

First Review

Date

Attendance

Approval?

Function Owner*

Chang Wang (Author)

6/24/2016

Yes

Peer Reviewer*

Sudeep Shankar

Yes

Safety

Software

ESG / Systems

EPDT / CSE

Hardware

Test

Role

Second Review (if required)

Date

Attendance

Approval?

Function Owner*

Peer Reviewer*

Safety

Software

ESG / Systems

EPDT / CSE

Hardware

Test

Role

Third Review (if required)

Date

Attendance

Approval?

Function Owner*

Peer Reviewer*

Safety

Software

ESG / Systems

EPDT / CSE

Hardware

Test

Role

Fourth Review (if required)

Date

Attendance

Approval?

Function Owner*

Peer Reviewer*

Safety

Software

ESG / Systems

EPDT / CSE

Hardware

Test

Role

Add more if necessary

Date

Attendance

Approval?

P.S.:

Yes indicates adherence

No indicates non-adherence, reviewer shall provide suitable comments at the end of this document for each point.

NA indicates not applicable

Sheet 3: Template Change Log

Rev	Change	Author
01.00.05	Added lesson learned #3.5	MDK
01.00.06	Added lesson learned #3.6, 3.7 - Structure and writing of NVM in mfiles and models.	MDK
02.00.00	Combined ESG and Systems into one, compatible with Data_Management 2.13.0 of CreateDD and VerifyDD.	K. Derry
02.01.00	Added: Does FDD.DesignASIL match requirements? Added: Was webview model created without requirements highlighted? Removed: Redundant row in Data Dictionary section. Formatting: Column C now consistently center-justified.	K. Derry

2 - Component Implementation

Component Implementation

Component Documentation

2.1 - 1. Overview

Standards

Nexteer Manufacturing Services adhere to the ISO-14229 standard for Automotive Diagnostic Services as well as ISO-15765 (Transport Layer) standard for sending data packets over a CAN-Bus.

Connection Details

Request ID (to ECU): 0x712
Response ID (from ECU): 0x710

Byte Ordering

All data is transfered in Motorola format (most significant byte first - also known as big-endian).

NvM Values

For EA4, an ignition cycle or ECU reset is required to commit any and all stored values from Volatile Memory (RAM) to Non-Volatile Memory (NvM). When an auto trim, clear trim, write trim, or similar service is used to modify any value stored in NvM a flag is set within the controller indicating that the value is to be written to NvM on the next shutdown. The power cycle can be provided by means of a cycling of physical ignition (EPS ENA) or by issuing an ECU reset (11 60) service. The reception of a positive response from the ECU reset service indicates completion of NvM writes at which time it is safe to remove battery.

2.2 - 2. General Negative Responses

This is a comprehensive list of all negative response codes as defined by the ISO-14229 specification. A value of “Yes” in the columns below indicates that the NRC is applicable to ALL services of the corresponding type regardless of whether or not it is expressly listed in the “Unique Negative Responses” section of a specific service.

NRC	Description	0x22	0x2E	0x2F	0x31
0x11	General service not supported	Yes	Yes	Yes	Yes
0x12	Sub-function nut supported	No	No	Yes	Yes
0x13	Invalid length	Yes	Yes	Yes	Yes
0x22	Conditions not correct	No	No	No	No
0x24	Request sequence error	No	No	No	No
0x31	Request out of range	No	No	No	No
0x33	Security access denied	No	No	No	No
0x35	Invalid Key	No	No	No	No
0x36	Exceeded number of attempts	No	No	No	No
0x37	Time delay not expired	No	No	No	No
0x78	Request received, response pending	No	No	No	No
0x7E	Sub-function not supported in current session	No	No	No	No
0x7F	Service not supported in current session	Yes	Yes	Yes	Yes
0x81	Engine RPM too high	No	No	No	No
0x82	Engine RPM too low	No	No	No	No
0x83	Engine running	No	No	No	No
0x84	Engine not running	No	No	No	No
0x85	Engine run time too low	No	No	No	No
0x86	Temperature too high	No	No	No	No
0x87	Temperature too low	No	No	No	No
0x88	Vehicle speed too high	No	No	No	No
0x89	Vehicle speed too low	No	No	No	No
0x8A	Throttle too high	No	No	No	No
0x8B	Throttle too low	No	No	No	No
0x8C	Transmission not in neutral	No	No	No	No
0x8D	Transmission not in gear	No	No	No	No
0x8F	Brake not applied	No	No	No	No
0x90	Transmission not in park	No	No	No	No
0x92	Voltage too high	No	No	No	No
0x93	Voltage too low	No	No	No	No

