A mode is a set of specific states of various state machines (not just the ECU manager) running in the vehicle, which is related to a specific entity, application, or the entire vehicle.
A logical or temporal combination of ECU manager operations and events, such as startup, boot, shutdown, sleep… A phase can consist of sub - phases, and if a sub - phase mainly exists to group the sequence of operations performed into logical units, it is usually called a sequence.
Before the ECU enters the sleep state, powers off, or resets, it must be shut down. Therefore, SLEEP, OFF, and RESET are valid shutdown targets. By selecting a shutdown target, the application can convey its expectations for the ECU’s behavior after the next shutdown to the ECU manager module.
A logical or temporal combination of ECU manager operations and events, such as startup, boot, shutdown, sleep… A phase can consist of sub - phases, and if a sub - phase mainly exists to group the sequence of operations performed into logical units, it is usually called a sequence.
A physical event that causes wakeup. A CAN message or a switched IO line can be a wakeup event. Similarly, an internal software representation (such as an interrupt) can also be called a wakeup event.
A physical event that causes wakeup. A CAN message or a switched IO line can be a wakeup event. Similarly, an internal software representation (such as an interrupt) can also be called a wakeup event.
EcuM is a module mainly used to manage the ECU state. It manages the operating state of the ECU and controls operations such as ECU startup, shutdown, sleep, and wake - up. Specifically, the EcuM module mainly accomplishes the following functions:
初始化和取消初始化OS、SchM和BswM以及一些基本软件驱动模块。
Initialize and deinitialize the OS, SchM, BswM, and some basic software driver modules.
根据请求将 ECU 配置为休眠和关机。
Configure the ECU to sleep and shut down according to requests.
As shown in Figure EcuM层次图, the EcuM module is located in the system service layer of the AUTOSAR architecture. It is directly connected to modules such as SchM, BswM, Os, and Mcu, and works together with these modules to complete operations such as ECU startup, shutdown, and sleep.
The module initialization work needs to be implemented through EcuM configuration. The items in the initialization list are limited to the modules specified in Autosar [Note 1]. The initialization lists are divided into EcuMDriverInitListZero, EcuMDriverInitListOne, and EcuMDriverRestartList; among them, both EcuMDriverInitListZero and EcuMDriverInitListOne are initialized before the Os starts, which means that the initialization of these modules cannot use any interfaces of the Os. Besides, EcuMDriverInitListZero cannot use the module initialization with Post-build as configuration parameters. Examples of the initialization lists of the two are as shown in the following figure.
In the in-vehicle system, sleep and wake-up is the most common function and also the most basic function in AutoSar, which mainly completes operations such as ECU sleep and wake-up.
In AUTOSAR, sleep and wake-up are mainly configured and implemented through EcuM. There are generally three ECU sleep modes:
Mcu休眠,EcuM进入Halt模式,通过外设中断唤醒;
Mcu sleep: EcuM enters Halt mode and is woken up by a peripheral interrupt;
Mcu处于低功耗,还能运行简单循环逻辑,EcuM进入Poll模式,通过外设中断唤醒或周期事件唤醒;
Mcu is in low power consumption and can still run simple loop logic: EcuM enters Poll mode and is woken up by a peripheral interrupt or a periodic event;
Mcu掉电,由外部设备检测到唤醒事件直接给Mcu供电
Mcu power-off: An external device detects a wake-up event and directly supplies power to the Mcu.
The first two modes mentioned above belong to the SLEEP phase in EcuM, which make the Mcu pause by controlling it to enter a low-power mode.
It is necessary to call EcuM’s API: EcuM_GoDownHaltPoll to enter, and the corresponding processing flow is as shown in the following figure.
For the Mcu power-off, it is in the Shutdown phase in EcuM. This phase is entered after BswM executes the corresponding logic, and the corresponding processing flow is as shown in the following figure:
The changes in the above states are notified to BswM through the API (BswM_EcuM_CurrentWakeup). BswM can perform some other logical operations based on the received notifications (implemented through integrated configuration).
