AUTOSAR EXP LayeredSoftwareArchitecture

Layered Software Architecture
AUTOSAR Classic Platform

Document Title Layered Software Architecture
Document Owner AUTOSAR
Document Responsibility AUTOSAR
Document Identification No 53
Document Status published
Part of AUTOSAR Standard Classic Platform
Part of Standard Release R22-11
2 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture
Document ID 53 : 2
R22-11
AUTOSAR_EXP_LayeredSoftwareArchitecture of 193
Document Change HistoryM
Date Release Changed by Change Description
2022-11-24 R22-11 AUTOSAR ➢ Incorporated new concepts for Vehicle-2-X Data Manager, MACsec, CAN XL, DDS,
Release Secured Time Synchronization, Vehicle-2-X Support for China
Management ➢ Editorial changes
2021-11-25 R21-11 AUTOSAR ➢ Incorporated draft concept for new Memory Driver and Memory Access
Release
Management
2020-11-30 R20-11 AUTOSAR ➢ Removed Pretended Networking
Release ➢ Added caveats for E2E Protection Wrapper
Management ➢ Layer Interaction Matrix: Allow Crypto Driver to access Memory Services
➢ Incorporated new concepts for Intrusion Detection System Manager, CP Software Clusters
2019-11-28 R19-11 AUTOSAR ➢ Incorporated new concepts for Atomic multicore safe operations, Signal-service-translation,
Release NV data handling enhancement
Management ➢ Changed Document Status from Final to published
2018-10-31 4.4.0 AUTOSAR ➢ Adopting LIN Slave Support, LinNm removed
Release ➢ New Concepts: Key Management, 1st draft of MCAL Multicore Distribution
Management ➢ Editorial changes
2017-12-08 4.3.1 AUTOSAR ➢ Editorial changes
Release
Management
Document ID 53 : 3
R22-11
Document Change History
2016-11-30 4.3.0 AUTOSAR ➢ Incorporated new 4.3 concepts for Crypto Stack, Vehicle-2-X Communication, SOME/IP
Release Transport Protocol, DLT rework
Management ➢ Removed obsolete Dbg module
➢ Editorial changes
Release
Management
Document ID 53 : 4
R22-11
2014-10-31 4.2.1 AUTOSAR ➢ Incorporated new 4.2 concepts for: Switch Configuration; Sender-Receiver-Serialization;
Release CAN-FD; Large-Data-COM; E2E-Extension; Global Time Synchronization; Support for Post-
Management build ECU-Configuration; Secure-Onboard-Communication; ASIL/QM-Protection
➢ Introduction of new error classification
➢ Editorial changes
Release
Management
2013-03-15 4.1.1 AUTOSAR ➢ Clarification of partial network support for CAN/LIN slave.
Administration ➢ New Ethernet stack extensions
➢ Added Crypto Service Manager to System Services
➢ Revised presentation of J1939 and added new J1939 modules
➢ Added new energy management concepts: “Pretended Networking”, “ECU Degradation”
➢ Added new modules: “Output Compare Unit Driver” and “ ime Service”
➢ Changed handling of Production Errors
➢ Fixed various typography and layout issues
2011-12-22 4.0.3 AUTOSAR ➢ Added a note for the R3-compatibility FlexRay Transport Layer FrArTp on slide "ki890".
Administration ➢ Added an overview chapter for energy management and partial networking
➢ Corrected examples regarding DEM symbol generation
➢ Fixed minor typography issues
➢ Clarification of term AUTOSAR-ECU on slide "94jt1"
➢ Corrected CDD access description for EcuM on slide "11123“
Document ID 53 : 5
R22-11
2009-12-18 4.0.1 AUTOSAR ➢ Added a note regarding support for System Basis Chips on slide "94juq“
Administration ➢ Clarification of DBG and DLT text on slide "3edfg"
➢ Corrected DBG description on slide "11231"
2010-02-02 3.1.4 AUTOSAR ➢ The document has been newly structured. There are now 3 main parts:
Administration ◼ Architecture
◼ Configuration
◼ Integration and Runtime Aspects
➢ The whole content has been updated to reflect the content of the R 4.0 specifications.
➢ Topics which have bee newly introduced or heavily extended in release 4.0 have been
added. E.g.,. Multi-Core Systems, Partitioning, Mode Management, Error Handling,
Reporting and Diagnostic, Debugging, Measurement and Calibration, Functional Safety etc
➢ Legal disclaimer revised
2008-08-13 3.1.1 AUTOSAR ➢ Legal disclaimer revised
Administration
2007-12-21 3.0.1 AUTOSAR ➢ Updates based on new wakeup/startup concepts
Administration ➢ Detailed explanation for post-build time configuration
➢ "Slimming" of LIN stack description
➢ ICC2 figure
➢ Document meta information extended
➢ Small layout adaptations made
Document ID 53 : 6
R22-11
2007-01-24 2.1.15 AUTOSAR ➢ ICC clustering added.
Administration ➢ Document contents harmonized
➢ Legal disclaimer revised
➢ Release Notes added
➢ “Advice for users” revised
➢ “Revision Information” added
2006-11-28 2.1.1 AUTOSAR Rework Of:
Administration ➢ Error Handling
➢ Scheduling Mechanisms
➢ More updates according to architectural decisions in R2.0
2006-01-02 1.0.1 AUTOSAR ➢ Correct version released
Administration
2005-05-31 1.0.0 AUTOSAR ➢ Initial release
Administration
Document ID 53 : 7
R22-11
Disclaimer
Disclaimer
This work (specification and/or software implementation) and the material contained in it, as released by AUTOSAR, is for the purpose
of information only. AUTOSAR and the companies that have contributed to it shall not be liable for any use of the work.
The material contained in this work is protected by copyright and other types of intellectual property rights. The commercial exploitation
of the material contained in this work requires a license to such intellectual property rights.
This work may be utilized or reproduced without any modification, in any form or by any means, for informational purposes only. For any
other purpose, no part of the work may be utilized or reproduced, in any form or by any means, without permission in writing from the
publisher.
The work has been developed for automotive applications only. It has neither been developed, nor tested for non-automotive
applications.
The word AUTOSAR and the AUTOSAR logo are registered trademarks.
Document ID 53 : 8
R22-11
page id: toc01
Table of contents
1. Architecture
1. Overview of Software Layers
2. Content of Software Layers
3. Content of Software Layers in Multi-Core Systems
4. Content of Software Layers in Mixed-Critical Systems
5. Overview of Modules
6. Interfaces: General Rules
7. Interfaces: Interaction of Layers
8. Overview of CP Software Clusters
2. Configuration
3. Integration and Runtime Aspects

Document ID 53 : 19
R22-11
page id: 94jt2
Introduction
Purpose and Inputs
Purpose of this document

The Layered Software Architecture describes the software architecture of AUTOSAR:
➢ it describes in an top-down approach the hierarchical structure of AUTOSAR software and
➢ maps the Basic Software Modules to software layers and
➢ shows their relationship.
This document does not contain requirements and is informative only. The examples given are
not meant to be complete in all respects.
This document focuses on static views of a conceptual layered software architecture:

➢ it does not specify a structural software architecture (design) with detailed static and dynamic
interface descriptions,
◼ these information are included in the specifications of the basic software modules
themselves.
Inputs
This document is based on specification and requirement documents of AUTOSAR.

Document ID 53 : 20
R22-11
page id: 94jt1
Introduction
Scope and Extensibility
Application scope of AUTOSAR

AUTOSAR is dedicated for Automotive ECUs. Such ECUs have the following properties:
➢ strong interaction with hardware (sensors and actuators),
➢ connection to vehicle networks like CAN, LIN, FlexRay or Ethernet,
➢ microcontrollers (typically 16 or 32 bit) with limited resources of computing power and memory (compared
with enterprise solutions),
➢ Real Time System and
➢ program execution from internal or external flash memory.
NOTE: In the AUTOSAR sense an ECU means one microcontroller plus peripherals and the according
software/configuration. The mechanical design is not in the scope of AUTOSAR. This means that if more than
one microcontroller in arranged in a housing, then each microcontroller requires its own description of an
AUTOSAR-ECU instance.
AUTOSAR extensibility
The AUTOSAR Software Architecture is a generic approach:
➢ standard modules can be extended in functionality, while still being compliant,
◼ still, their configuration has to be considered in the automatic Basic SW configuration process!
➢ non-standard modules can be integrated into AUTOSAR-based systems as Complex Drivers and
➢ further layers cannot be added.

Document ID 53 : 21
R22-11
page id: 94qu9
Architecture – Overview of Software Layers
Top view
The AUTOSAR Architecture distinguishes on the highest abstraction level between three
software layers: Application, Runtime Environment and Basic Software which run on a
Microcontroller.
Application Layer
Runtime Environment (RTE)
Basic Software (BSW)
Microcontroller

Document ID 53 : 22
R22-11
page id: 94ju3
Coarse view
The AUTOSAR Basic Software is further divided in the layers: Services, ECU Abstraction,
Microcontroller Abstraction and Complex Drivers.
Application Layer
Runtime Environment
Services Layer
Complex
ECU Abstraction Layer Drivers
Microcontroller Abstraction Layer
Microcontroller

Document ID 53 : 23
R22-11
page id: 94ju4
Detailed view
The Basic Software Layers are further divided into functional groups. Examples of Services
are System, Memory and Communication Services.
Application Layer
Runtime Environment
System Services Memory Crypto Off-board Communication I/O Hardware Complex
Services Services Communication Services Abstraction Drivers
Services
Onboard Memory Crypto Wireless Communication

Device Hardware Hardware Communication Hardware
Abstraction Abstraction Abstraction HW Abstraction Abstraction
Microcontroller Memory Crypto Drivers Wireless Communication I/O Drivers

Drivers Drivers Communication Drivers
Drivers
Microcontroller

Document ID 53 : 24
R22-11
page id: 94ju6
The Microcontroller Abstraction Layer is the

lowest software layer of the Basic Software. Application Layer
It contains internal drivers, which are software

RTE
modules with direct access to the µC and
internal peripherals.
Co
mpl
ECU Abstraction Layer ex
Task Driv
ers
Make higher software layers independent of µC Microcontroller Abstraction Layer
Microcontroller
Properties
Implementation: µC dependent
Upper Interface: standardized and µC
independent

Document ID 53 : 25
R22-11
page id: 94ju7
ECU Abstraction Layer
The ECU Abstraction Layer interfaces the Application Layer

drivers of the Microcontroller Abstraction
Layer. It also contains drivers for external RTE
devices.
It offers an API for access to peripherals and Co
mpl
devices regardless of their location (µC ECU
ECU Abstraction
Abstraction Layer
Layer ex
internal/external) and their connection to the Driv
ers
µC (port pins, type of interface) Microcontroller Abstraction Layer
Microcontroller
Task
Make higher software layers independent of
ECU hardware layout
Properties
Implementation: µC independent, ECU hardware
dependent
Upper Interface: µC and ECU hardware
independent

Document ID 53 : 26
R22-11
page id: 94jw e
Complex Drivers
The Complex Drivers Layer spans from the

Application Layer
hardware to the RTE.
RTE
Task
Services Layer
Provide the possibility to integrate special purpose
Complex
Drivers
functionality, e.g. drivers for devices: ECUECU Abstraction
Abstraction Layer
Layer
➢ which are not specified within AUTOSAR,
➢ with very high timing constrains or
➢ for migration purposes etc. Microcontroller
Properties
Implementation: might be application, µC and ECU
hardware dependent
Upper Interface: might be application, µC and ECU
hardware dependent

Document ID 53 : 27
R22-11
page id: 94ju8
Services Layer
The Services Layer is the highest layer of the Basic