2.3 - 3. Document Conventions

Terms

NvM: Non-Volatile Memory

Hexadecimal Values

Hexadecimal values in this document will always be prefixed with “0x”. Hexadecimal format values in transaction snippets will be represented by a pair of x’s, for example:

xx

ASCII Values

ASCII text strings in transaction snippets will be represented by a pair of a’s, for example:

aa

Bitfields (Binary Values)

Binary values in this document will always be prefixed with “0b”. Binary (or bitfield) values in transaction snippets will be represented by single ‘b’ characters, for example:

Binary values will always be in groups that are multiples of 8 bits. In cases where some bits are unused, the unused bits will be marked as “Reserved”, for example.

bbbb b b b b
|    | | | |
|    | | | '-- Bit 0
|    | | '-- Bit 1
|    | '-- Bit 2
|    '-- Bit 3
'-- Reserved

Reserved bits should be passed as zeros on writes and reads.

Grouped Bytes

If bytes are grouped (for example, 4 bytes used to represent a single 32-bit value) the transaction snippet will show the bytes as being connected using the ‘o’ character, for example:

xx xx xx xx
|  |  |  |
'--o--o--o-- Represents a 32-bit value

Grouped values are always in Motorola format (i.e. most-significant byte first).

Floating Point Numbers

Floating point values are represented in transaction snippets as four ‘f’ character pairs, for example:

ff ff ff ff
|  |  |  |
'--o--o--o-- Single-precision floating point value

The four pairs represent the four bytes of data transmitted over CAN that make up the single precision float value. The four pairs will always be grouped using the conventions outlined in section 2.3 above.

Grouped values are always in Motorola format (i.e. most-significant byte first).

Units

Units in transaction snippets will be called out inside a pair of square braces, for example:

[MotNwtMtr]

If no units are specified, then the signal’s units are assumed to be Counts.

Ranges

Ranges for signals in transaction snippets will be called out inside a pair of parentheses, for example:

(minimum, maximum)

If no range is specified, then the range for the signal’s value is assumed to be bounded by the signals type.

Type	Minimum	Maximum
uint8	0	255
uint16	0	65535
uint32	0	4294967295
sint8	-128	127
sint16	-32768	32767
sint32	-2147483648	2147483647
float32	error*	error*

*The float32 type does not have a specific minimum nor maximum value and thus each signal is required to provide a valid range specific to each.

Scale/Offset

Scale values for signals in transaction snippets will be called out inside a pair of curly braces, for example:

{*1/(2^16)}

The above scale would imply multiplying the raw value from the CAN bus by 1/65536 to achieve the scaled representation. An example including an offset would look like this:

{*1/(2^4) +11.0125}

In this second example, the raw value from the bus shall have a scale of 1/16 applied and then an offset of +11.0125 added. Offsets may be positive or negative as indicated by the preceding sign.

2.4 - CmnMfgSrv_PeerReviewChecklist

Overview

Summary Sheet
Davinci Files
Source Code
QAC

Sheet 1: Summary Sheet

Rev 6.0

28-Oct-14

Peer Review Summary Sheet

Component Name:

kzshz2: Intended Use: Identify which component is being reviewed. This should be the Module Short Name from Synergy Rationale: Required for traceability. It will help to ensure this form is not attaced to the the wrong change request. NM001A_CmnMfgSrv

Component Revision:

kzshz2: Intended Use: Identify which Synergy revision of this component is being reviewed Rationale: Required for traceability. It will help to ensure this form is not attaced to the the wrong change request. 0.16.0

Change Owner:

kzshz2: Intended Use: Identify the developer who made the change(s) Rationale: A change request may have more than one resolver, this will help identify who made what change. Change owner identification may be required by indusrty standards. Jared Julien

Change Request ID:

EA4#5582

kzshz2: Intended Use: Intended to identify at a high level to the reviewers which areas of the component have been changed. Rationale: This will be good information to know when ensuring appropriate reviews have been completed. Modified File Types:

kzshz2: Intended Use: Identify who where the reviewers, what they reviewed, and if the reviewed changes have been approved to release the code for testing. Comments here should be at a highlevel, the specific comments should be present on the specific review form sheet. Rationale: Since this Form will be attached to the Change Request it will confirm the approval and provides feedback in case of audits. ADD DR Level Move reviewer and approval to individual checklist form Review Checklist Summary:

Reviewed:

MDD

Source Code

Data Dictionary

QAC

Integration Manual

Davinci Files

Comments:

Did not run Polyspace nor create MDDs or Integration Manual. All of these updates are planned for the future.

