Hello Readers,
My name is Santosha S Chikkur, and I work at Luxoft India as a Junior Software Developer. Luxoft has given me several opportunities to work on various projects, which has inspired me to learn the essential processes involved in developing AUTOSAR Modulеs and Add-Ons in Watchdog Manager Part-2
WDGM calculates the status of supervision based on supervision functions and these supervision functions are:
1. Alive indication:
To check if SEs are alive and getting executed a number of times in one supervision cycle. This will help to monitor the execution of SEs and help to check if SE is getting executed too many times or getting executed in less time. For live indication 1 checkpoint in each SE will be required.
i.e. Live supervision is checked for cyclic timing constraints.
e.g.
void cyclicRunnable_10ms()
{
Rte_Call_WdgMCheckpointReached(SE1_ID,CP_ID_1);
/perform some action every 10ms/
}
void cyclicRunnable_5ms()
{
Rte_Call_WdgMCheckpointReached(SE2_ID, CP_ID_2);
/perform some action every 5ms/
}
void cyclicRunnable_20ms()
{
Rte_Call_WdgMCheckpointReached(SE3_ID, CP_ID_3);
/perform some action every 20ms/
}
- The system (see code snippet above) has several executables.
- 3 runnable are selected as Supervised entitiesSE1 (5ms), SE2(10ms), SE3(20ms).
- At the time of execution, SE will notify checkpoint reached to WDGM using RTE.
- In the supervision cycle (WdgMSupervisionReferenceCycle)100ms WDGM will build the status of live indications.
- WDGM will calculate the number of live indications reported by SEs
- We can add + and - (minimum tolerance: WdgmMinMargine and maximum tolerance: WdgmMaxMargine) tolerance to expected indications.
- WDGM will verify it against expected live indications (WdgMExpectedAliveIndications) and calculate the local supervision status of each SE.
- Expected live indications for SE1: 20+WdgmMaxMargine or 20-WdgmMinMargine.
- Expected alive indications forSE2: 10+WdgmMaxMargine or 10-WdgmMinMargine.
- Expected alive indications forSE3: 5+WdgmMaxMargine or 5-WdgmMinMargine.
- If expected indications match then all SE are executing as per design.
- Else SE is not executing as per the design
- Based on this WDGM will calculate the status of SE's supervision as correct/incorrect.
2. Deadline monitoring:
To check if SEs (non-cyclic) are finishing their execution in the expected time. For these 2 checkpoints are required in SEs and WDGM calculates the time between two checkpoints to determine the execution time of SE. The execution period can have a minimum (WdgMDeadlineMin) and maximum deadline (WdgMDeadlineMax) for execution.
e.g.
void InitDio()
{
RteCall_WdgM_CheckpointReached(SE4_ID,CP_ID_4); // Report Checkpoint 1 Reached
PINSEL2 = 0x000000; //Configure the P1 Pins for GPIO
IODIR1 = 0xffffffff; //Configure the P1 pins as OUTPU
RteCall_WdgM_CheckpointReached(SE4_ID,CP_ID_5); //Report Checkpoint 2 Reached
}
- A non-cyclic supervised entity (InitDio) to be supervised using deadline monitoring.
- SE will finish execution within WdgMDeadlineMin: 4ms and WdgMDeadlineMin:6ms
- SE will require a minimum of two checkpoints for deadline monitoring.
- WDGM calculates the time between the first and last checkpoint.
- At the start of 1st checkpoint i.e. CP4 in the above code snippet (WdgMDeadlineStartRef) WDGM will note the time stamp
- And at the last checkpoint i.e. CP5 in the above code snippet (WdgMDeadlineEndRef) WDGM will note the time stamp
- WDGM calculates the time of execution of SE by calculating a difference between the last checkpoint and the first checkpoint.
- WDGM will verify the calculated time against the expected time i.e. it should be between W
- WDGM will calculate the status of SE's supervision as correct/incorrect.
3. Logical supervision:
Logical Supervision checks if the code of Supervised Entities is executed in the correct sequence.
In Logical supervision, n number of checkpoints is used.
As you know, we use flowcharts to design code and write code based on flowcharts. Now logic monitoring helps to control the flowchart, i.e. whether the logic written in the code matches the design or not, so it is called logic monitoring.
