AUTOSARは自動車用OSの業界団体規格です。
業務で利用する場合には、会員になることを条件にしています。
2002年から20年経ち、当初の狙いの段階に近づいてきました。
MATLABでモデルさえ記述すれば、あとは自動生成だけでソフトが完成するところまで、あと一歩です。
Ethernet, UNIXが生まれて20年で大衆化したのと同じように考えると分かりやすいでしょう。
AUTOSARの上で動く、クラウド対応のミドルウェアが出て、開発も運用もクラウドになれば、一気にAUTOSARは大衆化するでしょう。
AUTOSAR Abstract Platformへの道 R22-11
2023年4月URL変更
この項は2023年4月21日、AUTOSARの文書のURLが変更になった。
/classic/22-11/
が
/R22-11/CP/
過去記事で、URLでエラーが出たら書き換えてみてください。
/adaptive/22-11/
は
/R22-11/AP/
/foundation/22-11/
は
/R22-11/FO/
です。
2023年11月URL変更
2023年11月にもAUTOSAR文書のURLが変更になっている。
/user_upload/standards/classic/21-11/
を
/standards/R21-11/CP/
などに書き換えてください。
/user_upload/standards/adaptive/21-11/
を
/standards/R21-11/AP/
/user_upload/standards/foundation/21-11/
を
/standards/R21-11/FO/
お手数をおかけします。
1年に2度URLを変更するなんて、新しい記事が書ける。とても嬉しい。
一覧
AUTOSAR R22-11 Qiita記事一覧 20230421 。
この記事の表題の最後に「20230421」を加えます。
<この項は書きかけです。順次追記します。>
AUTOSARが、2022年の版、R22-11を公開しました。
R21-11
https://www.autosar.org/fileadmin/standards/R21-11/CP/AUTOSAR_EXP_ApplicationLevelErrorHandling.pdf
R20-11
R19-11
文書は検索してダウンロードできます。
R20-11,R21-11, R22-11の3年分だけになりました。
公開行事の模様は
AUTOSAR R22-11 Release Event 20221208
Classic Platform Release Overview, AUTOSAR No.0 ,R22-11, CP, 20230421
Foundation Release Overview, AUTOSAR, 781, R22-11, FO, 20230421
Adaptive Platform Release Overview, AUTOSAR 782, R22-11, AP, 20230421
要求仕様対応(Requirement and Specification)
Abstract Platformとの関係
Test, Error, Log and TraceをSW-C、BSWについて統合し、Adaptive Platformと共通化。
<この項は書きかけです。順次追記します。>
文書変更(Document Change)
• Editorial changes:
– Document converted from Word to LaTeX.
– Document structure adjusted to the standard.
用語(terms)
Term | Description |
---|---|
dependability | The term dependability is defined as “the trustworthiness of a system such that reliance can justifiably be placed on the service it provides”. This means that a dependable system is one upon which the user (either human or non-human) can place its trust in that the services provided by the system are correct. The dependability of a system is characterized by a set of attributes, compromised by a set of impairments, and achieved and analyzed by a set of means. |
Detection | The crucial first step in handling a fault is of course to become aware that it has occurred. Without this detection, no further activities can be performed. When it comes to detection, the original fault is often very hard to detect. What can be detected are the effects of the fault, that is, errors. These are detected by monitoring the state of the system. Errors can manifest in different ways. The main manifestations are 1. erroneous values in the system (data errors), 2. erroneous execution time (timing errors), 3. erroneous sequence or execution order (program flow errors). 4. erroneous access to system resources, such as memory Errors may propagate and generate consecutive faults which in turn may result in new errors, e.g., an erroneous data value is used as a pointer and causes a memory access violation, which may create an erroneous value in another data value if a value is written to the erroneous memory location. Most mechanisms used for detection of errors allows the system to perform some action to find out more regarding the source of the error (isolation) and to issue corrective or compensating actions (recovery). Ideally, detection is done before the error has propagated any further, thus making it possible to stop further propagation. However, in most cases additional recovery actions are needed, such as stopping the offending component or reconfiguring to alternate functionality. |
Isolation | Once a fault (or error) has been successfully detected, damage assessment and damage control needs to be performed, i.e. there is a need for isolation. During isolation, efforts are made to find the root cause for the erroneous state in the system, and information (e.g. regarding the spread and cause of the error) is gathered for subsequent use during error recovery. It may not always be possible (or practical) to find the root cause of the erroneous state. Note that isolation in this document refers to isolating the source of the errors, such that recovery is possible. It does not refer to isolation of specific components of a system with the purpose of stopping errors from propagating. In a sense, the word identification may have been a better choice, but as the commonly used word in descriptions of the FDIR process is isolation we will use it here. |
Recovery | When the isolation is complete, recovery actions will be initiated. These actions aim at transferring the system into a controlled state, which can be a completely recovered state where nominal service is provided, or a safe degraded state where a limited or no service is provided. The better the isolation results are, the better the recovery actions can perform. If recovery is not successful, a failure may occur, i.e., the system is in an uncontrolled state and its service is not defin |
英日
日本語は仮訳
T.B.D.