General Guidelines:
- The reviews shall be performed over the portions of the component that were modified as a result of the Change Request. (Note: If this peer review form was not
completed for pervious versions of this component, the Change Owner should review the entire component and complete the checklist in its entirety prior and check
the form into Syngery. This may be done prior to reviewing the modifications for this Change Result)
- The Change Owner shall responsible for completing the entire checklist (Pre and Group review items) prior holding the initial group review.
- New components should include FDD Owner and Intergator as apart of the Group Review Board (Source Code, Integration Manual, and Davinci Files)
- Select "Yes" and add "N/A" to the comments for checklist items that are not applicable for this change

Sheet 2: Davinci Files

Rev 6.0

28-Oct-14

Peer Review Meeting Log (Davinci Review)

Quality Check Items:

Yes

Rationale is required for all answers of No

Pre-review checklist for change owners

DCF: Latest StdDef imported

Comments:

DCF: Only StdDef Port types are used (if not

Comments:

add justification)

DCF: All unused definitions removed

Comments:

*Cfg.arxml.TT: Verfied Davinci Configurator imported the

Comments:

N/A

change correctly

kzshz2: Either a generic sandbox or a baselined integration project can be used to verify

*Cfg.h.TT: Verfied Davinci Configurator generates

Comments:

N/A

the configuration header(s) file correctly

kzshz2: Either a generic sandbox or a baselined integration project can be used to verify

Group-review for review board

All changed files have been compared against previous

Comments:

versions (If available)

kzshz2: Intended Use: Identify if previous version was compared and only the expected change(s) was present. This is for text files only, not binary or GUIs Rationale: This is helpful in identifying unapproved (intended or mistaken) changes.

DCF:Automated validation check is performed

Comments:

DCF: Inputs/Outputs match names from requirements

Comments:

DCF: Inputs/Outputs configuration paremeters

Comments:

reviewed

kzshz2: Intended Use: All changed inputs have been reviewed to ensure configuration parameters (i.e. Buffered vs Direct read/writes) are correct. This includes signal grouping when signal consistency is required by the FDD

DCF: Sender/Reciever Ports type and default values

Comments:

match their corresponding ports (internal/external)

kzshz2: Intended Use: Identify if all the Sender/Reciever ports are compatibale with there connecting ports. Rationale: This will help to avoid errors when this component is being integrated into a project.

DCF: Ports prototype and default values

Comments:

match their corresponding ports (internal/external)

kzshz2: Intended Use: Identify if all the Server/Client ports are compatibale with there connecting ports. Rationale: This will help to avoid errors when this component is being integrated into a project.

DCF: Server runnable variables are using direct

Comments:

N/A

read/writes

DCF: Runnable calling frequencies match requirements

Comments:

No formal requirements

General Notes / Comments:

LN: Intended Use: Identify who were the reviewers and if the reviewed changes have been approved. Rationale: Since this Form will be attached to the Change Request it will confirm the approval and provides feedback in case of audits. KMC: Group Review Level removed in Rev 4.0 since the design review is not checked in until approved, so it would always be DR4. Review Board:

Change Owner:

Jared Julien

Review Date :

05/06/16

Lead Peer Reviewer:

Kevin Smith

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 3: Source Code

Rev 6.0

28-Oct-14

Peer Review Meeting Log (Source Code Review)

Source File Name:

kzshz2: Intended Use: Identify which .asm, .c, or .h file is being reviewed Rationale: Required for traceability. It will help to ensure this sheet is not attached to the wrong design review form. *.c

Source File Revision:

kzshz2: Intended Use: Identify which version of the source file is being review. Rationale: Required for traceability between source code and review. Auditors will likely require this. N/A

Module Design Document Name:

kzshz2: Intended Use: Identify which version of the MDD this source file was written against. Rationale: Needed for traceability between source code and MDD N/A

