模式是车辆中运行的各种状态机(不仅仅是 ECU 管理器)的一组特定状态,与特定实体、应用程序或整个车辆相关(A mode is a set of specific states of various state machines (not just the ECU manager) running in the vehicle, which is related to a specific entity, application, or the entire vehicle)
Phase
ECU 管理器操作和事件的逻辑或时间组合,例如启动、启动、关闭、休眠……阶段可以由子阶段组成,如果子阶段主要存在以将执行的操作序列分组为逻辑单元,则通常称为序列。(A logical or temporal combination of ECU manager operations and events, such as startup, boot, shutdown, sleep… A phase can consist of sub-phases, and if a sub-phase mainly exists to group the sequence of operations performed into logical units, it is usually called a sequence)
Shutdown Target
在 ECU 进入休眠状态、断电或重置之前,必须将其关闭。因此,SLEEP、OFF 和 RESET 是有效的关闭目标。通过选择关闭目标,应用程序可以将其对下次关闭后 ECU 行为的期望传达给 ECU 管理器模块。 (Before the ECU enters the sleep state, powers off, or resets, it must be shut down. Therefore, SLEEP, OFF, and RESET are valid shutdown targets. By selecting a shutdown target, the application can convey its expectations for the ECU’s behavior after the next shutdown to the ECU manager module)
Phase
ECU 管理器操作和事件的逻辑或时间组合,例如启动、启动、关闭、休眠……阶段可以由子阶段组成,如果子阶段主要存在以将执行的操作序列分组为逻辑单元,则通常称为序列。(A logical or temporal combination of ECU manager operations and events, such as startup, boot, shutdown, sleep… A phase can consist of sub-phases, and if a sub-phase mainly exists to group the sequence of operations performed into logical units, it is usually called a sequence)
Wakeup Event
导致唤醒的物理事件。CAN 消息或切换 IO 线可以是唤醒事件。同样,内部 SW 表示(例如中断)也可以称为唤醒事件。 (A physical event that causes wakeup. A CAN message or a switched IO line can be a wakeup event. Similarly, an internal software representation (such as an interrupt) can also be called a wakeup event)
Wakeup Reason
导致唤醒的物理事件。CAN 消息或切换 IO 线可以是唤醒事件。同样,内部 SW 表示(例如中断)也可以称为唤醒事件。 (A physical event that causes wakeup. A CAN message or a switched IO line can be a wakeup event. Similarly, an internal software representation (such as an interrupt) can also be called a wakeup event)
EcuM is mainly used to manage ECU states. It manages the operating state of the ECU and controls operations such as ECU startup, shutdown, sleep, and wake-up. Specifically, the EcuM module mainly accomplishes the following functions:
初始化和取消初始化OS、SchM和BswM以及一些基本软件驱动模块。
Initializes and deinitializes OS, SchM, BswM, and some basic software driver modules.
根据请求将 ECU 配置为休眠和关机。
Configures the ECU for sleep and shutdown according to requests.
As shown in Figure EcuM层次图 (EcuM Hierarchy Diagram), the EcuM module is located in the system service layer of the AUTOSAR architecture. It is directly connected to modules such as SchM, BswM, Os, and Mcu, and works together with these modules to complete operations such as ECU startup, shutdown, and sleep.
Module initialization work needs to be implemented through EcuM configuration. Items in the initialization list are limited to modules specified in AUTOSAR [Note 1]. The initialization lists are divided into EcuMDriverInitListZero, EcuMDriverInitListOne, and EcuMDriverRestartList. Both EcuMDriverInitListZero and EcuMDriverInitListOne are initialized before OS startup, meaning these modules cannot use any OS interfaces during initialization. Additionally, EcuMDriverInitListZero cannot use module initialization with post-build configuration parameters. Examples of both initialization lists are shown in the following figure.
In vehicle systems, sleep/wake-up is the most common function and also the most basic function in AUTOSAR, mainly performing ECU sleep and wake-up operations.