The ECU Manager module can manage a maximum of 32 wake-up sources, with each wake-up source occupying 1 bit of a 32-bit data. Among them, 5 are system defaults as shown in the following table:
唤醒源(Wake-up Sources)
唤醒源的值 (Value of Wake-up Source)
描述(Description)
ECUM_WKSOURCE_POWER
0x01
电源循环(位 0)
Power cycle (bit 0)
ECUM_WKSOURCE_RESET
0x02
硬件复位(位 1)。如果 Mcu 驱动程序无法区分电源循环和复位原因,则这应为默认唤醒源。
Hardware reset (bit 1). If the Mcu driver cannot distinguish between power cycles and reset causes, this shall be the default wake-up source.
Internal reset of the µC (bit 2). Internal reset usually only resets the µC core, not peripherals or memory controllers. The exact behavior depends on the hardware. This source may also indicate an unhandled exception.
ECUM_WKSOURCE_INTERNAL_WDG
0x08
由内部看门狗复位(位 3)
Reset by internal watchdog (bit 3)
ECUM_WKSOURCE_EXTERNAL_WDG
0x10
如果硬件支持检测,则由外部看门狗(位 4)复位
Reset by external watchdog if hardware supports detection (bit 4)
EcuM can enable wake-up verification by configuring EcuMCheckWakeupTimeout and EcuMValidationTimeout. The sequence diagram of the wake-up verification process is as shown in the following figure:
In a multi-core architecture, the EcuM must have an instance in each core. There is a designated main core, where the boot loader starts the main EcuM through EcuM_Init. The main EcuM starts some drivers, determines the post-build configuration, and starts all remaining cores and all their slave EcuMs. Each EcuM now starts the core-local operating system and all core-local BswMs.
The distribution of EcuM in the multi-core architecture is shown in the following figure:
The ECU State Manager provides interfaces for SW-C to selectively request and release the RUN and POST_RUN modes.
EcuMFlex arbitrates the requests and releases issued by SW-C and propagates the results to BswM. Cooperation between EcuM and BswM is necessary because only BswM can decide when to transition to a different mode. Since EcuM does not have its own state machine, it relies on state transitions performed by BswM. Therefore, EcuM does not request states. Furthermore, it notifies BswM of the current arbitration status of all requests. When the RTE has executed all Runnables belonging to a certain mode, BswM will be notified. The EcuM mode handling mechanism is as shown in the figure.
Places a request for the POST RUN state. Requests can be placed by every user made known to the state manager at configuration time. Requests for RUN and POST RUN must be tracked independently (i.e., using two independent variables). The service is intended for implementing AUTOSAR ports.
Sync/Async
TRUE
Reentrancy
Reentrant
Parameters
Dir
Name
Description
[in]
user
ID of the entity requesting the POST RUN state.
Return type
Std_ReturnType
Return values
Name
Description
E_OK
The request was accepted by EcuM.
E_NOT_OK
The request was not accepted by EcuM, a detailed error condition was sent to DET (see Error Codes).
Returns the currently selected shutdown target as set by EcuM_SelectShutdownTarget. This function is part of the ECU Manager Module port interface.
Sync/Async
TRUE
Reentrancy
Reentrant
Parameters
Dir
Name
Description
[out]
shutdownTarget
One of these values is returned: ECUM_STATE_SLEEP / ECUM_STATE_RESET / ECUM_STATE_OFF.
[out]
shutdownMode
If the out parameter “shutdownTarget” is ECUM_STATE_SLEEP, shutdownMode indicates which of the configured sleep modes was chosen. If “shutdownTarget” is ECUM_STATE_RESET, shutdownMode indicates which of the configured reset modes was chosen.
Return type
Std_ReturnType
Return values
Name
Description
E_OK
The service has succeeded.
E_NOT_OK
The service has failed, e.g., due to a NULL pointer being passed.
Returns the shutdown target of the previous shutdown process. This function is part of the ECU Manager Module port interface.
Sync/Async
TRUE
Reentrancy
Reentrant
Parameters
Dir
Name
Description
[out]
shutdownTarget
One of these values is returned: ECUM_STATE_SLEEP / ECUM_STATE_RESET / ECUM_STATE_OFF.
[out]
shutdownMode
If the out parameter “shutdownTarget” is ECUM_STATE_SLEEP, shutdownMode indicates which of the configured sleep modes was chosen. If “shutdownTarget” is ECUM_STATE_RESET, shutdownMode indicates which of the configured reset modes was chosen.