Software which also applies for its relevance for Application Layer
the application software: while access to I/O

signals is covered by the ECU Abstraction Layer, RTE
the Services Layer offers:

Services Layer
➢ Operating system functionality
Complex
Drivers
➢ Vehicle network communication and management
ECUECU Abstraction
Abstraction Layer
Layer
services
➢ Memory services (NVRAM management) Microcontroller Abstraction Layer
➢ Diagnostic Services (including UDS communication, error
memory and fault treatment) Microcontroller
➢ ECU state management, mode management
➢ Logical and temporal program flow monitoring (Wdg
manager)
Task
Provide basic services for applications, RTE and
basic software modules.
Properties
Implementation: mostly µC and ECU hardware
independent
Upper Interface: µC and ECU hardware independent

Document ID 53 : 28
R22-11
page id: 94ju9
AUTOSAR Runtime Environment (RTE)
The RTE is a layer providing communication services

to the application software (AUTOSAR Software Application Layer
Components and/or AUTOSAR Sensor/Actuator
components). AUTOSAR Runtime Environment (RTE)
Services Layer
Above the RTE the software architecture style
Complex
Drivers
changes from “layered“ to “component style“. ECUECU Abstraction
Abstraction Layer
Layer
The AUTOSAR Software Components communicate Microcontroller Abstraction Layer
with other components (inter and/or intra ECU)

Microcontroller
and/or services via the RTE.
Task
Make AUTOSAR Software Components independent
from the mapping to a specific ECU.
Properties
Implementation: ECU and application specific
(generated individually for each ECU)
Upper Interface: completely ECU independent

Document ID 53 : 29
R22-11
page id: 94j33
Introduction to types of services
The Basic Software can be subdivided into the following types of services:
➢ Input/Output (I/O)
Standardized access to sensors, actuators and ECU onboard peripherals
➢ Memory
Standardized access to internal/external memory (non volatile memory)
➢ Crypto
Standardized access to cryptographic primitives including internal/external hardware
accelerators
➢ Communication
Standardized access to: vehicle network systems, ECU onboard communication systems and
ECU internal SW
➢ Off-board Communication
Standardized access to: Vehicle-to-X communication, in vehicle wireless network systems,
ECU off-board communication systems
➢ System
Provision of standardizeable (operating system, timers, error memory) and ECU specific (ECU
state management, watchdog manager) services and library functions

Document ID 53 : 30
R22-11
page id: 94jui
Architecture – Introduction to Basic Software Module Types
Driver (internal)
A driver contains the functionality to control and access an internal or an external device.
Internal devices are located inside the microcontroller. Examples for internal devices are:
➢ Internal EEPROM
➢ Internal CAN controller
➢ Internal ADC
A driver for an internal device is called internal driver and is located in the Microcontroller
Abstraction Layer.

Document ID 53 : 31
R22-11
page id: 94juq
Driver (external)
External devices are located on the ECU hardware outside the microcontroller. Examples for
external devices are:
➢ External EEPROM
➢ External watchdog
➢ External flash
A driver for an external device is called external driver and is located in the ECU Abstraction
Layer. It accesses the external device via drivers of the Microcontroller Abstraction Layer.
This way also components integrated in System Basis Chips (SBCs) like transceivers and
watchdogs are supported by AUTOSAR.
➢ Example: a driver for an external EEPROM with SPI interface accesses the external
EEPROM via the handler/driver for the SPI bus.
Exception:
The drivers for memory mapped external devices (e.g. external flash memory) may access the
microcontroller directly. Those external drivers are located in the Microcontroller Abstraction
Layer because they are microcontroller dependent.

Document ID 53 : 32
R22-11
page id: 94jw x
Interface
An Interface (interface module) contains the functionality to abstract from modules which are
architecturally placed below them. E.g., an interface module which abstracts from the
hardware realization of a specific device. It provides a generic API to access a specific type of
device independent on the number of existing devices of that type and independent on the
hardware realization of the different devices.
The interface does not change the content of the data.
In general, interfaces are located in the ECU Abstraction Layer.
Example: an interface for a CAN communication system provides a generic API to access CAN
communication networks independent on the number of CAN Controllers within an ECU and
independent of the hardware realization (on chip, off chip).

Document ID 53 : 33
R22-11
page id: 94jw w
Handler
A handler is a specific interface which controls the concurrent, multiple and asynchronous
access of one or multiple clients to one or more drivers. I.e. it performs buffering, queuing,
arbitration, multiplexing.
The handler does not change the content of the data.
Handler functionality is often incorporated in the driver or interface (e.g. SPIHandlerDriver, ADC
Driver).

Document ID 53 : 34
R22-11
page id: 94j22
Manager
A manager offers specific services for multiple clients. It is needed in all cases where pure
handler functionality is not enough to abstract from multiple clients.
Besides handler functionality, a manager can evaluate and change or adapt the content of the
data.
In general, managers are located in the Services Layer
Example: The NVRAM manager manages the concurrent access to internal and/or external
memory devices like flash and EEPROM memory. It also performs distributed and reliable
data storage, data checking, provision of default values etc.

Document ID 53 : 35
R22-11
page id: 99j22
Introduction to Libraries
Libraries are a collection of functions for

related purposes Application Layer
AUTOSAR Libraries
Libraries: Runtime Environment (RTE)
➢ can be called by BSW modules (that Basic Software
including the RTE), SW-Cs, libraries
or integration code
➢ run in the context of the caller in the
same protection environment
➢ can only call libraries
➢ are re-entrant ECU Hardware
➢ do not have internal states

➢ do not require any initialization
➢ are synchronous, i.e. they do not have
wait points
The following libraries are
specified within AUTOSAR:
➢ Fixed point mathematical, ➢ Extended functions (e.g. 64bits ➢ CRC calculation,
➢ Floating point mathematical, calculation, filtering, etc.) ➢ Atomic multicore safe operations
➢ Interpolation for fixed point data, ➢ Bit handling,
➢ Interpolation for floating point data, ➢ E2E communication,

Document ID 53 : 36
R22-11
page id: toc01
Table of contents
1. Architecture
2. Configuration

Document ID 53 : 37
R22-11
page id: oiu42
Architecture – Content of Software Layers Application Layer
Microcontroller Abstraction Layer RTE
The µC Abstraction Layer consists of the following module groups:

➢ Microcontroller Drivers
Drivers for internal peripherals (e.g. Watchdog, General Purpose Timer)
Functions with direct µC access (e.g. Core test)
➢ Communication Drivers
Drivers for ECU onboard (e.g. SPI) and vehicle communication (e.g. CAN). Microcontroller (µC)
OSI-Layer: Part of Data Link Layer
➢ Memory Drivers
Drivers for on-chip memory devices (e.g. internal Flash, internal EEPROM) and memory mapped external memory devices
(e.g. external Flash)
➢ I/O Drivers:
Drivers for analog and digital I/O (e.g. ADC, PWM, DIO)
➢ Crypto Drivers Drivers for on-chip crypto devices like SHE or HSM
➢ Wireless Communication Drivers: Drivers for wireless network systems (in-vehicle or off-board communication)
Group of
Software
Microcontroller Drivers Memory Drivers Crypto Communication Drivers Wireless I/O Drivers modules of
Drivers Comm.
similar type
Drivers
internal EEPROM Driver
Wireless Ethernet Driver

internal Flash Driver
SPI Handler Driver

Watchdog Driver
Ethernet Driver
FlexRay Driver
Crypto Driver
PORT Driver
PWM Driver
MCU Driver
OCU Driver
GPT Driver
CAN Driver
ADC Driver
Flash Test
ICU Driver
DIO Driver
RAM Test
LIN Driver
Core Test
Software
module
internal
peripheral
Clock Unit
SHE/HSM
EEPROM
Pow er &
FLASH
device
LIN or
WDT
PWM
CAN
MCU
OCU
CCU
ADC
GPT
DIO
SPI
SCI
Microcontroller

Document ID 53 : 38
R22-11
page id: sw r42
Microcontroller Abstraction Layer: SPIHandlerDriver RTE
The SPIHandlerDriver allows concurrent Onboard Memory COM HW

Dev. Abstr. HW Abstr. Abstr.
access of several clients to one or more SPI Communi-
cation
busses. Drivers
Microcontroller (µC)
To abstract all features of a SPI microcontroller

pins dedicated to Chip Select, those shall
directly be handled by the SPIHandlerDriver.
That means those pins shall not be available
in DIO Driver.
Example:
Onboard Device Memory Hardw are I/O Hardw are Abstraction
Abstraction Abstraction
External
External Driver for ext. Driver for ext.
EEPROM
Watchdog Driver ADC ASIC I/O ASIC
Driver
Communication Drivers
SPIHandlerDriver
µC SPI

Document ID 53 : 39
R22-11
page id: 21112
Complex Drivers RTE
Complex Drivers
A Complex Driver is a module which implements non-
standardized functionality within the basic software
stack.
An example is to implement complex sensor
evaluation and actuator control with direct access
to the µC using specific interrupts and/or complex Example:
µC peripherals (like PCP, TPU), e.g.
Complex Drivers
➢ Injection control
➢ Electric valve control
➢ Incremental position detection
Incremental Position Detection
Electric Valve Control

Complex Driver XY
Task:
Injection Control
Fulfill the special functional and timing requirements
for handling complex sensors and actuators
Properties:
Implementation: highly µC, ECU and application
dependent
Upper Interface to SW-Cs: specified and implemented
according to AUTOSAR (AUTOSAR interface)
e.g. PCP
e.g. CCU
e.g. TPU
Lower interface: restricted access to Standardized µC
Interfaces

Document ID 53 : 40
R22-11
page id: ddeaq
ECU Abstraction: I/O Hardware Abstraction RTE
I/O HW
The I/O Hardware Abstraction is a group of modules Abstraction
which abstracts from the location of peripheral I/O

Communi-
devices (on-chip or on-board) and the ECU cation
I/O
Drivers
hardware layout (e.g. µC pin connections and Drivers
signal level inversions). The I/O Hardware Microcontroller (µC)

Abstraction does not abstract from the
sensors/actuators!
The different I/O devices might be accessed via an I/O

signal interface. Example:
I/O Hardw are Abstraction
Task: I/O Signal Interface

Represent I/O signals as they are connected to the
ECU hardware (e.g. current, voltage, frequency). Driver for ext.
ADC ASIC
Driver for ext.
I/O ASIC
Hide ECU hardware and layout properties from higher
software layers.
COM Drivers I/O Drivers
ADC Driver
SPIHandler
Properties:
DIO Driver
Driver
dependent
Upper Interface: µC and ECU hardware independent,
dependent on signal type specified and
ADC
DIO
SPI
implemented according to AUTOSAR (AUTOSAR µC
interface)

Document ID 53 : 41
R22-11
page id: zzttz
ECU Abstraction: Communication Hardware Abstraction RTE
The Communication Hardware Abstraction is a COM HW

Abstr.
group of modules which abstracts from the Communi-
I/O
location of communication controllers and the ECU cation
Drivers
Drivers
hardware layout. For all communication systems a
specific Communication Hardware Abstraction is
required (e.g. for LIN, CAN, FlexRay).
Example: An ECU has a microcontroller with 2 internal
CAN channels and an additional on-board ASIC
with 4 CAN controllers. The CAN-ASIC is Example:
connected to the microcontroller via SPI. Communication Hardw are Abstraction
The communication drivers are accessed via bus CAN Interface
specific interfaces (e.g. CAN Interface). CAN

Trans- Driver for ext.
ceiver CAN ASIC
Task: Driver
Provide equal mechanisms to access a bus channel I/O Drivers Communication Drivers
regardless of it‘s location (on-chip / on-board)
SPIHandler
CAN Driver
DIO Driver
Driver
Properties:
dependent and external device dependent
CAN
DIO
SPI
µC
Upper Interface: bus dependent, µC and ECU
hardware independent

