ShutdownSequence
GetShutdownOngoing
BswM_Restart
BswM_FinalizeShutdown
BswM_SHUTDOWN_NvMWriteAll
BSWM Shutdown Sequence
Mode Requestor
ACTIONS
RULE
ACTION LIST
ACTIONS
RULE
ACTION LIST
ACTIONS
RULE
ACTION LIST
ACTIONS
Soft Reset Request
BswM_ShtdwnHndlg_PrepShutdown
BswM_DiagCMgrPwrDwn
Hard Reset Request
Shutdown Sequence
Reprogramming Request
Switch Off Request
Request
Download
BswM_PrepShutdownStatesDef = PREPSHUTDOWN_REPROGRAM
BswM_RequestMode
Rte_SysStMod_SysSt_Val == OFF
BswM_MainFunction
BswM_PrepShutdownStatesImm = PREPSHUTDOWN_HARDRESET
BSWM_PREPSHUTDOWN
PREPSHUTDOWN
ChangeMode_PrepShutdown
BSWM_STATE = BSWM_PREP_SHUTDOWN
BswM_RequestMode
Dem_Shutdown
EcuM_SelectShutdownTarget(ECUM_STATE_RESET, RESET_MCU)
EcuM_SelectShutdownTarget(ECUM_STATE_OFF, 0)
EcuM_SelectShutdownTarget(ECUM_STATE_RESET, RESET_MCU)
BswM_ShutdownStates = GOOFFONE_REPROGRAM
BswM_RequestMode
BswM_ShutdownStates = GOOFFONE_SWITCHOFF
BswM_ShutdownStates = GOOFFONE_HARDRESET
BswM_RequestMode
BswM_RequestMode
BSWM_GOOFFONE
GOOFFONE
ChangeMode_GoOffOne
BSWM_STATE = BSWM_GO_OFF_ONE_A
BswM_RequestMode
BSWM STATE
(Normal Shutdown)
RUN
PREP
SHUTDOWN
GO OFF ONE A
BswM_PrepShutdownStatesDef = PREPSHUTDOWN_SOFTRESET
EcuM_SelectShutdownTarget(ECUM_STATE_RESET, RESET_MCU)
BswM_ShutdownStates = GOOFFONE_SOFTRESET
BswM_RequestMode
BSWM_RESTART
RESTART
DiagcMgrPwrDwn_Oper()
DiagcMgrPwrDwn_Oper()
DiagcMgrPwrDwn_Oper()
Dem_Init
BSWM STATE
(Restart)
RUN
PREP
SHUTDOWN
GO OFF ONE A
RESTART
RUN
NvM_WriteAll()
Is (Request still ONGOING)?
NvM_Mainfunction()
Fee_Mainfunction()
Fls_Mainfunction()
Get Request status
NvM_GetErrorStatus
Yes
End
No
NvM_WriteAll()
Is (Request still ONGOING)?
NvM_Mainfunction()
Fee_Mainfunction()
Fls_Mainfunction()
Get Request status
NvM_GetErrorStatus
Yes
End
No
Reprogramming request flag is cleared from Backup RAM
FLSPROGMREQ cleared for BRAMDAT1
EcuM_ClearValidatedWakeupEvent(0x2)
EcuM_GoDown(FlexUser_BswM)
End
Stop CAN Communication (TBD)
Is BswM_ShutdownState != RESTART
Yes
Reprogramming request flag is cleared from Backup RAM
FLSPROGMREQ cleared for BRAMDAT1
EcuM_ClearValidatedWakeupEvent(0x2)
EcuM_GoDown(FlexUser_BswM)
End
No
Reprogramming request flag is cleared from Backup RAM
FLSPROGMREQ cleared for BRAMDAT1
Stop CAN Communication
Write Close Check Block() with value 0x00FF00FF
Has WriteAll completed Successfully?
If(BswM_WrAllFaild_Uls_M_u8 == 0x55?
Write Close Check Block() with value 0xFFAAFF55
No
Yes
EcuM_ClearValidatedWakeupEvent(0x2)
EcuM_GoDown(FlexUser_BswM)
End
Stop CAN Communication
Write Close Check Block() with value 0x00FF00FF
Has WriteAll completed Successfully?
If(BswM_WrAllFaild_Uls_M_u8 == 0x55?
Write Close Check Block() with value 0xFFAAFF55
No
Yes
EcuM_ClearValidatedWakeupEvent(0x2)
EcuM_GoDown(FlexUser_BswM)
End
Stop CAN Communication
Write Close Check Block() with value 0x00FF00FF
Has WriteAll completed Successfully?
If(BswM_WrAllFaild_Uls_M_u8 == 0x55?