Return type
Std_ReturnType
Return values
Name
Description
E_OK
The service has succeeded.
E_NOT_OK
The service has failed, e.g., due to a NULL pointer being passed.
Returns the current value of the master alarm clock (the minimum absolute time of all user alarm clocks). This function is part of the ECU Manager Module port interface.
Sync/Async
TRUE
Reentrancy
Reentrant
Parameters
Dir
Name
Description
[out]
time
Absolute time in seconds for the next wakeup. 0xFFFFFFFF means no active alarm.
Sets the EcuM clock time to the provided value. This API is useful for testing the alarm services; Alarms that take days to expire can be tested. This function is part of the ECU Manager Module port interface.
After wakeup, the ECU State Manager will stop the process during the WAKEUP VALIDATION state/sequence to wait for validation of the wakeup event. This API service is used to indicate to the ECU Manager module that the wakeup events indicated in the
This function can be called to check the given wakeup sources. It will pass the argument to the integrator function EcuM_CheckWakeupHook. It can also be called by the ISR of a wakeup source to set up the PLL and check other wakeup sources that may be connected to the same interrupt.
The ECU State Manager will call the error hook if the error codes “ECUM_E_RAM_CHECK_FAILED” or “ECUM_E_CONFIGURATION_DATA_INCONSISTENT” occur. In this situation it is not possible to continue processing and the ECU must be stopped. The integrator may choose the modality how the ECU is stopped, i.e. reset, halt, restart, safe state etc.
Sync/Async
TRUE
Reentrancy
Non Reentrant
Parameters
Dir
Name
Description
[in]
reason
Reason for calling the error hook (e.g., “ECUM_E_RAM_CHECK_FAILED” or “ECUM_E_CONFIGURATION_DATA_INCONSISTENT”).
If the configuration parameter EcuMSetProgrammableInterrupts is set to true, this callout EcuM_AL_SetProgrammableInterrupts is executed and shall set the interrupts on ECUs with programmable interrupts.
This callout shall provide driver initialization and other hardware-related startup activities for loading the post-build configuration data. Beware: Here only pre-compile and link-time configurable modules may be used.
This callout should evaluate some condition, like port pin or NVRAM value, to determine which post-build configuration shall be used in the remainder of the startup process. It shall load this configuration data into a piece of memory that is accessible by all BSW modules and shall return a pointer to the EcuM post-build configuration as a base for all BSW module post-build configurations.
The ECU Manager Module calls EcuM_EnableWakeupSource to allow the system designer to notify wakeup sources defined in the wakeupSource bitfield that SLEEP will be entered and to adjust their source accordingly.
This API is called by the ECU Firmware to start the CheckWakeupTimer for the corresponding wakeupSource. If EcuMCheckWakeupTimeout > 0, the CheckWakeupTimer for the wakeupSource is started. If EcuMCheckWakeupTimeout <= 0, the API call is ignored by the EcuM.
Sync/Async
TRUE
Reentrancy
Non Reentrant
Parameters
Dir
Name
Description
[in]
WakeupSource
For this wakeup source, the corresponding CheckWakeupTimer shall be started.
This callout is intended to provide a RAM integrity test. The goal of this test is to ensure that after a long SLEEP duration, RAM contents are still consistent. The check does not need to be exhaustive since this would consume quite some processing time during wakeups. A well-designed check will execute quickly and detect RAM integrity defects with a sufficient probability. The areas of RAM which will be checked have to be chosen carefully. It depends on the check algorithm itself and the task structure. Stack contents of the task executing the RAM check, for example, very likely cannot be checked. It is good practice to have the hash generation and checking in the same task and that this task is not preemptible and that there is only little activity between hash generation and hash check. The RAM check itself is provided by the system designer. In case of applied multi-core and the existence of Satellite-EcuM(s), this API will be called by the Master-EcuM only.
The ECU Manager Module calls EcuM_DisableWakeupSources to set the wakeup source(s) defined in the wakeupSource bitfield so that they are not able to wake the ECU up.