Document ID 53 : 42
R22-11
page id: w wwaa
Scope: Memory Hardware Abstraction RTE
The Memory Hardware Abstraction is a group of Memory

modules which abstracts from the location of HW Abstr.
peripheral memory devices (on-chip or on-board) Memory
Communi-
cation
and the ECU hardware layout. Drivers
Drivers
Example: on-chip EEPROM and external EEPROM Microcontroller (µC)
devices are accessible via the same
mechanism.
The memory drivers are accessed via memory specific Example:

abstraction/emulation modules (e.g. EEPROM Memory Hardw are Abstraction
Abstraction).
Memory Abstraction Interface
By emulating an EEPROM abstraction on top of Flash
hardware units a common access via Memory Flash EEPROM
EEPROM Abstraction
Abstraction Interface to both types of hardware is Emulation
enabled.
External External
EEPROM Driver Flash Driver
Task:
Provide equal mechanisms to access internal (on-chip)
and external (on-board) COM Drivers Memory Drivers
memory devices and type of memory hardware
Flash Driver
SPIHandler
(EEPROM, Flash).
EEPROM
Internal
Driver
Driver
Properties:
Implementation: µC independent, external device
dependent
EEPROM
Flash
SPI
Upper Interface: µC, ECU hardware and memory µC
device independent

Document ID 53 : 43
R22-11
page id: w wwad
Scope: Memory Hardware Abstraction {DRAFT} RTE
The Memory Hardware Abstraction is a group of Memory

modules which abstracts from the location of HW Abstr.
peripheral memory devices (on-chip or on-board) Memory
Communi-
cation
and the ECU hardware layout. Drivers
Drivers
Example: on-chip EEPROM and external EEPROM Microcontroller (µC)
devices are accessible via the same
mechanism.
Example:
The memory drivers are accessed via memory specific Memory Hardw are Abstraction
abstraction/emulation modules (e.g. EEPROM
Abstraction). Memory Abstraction Interface
By emulating an EEPROM abstraction on top of Flash EEPROM Flash EEPROM

hardware units a common access via Memory Abstraction Emulation
Abstraction Interface to both types of hardware is
enabled. Memory Access
External
Task: Memory Driver
Provide equal mechanisms to access internal (on-chip) COM Drivers Memory Drivers
and external (on-board)
memory devices and type of memory hardware
SPIHandler
Memory
Memory
Driver1
Driver2
(EEPROM, Flash).
Driver
Properties:
Implementation: µC independent, external device
dependent
EEPROM
Flash
SPI
µC
Upper Interface: µC, ECU hardware and memory
device independent

Document ID 53 : 44
R22-11
page id: xxdxx
Onboard Device Abstraction RTE
The Onboard Device Abstraction contains Onboard

Dev. Abstr.
drivers for ECU onboard devices which Micro- Communi-
controller cation
cannot be seen as sensors or actuators like Drivers Drivers
internal or external watchdogs. Those Microcontroller (µC)
drivers access the ECU onboard devices via

the µC Abstraction Layer.
Example:
Task:
Onboard Device Abstraction
Abstract from ECU specific onboard devices. Watchdog Interface
External
Watchdog Driver
Properties: COM Drivers Microcontroller

Drivers
Implementation: µC independent, external
SPIHandler
w atchdog
Driver
device dependent
internal
driver
Upper Interface: µC independent, partly ECU
hardware dependent
Wdg
SPI
µC

Document ID 53 : 45
R22-11
page id: w chaa
Scope: Crypto Hardware Abstraction RTE
Crypto
Services
The Crypto Hardware Abstraction is a group of Crypto HW
modules which abstracts from the location of Abstr.
cryptographic primitives (internal- or external Cryptor
Communi-
cation
hardware or software-based). Drivers
Drivers
Example: AES primitive is realized in SHE or provided Microcontroller (µC)
as software library
Task: Example:
Crypto Hardw are Abstraction
Provide equal mechanisms to access internal (on-chip)
and software Crypto Interface
cryptographic devices.
Properties:
External Crypto
Implementation: µC independent Crypto Driver
Driver (SW-based)
Upper Interface: µC, ECU hardware and crypto device

independent Crypto Drivers Communication Drivers
Crypto
Crypto
Driver
Driver
SPIHandlerDriver
HSM
SHE
SPI
µC

Document ID 53 : 46
R22-11
page id: 9csff
Services: Crypto Services RTE
Crypto
Services
The Crypto Services consist of three modules Crypto HW

Abstr.
➢ the Crypto Service Manager is responsible for the
Crypto
management of cryptographic jobs Drivers
➢ the Key Manager interacts with the key provisioning Microcontroller (µC)
master (either in NVM or Crypto Driver) and
manages the storage and verification of certificate
chains
➢ The Intrusion Detection System Manager is
responsible for handling security events reported
by BSW modules or SW-C
Example:
Crypto Services
Task:
Provide cryptographic primitives, IDS services and key
Intrusion
storage to the application in a uniform way. Crypto Service Detection
Key Manager
Abstract from hardware devices and properties. Manager System
Manager
Properties:
Implementation: µC and ECU hardware independent,
highly configurable
Upper Interface: µC and ECU hardware independent
specified and implemented according to AUTOSAR
(AUTOSAR interface)

Document ID 53 : 47
R22-11
page id: yyxyy
Communication Services – General RTE
Communi-
cation
Services
The Communication Services are a group of
modules for vehicle network communication (CAN,
LIN, FlexRay and Ethernet). They interface with
the communication drivers via the communication
hardware abstraction. Microcontroller (µC)
Task:
Provide a uniform interface to the vehicle network for
communication.
Provide uniform services for network management
Provide uniform interface to the vehicle network for Example:
diagnostic communication Communication Services
Hide protocol and message properties from the Generic
Com. Manager
Diagnostic Log
Transformer
Transformer
Com Based
NM
application.
Large Data
AUTOSAR
Diagnostic
and Trace
SOME/IP
Interface
COM
COM
Properties: <Bus
specific>
Implementation: µC and ECU HW independent, partly State <Bus
Secure Onboard
IPDU Multiplexer
Communication
Manager
dependent on bus type PDU Router specific>
NM
E2E
Upper Interface: µC, ECU hardware and bus type Transformer
<Bus specific>
independent Transport
Protocol
The communication services will be detailed for each

Bus specific modules
relevant vehicle network system on the following
pages.

Document ID 53 : 48
R22-11
page id: ppopp
Communication Stack – CAN RTE
Communi-
cation
Services
Example:
COM HW
Communication Services Abstr.
Communi-
I/O
Com. Manager
Diagnostic Log
Generic NM cation
Large Data
AUTOSAR
Diagnostic
and Trace
Drivers
Interface Drivers
COM
COM
CAN
State
Secure Onboard
IPDU Multiplexer
Manager
Communication
PDU Router
CAN NM
The CAN Communication Services are a group of
modules for vehicle network communication with the
CAN Transport
Protocol
communication system CAN.
Task:
Communication Hardw are Abstraction
➢ Provide a uniform interface to the CAN network.
CAN Interface
Hide protocol and message properties from the
CAN Transceiver
CAN XL
Driver for ext. application.
Driver CAN ASIC
I/O Drivers Communication Drivers

The CAN Communication Stack supports:
SPIHandler
DIO Driver CAN Driver CAN XL
Driver ➢ Classic CAN communication (CAN 2.0)
➢ CAN FD communication, if supported by hardware
µC SPI CAN
➢ CAN XL communication, if supported by hardware
External
CAN Controller

Document ID 53 : 49
R22-11
page id: bbnnh
Communication Stack – CAN RTE
Communi-
cation
Services
Properties: COM HW
Abstr.
➢ Implementation: µC and ECU HW independent, partly Communi-
I/O
cation
dependent on CAN. Drivers
Drivers
➢ AUTOSAR COM, Generic NM (Network Management) Microcontroller (µC)
Interface and Diagnostic Communication Manager are the

same for all vehicle network systems and exist as one
instance per ECU.
➢ Generic NM Interface contains only a dispatcher. No
further functionality is included. In case of gateway ECUs it
can also include the NM coordinator functionality which
allows to synchronize multiple different networks (of the
same or different types) to synchronously wake them up or
shut them down.
➢ CAN NM is specific for CAN networks and will be
instantiated per CAN vehicle network system.
➢ The communication system specific Can State Manager
handles the communication system dependent Start-up
and Shutdown features. Furthermore it controls the
different options of COM to send PDUs and to monitor
signal timeouts.

Document ID 53 : 50
R22-11
page id: bbnxm
Communication Stack – Ethernet/CAN XL RTE
Communi-
cation
Example: Services
COM HW
Communi-
Com. Manager
Diagnostic Log
cation
Large Data
AUTOSAR
Diagnostic
and Trace
Drivers
COM
COM
Secure Onboard
IPDU Multiplexer
Communication
PDU Router CAN XL supports to directly tunnel IEEE 802.3

Socket Adaptor
Ethernet frames for participation of IP
TCP/IP Communication Services communication.
Ethernet Interface
Task:
CAN Transceiver Driver CAN XL
➢ Provide vehicle wide communication with
same semantic used everywhere regardless
DIO Driver Handler / Driver CAN Driver CAN XL
physical connection (CAN XL / Ethernet) or
communication paradigm (Signal- and
Service-based communication).
µC SPI CAN XL
External
CAN XL Controller
51
Document ID 53 : 51
R22-11
page id: bbnxp
Communication Stack Extension – CAN XL RTE
Communi-
cation
Services
Properties: COM HW
Abstr.
➢ CAN XL is an absolute superset to CAN, i.e. a CAN stack Communi-

cation
I/O
Drivers
which supports CAN XL can serve both a CAN and a CAN Drivers
XL bus.
➢ CanIf, CanTrcvDrv and CanDrv are the only modules
which need extensions to serve CAN XL communication.
➢ The properties of the communication stack CAN are also
true for CAN with CAN XL functionality.
52
Document ID 53 : 52
R22-11
page id: qw wwe
Communication Stack Extension – TTCAN RTE
Communi-
cation
Services
Example:
COM HW
Communi-
I/O
Com. Manager
Diagnostic Log
Generic NM cation
Large Data
AUTOSAR
Diagnostic
and Trace
Drivers
Interface Drivers
COM
COM
CAN
State
Secure Onboard
IPDU Multiplexer
Manager
Communication
PDU Router
CAN NM
The TTCAN Communication Services are the
optional extensions of the plain CAN Interface and
CAN Transport
Protocol
CAN Driver module for vehicle network communi-
cation with the communication system TTCAN.
Task:
CAN Interface TTCAN ➢ Provide a uniform interface to the TTCAN network.
CAN Transceiver Driver for ext. Hide protocol and message properties from the
Driver CAN ASIC
application.
SPIHandler TTCAN
DIO Driver
Driver
CAN Driver
Please Note:
➢ The CAN Interface with TTCAN can serve both a
µC SPI TTCAN
plain CAN Driver and a CAN Driver TTCAN.
External
TTCAN Controller

Document ID 53 : 53
R22-11
page id: ggghh
Communication Stack Extension – TTCAN RTE
Communi-
cation
Services
Properties: COM HW
Abstr.
➢ TTCAN is an absolute superset to CAN, i.e. a CAN stack Communi-

cation
I/O
Drivers
which supports TTCAN can serve both a CAN and a Drivers
TTCAN bus.
➢ CanIf and CanDrv are the only modules which need
extensions to serve TTCAN communication.
➢ The properties of the communication stack CAN are also
true for CAN with TTCAN functionality.