MDD Revision:

kzshz2: Intended Use: Identify which version of the MDD this source file was written against. Rationale: Needed for traceability between source code and MDD N/A

Data Dictionary Revision:

kzshz2: Intended Use: Identify which version of the Data Dictionary was referenced for ranges during the source file review. Rationale: Needed for traceability between source code and DD N/A

FDD/SER/CMS

and Revision:

nz63rn: Intended Use: Identify which version of which FDD/CMS/SER this source file was written against. Rationale: Needed for traceability between source code and FDD/CMS/SER N/A

Quality Check Items:

Yes

Rationale is required for all answers of No

Pre-review checklist for change owners

Software Naming Convention V1.2 followed:

for variable names

Comments:

for constant names

Comments:

N/A

for function names

Comments:

for other names (component, memory

Comments:

mapping handles, typedefs, etc.)

All buffered outputs written in every path, i.e. no

Comments:

possibility of an uninitialized value being written

Group-review Checklist (review board)

Synergy version matches change history

kzshz2: Intended Use: Indicate that the the versioning was confirmed by the peer reviewer(s). Rationale: There have been many occassions where versions were not updated in files and as a result Unit Test were referencing wrong versions. This often time leads to the need to re-run of batch tests.

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Comments:

and CR number

Code accurately implements FDD (Document or Model)

Comments:

N/A

No Compiler Errors or Warnings verified

KMC: Intended Use: To confirm no compiler errors or warnings exist for the code under review (warnings from contract header files may be ignored). Rationale: This is needed to ensure there will be no errors discovered at the time of integration. A Sandox project should be used; QAC can find compiler errors but not warnings.

Comments:

FDD test points exist as display variables: declared

Comments:

N/A

static volatile, written once and never used, names

match the FDD

Software Design and Coding Standards V2.0 followed:

Code comments are clear, correct, and adequate

Comments:

and have been updated for the change: [N40] and

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Comments:

"magic numbers": [N12]

All variables and constants defined at module

Comments:

level are included in appropriate MemMap

section: [N25] and Naming Conventions

All execution-order-dependent code can be

Comments:

recognized by the compiler: [N80]

No possibility of a non-terminating loop: [N63]

Comments:

No possibility of divide by zero: [N65]

Comments:

All integer division and modulus operations

Comments:

N/A

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

Comments:

N/A

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

No possibility of converting a negative floating

Comments:

N/A

point value to an unsigned type: [N67]

All conversions between signed and unsigned

Comments:

N/A

types handle msb==1 as intended: [N78]

No possibility of dereferencing a null

Comments:

pointer: [N70]

Global outputs (RTE and Non-RTE) Initialized:

Comments:

[N24]

Module outputs are limited to the legal range

Comments:

defined in the FDD Data dictionary: [N53]

All code is mapped with FDD (all FDD

Comments:

subfunctions and/or model blocks identified

with code comments; all code corresponds to

some FDD subfunction and/or model block): [N40]

Struct types used for NvM have

Comments:

N/A

elements declared in decreasing order by size

and are not nested or used in arrays: [N84], [N85]

No violations of other coding standard rules

Comments:

identified during review

General Notes / Comments:

Updates made to SrvFD70 (3), SrvFDF4 (3), SrvFDF5 (3), SrvFE88 (1), SrvFE89 (1), SrvFE8A (1), SrvFE8B (1), SrvFEA2 (2)

Change Owner:

Jared Julien

Review Date :

05/06/16

Lead Peer Reviewer:

Kevin Smith

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 4: QAC

Rev 6.0

28-Oct-14

Peer Review Meeting Log (QAC Review)

Module Name:

kzshz2: Intended Use: Identify which .c file is being analyzed Rationale: Required for traceability. It will help to ensure this sheet is not attached to the wrong design review form. CmnMfgSrv

Source File Revision:

N/A

Module

Compliance Guidelines Version:

Working EA4 guideline

kzshz2: Intended Use: Identify specific changes in results (new violation present, previous violation corrected, etc.). Changes to the version of the tool or the way the results were gathered should be described here also. This should be filled out prior to the review by the change owner. Rationale: Gives reviewers an what needs to be focused on. Forces the change owner to compare with previous results to catch any differences that may otherwise go unoticed Brief Summary of Changes (In Results or Tool):

Quality Check Items:

Yes

Rationale is required for all answers of No

Pre-review
checklist for change owners

QAC version is correct and did not change (List version)

kzshz2: Intended Use: Identify which version of the QAC Subproject was used and if any of the personalities may have changed. Rationale: Will help ensure this is factored into evaluating the results

Comments:

TL100A_QACSuprt_1.2.0

Contract Folder's header files are appropriate

kzshz2: Intended Use: Identify that the contract folder contains only the information required for this component. All other variables, constants, function prototypes, etc. should be removed. Rationale: This will help avoid unit testers having to considers object not used. It will also avoid having other files required for QAC.