Sync/Async
TRUE
Reentrancy
Non Reentrant
Parameters
Dir
Name
Description
[in]
wakeupSource
Bitfield defining the wakeup sources to be disabled.
This callout is called by the EcuM to poll a wakeup source. It shall also be called by the ISR of a wakeup source to set up the PLL and check other wakeup sources that may be connected to the same interrupt.
EcuM initializes other modules in three types: EcuMDriverInitListOne, EcuMDriverInitListZero, and EcuMDriverInitListBswM. The first two are for initializing Mcu, Mcal, Det, and Dem, which will be executed during EcuM initialization. The last one is for initializing basic software, which is completed by the BswM module.
初始化内容通过配置EcuMDriverInitItem来指定,具体配置说明如下表:
The initialization content is specified by configuring EcuMDriverInitItem, and the specific configuration description is as shown in the following table:
The type of configuration parameter. VOID means no parameter, NULL_PTR means passing a null pointer, and POSTBUILD_PTR means passing the configuration parameter pointer of the corresponding module.
EcuMModuleService
指定调用的函数, 例如: Init, PreInit, Start 等函数。
Specify the function to be called, such as: Init, PreInit, Start and other functions.
EditModuleService
使能是否可以手动修改配置EcuMModuleService,由用户手动填入服务函数名称。
Enable whether the configuration of EcuMModuleService can be modified manually, and the user manually enters the service function name.
In the case of multi-core, configure the content that needs to be initialized on different cores. If this configuration exists in a container, other EcuMDriverInitItems in the container need to be configured with this item.
EcuMModuleRef
在当前工程下配置需要EcuM初始化的模块。
Configure the modules that need to be initialized by EcuM in the current project.
First, configure the default power-off mode. There are three modes: EcuMShutdownTargetOff, EcuMShutdownTargetReset, and EcuMShutdownTargetSleep. When configured as EcuMShutdownTargetReset or EcuMShutdownTargetSleep, it is necessary to configure the reset mode or sleep mode. The specific configuration is as shown in the following figure:
Configure the sleep mode. Determine whether it is Halt or Poll through the EcuMSleepModeSuspend configuration. Configure EcuMSleepModeMcuModeRef to select the mode for controlling the Mcu. Configure EcuMWakeupSourceMask to select the wake-up sources in this sleep mode. The specific configuration is as shown in the following figure:
The description of the wake-up source configuration is as shown in the following table:
UI名称(UI Name)
使用说明(Instructions for Use)
EcuMCheckWakeupTimeout
用于配置唤醒源的检测超时时间,单位为s,默认为0,表示不检测超时
Used to configure the detection timeout period for the wake-up source, in seconds. The default value is 0, indicating that timeout detection is not performed.
EcuMValidationTimeout
用于配置唤醒源的有效验证超时时间,单位为s,默认为0,表示不检测超时
Used to configure the valid validation timeout period for the wake-up source, in seconds. The default value is 0, indicating that timeout detection is not performed.
EcuMWakeupSourceId
用户可配置的唤醒源ID,从5起开始配置
User-configurable wake-up source ID, starting from 5.
When this EcuMWakeupSource is referenced by EcuMSleepMode->EcuMWakeupSourceMask and EcuMSleepMode->EcuMSleepModeSuspend is configured as FALSE (POLL mode), this EcuMWakeupSourcePolling should be configured as TRUE, indicating that the wake-up source is detected in a polling manner.
After configuring this item, when a wake-up source is detected, ComM_EcuM_WakeUpIndication will be called to notify the ComMChannel referenced by EcuMComMChannelRef.
After configuring this item, when a wake-up source is detected, ComM_EcuM_PNCWakeUpIndication will be called to notify the ComMPnc referenced by EcuMComMPNCRef.
EcuMResetReasonRef
MCU 驱动程序检测到的复位原因到唤醒源的映射
Mapping from the reset reason detected by the MCU driver to the wake-up source.
When the system is multi-core, it is necessary to configure EcuM as multi-core by configuring EcuMPartitionRef. This configuration refers to the partition configuration, and only one partition in each core can be selected for association. Then, it is necessary to configure a mutex for EcuM to use. The specific configuration is as shown in the following figure:
开源小满EasyXMen