As per the flow chart, we can decide on the checkpoints. These checkpoints will form a graph Refer to the below snippet, a code is given and as per logic checkpoints are added.
void cyclicRunnable_10ms()
{
Rte_Call_WdgMCheckpointReached(SE1_ID,CP_ID_1); // Checkpoint 1
readVoltage();
processVoltage();
Rte_Call_WdgMCheckpointReached(SE1_ID,CP_ID_5); // Checkpoint 5
}
void readVolatage()
{
Rte_Call_WdgMCheckpointReached(SE2_ID,CP_ID_2); // Checkpoint 2
}
void processVoltage()
{
if(voltage >10)
{
Rte_Call_WdgMCheckpointReached(SE3_ID,CP_ID_3); // Checkpoint 3
setError();
}
else
{
Rte_Call_WdgMCheckpointReached(SE3_ID,CP_ID_4); // Checkpoint 4
clearError();
}
}
- WDGM checks if the transition of checkpoints is as expected (i.e. as per logic designed).
- Expected Transitions: CP1-->CP2-->CP3-->CP5-->CP1
- Expected Transitions: CP1-->CP2-->CP4-->CP5-->CP1
- WDGM has an Activity Flag for each graph, initialized too FALSE.
- Activity flag helps to decide if the checkpoint reported is 1st checkpoint or not.
- Controlled persons report the control point reached to the WGM, e.g. CP1
- WDGM will store the current checkpoint and set the Activity flag to TRUE.
- When the next checkpoint is reported (CP2) WDGM will store it and check with the previous checkpoint (CP1). WDGM checks if this transition (CP1-->CP2) is valid or not if the activity flag is TRUE.
- Similarly, WDGM controls the transition of CP2 - and gt; whether CP3 is valid or not.
- WDGM checks the flow of execution.
- If CP1 is reported and then CP4 is reported, then this is not a valid transition and WDGM will update the status of SE's supervision as correct/incorrect.
From the above discussion, it is clear that WDGM calculates the status of supervision of SE as correct/incorrect based on the supervision function. Based on the status of each supervision of SE (correct/incorrect), WDGM builds the local status of supervision and based on local status WDGM calculates the Global Status of supervision.
4. Important Configuration Parameters:
If you want to configure WDGM, below are some points you should always keep in mind to configure:
- Define Supervised entities and Supervised entity IDs
- Define Checkpoints of Supervised entities and checkpoint IDs
- Select the supervision Function to be used: Alive/Deadline/Logical. Configure values to the below parameters as per the supervision function selected.
- Alive Supervision: WdgMExpectedAliveIndications
- Alive Supervision: WdgMMaxMargin
- Alive Supervision: WdgMMinMargin
- Alive Supervision: WdgMSupervisionReferenceCycle i.e. supervision cycle
Alive Supervision: WdgMFailedAliveSupervisionRefCycleTol (number of failed SE inspections accepted, used to calculate local supervision status).
Deadline Supervision: WdgMDeadlineStartRef
Deadline Supervision: WdgMDeadlineEndRef
Deadline Supervision: WdgMDeadlineMin
Deadline Supervision: WdgMDeadlineMax
Deadline Supervision reference cycle i.e. supervision cycle
Deadline Supervision: WdgMFailedDeadlineRefCycleTol
Program flow reference cycle or monitor cycle Program flow: WdgMFailedProgramflowRefCycleTol.
- Define WDGM's initial state: slow or fast
- Define WDGM slow state (1000ms) and fast state (200ms) times.
- Define WdgMExpiredSupervisionCycleTol (number of local supervisions accepted errors, used to calculate global supervision status)
- Operating system application reference.
Conclusion:
In the complex field of automotive software, Watchdog Manager (WDGM) emerges as the silent hero to ensure the smooth running of software tasks. Keeping a close eye on it, keeping track of checkpoints, and organizing the items to be inspected will contribute to a safer and more reliable driving experience. As an important part of AUTOSAR, WDGM's collaboration with Watchdog (WDG) reflects the industry's commitment to improving vehicle safety and reliability. In every journey, WDGM ensures a quiet driving experience and embodies the future of innovation in the automotive industry. Nice roads ahead!
Top comments (0)