Comments:

Group-review Checklist (review board)

100% Compliance to the MISRA Compliance Guidelines

Comments:

Cyclomatic complexity and Static path count ok per

Creager, Kathleen: use Browse Function Metrics, STCYC and STPTH

Comments:

Design and Coding Standards rule [N47]

General Notes / Comments:

QAC Run against ALL source files - one tab used to document all files.

Change Owner:

Jared Julien

Review Date :

03/24/16

Lead Peer Reviewer:

Sankardu Varadapureddi

Approved by Reviewer(s):

Yes

Other Reviewer(s):

3 - Component Implementation

Component Implementation

4 - Component Implementation

Component Implementation

Component Documentation

4.1 - MotVelCtrl_IntegrationManual

Integration Manual

For

MotVelCtrl

VERSION: 1.0

DATE: 16-Feb-2016

Prepared By:

Sankardu Varadapureddi,

Nexteer Automotive,

Saginaw, MI, USA

Location: The official version of this document is stored in the Nexteer Configuration Management System.

Revision History

Sl. No.	Description	Author	Version	Date
1	Initial version	Sankardu Varadapureddi	1.0	16-Feb-2016

Table of Contents

1 Abbrevations And Acronyms 4

2 References 5

3 Dependencies 6

3.1 SWCs 6

3.2 Global Functions(Non RTE) to be provided to Integration Project 6

4 Configuration REQUIREMeNTS 7

4.1 Build Time Config 7

4.2 Configuration Files to be provided by Integration Project 7

4.3 Da Vinci Parameter Configuration Changes 7

4.4 DaVinci Interrupt Configuration Changes 7

4.5 Manual Configuration Changes 7

5 Integration DATAFLOW REQUIREMENTS 8

5.1 Required Global Data Inputs 8

5.2 Required Global Data Outputs 8

5.3 Specific Include Path present 8

6 Runnable Scheduling 9

7 Memory Map REQUIREMENTS 10

7.1 Mapping 10

7.2 Usage 10

7.3 NvM Blocks 10

8 Compiler Settings 11

8.1 Preprocessor MACRO 11

8.2 Optimization Settings 11

9 Appendix 12

Abbrevations And Acronyms

Abbreviation	Description
DFD	Design functional diagram
MDD	Module design Document

References

This section lists the title & version of all the documents that are referred for development of this document

Sr. No.	Title	Version
1	FDD : NM100A_ MotVelCtrl_Design	See Synergy sub project version
2	Software Naming Conventions	2.0
3	Software Design and Coding Standards	2.1
4	Integration Manual Template	1.3

Dependencies

SWCs

Module	Required Feature
None

Global Functions(Non RTE) to be provided to Integration Project

None

Configuration REQUIREMeNTS

Build Time Config

Modules	Notes
None

Configuration Files to be provided by Integration Project

None

Da Vinci Parameter Configuration Changes

Parameter	Notes	SWC
None

DaVinci Interrupt Configuration Changes

ISR Name	VIM #	Priority Dependency	Notes
None

Manual Configuration Changes

Constant	Notes	SWC
None

Integration DATAFLOW REQUIREMENTS

Required Global Data Inputs

Refer DataDict.m file

Required Global Data Outputs

Refer DataDict.m file

Specific Include Path present

Runnable Scheduling

This section specifies the required runnable scheduling.

Init	Scheduling Requirements	Trigger
MotVelCtrlInit1	None	RTE (Init)

Runnable	Scheduling Requirements	Trigger
MotVelCtrlPer1	None	RTE (2ms)

Server Runnable	Scheduling Requirements	Trigger
GetCtrlPrm_Oper	None	On event
SetCtrlPrm_Oper	None	On event
StopCtrl_Oper	None	On event
StrtCtrl_Oper	None	On event

Memory Map REQUIREMENTS

Mapping

Memory Section	Contents	Notes
None

* Each …START_SEC… constant is terminated by a …STOP_SEC… constant as specified in the AUTOSAR Memory Mapping requirements.