Document ID 53 : 54
R22-11
page id: ppjfb
Communication Stack Extension – J1939 RTE
Communi-
cation
Services
Example:
COM HW
Communi-
J1939 Diagnostic
I/O
Com. Manager
Diagnostic Log
Com. Manager
Generic cation
Large Data
AUTOSAR
Diagnostic
and Trace
NM Drivers
Drivers
COM
COM
Interface
Request Manager
State Manager
J1939
CAN
J1939 NM
Secure Onboard
IPDU Multiplexer
The J1939 Communication Services extend the plain CAN

Communication
PDU Router
communication stack for vehicle network communication in

CAN J1939
Transport Transport heavy duty vehicles.
Protocol Protocol
Task:
Communication Hardw are Abstraction ➢ Provide the protocol services required by J1939. Hide
protocol and message properties from the application where
CAN Interface
not required.
CAN Transceiver Driver for ext.
Driver CAN ASIC
Please Note:
➢ There are two transport protocol modules in the CAN stack
SPIHandler
DIO Driver
Driver
CAN Driver (CanTp and J1939Tp) which can be used alternatively or in
parallel on different channels:. They are used as follows:
µC SPI CAN ◼ CanTp: ISO Diagnostics (DCM), large PDU transport
on standard CAN bus
External ◼ J1939Tp: J1939 Diagnostics, large PDU transport on
CAN Controller
J1939 driven CAN bus

Document ID 53 : 55
R22-11
page id: bbjfb
Communication Stack Extension – J1939 RTE
Communi-
cation
Services
Properties: COM HW
Abstr.
➢ Implementation: µC and ECU HW independent, based on Communi-
I/O
cation
CAN. Drivers
Drivers
➢ AUTOSAR COM, Generic NM (Network Management) Microcontroller (µC)
Interface and Diagnostic Communication Manager are the

same for all vehicle network systems and exist as one
instance per ECU.
➢ Supports dynamic frame identifiers that are not known at
configuration time.
➢ J1939 network management handles assignment of unique
addresses to each ECU but does not support
sleep/wakeup handling and related concepts like partial
networking.
➢ Provides J1939 diagnostics and request handling.

Document ID 53 : 56
R22-11
page id: 87z66
Communication Stack – LIN RTE
Communi-
cation
Services
COM HW
Example: Abstr.
Communi-
Communication Services
cation
Drivers
Com. Manager
Generic
Diagnostic
NM Microcontroller (µC)
AUTOSAR
Interface
COM
LIN State
The LIN Communication Services are a group of modules for vehicle
Manager network communication with the communication system LIN.
PDU Router Task:

Provide a uniform interface to the LIN network. Hide protocol and
message properties from the application.
LIN Interface Properties:

LIN Transceiver Driver for ext.
Driver LIN ASIC The LIN Communication Services contain:
➢ An ISO 17987 compliant communication stack with
Communication Drivers ◼ Schedule table manager to handle requests to switch to other
schedule tables (for LIN master nodes)
LIN Driver
◼ Communication handling of different LIN frame types
◼ Transport protocol, used for diagnostics
µC SCI ◼ A WakeUp and Sleep Interface
➢ An underlying LIN Driver:
◼ Implementing LIN protocol and accessing the specific hardware
◼ Supporting both simple UART and complex frame based LIN
hardware

Document ID 53 : 57
R22-11
page id: 66766
Communication Stack – LIN RTE
Communi-
cation
Services
Note: Integration of LIN into AUTOSAR: COM HW

Abstr.
➢ LIN Interface controls the WakeUp/Sleep API Communi-

cation
and allows the slaves to keep the bus awake Drivers
(decentralized approach).
➢ The communication system specific LIN State
Manager handles the communication
dependent Start-up and Shutdown features.
Furthermore it controls the communication
mode requests from the Communication
Manager. The LIN State Manager also
controls the I-PDU groups by interfacing
COM.
➢ When sending a LIN frame, the LIN Interface
requests the data for the frame (I-PDU) from
the PDU Router at the point in time when it
requires the data (i.e. right before sending
the LIN frame).

Document ID 53 : 58
R22-11
page id: ki890
Communication Stack – FlexRay RTE
Communi-
cation
Example: Services
Communication Services COM HW
Abstr.
Com. Manager
Diagnostic Log
Generic Communi-
Large Data
AUTOSAR
Diagnostic
and Trace
NM cation
COM
COM
Interface Drivers
FlexRay
State
The FlexRay Communication Services are a group
Secure Onboard
IPDU Multiplexer
Communication
Manager
PDU Router FlexRay
NM of modules for vehicle network communication with
the communication system FlexRay.
FlexRay Transport
Protocol
Task:
➢ Provide a uniform interface to the FlexRay network.
FlexRay Interface
Hide protocol and message properties from the
Driver for FlexRay Driver for external
application.
Transceiver FlexRay Controller

Please Note:
➢ There are two transport protocol modules in the
DIO Driver SPIHandlerDriver
Driver for internal
FlexRay Controller
FlexRay stack which can be used alternatively
◼ FrTp: FlexRay ISO Transport Layer
◼ FrArTp: FlexRay AUTOSAR Transport Layer,
Host µC Internal FlexRay Controller
provides bus compatibility to AUTOSAR R3.x
Data lines
External External
FlexRay Controller FlexRay Transceiver Control/status lines
(e.g. MFR 4200) (e.g. TJA 1080)

Document ID 53 : 59
R22-11
page id: 42432
Communication Stack – FlexRay RTE
Communi-
cation
Services
Properties: COM HW
Abstr.
➢ Implementation: µC and ECU HW independent, Communi-
cation
partly dependent on FlexRay. Drivers
➢ AUTOSAR COM, Generic NM Interface and Microcontroller (µC)

Diagnostic Communication Manager are the same
for all vehicle network systems and exist as one
instance per ECU.
➢ Generic NM Interface contains only a dispatcher.
No further functionality is included. In case of
gateway ECUs, it is replaced by the NM
Coordinator which in addition provides the
functionality to synchronize multiple different
networks (of the same or different types) to
synchronously wake them up or shut them down.
➢ FlexRay NM is specific for FlexRay networks and is
instantiated per FlexRay vehicle network system.
➢ The communication system specific FlexRay State
Manager handles the communication system
dependent Start-up and Shutdown features.
Furthermore it controls the different options of COM
to send PDUs and to monitor signal timeouts.

Document ID 53 : 60
R22-11
page id: 44566
Communication Stack – TCP/IP RTE
Communi-
cation
Example: Services
COM HW
Communi-
Com. Manager
Diagnostic Log
Generic NM cation
Large Data
AUTOSAR
Diagnostic
and Trace
Interface Drivers
COM
COM
Ethernet
UDP NM
State The TCP/IP Communication Services are a
Secure Onboard
IPDU Multiplexer
Manager
Communication
PDU Router group of modules for vehicle network

communication with the communication
Socket Adaptor
TCP/IP Communication Services
system TCP/IP.
Ethernet Interface
Task:
Ethernet Sw itch Driver ➢ Provide a uniform interface to the TCP/IP
Ethernet Transceiver Driver network. Hide protocol and message
properties from the application.
DIO Driver Handler / Driver Ethernet Driver
µC MII Ethernet
External
Ethernet Controller

Document ID 53 : 61
R22-11
page id: qqeet
Communication Stack – TCP/IP RTE
Communi-
cation
Services
Properties: COM HW
Abstr.
➢ The TcpIp module implements the main Communi-

cation
protocols of the TCP/IP protocol family Drivers
(TCP, UDP, IPv4, IPv6, ARP, ICMP, DHCP)
and provides dynamic, socket based
communication via Ethernet.
➢ The Socket Adaptor module (SoAd) is the
sole upper layer module of the TcpIp
module.

Document ID 53 : 62
R22-11
page id: 4dd66
Communication Stack – DDS RTE
Communi-
cation
Example: Services
COM HW
Communi-
Com. Manager
Diagnostic Log
Generic NM cation
Large Data
AUTOSAR
Diagnostic
and Trace
Interface Drivers
COM
COM Microcontroller (µC)
Ethernet
UDP NM
State The Data Distribution Services is a module
Secure Onboard
IPDU Multiplexer
Data Distribution
Manager
Communication
PDU Router for data-oriented vehicle network

Service
communication.
Socket Adaptor

Task:
Ethernet Interface ➢ Provide the DDS standard interfaces.
Ethernet Sw itch Driver
Ethernet Transceiver Driver

The DDS module supports:
I/O Drivers Communication Drivers ➢ Signal Base Publisher/Subscriber
DIO Driver Handler / Driver Ethernet Driver communication path
➢ QoS handling
µC MII Ethernet ➢ Full static configuration
External
Ethernet Controller

Document ID 53 : 63
R22-11
page id: 4dd68
Communication Stack – DDS RTE
Communi-
cation
Services
Properties: COM HW
Abstr.
➢ The DDS module relies on unserialized data Communi-
cation
as input, so it can implement all the features Drivers
of the Object Management Group (OMG) Microcontroller (µC)
DDS standard.
➢ The Socket Adaptor module (SoAd) is the

sole module able to handle the DDS-PDUs
by means of the PDU Router (PduR).
➢ The DDS module provides E2E features and

security services itself.

Document ID 53 : 64
R22-11
page id: bbnnq
Communication Stack – General RTE
Communi-
cation
Services
General communication stack properties: COM HW

Abstr.
Communi-
cation
Drivers
➢ A signal gateway is part of AUTOSAR COM to route Microcontroller (µC)
signals.
➢ PDU based Gateway is part of PDU router.
➢ IPDU multiplexing provides the possibility to add
information to enable the multiplexing of I-PDUs (different
contents but same IDs on the bus).
➢ Multi I-PDU to container mapping provides the possibility to
combine several I-PDUs into one larger (container-)I-PDU
to be transmitted in one (bus specific) frame.
➢ Upper Interface: µC, ECU hardware and network type
independent.
➢ For refinement of GW architecture please refer to
“Example Communication”

Document ID 53 : 65
R22-11
page id: 4w cs6
Off-board Communication Stack – European Vehicle-2-X RTE
Off-board
Comm.
Example: Services
Wireless COM HW
Off-board Communication Services Comm. Hw A Abstr.
V2X Data Wireless I/O

Manager Comm.Drivers Drivers
V2X Facilities
V2X Management
The European Vehicle-2-X Communication
V2X Basic
Transport
Services are a group of modules for Vehicle-to-
Protocol X communication via an ad-hoc wireless
network.
V2X Geo
Netw orking
➢ Facilities: implement the functionality for reception and
transmission of standardized V2X messages, build the
interface for vehicle specific SW-Cs
[Wireless / Wired] Communication Hardw are Abstraction ➢ Basic Transport Protocol = Layer 4
➢ Geo-Networking = Layer 3 (Addressing based on
Ethernet Interface
geographic areas, the respective Ethernet frames have their
own Ether-Type)
Wireless Ethernet Transceiver Driver ➢ V2X Management: manages cross-layer functionality (like
dynamic congestion control, security, position and time)
➢ V2X Data Manager: manages the receiving and
I/O Drivers Wireless Communication Drivers transformation of V2X messages and sends them through
RTE to SW-Cs or via SOME/IP
DIO Driver Handler / Driver Wireless Ethernet Driver
Task:
µC SPI Wireless Ethernet
➢ Provide a uniform interface to the Wireless
Ethernet network. Hide protocol and message
External properties from the application.
Wireless Ethernet Controller

Document ID 53 : 66
R22-11
page id: 4w cn2
Off-board Communication Stack – Chinese Vehicle-2-X RTE
Off-board
Comm.
Example: Services
Wireless
Off-board Communication Services Comm. Hw A
Wireless Communi- I/O

Comm.Drivers cation Drivers Drivers
V2X Data
Manager Microcontroller (µC)
Chinese V2X Message
Chinese V2X
Chinese V2X Security
Management The Chinese Vehicle-2-X Communication Services
are a group of modules based on cellular based
Chinese V2X Netw ork
V2X technology following Chinese V2X standards.
➢ Message: implement the functionality for reception and
transmission of standardized Chinese V2X message, build the
interface for vehicle specific SW-Cs; implement management
Wireless Communication Hardw are Abstraction
functionalities related to Message Layer(sending frequency,
Ethernet Interface Position and Time, message Identifiers)
➢ Security: implement the functionality of message encapsulation,
Cellular V2X Driver decapsulation and pseudonym management
（ For External Controller）
➢ Network: message reception and transmission,Layer-2 IDs
settings, etc.
I/O Drivers Communication Wireless Communication Drivers
Driv ers ➢ Management: manage cross-Layer functionality(such as
E.g. E.g. Cellular V2X Driver Dedicated Service Advertisement, etc.)
DIO Driver SPI Driver (For Internal Controller)
Task:
µC E.g. SPI Cellular V2X ➢ Provide a uniform interface to the cellular
based V2X network. Hide protocol and
External Cellular V2X message properties from the application.