In AUTOSAR, sleep/wake-up is primarily configured and implemented through EcuM. There are generally three ECU sleep modes:
Mcu休眠,EcuM进入Halt模式,通过外设中断唤醒;
MCU sleep: EcuM enters Halt mode and wakes up via peripheral interrupts;
Mcu处于低功耗,还能运行简单循环逻辑,EcuM进入Poll模式,通过外设中断唤醒或周期事件唤醒;
MCU in low power mode with simple loop logic capability: EcuM enters Poll mode and wakes up via peripheral interrupts or periodic events;
Mcu掉电,由外部设备检测到唤醒事件直接给Mcu供电
MCU power off: External device detects wake-up event and directly powers the MCU.
The first two methods above belong to the SLEEP phase in EcuM, both pausing the MCU by controlling it to enter low-power mode.
Requires calling EcuM API: EcuM_GoDownHaltPoll to enter, with corresponding processing flow as shown below.
State changes are notified to BswM via API (BswM_EcuM_CurrentWakeup). BswM can perform other logical operations based on received notifications (implemented through integrated configuration).
The ECU Manager module can manage up to 32 wake-up sources, each occupying 1 bit of 32-bit data, with 5 system defaults as shown below:
唤醒源(Wake-up Sources)
唤醒源的值(Value of Wake-up Source)
描述(Description)
ECUM_WKSOURCE_POWER
0x01
电源循环(位 0) (Power cycle (bit 0))
ECUM_WKSOURCE_RESET
0x02
硬件复位(位 1)。如果 Mcu 驱动程序无法区分电源循环和复位原因,则这应为默认唤醒源。 (Hardware reset (bit 1). If the MCU driver cannot distinguish between power cycles and reset causes, this shall be the default wake-up source.)
ECUM_WKSOURCE_INTERNAL_RESET
0x04
µC 的内部复位(位 2) 内部复位通常仅复位 µC 核心,而不会复位外设或内存控制器。确切的行为取决于硬件。此源也可能表示未处理的异常。 (Internal reset of the µC (bit 2). Internal reset usually only resets the µC core, not peripherals or memory controllers. The exact behavior depends on the hardware. This source may also indicate an unhandled exception.)
ECUM_WKSOURCE_INTERNAL_WDG
0x08
由内部看门狗复位(位 3) (Reset by internal watchdog (bit 3))
ECUM_WKSOURCE_EXTERNAL_WDG
0x10
如果硬件支持检测,则由外部看门狗(位 4)复位 (Reset by external watchdog if hardware supports detection (bit 4))
EcuM can enable wake-up verification by configuring EcuMCheckWakeupTimeout and EcuMValidationTimeout. The wake-up verification sequence diagram is shown below:
In a multi-core architecture, EcuM must have one instance per core. There is a designated main core where the boot loader starts the main EcuM via EcuM_Init. The main EcuM starts some drivers, determines post-build configuration, and starts all remaining cores and their slave EcuMs. Each EcuM then starts the core-local operating system and all core-local BswMs.
The distribution of EcuM in a multi-core architecture is shown below:
The ECU State Manager provides interfaces for SW-C to selectively request and release RUN and POST_RUN modes.
EcuMFlex arbitrates requests and releases issued by SW-C and propagates results to BswM. Cooperation between EcuM and BswM is necessary because only BswM can decide when to transition to different modes. Since EcuM lacks its own state machine, it relies on BswM for state transitions. Therefore, EcuM does not request states. Additionally, it notifies BswM of current arbitration status for all requests. BswM is notified when RTE executes all Runnables belonging to a certain mode. The EcuM mode handling mechanism is shown in the figure.
Places a request for the POST RUN state. Requests can be placed by every user made known to the state manager at configuration time. Requests for RUN and POST RUN must be tracked independently (i.e., using two independent variables). The service is intended for implementing AUTOSAR ports.