Usage

Feature	RAM	ROM
None

Table 1: ARM Cortex R4 Memory Usage

NvM Blocks

None

Compiler Settings

Preprocessor MACRO

None.

Optimization Settings

None.

Appendix

None

4.2 - MotVelCtrl_MDD

Module Design Document

For

MotVelCtrl

May 4, 2016

Prepared For:

Software Engineering

Nexteer Automotive,

Saginaw, MI, USA

Prepared By:

Nick Saxton,

Nexteer Automotive,

Saginaw, MI, USA
Change History

Description	Author	Version	Date
Initial Version	Sankardu Varadapureddi	1	17-Feb-2016
Input name change	Nick Saxton	2	04-May-2016

Table of Contents

1 Introduction 5

1.1 Purpose 5

1.2 Scope 5

2 MotVelCtrl High-Level Description 6

3 Design details of software module 7

3.1 Graphical representation of MotVelCtrl 7

3.2 Data Flow Diagram 7

3.2.1 Component level DFD 7

3.2.2 Function level DFD 7

4 Constant Data Dictionary 8

4.1 Program (fixed) Constants 8

4.1.1 Embedded Constants 8

5 Software Component Implementation 9

5.1 Sub-Module Functions 9

5.1.1 Init: MotVelCtrlInit1 9

5.1.1.1 Design Rationale 9

5.1.1.2 Module Outputs 9

5.1.2 Per: MotVelCtrlPer1 9

5.1.2.1 Design Rationale 9

5.1.2.2 Store Module Inputs to Local copies 9

5.1.2.3 (Processing of function)……… 9

5.1.2.4 Store Local copy of outputs into Module Outputs 9

5.2 Server Runables 9

5.2.1 GetCtrlPrm_Oper 9

5.2.1.1 Design Rationale 9

5.2.1.2 (Processing of function)……… 9

5.2.2 SetCtrlPrm_Oper 9

5.2.2.1 Design Rationale 9

5.2.2.2 (Processing of function)……… 9

5.2.3 StopCtrl_Oper 10

5.2.3.1 Design Rationale 10

5.2.3.2 (Processing of function)……… 10

5.2.4 StrtCtrl_Oper 10

5.2.4.1 Design Rationale 10

5.2.4.2 (Processing of function)……… 10

5.3 Interrupt Functions 10

5.4 Module Internal (Local) Functions 10

5.4.1 Local Function #1 10

5.4.1.1 Description 10

5.5 GLOBAL Function/Macro Definitions 11

6 Known Limitations with Design 12

7 UNIT TEST CONSIDERATION 13

Appendix A Abbreviations and Acronyms 14

Appendix B Glossary 15

Appendix C References 16

Introduction

Purpose

Scope

MotVelCtrl High-Level Description

Refer to FDD

Design details of software module

Graphical representation of MotVelCtrl

Data Flow Diagram

Refer FDD

Component level DFD

Function level DFD

Constant Data Dictionary

Program (fixed) Constants

Embedded Constants

Constant Name	Resolution	Units	Value
ONEOVERTWOMPLR_ULS_F32	1	Cnt	0.5

For other constants, refer .m file.

Local Constants

Software Component Implementation

Sub-Module Functions

Init: MotVelCtrlInit1

Design Rationale

Refer FDD

Module Outputs

Refer FDD

Per: MotVelCtrlPer1

Design Rationale

Refer FDD

Store Module Inputs to Local copies

Refer FDD

(Processing of function)………

Refer FDD

Store Local copy of outputs into Module Outputs

Refer FDD

Server Runables

GetCtrlPrm_Oper

Design Rationale

Refer FDD

(Processing of function)………

Refer FDD

SetCtrlPrm_Oper

Design Rationale

Refer FDD

(Processing of function)………

Refer FDD

StopCtrl_Oper

Design Rationale

Refer FDD

(Processing of function)………

Refer FDD

StrtCtrl_Oper

Design Rationale

Refer FDD

(Processing of function)………

Refer FDD

Interrupt Functions

None

Module Internal (Local) Functions

Local Function #1

Function Name	FPIDControl	Type	Min		Max
Arguments Passed	MotVelTarSlewed_MotRadPerSec_T_f32	float32	- 183500	183500
	MotVelCrf_MotRadPerSec_T_f32	float32	-1350	1350
Return Value	PIDCmdLimid_MotNwtMtr_T_f32	float32	-8.8	8.8

Description

Blocks "F_PID Control_1" , "F_PID Control_2" and "F_PID Control_3" are of same functionality in the FDD. This sub function corresponds to those blocks implementation.