Document ID 53 : 67
R22-11
page id: 9ddff
Services: Memory Services RTE
Memory
Services
The Memory Services consist of one module,

the NVRAM Manager. It is responsible for
the management of non volatile data
(read/write from different memory drivers). Microcontroller (µC)
Task: Provide non volatile data to the

application in a uniform way. Abstract from
memory locations and properties. Provide
mechanisms for non volatile data
management like saving, loading, checksum Example:
protection and verification, reliable storage Memory Services
etc.
NVRAM Manager
Properties:
Implementation: µC and ECU hardware
independent, highly configurable
independent specified and implemented
according to AUTOSAR
(AUTOSAR interface)

Document ID 53 : 68
R22-11
page id: qw ehg
Services: System Services RTE
System Services
The System Services are a group of modules

and functions which can be used by modules
of all layers. Examples are Real Time
Operating System (which includes timer Microcontroller (µC)
services) and Error Manager. Example:

System Services
Some of these services are:
base Manager (StbM)
Basic Softw are Mode

Default Error Tracer
Synchronized Time-
➢ µC dependent (like OS), and may support special
Watchdog Manager
Function Inhibition
Manager (Bsw M)
Manager (ComM)
Diagnostic Event
Manager (Dem)
Communication
Manager (FiM)
Time Service
µC capabilities (like Time Service),
(WdgM)
(Det)
(Tm)
➢ partly ECU hardware and application dependent
(like ECU State Manager) or
➢ hardware and µC independent.
AUTOSAR OS
ECU State Manager

Task:
(EcuM)
Provide basic services for application and
basic software modules.
Properties:
Implementation: partly µC, ECU hardware and
application specific
independent
Document ID 53 : 69
R22-11
page id: 3edfg
Error Handling, Reporting and Diagnostic RTE
Communi-
System Services cation
Services
Application Layer Onboard
Dev. Abstr.
Micro-
AUTOSAR Runtime Environment (RTE) controller
Drivers
Communication Microcontroller (µC)
Services
System Services
Watchdog Manager
Function Inhibition Diagnostic Communi-

Manager cation Manager
Diagnostic Log
There are dedicated modules for different aspects
and Trace
of error handling in AUTOSAR. E.g.:
Diagnostic Event
Manager
XCP
➢ The Diagnostic Event Manager is responsible
for processing and storing diagnostic events
Onboard Device Communication (errors) and associated FreezeFrame data.
Abstraction Hardware
Abstraction ➢ The module Diagnostic Log and Trace
Watchdog Interface
supports logging and tracing of applications. It
Microcontroller Drivers Communication
collects user defined log messages and converts
Drivers them into a standardized format.
Watchdog Driver
Microcontroller
➢ All detected development errors in the Basic Software are reported to Default Error Tracer.
➢ The Diagnostic Communication Manager provides a common API for diagnostic services
➢ etc.

Document ID 53 : 70
R22-11
page id: xsji8
Application Layer: Sensor/Actuator Software Components RTE
The Sensor/Actuator AUTOSAR Software

Component is a specific type of AUTOSAR
Software Component for sensor evaluation
and actuator control. Though not belonging Microcontroller (µC)
to the AUTOSAR Basic Software, it is
described here due to its strong relationship
to local signals. It has been decided to locate
the Sensor/Actuator SW Components above Example:
the RTE for integration reasons
(standardized interface implementation and
Application Layer
interface description). Because of their
strong interaction with raw local signals,
Actuator Sensor
relocatability is restricted. Software Software
Component Component
Task:
Provide an abstraction from the specific RTE
physical properties of hardware sensors and
actuators, which are connected to an ECU. Basic Software
Interfaces to (e.g.)
• I/O HW Abstraction (access to I/O signals)
Properties: • Memory Services (access to calibration data)
• System Services (access to Error Manager)
Implementation: µC and ECU HW independent,
sensor and actuator dependent

Document ID 53 : 71
R22-11
page id: toc01
Table of contents
1. Architecture
2. Configuration

Document ID 53 : 72
R22-11
page id: w 111b
Architecture – Content of Software Layers
Example of a Layered Software Architecture for Multi-Core Microcontroller
Example: an ECU with a two core microcontroller
ECU
core 0: core 1:
partition 0: partition 1:
Application Layer
RTE
Operating
Communi- Communi-
System Services System
Memory cation cation
Services Services Services
(Master) ECU State (Satellite)
I/O HW Manager I/O HW
Complex Drivers
Complex Drivers
BSW Mode
Manager COM HW
COM HW
Onboard Dev. Memory HW Abstraction
Abstraction
Abstraction Abstraction (e.g. CAN,
(e.g. ETH)
FR)
Micro- I/O Micro- I/O

Memory
controller Drivers controller Memory Communi- Drivers
Drivers Communi-
Drivers (e.g. Master Drivers Drivers cation Drivers (e.g. Satellite
(e.g. Flash, cation Drivers
(e.g. MCU, or direct (e.g. MCU, (e.g. RAM (e.g. CAN, or direct
RAM test, (e.g. ETH)
Core test, access for Core test, test) FR) access for
EEPROM)
GPT) DIO) GPT) DIO)

Document ID 53 : 73
R22-11
page id: w 111e
Detailed View of Distributed BSW Modules
➢ BSW modules can be distributed across ECU

several partitions and cores. All partitions
share the same code.
core 0: core 1:
➢ Modules can either be completely identical on partition 0: partition 1:
each partition, as shown for the DIO driver out Application Layer
of I/O stack in the figure.
➢ As an alternative, they can use core- RTE
dependent branching to realize different
behavior. Com service and PWM driver use Communi- Communi-
master-satellite communication for processing cation
Services
cation
Services
a call to the master from the according I/O HW (Master) (Satellite) I/O HW
satellites.
◼ The communication between master and COM HW
Abstraction
satellite is not standardized. For example,
it can be based on functions provided by I/O I/O
I/O I/O
the BSW scheduler or on shared memory. Driver
Driver Driver
Driver
Communi- PWM
➢ The arrows indicate which components are DIO
PWM
Satellite
cation Drivers Master
DIO
involved in the handling of a service call,

depending on the approach to distribution and
on the origin of the call. Microcontroller (µC)

Document ID 53 : 74
R22-11
page id: w 111f
Overview of BSW Modules, OS, BswM and EcuM on Multiple Partitions
ECU
core 0: core 1:
partition 0: partition 1: partition 2: partition 3: partition 4:
Application Layer
RTE
BswM BswM BswM BswM BswM

EcuM EcuM
OS OS
Other Other Other Other Other

BSW BSW BSW BSW BSW
modules modules modules modules modules
➢ Basic Software Mode Manager (BswM) in every partition that runs BSW modules
◼ all these partitions are trusted
➢ One EcuM per core (each in a trusted partition)
➢ EcuM on that core that gets started via the boot-loader is the master EcuM
◼ Master EcuM starts all Satellite EcuMs

Document ID 53 : 75
R22-11
page id: w 111c
Scope: Multi-Core System Services RTE
System Services
➢ The IOC, as shown in the figure, provides communication

services which can be accessed by clients which need
to communicate across OS-Application boundaries on
the same ECU. The IOC is part of the OS.
➢ BSW modules can be executable on several cores, such Microcontroller (µC)
as the ComM in the figure. The core responsible for executing
a service is determined at runtime.
➢ Every core runs a kind of ECU state management.
Microcontroller
core 0: core 1:
System Services System Services
Basic Softw are Mode
management Core 1
ECU State Manager
Function Inhibition
Diagnostic Event
Communication
Communication
Inter OsApplication
Inter OsApplication
ECU state
communication
communication
Manager
Manager
Manager
Manager
Manager
Core 0
…
iOC
iOC
AUTOSAR OS
AUTOSAR OS

Document ID 53 : 76
R22-11
page id: toc01
Table of contents
1. Architecture
2. Configuration

Document ID 53 : 77
R22-11
page id: w xy8f
Overview of AUTOSAR safety handling
➢ AUTOSAR offers a flexible

approach to support MCU
safety relevant ECUs. Two QM Application QM Application ASIL Application
methods can be used:
SW-C SW-C SW-C SW-C
1. All BSW modules
are developed
according to the RTE
required ASIL
BSW partition – all modules ASIL
2. Selected modules
are developed Other
BSW
according to ASIL. BSW module
BSW BSW BSW BSW
ASIL and non-ASIL OS modules modules
s modules modules modules
modules are
separated into
different partitions
(BSW distribution)
Hardware
Note: The partitions are based on OS-

Applications. The TRUSTED attribute
of the OS-Application is not related to Example for usage of method (1)
ASIL/non-ASIL.

Document ID 53 : 78
R22-11
page id: w xy9f
AUTOSAR BSW distribution for safety systems
➢ Example of using different MCU

BSW partitions
QM Application QM Application ASIL Application
◼ Watchdog stack is
placed in a own SW-C SW-C SW-C SW-C
partition
◼ ASIL and non-ASIL
SW-Cs can access RTE
WdgM via RTE
QM BSW partition ASIL BSW partition
◼ Rest of BSW is placed
in own partition Other WdgM
BSW
Other
BSW
Other
modul Other BSW
OS
Other
BSW
modules es modules
WdgIf
BSW
modules
Other BSW
modules
modules
Wdg
Hardware

Document ID 53 : 79
R22-11
page id: toc01
Table of contents
1. Architecture
2. Configuration

Document ID 53 : 80
R22-11
page id: 9dfc8
Architecture
Overview of Modules – Implementation Conformance Class 3 - ICC3
This figure shows the mapping of basic software modules to AUTOSAR layers
Application Layer

System Services Memory Services Communication Services I/O Hardware Abstraction Complex
Drivers
Nm
Com
Dcm
Dlt
If
WdgM
ComM
BswM
Dem
StbM
NvM
FiM
Det
SM
Tm
I/O Signal Interface
SecOC
PduR
IpduM
Xf
Nm
Tp
Driver for Driver for
Onboard Device Memory Hardware Communication ext. ext.
AUTOSAR OS
Abstraction Abstraction Hardware Abstraction ADC ASIC I/O ASIC

EcuM
WdgIf MemIf xxx Interface

Fee Ea
MemAcc Trcv. ext. Drv
Microcontroller Drivers Memory Drivers Communication Drivers I/O Drivers

RamTst
CorTst
FlsTst
Pw m
Mem
Wdg
Mcu
Ocu
Adc
Eep
Can
Port
Gpt
Fls
Spi
Lin
Eth
Icu
Dio
Fr
Microcontroller
Not all modules are shown here