Sync/Async
TRUE
Reentrancy
Reentrant
Parameters
Dir
Name
Description
[in]
user
ID of the entity requesting the POST RUN state.
Return type
Std_ReturnType
Return values
Name
Description
E_OK
The request was accepted by EcuM.
E_NOT_OK
The request was not accepted by EcuM, a detailed error condition was sent to DET (see Error Codes).
Returns the currently selected shutdown target as set by EcuM_SelectShutdownTarget. This function is part of the ECU Manager Module port interface.
Sync/Async
TRUE
Reentrancy
Reentrant
Parameters
Dir
Name
Description
[out]
shutdownTarget
One of these values is returned: ECUM_STATE_SLEEP / ECUM_STATE_RESET / ECUM_STATE_OFF.
[out]
shutdownMode
If the out parameter “shutdownTarget” is ECUM_STATE_SLEEP, shutdownMode indicates which of the configured sleep modes was chosen. If “shutdownTarget” is ECUM_STATE_RESET, shutdownMode indicates which of the configured reset modes was chosen.
Return type
Std_ReturnType
Return values
Name
Description
E_OK
The service has succeeded.
E_NOT_OK
The service has failed, e.g., due to a NULL pointer being passed.
Returns the shutdown target of the previous shutdown process. This function is part of the ECU Manager Module port interface.
Sync/Async
TRUE
Reentrancy
Reentrant
Parameters
Dir
Name
Description
[out]
shutdownTarget
One of these values is returned: ECUM_STATE_SLEEP / ECUM_STATE_RESET / ECUM_STATE_OFF.
[out]
shutdownMode
If the out parameter “shutdownTarget” is ECUM_STATE_SLEEP, shutdownMode indicates which of the configured sleep modes was chosen. If “shutdownTarget” is ECUM_STATE_RESET, shutdownMode indicates which of the configured reset modes was chosen.
Return type
Std_ReturnType
Return values
Name
Description
E_OK
The service has succeeded.
E_NOT_OK
The service has failed, e.g., due to a NULL pointer being passed.
Returns the current value of the master alarm clock (the minimum absolute time of all user alarm clocks). This function is part of the ECU Manager Module port interface.
Sync/Async
TRUE
Reentrancy
Reentrant
Parameters
Dir
Name
Description
[out]
time
Absolute time in seconds for the next wakeup. 0xFFFFFFFF means no active alarm.
Sets the EcuM clock time to the provided value. This API is useful for testing the alarm services; Alarms that take days to expire can be tested. This function is part of the ECU Manager Module port interface.
After wakeup, the ECU State Manager will stop the process during the WAKEUP VALIDATION state/sequence to wait for validation of the wakeup event. This API service is used to indicate to the ECU Manager module that the wakeup events indicated in the
This function can be called to check the given wakeup sources. It will pass the argument to the integrator function EcuM_CheckWakeupHook. It can also be called by the ISR of a wakeup source to set up the PLL and check other wakeup sources that may be connected to the same interrupt.
The ECU State Manager will call the error hook if the error codes “ECUM_E_RAM_CHECK_FAILED” or “ECUM_E_CONFIGURATION_DATA_INCONSISTENT” occur. In this situation it is not possible to continue processing and the ECU must be stopped. The integrator may choose the modality how the ECU is stopped, i.e. reset, halt, restart, safe state etc.
Sync/Async
TRUE
Reentrancy
Non Reentrant
Parameters
Dir
Name
Description
[in]
reason
Reason for calling the error hook (e.g., “ECUM_E_RAM_CHECK_FAILED” or “ECUM_E_CONFIGURATION_DATA_INCONSISTENT”).
If the configuration parameter EcuMSetProgrammableInterrupts is set to true, this callout EcuM_AL_SetProgrammableInterrupts is executed and shall set the interrupts on ECUs with programmable interrupts.
This callout shall provide driver initialization and other hardware-related startup activities for loading the post-build configuration data. Beware: Here only pre-compile and link-time configurable modules may be used.