参考(reference)
[1] Software Component Template
AUTOSAR_TPS_SoftwareComponentTemplate
[2] Specification of RTE
AUTOSAR_SWS_RTE
[3] Specification of Operating System
AUTOSAR_SWS_OS
[4] Specification of Communication
AUTOSAR_SWS_COM
[5] Specification of Communication Manager
AUTOSAR_SWS_COMManager
[6] Specification of Diagnostic Communication Manager
AUTOSAR_SWS_DiagnosticCommunicationManager
[7] Specification of ECU State Manager
AUTOSAR_SWS_ECUStateManager
[8] Specification of Function Inhibition Manager
AUTOSAR_SWS_FunctionInhibitionManager
[9] Specification of Diagnostic Event Manager
AUTOSAR_SWS_DiagnosticEventManager
[10]Specification of Watchdog Manager
AUTOSAR_SWS_WatchdogManager
[11]Specification of NVRAM Manager
AUTOSAR_SWS_NVRAMManager
[12]Specification of CRC Routines
AUTOSAR_SWS_CRCLibrary
[13]Specification of Crypto Service Manager
AUTOSAR_SWS_CryptoServiceManager
[14]Specification of Basic Software Mode Manager
AUTOSAR_SWS_BSWModeManager
[15]General Requirements on Basic Software Modules
AUTOSAR_SRS_BSWGeneral
[16]Glossary, AUTOSAR_TR_Glossary
https://www.autosar.org/fileadmin/standards/R22-11/FO/AUTOSAR_TR_Glossary.pdf
[17]Layered Software Architecture
AUTOSAR_EXP_LayeredSoftwareArchitecture
[18]Specification of SW-C End-to-End Communication Protection Library
AUTOSAR_SWS_E2ELibrary
[19]Specification of Module Core Test Driver
AUTOSAR_SWS_CoreTest
[20]Specification of Flash Test
AUTOSAR_SWS_FlashTest
[21]Algirdas Avizienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr, “Basic Concepts and Taxonomy of Dependable and Secure Computing”, IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 1, January-March, 2004
[22]Jim Gray, “Why Do Computers Stop and What Can We Do About It”, Technical
Report TR 85.5, Tandem, 1985.
[23]ISO 26262:2018 (all parts) - Road vehicles - Functional Safety
http://www.iso.org
[24]EASIS Deliverable D1.2-8, “Fault management framework
http://www.easis-online.org
関連文書(Related document)
AUTOSAR Abstract Platformへの道 R22-11
自動車 記事 100
Basic principles, ボッシュ自動車handbook(英語)11版まとめ<2>
JAXA/IPA クリティカルソフトウェアワークショップ WOCS言語関連発表(改定版)
CAN(controller area network)
「はじめてのCAN/CANFD 」 ベクタージャパン <エンジニア夏休み企画>【読書感想文】
三方良し Udemy 車載LAN入門講座 CAN通信編
詳解 車載ネットワーク CAN, CAN FD, LIN, CXPI, Ethernetの仕組みと設計のために(1) 著者 <エンジニア夏休み企画 読書感想文>
詳解 車載ネットワーク CAN, CAN FD, LIN, CXPI, Ethernetの仕組みと設計のために(2)参考文献 <エンジニア夏休み企画>【読書感想文】
詳解 車載ネットワーク CAN、CAN FD、LIN、CXPI、Ethernetの仕組みと設計のために
<この記事は個人の過去の経験に基づく個人の感想です。現在所属する組織、業務とは関係がありません。>
文書履歴(document history)
ver. 0.01初稿 20230618
最後までおよみいただきありがとうございました。
いいね 💚、フォローをお願いします。
Thank you very much for reading to the last sentence.
Please press the like icon 💚 and follow me for your happy life.