Document ID 53 : 81
R22-11
page id: 92jc9
Architecture
Overview of Modules – Implementation Conformance Classes – ICC2
The clustering shown in this document is the one defined by the project so far. AUTOSAR is currently not restricting the clustering
on ICC2 level to dedicated clusters as many different constraint and optimization criteria might lead to different ICC2
clusterings. There might be different AUTOSAR ICC2 clusterings against which compliancy can be stated based on a to be
defined approach for ICC2 compliance.
Application Layer
AUTOSAR Runtime Environment

Com …
Services
*
COM
PDU Router
CAN … …
O
S CAN St Mgr …
CAN CAN
..
TP NM
CAN Interface
CAN Driver
ECU Hardware
… ICC3 module ICC2 clusters

Document ID 53 : 82
R22-11
page id: 94t21
Architecture
Overview of Modules – Implementation Conformance Classes – ICC1
In a basic software which is compliant to ICC1 no modules or clusters are required.
The inner structure of this proprietary basic software is not specified.
Application Layer
Proprietary software
ECU Hardware

Document ID 53 : 83
R22-11
page id: 94p21
Architecture
Overview of Modules – Implementation Conformance Classes – behavior to the outside
Basic software (including the RTE) which is AUTOSAR compliant (ICC1-3) has to behave to the outside as specified by the ICC3
module specification.
For example the behavior towards:
➢ buses,
➢ boot loaders and
➢ Applications
Additionally, the ICC1/2 configuration shall be compatible regarding the system description as in ICC3.
Application Layer
Basic Software
ECU Hardware
ICC 3 compliant
behavior

Document ID 53 : 84
R22-11
page id: toc01
Table of contents
1. Architecture
2. Configuration

Document ID 53 : 85
R22-11
page id: tz76a
Interfaces
Type of Interfaces in AUTOSAR
An "AUTOSAR Interface" defines the information exchanged between

software components and/or BSW modules. This description is
independent of a specific programming language, ECU or network
technology. AUTOSAR Interfaces are used in defining the ports of
AUTOSAR Interface software-components and/or BSW modules. Through these ports
software-components and/or BSW modules can communicate with each
other (send or receive information or invoke services). AUTOSAR makes
it possible to implement this communication between Software-
Components and/or BSW modules either locally or via a network.
A "Standardized AUTOSAR Interface" is an "AUTOSAR Interface" whose

syntax and semantics are standardized in AUTOSAR. The "Standardized
Standardized AUTOSAR
AUTOSAR Interfaces" are typically used to define AUTOSAR Services,
Interface which are standardized services provided by the AUTOSAR Basic
Software to the application Software-Components.
A "Standardized Interface" is an API which is standardized within

AUTOSAR without using the "AUTOSAR Interface" technique. These
"Standardized Interfaces" are typically defined for a specific programming
language (like "C"). Because of this, "standardized interfaces" are
Standardized Interface typically used between software-modules which are always on the same
ECU. When software modules communicate through a "standardized
interface", it is NOT possible any more to route the communication
between the software-modules through a network.

Document ID 53 : 86
R22-11
page id: 94ju5
Interfaces
Components and interfaces view (simplified)
Application Actuator Sensor Application

AUTOSAR Software
Component
Software
Component
Software
Component
AUTOSAR Software
Component
Software
Component
AUTOSAR AUTOSAR AUTOSAR
Software AUTOSAR
Interface
Interface Interface Interface
.............. Interface

Standard
Software
Standardized
Standardized Standardized AUTOSAR AUTOSAR
AUTOSAR
Interface Interface Interface Interface
Interfaces: Interface
ECU
VFB & RTE Services Communication
Abstraction
relevant
Standardized Standardized Standardized
Standardized
RTE Interface Interface Interface

Interface
relevant
Operating Complex
BSW System Drivers
relevant Standardized
Interface
Possible interfaces
inside Basic Software Microcontroller
Basic Software
(which are
Abstraction
not specified
within AUTOSAR)
ECU-Hardware
Note: This figure is incomplete with respect to the possible interactions between the layers.

Document ID 53 : 87
R22-11
page id: a6ztr
Interfaces: General Rules
General Interfacing Rules
Horizontal Interfaces Vertical Interfaces
Services Layer: horizontal interfaces are allowed One Layer may access all interfaces of the SW layer
Example: Error Manager saves fault data using the below
NVRAM manager
ECU Abstraction Layer: horizontal interfaces are Bypassing of one software layer should be avoided
allowed
A complex driver may use selected other BSW Bypassing of two or more software layers is not
modules allowed
µC Abstraction Layer: horizontal interfaces are not

allowed. Exception: configurable notifications are Bypassing of the µC Abstraction Layer is not allowed
allowed due to performance reasons.
AUTOSAR AUTOSAR AUTOSAR AUTOSAR
SW Comp SW Comp SW Comp SW Comp A module may access a lower layer module of
1 3 4 5
another layer group (e.g. SPI for external hardware)
All layers may interact with system services.

Document ID 53 : 88
R22-11
page id: 1xdfr
Interfaces: General Rules
Layer Interaction Matrix
This normative matrix shows the allowed
Off-board Comm. Services
I/O Hardware Abstraction

Microcontroller Hardware
Memory HW Abstraction
Comm. HW Abstraction*
interactions between
Communication Drivers*
Crypto HW Abstraction
Onboard Device Abstr.
System Services / OS
Microcontroller Drivers
AUTOSAR Basic Software layers
Memory Services
Complex Drivers
Crypto Services
Memory Drivers
Crypto Drivers
uses
I/O Drivers
✓ allowed to use SW Components / RTE ✓ ✓ ✓ ✓ ✓ ✓ ✓          
 not allowed to System Services / OS ✓ ✓ ✓ ✓ ✓  ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
use Memory Services ✓ ✓ ✓      ✓        
 restricted use Crypto Services ✓ ✓ ✓       ✓       
(callback only) Communication Services ✓ ✓ ✓ ✓ ✓      ✓      
Off-board Comm. Services ✓ ✓ ✓ ✓ ✓      ✓      
The matrix is read Complex Drivers restricted access -> see the following two slides
row-wise: I/O Hardware Abstraction ✓  ✓    ✓ ✓   ✓ ✓   ✓ ✓ 
Example: “I/O Onboard Device Abstr. ✓       ✓   ✓ ✓   ✓ ✓ 
Drivers are Memory HW Abstraction ✓ ✓      ✓ ✓  ✓  ✓  ✓  
allowed to use Crypto HW Abstraction ✓ ✓ ✓     ✓  ✓      ✓ 
Comm. HW Abstraction* ✓   ✓ ✓   ✓   ✓    ✓ ✓ 
System Services
Microcontroller Drivers ✓                ✓
and Hardware,
Memory Drivers ✓                ✓
but no other
✓ ✓               ✓
layers”. Crypto Drivers
Communication Drivers* ✓               ✓ ✓
(gray background indicates
“non-Basic Software”
I/O Drivers ✓                ✓
layers)
*: includes w ired and w ireless communication

Document ID 53 : 89
R22-11
page id: 11122
Interfaces Application Layer
Interfacing with Complex Drivers (1) RTE
Complex Drivers
Complex Drivers may need to interface to other modules
in the layered software architecture, or modules in
the layered software architecture may need to interface
to a Complex Driver. If this is the case,
the following rules apply:
1. Interfacing from modules of the layered software architecture to Complex Drivers
This is only allowed if the Complex Driver offers an interface which can be generically configured by the accessing
AUTOSAR module.
A typical example is the PDU Router: a Complex Driver may implement the interface module of a new bus system.
This is already taken care of within the configuration of the PDU Router.
2. Interfacing from a Complex Driver to modules of the layered software architecture
Again, this is only allowed if the respective modules of the layered software architecture offer the interfaces, and are
prepared to be accessed by a Complex Driver. Usually this means that
➢ The respective interfaces are defined to be re-entrant.
➢ If call back routines are used, the names are configurable
➢ No upper module exists which does a management of states of the module (parallel access would change states
without being noticed by the upper module)

Document ID 53 : 90
R22-11
page id: 11123
Complex Drivers
In general, it is possible to access the following modules:
➢ The SPI driver
➢ The GPT driver
➢ The I/O drivers with the restriction that re-entrancy often only exists for Microcontroller (µC)
separate groups/channels/etc. Parallel access to the same
group/channel/etc. is mostly not allowed. This has to be taken care of during configuration.
➢ The NVRAM Manager as exclusive access point to the memory stack
➢ The Watchdog Manager as exclusive access point to the watchdog stack
➢ The PDU Router as exclusive bus and protocol independent access point to the communication stack
➢ The bus specific interface modules as exclusive bus specific access point to the communication stack
➢ The NM Interface Module as exclusive access point to the network management stack
➢ The Communication Manager (only from upper layer) and the Basic Software Mode Manager
as exclusive access points to state management
➢ Det, Dem and Dlt
➢ The OS as long as the used OS objects are not used by a module of the layered software architecture
Still, for each module it is necessary to check if the respective function is marked as being re-entrant. For example,
‘init’ functions are usually not re-entrant and should only be called by the ECU State Manager.

Document ID 53 : 91
R22-11
page id: q1123
Complex Drivers
In case of multi-core architectures, there are additional rules:
➢ The BSW can be distributed across several cores. The core
responsible for executing a call to a BSW service is determined
by the task mapping of its BswOperationInvokedEvent.
➢ Crossing partition and core boundaries is permitted for module
internal communication only, using a master/satellite implementation.
➢ Consequently, if the CDD needs to access standardized interfaces of the BSW, it needs to reside on the same
core.
➢ In case a CDD resides on a different core, it can use the normal port mechanism to access AUTOSAR interfaces
and standardized AUTOSAR interfaces. This invokes the RTE, which uses the IOC mechanism of the operating
system to transfer requests to the other core.
➢ However, if the CDD needs to access standardized interfaces of the BSW and does not reside on the same core,
◼ either a satellite providing the standardized interface can run on the core where the CDD resides and forward
the call to the other core
◼ or a stub part of the CDD needs to be implemented on the other core, and communication needs to be
organized CDD-local using the IOC mechanism of the operating system similar to what the RTE does.
➢ Additionally, in the latter case the initialization part of the CDD also needs to reside in the stub part on the
different core.

Document ID 53 : 92
R22-11
page id: toc01
Table of contents
1. Architecture
2. Configuration

Document ID 53 : 93
R22-11
page id: 2w fr5
Interfaces: Interaction of Layers – Example “Memory”
Introduction
The following pages explain using the example „memory“:
➢ What are the features / difference of the available memory service modules?
➢ How do the software layers interact?
➢ How do the software interfaces look like?
➢ What is inside the ECU Abstraction Layer?
➢ How can abstraction layers be implemented efficiently?