This callout should evaluate some condition, like port pin or NVRAM value, to determine which post-build configuration shall be used in the remainder of the startup process. It shall load this configuration data into a piece of memory that is accessible by all BSW modules and shall return a pointer to the EcuM post-build configuration as a base for all BSW module post-build configurations.
The ECU Manager Module calls EcuM_EnableWakeupSource to allow the system designer to notify wakeup sources defined in the wakeupSource bitfield that SLEEP will be entered and to adjust their source accordingly.
This API is called by the ECU Firmware to start the CheckWakeupTimer for the corresponding wakeupSource. If EcuMCheckWakeupTimeout > 0, the CheckWakeupTimer for the wakeupSource is started. If EcuMCheckWakeupTimeout <= 0, the API call is ignored by the EcuM.
Sync/Async
TRUE
Reentrancy
Non Reentrant
Parameters
Dir
Name
Description
[in]
WakeupSource
For this wakeup source, the corresponding CheckWakeupTimer shall be started.
This callout is intended to provide a RAM integrity test. The goal of this test is to ensure that after a long SLEEP duration, RAM contents are still consistent. The check does not need to be exhaustive since this would consume quite some processing time during wakeups. A well-designed check will execute quickly and detect RAM integrity defects with a sufficient probability. The areas of RAM which will be checked have to be chosen carefully. It depends on the check algorithm itself and the task structure. Stack contents of the task executing the RAM check, for example, very likely cannot be checked. It is good practice to have the hash generation and checking in the same task and that this task is not preemptible and that there is only little activity between hash generation and hash check. The RAM check itself is provided by the system designer. In case of applied multi-core and the existence of Satellite-EcuM(s), this API will be called by the Master-EcuM only.
The ECU Manager Module calls EcuM_DisableWakeupSources to set the wakeup source(s) defined in the wakeupSource bitfield so that they are not able to wake the ECU up.
Sync/Async
TRUE
Reentrancy
Non Reentrant
Parameters
Dir
Name
Description
[in]
wakeupSource
Bitfield defining the wakeup sources to be disabled.
This callout is called by the EcuM to poll a wakeup source. It shall also be called by the ISR of a wakeup source to set up the PLL and check other wakeup sources that may be connected to the same interrupt.
EcuM initializes other modules in three types: EcuMDriverInitListOne, EcuMDriverInitListZero, and EcuMDriverInitListBswM. The first two initialize MCU, MCAL, Det, and Dem, executed during EcuM initialization. The last one initializes basic software, completed by the BswM module.
初始化内容通过配置EcuMDriverInitItem来指定,具体配置说明如下表:
Initialization content is specified by configuring EcuMDriverInitItem. Specific configuration descriptions are shown in the following table:
UI名称 (UI Names)
使用说明 (Instructions for Use)
EcuMModuleParameter
配置参数类型, VOID无参数,NULL_PTR传入空指针,POSTBUILD_PTR传对应模块的配置参数指针 (Configuration parameter type. VOID: no parameter, NULL_PTR: pass null pointer, POSTBUILD_PTR: pass configuration parameter pointer of corresponding module)
EcuMModuleService
指定调用的函数, 例如: Init, PreInit, Start 等函数。 (Specify function to call, e.g.: Init, PreInit, Start, etc.)