GLOBAL Function/Macro Definitions

None

Known Limitations with Design

None.

UNIT TEST CONSIDERATION

None

Abbreviations and Acronyms

Abbreviation or Acronym	Description

Glossary

Note: Terms and definitions from the source “Nexteer Automotive” take precedence over all other definitions of the same term. Terms and definitions from the source “Nexteer Automotive” are formulated from multiple sources, including the following:

ISO 9000
ISO/IEC 12207
ISO/IEC 15504
Automotive SPICE® Process Reference Model (PRM)
Automotive SPICE® Process Assessment Model (PAM)
ISO/IEC 15288
ISO 26262
IEEE Standards
SWEBOK
PMBOK
Existing Nexteer Automotive documentation

Term	Definition	Source
MDD	Module Design Document
DFD	Data Flow Diagram

References

Ref. #	Title	Version
1	AUTOSAR Specification of Memory Mapping (Link:AUTOSAR_SWS_MemoryMapping.pdf)	v1.3.0 R4.0 Rev 2
2	MDD Guideline	EA4 01.00.01
3	Software Naming Conventions.doc	2.0
4	Software Design and Coding Standards.doc	2.1
5	FDD : NM100A_ MotVelCtrl_Design	See Synergy sub project version

4.3 - MotVelCtrl_Review

Overview

Summary Sheet
Synergy Project
Source Code
PolySpace

Sheet 1: Summary Sheet

Rev 1.2

8-Jun-15

Peer Review Summary Sheet

Synergy Project Name:

Revision / Baseline:

Change Owner:

Work CR ID:

EA4#6423

Reviewed:

MDD

Yes

Source Code

Yes

PolySpace

Integration Manual

Davinci Files

Comments:

Only reviewed changes

General Guidelines:
- The reviews shall be performed over the portions of the component that were modified as a result of the Change Request.
- New components should include FDD Owner and Integrator as apart of the Group Review Board (Source Code, Integration Manual, and Davinci Files)
- Enter any rework required into the comment field and select No. When the rework is complete, review again using this same review sheet and select Yes. Add date and additional comment stating that the rework is completed.
- To review a component with multiple source code files use the "Add Source" button to create a Source code tab for each source file.
- .h file should be reviewed with the source file as part of the source file.

Sheet 2: Synergy Project

Peer Review Meeting Log (Component Synergy Project Review)

Quality Check Items:

Rationale is required for all answers of No

New baseline version name from Summary Sheet follows

Yes

Comments:

naming convention

Project contains necessary subprojects

Yes

Comments:

Project contains the correct version of subprojects

Yes

Comments:

Design subproject is correct version

Yes

Comments:

General Notes / Comments:

Change Owner:

Nick Saxton

Review Date :

07/11/16

Lead Peer Reviewer:

Krishna Anne

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 3: Source Code

Rev 1.2

8-Jun-15

Peer Review Meeting Log (Source Code Review)

Source File Name:

MotVelCtrl.c

Source File Revision:

Header File Name:

Header File Revision:

kzshz2: Intended Use: Identify which version of the source file is being review. Rationale: Required for traceability between source code and review. Auditors will likely require this.

MDD Name:

MotVelCtrl_MDD.docx

Revision:

FDD/SCIR/DSR/FDR/CM Name:

NM100A_MotVelCtrl_Design

Revision:

1.4.0

Quality Check Items:

Rationale is required for all answers of No

Working EA4 Software Naming Convention followed:

for variable names

Yes

Comments:

for constant names

Yes

Comments:

for function names

N/A

Comments:

for other names (component, memory

N/A

Comments:

mapping handles, typedefs, etc.)

All paths assign a value to outputs, ensuring

Yes

Comments:

all outputs are initialized prior to being written

Requirements Tracability tags in code match the requirements tracability in the FDD

N/A

Comments:

requirements tracability in the FDD

All variables are declared at the function level.