Document ID 53 : 94
R22-11
page id: 2w f66
Background: Comparison between memory service modules and memory types
➢ The different service modules (memory managers) abstract from the used non-volatile (NV) memory, but the properties of the
hardware impact their design and how access is realized.
➢ There are constraints on the use of the different listed modules depending on the properties of the used NV hardware.
➢ The following table lists the properties of the modules and related NV memory.
Module Use cases, features Supported NV memory properties Example hardware
NvM • Storage of module data (e.g. Error information, • Direct (memory mapped) and • Internal data flash
special configuration info, status information, indirect (e.g. via SPI) NV access (via Flash eeprom
diagnostic data, ...) • Serialized access (read-while- emulation)
• Supports many reader/writer (BSW and SW-C) write-in-same-HW-segment may • External eeprom /
in parallel. not work → NvM always buffer the data flash
• Mostly read during start-up and written in data)
shutdown, but intermediate reads/writes during
normal operation are also supported
• Typical data size per user is bytes to some KiB
BndM • Storage of car specific data • Direct access of NV data (via • Internal data flash
• (Very rare) Writes via diagnostics, only in pointer) is required • Internal code flash
„controlled environment“ (e.g. repair shop) • Parallel read of NV data is required
• Supports many readers (SW-C) in parallel
• Users have direct access via pointer
• Typical size many KiB
FOTA • Storage of model specific car data/code • Read-While-Write (e.g. via memory • Internal and
(manager) • Very few users, typically only one abstraction/partitioning) external code flash
• Typical size in MiB
• Write new data in the background e.g. over
several driving cycles (interruptible and
preemptable update procedure)

Document ID 53 : 95
R22-11
page id: 99876
Example and First Look
System Services Memory Services

This example shows how the NVRAM Manager and the
Watchdog Manager interact with drivers on an assumed Watchdog NVRAM
hardware configuration: Manager Manager
The ECU hardware includes an external EEPROM and an MemIf_Read()

external watchdog connected to the microcontroller via the WdgIf_Trigger() MemIf_Write()
same SPI. Onboard Device Memory Hardw are Abstraction
Abstraction
Memory Abstraction Interface
The SPIHandlerDriver controls the concurrent access to the
SPI hardware and has to give the watchdog access a Watchdog Interface Fee_Read()
higher priority than the EEPROM access. EEPROM Fee_Write()
Wdg_Trigger() Abstraction
Flash EEPROM
The microcontroller includes also an internal flash which is Emulation
External External
used in parallel to the external EEPROM. The EEPROM EEPROM Driver
Watchdog Driver
Abstraction and the Flash EEPROM Emulation have an
API that is semantically identical. Spi_ReadIB() Fls_Read()
Spi_WriteIB() Fls_Write()
The Memory Abstraction Interface can be realized in the COM Drivers Memory Drivers
following ways:
Internal
➢ routing during runtime based on device index (int/ext) SPIHandlerDriver
Flash Driver
➢ routing during runtime based on the block index (e.g. >
0x01FF = external EEPROM)
µC SPI Flash
➢ routing during configuration time via ROM tables with
function pointers inside the NVRAM Manager (in this case
the emory Abstraction Interface only exists „virtually“)
CS SPI CS SPI
External External
Watchdog EEPROM

Document ID 53 : 96
R22-11
page id: 9987d
Example and First Look {DRAFT}
System Services Memory Services

This example shows how the NVRAM Manager and the
Watchdog NVRAM
Watchdog Manager interact with drivers on an assumed Manager Manager
hardware configuration:
WdgIf_Trigger() MemIf_Read()
MemIf_Write()
The ECU hardware includes an external EEPROM and an
external watchdog connected to the microcontroller via the Onboard Device Memory Hardw are Abstraction
Abstraction
same SPI. Memory Abstraction Interface
Fee_Read()
Fee_Write()
The SPIHandlerDriver controls the concurrent access to the EEPROM Flash EEPROM
SPI hardware and has to give the watchdog access a Watchdog Interface
Abstraction Emulation
higher priority than the EEPROM access. Wdg_Trigger()
MemAcc_Read()
MemAcc_Write()
Memory Access
The microcontroller includes also an internal flash which is
used in parallel to the external EEPROM. The EEPROM
External External
Abstraction and the Flash EEPROM Emulation have an Watchdog Driver Mem Driver
API that is semantically identical.
Spi_ReadIB() Mem_Read()
Spi_WriteIB() Mem_Write()
The Memory Abstraction Interface can be realized in the
following ways: COM Drivers Memory Drivers
➢ routing during runtime based on device index (int/ext) SPIHandlerDriver
Internal
Memory Driver
➢ routing during runtime based on the block index (e.g. >
0x01FF = external EEPROM)
➢ routing during configuration time via ROM tables with µC SPI Flash
function pointers inside the NVRAM Manager (in this case
the emory Abstraction Interface only exists „virtually“)
CS1 SPI CS2 SPI
External External
Watchdog EEPROM

Document ID 53 : 97
R22-11
page id: 664b1
Bulk NV Data Manager
Application Layer
Use-case Bulk NV Data Manager (BndM):

Persistent data which is very infrequently written NvBlock SW-C
and additionally huge in size.
RTE
BndM_GetBlockPtr() (C-func)
DCM BndM_WriteStart() Memory Services

BndM_WriteBlock_shortname()
BndM_WriteFinalize() BulkNvData NVRAM
Transfomer_Inv ImplementationDataPrototype
Manager Manager
Diagnostic serialized data
Memory Hardw are Abstraction MemIf_Read()

MemIf_Write()
Memory
Abstraction
Interface
Fee_Read()
Fee_Write()
External diagnostic request
(WriteDataByIdentifier) Flash EEPROM
Emulation
Fls_Read()
Fls_Write()
Use-case NVRAM Manager (NvM): Memory Drivers

Persistent data which is high frequently updated
or small in its size Flash Driver
µC Flash

Document ID 53 : 98
R22-11
page id: 664c1
NvM Block Compression
➢ Use-case: large data blocks frequently written with only small local changes
◼ The actual algorithm is vendor-specific (block split, compression, delta,…)
lo ompression
S C Nv emIf
Nv riteBlock
continue in
Nv main function
irrorCallback
vendor specific
compression
emIf rite
Nv obEndNotification
Nv ob inish

Document ID 53 : 100
R22-11
page id: 1ase4
Closer Look at Memory Hardware Abstraction
Architecture Description
The NVRAM Manager accesses drivers via the
Memory Abstraction Interface. It addresses NvM_Write(BlockIndex)
different memory devices using a device index.
Memory Services
Interface Description NVRAM

The Memory Abstraction Interface could have the Manager
following interface (e.g. for the write function):

MemIf_Write(
Std_ReturnType MemIf_Write DeviceIndex,
( BlockNumber,
uint8 DeviceIndex, DataBufferPtr)
uint16 BlockNumber, Memory Hardw are Abstraction
uint8 *DataBufferPtr
) Memory Abstraction Interface
Ea_Write(
BlockNumber, Fee_Write(
The EEPROM Abstraction as well as the Flash BlockNumber,
DataBufferPtr)
EEPROM Emulation could have the following DataBufferPtr)
interface (e.g. for the write function):
EEPROM Abstaction Flash
EEPROM Emulation
Std_ReturnType Ea_Write
(
uint16 BlockNumber,
uint8 *DataBufferPtr
)

R22-11
page id: w fgz7
Implementation of Memory Abstraction Interface
Situation 1: only one NV device type used

This is the usual use case. In this situation, the Memory Abstraction can, in case of source code availability, be
implemented as a simple macro which neglects the DeviceIndex parameter. The following example shows
the write function only:
File MemIf.h:
#include “Ea.h“ /* for providing access to the EEPROM Abstraction */
...
#define MemIf_Write(DeviceIndex, BlockNumber, DataBufferPtr) \
Ea_Write(BlockNumber, DataBufferPtr)
File MemIf.c:
Does not exist
Result:
No additional code at runtime, the NVRAM Manager virtually accesses the EEPROM Abstraction or the Flash
Emulation directly.

R22-11
page id: 12345
Implementation of Memory Abstraction Interface
Situation 2: two or more different types of NV devices used

In this case the DeviceIndex has to be used for selecting the correct NV device. The implementation can also
be very efficient by using an array of pointers to function. The following example shows the write function
only:
File MemIf.h:
extern const WriteFctPtrType WriteFctPtr[2];
#define MemIf_Write(DeviceIndex, BlockNumber, DataBufferPtr) \

WriteFctPtr[DeviceIndex](BlockNumber, DataBufferPtr)
File MemIf.c:
#include “Ea.h“ /* for getting the API function addresses */
#include “Fee.h“ /* for getting the API function addresses */
#include “MemIf.h“ /* for getting the WriteFctPtrType */
const WriteFctPtrType WriteFctPtr[2] = {Ea_Write, Fee_Write};
Result:
The same code and runtime is needed as if the function pointer tables would be inside the NVRAM Manager.
The Memory Abstraction Interface causes no overhead.

R22-11
page id: w wwee
Conclusion
Conclusions:
➢ Abstraction Layers can be implemented very efficiently
➢ Abstraction Layers can be scaled
➢ The Memory Abstraction Interface eases the access of the NVRAM Manager to one or more
EEPROM and Flash devices

R22-11
page id: 10zow
Interfaces: Interaction of Layers – Example “Communication”
PDU Flow through the Layered Architecture
Layer N+1
➢ Explanation of terms: data structure PDU
➢ SDU LayerN_Tx(*PDU);
SDU is the abbreviation of “Service Data Unit”. It

void LayerN_Tx(*SDU);
is the data passed by an upper layer, with the
request to transmit the data. It is as well the data Layer N
which is extracted after reception by the lower
PCI data structure SDU
layer and passed to the upper layer.
PCI data structure PDU
A SDU is part of a PDU.
LayerN+1_Tx(*PDU);
➢ PCI
void LayerN+1_Tx(*SDU);
PCI is the abbreviation of “Protocol Control Layer N-1
Information”. his Information is needed to pass a
SDU from one instance of a specific protocol layer PCI data structure SDU
to another instance. E.g. it contains source and
target information.
The PCI is added by a protocol layer on the
transmission side and is removed again on the
receiving side. TP
PCI data structure SDU
➢ PDU
PDU is the abbreviation of “Protocol Data Unit”. PCI data structure PDU
The PDU contains SDU and PCI.
On the transmission side the PDU is passed from
the upper layer to the lower layer, which interprets CAN IF
this PDU as its SDU.
PCI data structure

R22-11
page id: 94j42
Interfaces: Interaction of Layers Application Layer
Example “Communi ation” (1) RTE
Communi-
cation
Services
SDU and PDU Naming Conventions COM HW
Abstr.
The naming of PDUs and SDUs respects the following rules: Communi-
cation
For PDU: <bus prefix> <layer prefix> - PDU Drivers
For SDU: <bus prefix> <layer prefix> - SDU Microcontroller (µC)
The bus prefix and layer prefix are described in the following table:
ISO Layer Layer AUTOSAR PDU Name CAN / LIN prefix FlexRay
Prefix Modules TTCAN prefix
prefix
Layer 6: I COM, DCM I-PDU N/A
Presentation
I PDU router, PDU I-PDU N/A
(Interaction)
multiplexer SF:
Single Frame
Layer 3: N TP Layer N-PDU CAN SF LIN SF FR SF FF:
Network Layer CAN FF LIN FF FR FF First Frame
CAN CF LIN CF FR CF CF:
Consecutive
CAN FC LIN FC FR FC
Frame
Layer 2: L Driver, Interface L-PDU CAN LIN FR FC:
Data Link Layer Flow Control
Examples:
➢I-PDU or I-SDU For details on the frame types, please refer to the
AUTOSAR Transport Protocol specifications for CAN,TTCAN, LIN and FlexRay.
➢CAN FF N-PDU or FR CF N-SDU
➢LIN L-PDU or FR L-SDU

R22-11
page id: 5udw 1
Interfaces: Interaction of Layers
Example “Communi ation” (2)
Components
➢ PDU Router:
◼ Provides routing of PDUs between different abstract communication controllers and upper layers
◼ Scale of the Router is ECU specific (down to no size if e.g. only one communication controller exists)
◼ Provides TP routing on-the-fly. Transfer of TP data is started before full TP data is buffered
➢ COM:
◼ Provides routing of individual signals or groups of signals between different I-PDUs
➢ NM Coordinator:
◼ Synchronization of Network States of different communication channels connected to an ECU via the
network managements handled by the NM Coordinator
➢ Communication State Managers:
◼ Start and Shutdown the hardware units of the communication systems via the interfaces
◼ Control PDU groups

R22-11
page id: 3hd8w
Example “Communi ation” (3)
RTE
Communication
Signals
Manager
FlexRay TTCAN
Secure Diagnostic Eth State CAN State LIN State Generic
Diagnostic State State
SOME/IP Onboard IPDU AUTOSAR Communi- Manager Manager Manager NM interface
Log and Manager Manager
TP Communi- Multiplexer COM cation
Trace
cation Manager
NM
Coordinator
I-PDU I-PDU I-PDU I-PDU I-PDU I-PDU
XCP
PDU Router
Ethernet Protocol
I-PDU 1 I-PDU 1 NM
I-PDU I-PDU 1 I-PDU I-PDU NM
NM
Module
See description Module
NM
CAN Tp Module
on next slide FlexRay Tp Module
J1939Tp
N-PDU N-PDU N-PDU
Communication
HW
Eth Interface FlexRay Interface LIN Interface
CAN Interface2 Abstraction
(incl. LIN TP)
L-PDU L-PDU L-PDU L-PDU
Eth Driver FlexRay Driver CAN Driver 2 LIN Low Level Driver
Note: This image is not complete with 1 The Interface between PduR and Tp differs significantly compared to the interface between PduR and the Ifs.
respect to all internal communication In case of TP involvement a handshake mechanism is implemented allowing the transmission of I-Pdus > Frame size.
paths. 2 CanIf with TTCAN serves both CanDrv with or without TTCAN. CanIf without TTCAN cannot serve CanDrv with TTCAN.