EditModuleService
使能是否可以手动修改配置EcuMModuleService,由用户手动填入服务函数名称。 (Enable manual modification of EcuMModuleService configuration, user manually enters service function name)
EcuMModulePbConfigName
配置当EcuMModuleParameter选择POSTBUILD_PTR时,对应模块的配置参数名称。 (Configure configuration parameter name of corresponding module when EcuMModuleParameter selects POSTBUILD_PTR)
EditPbConfigName
使能是否可以手动修改配置EcuMModulePbConfigName,由用户手动填入配置参数名称。 (Enable manual modification of EcuMModulePbConfigName configuration, user manually enters configuration parameter name)
IncludeHeaderFile
配置包含的对应初始化模块的头文件。 (Configure header file of corresponding initialization module to be included)
EditHeaderFile
使能是否可以手动修改配置IncludeHeaderFile,由用户手动填入配置头文件名称。 (Enable manual modification of IncludeHeaderFile configuration, user manually enters configuration header file name)
EcuMEcucCoreDefinitionRef
在多核的情况下,配置需要在不同核上初始化的内容,如果一个容器中存在该配置,那么该容器其他的EcuMDriverInitItem都需要配置该项。 (In multi-core case, configure content to be initialized on different cores. If this configuration exists in a container, other EcuMDriverInitItems in the container must also configure this item)
EcuMModuleRef
在当前工程下配置需要EcuM初始化的模块。 (Configure modules requiring EcuM initialization in current project)
First configure the default power-off mode. There are three modes: EcuMShutdownTargetOff, EcuMShutdownTargetReset, and EcuMShutdownTargetSleep. When configured as EcuMShutdownTargetReset or EcuMShutdownTargetSleep, reset mode or sleep mode must be configured. Specific configuration is shown below:
Configure sleep mode. Determine Halt or Poll via EcuMSleepModeSuspend configuration. Configure EcuMSleepModeMcuModeRef to select MCU control mode. Configure EcuMWakeupSourceMask to select wake-up sources in this sleep mode. Specific configuration is shown below:
Wake-up source configuration descriptions are shown below:
UI名称 (UI Name)
使用说明 (Instructions for Use)
EcuMCheckWakeupTimeout
用于配置唤醒源的检测超时时间,单位为s,默认为0,表示不检测超时 (Used to configure wake-up source detection timeout in seconds, default 0 means no timeout detection)
EcuMValidationTimeout
用于配置唤醒源的有效验证超时时间,单位为s,默认为0,表示不检测超时 (Used to configure wake-up source validation timeout in seconds, default 0 means no timeout detection)
EcuMWakeupSourceId
用户可配置的唤醒源ID,从5起开始配置 (User-configurable wake-up source ID, starting from 5)
EcuMWakeupSourcePolling
当此EcuMWakeupSource被EcuMSleepMode->EcuMWakeupSourceMask引用,且EcuMSleepMode->EcuMSleepModeSuspend配置为FALSE(POLL模式),则此项EcuMWakeupSourcePolling应该配置为TRUE,表示以轮询的方式检测唤醒源 (When this EcuMWakeupSource is referenced by EcuMSleepMode->EcuMWakeupSourceMask and EcuMSleepMode->EcuMSleepModeSuspend is configured as FALSE (POLL mode), this EcuMWakeupSourcePolling should be configured as TRUE, indicating wake-up source detection via polling)
EcuMComMChannelRef
当配置此项后,当唤醒源检测到后,会调用ComM_EcuM_WakeUpIndication通知EcuMComMChannelRef引用的ComMChannel (When configured, ComM_EcuM_WakeUpIndication is called to notify ComMChannel referenced by EcuMComMChannelRef when wake-up source is detected)
EcuMComMPNCRef
当配置此项后,当唤醒源检测到后,会调用ComM_EcuM_PNCWakeUpIndication通知EcuMComMPNCRef引用的ComMPnc (When configured, ComM_EcuM_PNCWakeUpIndication is called to notify ComMPnc referenced by EcuMComMPNCRef when wake-up source is detected)
EcuMResetReasonRef
MCU 驱动程序检测到的复位原因到唤醒源的映射 (Mapping from reset reason detected by MCU driver to wake-up source)
When the system is multi-core, EcuM must be configured as multi-core by configuring EcuMPartitionRef. This configuration references partition configuration, and only one partition per core can be selected for association. Then a mutex must be configured for EcuM use. Specific configuration is shown below:
开源小满EasyXMen