Yes

Comments:

Synergy version matches change history

Yes

Comments:

and Version Control version in file comment block

Change log contains detailed description of changes

Yes

Comments:

and Work CR number

Code accurately implements FDD (Document or Model)

Yes

Comments:

Verified no Compiler Errors or Warnings

Yes

Comments:

Component.h is included

N/A

Comments:

All other includes are actually needed. (System includes

N/A

Comments:

only allowed in Nexteer library components)

Software Design and Coding Standards followed:

Version: 2.1

Code comments are clear, correct, and adequate

Yes

Comments:

and have been updated for the change: [N40] and

all other rules in the same section as rule [N40],

plus [N75], [N12], [N23], [N33], [N37], [N38],

[N48], [N54], [N77], [N79], [N72]

Source file (.c and .h) comment blocks are per

Yes

Comments:

standards and contain correct information: [N41], [N42]

Function comment blocks are per standards and

N/A

Comments:

contain correct information: [N43]

Code formatting (indentation, placement of

Yes

Comments:

braces, etc.) is per standards: [N5], [N55], [N56],

[N57], [N58], [N59]

Embedded constants used per standards; no

Yes

Comments:

"magic numbers": [N12]

Memory mapping for non-RTE code

N/A

Comments:

is per standard

All execution-order-dependent code can be

Yes

Comments:

recognized by the compiler: [N80]

All loops have termination conditions that ensure

N/A

Comments:

finite loop iterations: [N63]

All divides protect against divide by zero

N/A

Comments:

if needed: [N65]

All integer division and modulus operations

N/A

Comments:

handle negative numbers correctly: [N76]

All typecasting and fixed point arithmetic,

N/A

Comments:

including all use of fixed point macros and

timer functions, is correct and has no possibility

of unintended overflow or underflow: [N66]

All float-to-unsiged conversions ensure the.

N/A

Comments:

float value is non-negative: [N67]

All conversions between signed and unsigned

N/A

Comments:

types handle msb==1 as intended: [N78]

All pointer dereferencing protects against

N/A

Comments:

null pointer if needed: [N70]

Component outputs are limited to the legal range

Yes

Comments:

defined in the FDD DataDict.m file : [N53]

All code is mapped with FDD (all FDD

Yes

Comments:

subfunctions and/or model blocks identified

with code comments; all code corresponds to

some FDD subfunction and/or model block): [N40]

Review did not identify violations of other

Yes

Comments:

coding standard rules

Anomaly or Design Work CR created

N/A

Comments: List Anomaly or CR numbers

for any FDD corrections needed

General Notes / Comments:

Change Owner:

Nick Saxton

Review Date :

07/11/16

Lead Peer Reviewer:

Krishna Anne

Approved by Reviewer(s):

Yes

Other Reviewer(s):

Sheet 4: PolySpace

Rev 1.2

8-Jun-15

Peer Review Meeting Log (QAC/PolySpace Review)

Source File Name:

MotVelCtrl.c

Source File Revision:

Source File Name:

Source File Revision:

Source File Name:

Source File Revision:

EA4 Static Analysis Compliance Guideline version:

01.01.00

Poly Space version:

Windows User: eg. 2013b 2013b

Polyspace sub project version:

Windows User: eg. TL108a_PolyspaceSuprt_1.0.0 TL108A_PolyspaceSuprt_1.0.0

QAC version:

Windows User: eg 8.1.1-R 8.1.1-R

QAC sub project version:

Windows User: eg. TL_100A_1.1.0 TL100A_QACSuprt_1.2.0

Quality Check Items:

Rationale is required for all answers of No

Contract Folder's header files are appropriate and

Yes

Comments:

function prototypes match the latest component version

100% Compliance to the EA4 Static Analysis

Yes

Comments:

Compliance Guideline

Are previously added justification and deviation

Yes

Comments:

comments still appropriate

Do all MISRA deviation comments use approved

Yes

Comments:

deviation tags

Cyclomatic complexity and Static path count OK

Creager, Kathleen: use Browse Function Metrics, STCYC and STPTH

Yes

Comments:

for all functions in the component per Design

and Coding Standards rule [N47]

General Notes / Comments:

Change Owner:

Nick Saxton

Review Date :

07/11/16

Lead Peer Reviewer:

Krishna Anne

Approved by Reviewer(s):

Yes

Other Reviewer(s):

5 - Component Implementation

Component Implementation

6 - Component Implementation

Component Implementation

7 - Component Implementation