Write Close Check Block() with value 0xFFAAFF55
No
Yes
Update Ignition counter and MEC counter
CallNonTrustedFunction(NtWrapS_CmnMfgSrvInit, NULL_PTR)
Activate all supervised Entities
Release Resource to enable execution of all tasks
Call_BswM_ReleaseResource()
BSWM_STATE = BSWM_RUN
Using Font Awesome for the icon for
Get Resource to disable execution of all tasks
Call_BswM_GetResource()
Deactivate all supervised Entities
Get Resource to disable execution of all tasks
Call_BswM_GetResource()
Get Resource to disable execution of all tasks
Call_BswM_GetResource()
Call NvMProxy function to set the RAM Block Status of those NvM blocks whose RAM Block status is made to “Changed” in the Init runnable
Using Font Awesome for the icon for
Deactivate all supervised Entities
Get Resource to disable execution of all tasks
Call_BswM_GetResource()
Deferred
Deferred
Deferred
Forced Immediate
Immediate
Immediate
Immediate
Forced Immediate
Deferred
Immediate
Forced Immediate
NvM_WriteAll()
Is (Request still ONGOING) and (BswM_RstrtReq == NONE)?
NvM_Mainfunction()
Fee_Mainfunction()
Fls_Mainfunction()
Get Request status
NvM_GetErrorStatus
Yes
Get Ignition status
IoHwAb_GetGpioMcuEna_Oper
Is Ignition turned ON?
No
NvM_KillWriteAll
Yes
BswM_RequestMode
No
BswMState = RESTART
BswM_RstrtReq = NONE
BswM_WrAllFaild_Uls_M_u8 = 0x55
Cancel WriteAll request
NvM_CancelWriteAll()
NvM_Mainfunction()
Fee_Mainfunction()
Fls_Mainfunction()
Get Request status
NvM_GetErrorStatus
Get current Time
GetRefTmr100MicroSec32bit_Oper(&WrCncl_Cnt_T_u32)
Get elapsed time
GetTiSpan100MicroSec32bit_Oper(WrCncl_Cnt_T_u32, &WrCnclDurn_Cnt_T_u32)
Is (Request still ONGOING) and (elapsed time within desired limit)?
Yes
Is WriteAll result still pending?
Yes
Yes
BswM_RstrtReq = RESTART
Disable Sector Switch operation
Fee_DisableFss()
Is (Request result == NOT_OK) and (BswM_RstrtReq == NONE)?
BswM_WrAllFaild_Uls_M_u8 = 0xAAU
Yes
No
Enable Sector Switch operation
Fee_EnableFss()
EotLrngNvRamSts_Uls_M_u8 = NVM RAM block “Changed” status of EOT Lrng block
Forced Immediate
Call to Disable FSS will stop any foreground sector swap that is in progress at the time of the CancelWriteAll request.
EcuM_GoDown
EcuM_OnGoOffOne: Rte_Stop()
EcuM_ShutdownOS: ActivateTask(Task_Shutdown_Appl0)
EcuM_OnGoOffTwo()
This function is not expected to return. It will trigger an endless while loop within which the ECU will be either reset via NxtrSwRst or showdown by bringing the TOD pin LOW.
EcuM_OnGoOffOne is a callout function, but because we only call Rte_Stop from the callout it was condensed here for simplicity.
EcuM_ShutdownOS is a callout function, but because we only activate the shutdown task from the callout it was condensed here for simplicity.
ShutdownOS is called from the special Shutdown Task which is mapped to application 0. This is because Vector suggested that ShutdownOS be called from a trusted application and application 0 is trusted. Activation of this task will cause the OS to be shutdown and no further tasks to be executed.
EcuM_OnGoOffTwo
Ignition On?
IoHwAb_SetGpioPwrTurnOffCtrl_Oper(STD_LOW)
No
NxtrSwRst(MCUDIAGC_FLSPROGMREQ, BRAMDAT1)
BswM Shutdown State == REPROGRAM?
Yes
Yes
BswM Shutdown State == SOFTRESET?
BswM Shutdown State == HARDRESET?
NxtrSwRst(MCUDIAGC_SOFTRST, 0U)
NxtrSwRst(MCUDIAGC_HARDRST, 0U)
NxtrSwRst(MCUDIAGC_PWRONRST, 0U)
No
No
No
Yes
Yes
Use of an endless while() loop will cover for situation where ignition possibly switches on before TOD goes low which would then trigger a reset rather than getting stuck.
BRAMDAT1 is pre-populated with the length provided in the service 34 request and is needed by the bootloader. It’s value must be retained when issuing the reset.
This will be the case in the event of a quick ignition cycle as BswM shutdown state will indicate SWITCHOFF even though ignition is back on now. A power on reset was selected over hard/soft resets to avoid sending positive service response on init.
STARTUP_TWO_A
RUN
PREP_SHUTDOWN
BswM_Init
End of ECU Initialization
Reprogram Request/
Switch Off request from State and Mode Component/
Hard Reset request from Diagnostics/
Soft Reset request from Diagnostics/
GO_OFF_ONE_A
Completion of DEM and DiagMgr DeInitialization
RESTART
If Ignition Line goes high
On Completion of ReInitialization
STARTUP
EcuM_Init
STARTUP_ONE
After Initialization of
Non-PB Modules
STARTUP_TWO
RUN
GO_OFF_ONE
OS Start
Completion of SchM and
BswM Initialization
On call of EcuM_GoDown
GO_OFF_TWO
After OS Shutdown.
On call of EcuM_Shutdown