R22-11
page id: eed8w
Example “Communi ation” (4) – Ethernet Protocol
➢ This figure shows the interaction BswM PDU Router

of and inside the Ethernet
protocol stack. I-PDUs
Sd DoIP
I-PDUs I-PDUs
UDP NM
Socket Adaptor
TCP/IP Communication
Messages Streams
DHCP
UDP TCP
Services
Packet Segment
IPv4/v6
ARP/ND ICMP
Datagram
Communication HW
Eth Interface Abstraction
Eth. Frame
Eth Driver

R22-11
page id: xmd8w
Example “Communi ation” (5) - Ethernet and CAN communication using CAN XL
RTE
Complex Drivers
Communication
Signals
Manager
Secure Diagnostic CAN State Generic

Diagnostic
SOME/IP Onboard IPDU AUTOSAR Communi- Manager NM interface
Log and
TP Communi- Multiplexer COM cation
Trace
cation Manager
NM
Coordinator
I-PDU I-PDU I-PDU I-PDU I-PDU I-PDU
PDU Router
Ethernet Protocol CDD

I-PDU I-PDU
I-PDU
CAN Tp NM
Module
J1939Tp
N-PDU N-PDU
Communication HW Abstraction
CAN XL Transceiver Eth Interface CAN Interface

User-Def ined-I-PDU
L-PDU
L-PDU
CAN XL Driver
Note: This image is not complete with

respect to all internal communication
paths.

R22-11
page id: srs11
Example “Data Transformation” (1) – Introduction
The following pages explain communication with Data Transformation:
➢ How do the software layers interact?
➢ How do the software interfaces look like?

R22-11
page id: srs12
Example “Data Transformation” (2) – Example and First Look
This example shows the data flow if data transformation is

used for inter-ECU communication.
SW-C Application Layer
A SW-C sends data configured to be transmitted to a remote
ECU and subject to data transformation. This data
transformation doesn’t use in-place buffer handling.
Functionality Transformer Coordination

➢ The RTE calls the SOME/IP transformer as the first RTE
Buffer 1 Buffer 2
transformer in the chain and transfers the data from the
SW-C.
➢ The SOME/IP transformer executes the transformation and
writes the output (byte array) to a buffer provided by the
RTE.
➢ Afterwards, the RTE executes the Safety transformer
which is second in the transformer chain. The Safety
transformer’s input is the output of the SO E/IP SOME/IP E2E AUTOSAR
Transformer Transformer COM
transformer.
➢ The Safety transformer protects the data and writes the
output into another buffer provided by the RTE. A new
buffer is required because in-place buffer handling is not
used.
➢ The RTE transfers the final output data as a byte array to
the COM module.

R22-11
page id: srs13
Example “Data Transformation” (3) – Closer Look at Interfaces
Architecture Description
SW-C
The RTE uses the transformer which are located in
the System Service Layer.
Rte_Write(data)
Interface Description
The transformers in this example have the following Transformer Coordination
interfaces: RTE
Buffer 1 Buffer 2
SomeIpXf_SOMEIP_Signal1
(
uint8 *buffer1, SomeIpXf_SOMEIP_Signal1
SafetyXf_Safety_Signal1
(
Com_SendDynSignal
( (
uint16 *buffer1Length, buffer1,
buffer2,
Signal1,
&buffer2Length,
<type> data &buffer1Length,
data
buffer1,
buffer2,
buffer2Length
buffer1Length
) )
)
)
SafetyXf_Safety_Signal1
(
uint8 *buffer2,
uint16 *buffer2Length,
uint8 *buffer1,
uint16 buffer1Length SOME/IP AUTOSAR
E2E Transformer
) Transformer COM

R22-11
page id: srs14
Example “Data Transformation” (4) – COM Based Transformation
Goal
The COM Based Transformer provides serialization
functionality to the transformer chain based on a fixed SW-C Application Layer
communication matrix.
The fixed communication matrix allows an optimized placement
of signals into PDUs (e.g. a boolean data can be configured
to only occupy one bit in the PDU). This enables the usage Transformer Coordination
of transformer chains in low payload networks like Can or RTE
Buffer 1 Buffer 2
Lin.
Functionality
➢ The COM Based Transformer is the first transformer
(serializer) and gets the data from the application via the
RTE. Com Based Other AUTOSAR
➢ Based on the COM configuration (communication matrix) Transformer Transformer COM
the data is serialized exactly in the same way as the COM
module would have done it (endianess, sign extension).
➢ Other transformers may enhance the payload to have
CRCs and sequence counters (SC).
➢ The transformer payload is passed to the COM module as
one array of byte via the Com_SendSignalGroupArray API.
➢ The COM module can be configured to perform CRC SC D D D D
transmission mode selection based on the communication 1 2 3 4
matrix definition.
Signal Pdu

R22-11
page id: sst01
Signal-Service-Translation (1)
Goal
Adaptive Platform restricts communication to Service-oriented communication, the rest of the vehicle however
still uses Signal-based communication means - therefore a translation of these two approaches has to be
performed in order to allow an interaction between Classic and Adaptive Platform.
Functionality
➢ The definition and implementation of the Classic platform signal-service-translation shall be done inside an
Application Software Component, the so called Translation Software Component.
➢ The Translation Software Component has Ports defined and the payload is described using PortInterfaces
◼ Signal-to-service: Ports for incoming signals and Ports for outgoing events
◼ Service-to-signal: Ports for incoming events and Ports for outgoing signals
Service Interface S/R Interface

- Events - Data Elements
Adaptive Application Classic SW-C

Translation
Service oriented communication Signal based communication
Application SW-C
SOME/IP Serialized Bytes Com Pdu
a b c d a d c b

R22-11
page id: sst02
Signal-Service-Translation (2)
Functionality
➢ For the signal-based part the full functionality of the Classic platform COM-Stack is available and may be
configured such that the signal-based ISignalIPdus may originate from a variety of sources (Can, Lin, Flexray)
and the ISignalIPdus may be safety and security protected.
➢ For the service-oriented part it has to be guaranteed that the defined SOME/IP Service actually is compatible to
the Adaptive platform. This applies for the payload part (e.g. the SOME/IP serializer has to be used) as well as
for the control path using BswM and ServiceDiscovery.
➢ The behavioral part of the Translation Software Component itself defines how the data from signal-based side is
transported to the service-oriented side, and vice versa.
Translation Application SW-C

Signal
Service
Mapping
SOME/IP COM Based

Serializer Transformer
RTE
E2E Transformer E2E Transformer
COM-Stack
SOME/IP Serialized Bytes Com Pdu
SOME/IP
Header a b c d a d c b

R22-11
page id: toc01
Table of contents
1. Architecture
2. Configuration

R22-11
page id: 7jkf1
Overview of CP Software Clusters
Concept overview
The approach in a nutshell ➢ Software Cluster enable to split the

monolithic Classic Platform Architecture
Application Layer
Application Software Cluster

Application Application
Software
Application
into smaller units
Software Software
Component Component Component
AUTOSAR
Interface
AUTOSAR
Interface
AUTOSAR
Interface ➢ Each CP Software Cluster is separately
Runtime Env ironment
buildable
Services CDDs
Software Cluster Connection

Binary Manifest
➢ Software Clusters can be independently
Application Layer

updated
Software Software
Application Layer Application Layer

Component Component
Application
Software
Application
Software
Component
Application
Software
AUTOSAR
Interface
AUTOSAR
Interface
Application
Software
Application
Software
➢ Connections between Software Clusters
Component Component Component Component
AUTOSAR
Interface
AUTOSAR
Interface
AUTOSAR
Interface
Runtime Env ironment AUTOSAR
Interface
AUTOSAR
Interface
are created on basis of Binary Objects
Runtime Env ironment
Services CDDs
Runtime Env ironment and the information hold in the Binary

Services CDDs Binary Manifest Services CDDs
Manifest
Software Cluster Connection Software Cluster Connection
➢ Considers the limitation of current micro

Binary Manifest Binary Manifest
Software Software Binary Manifest
controller architectures, e.g. no address
Host Software Cluster

Component Component
AUTOSAR
Interface
AUTOSAR
Interface
virtualization
Runtime Environment
➢ In an Application Software Cluster,
Services Layer
Application SW-Cs and BSW modules
ECU Abstraction Layer CDD
(with limitations) can be integrated
Microcontroller ➢ The Host Software Cluster contains the

major part of the BSW Stack, especially
micro controller dependent modules
including the Operating System.

R22-11
page id: 7jmf2
Software Cluster Connection (1)

Application Layer The module Software Cluster Connection
(SwCluC) has 3 parts:
Application
Software
Application
Software
Application
Software ➢ Cross Software Cluster Communication
Component Component Component
(SwCluC_Xcc) provides the features in
AUTOSAR
Interface
AUTOSAR
Interface
AUTOSAR
Interface
Classic Platform
◼ to enable the connection of software clusters
Runtime Environment based on binary manifest
◼ for cross interaction and communication of
SwCluC Services CDDs software clusters
communication
communication
Cross SwCluC
Cross SwCluC
OS NvM Dem Dcm xxx ➢ Abstraction of non-software cluster-local
High High High High High BSW modules and their APIs in the
Proxy Proxy Proxy Proxy Proxy
corresponding proxy modules
Binary Manifest ◼ High Proxies substitute non-local BSW and
provide the according APIs
Host Software Cluster ◼ Lower Proxy modules connect to regular
Binary Manifest
communication
Cross SwCluC BSW modules of the Host Software Cluster
Software Software
Component Component
Host Software Cluster

AUTOSAR AUTOSAR OS NvM Dem Dcm xxx
➢ The Binary Manifest (BManif) provides

Interface Interface Low Low Low Low Low
Proxy Proxy Proxy Proxy Proxy
Runtime Environment
binary meta information for interfaces to be
Services Layer able to connect software clusters.
ECU Abstraction Layer CDD
Microcontroller

R22-11
page id: 7jnf3
Software
< Cluster Connection (2)
➢ Software Cluster Connection (SwCluC)

enables a flexible handling of interfaces
◼ Interfaces will be connected in a link
2 process, based on Binary Manifest and

Application Layer Application Layer match of required and provided entries

3 Application Application
◼ If a match is found the connection is

Software Software Software Software
Component Component Component Component
AUTOSAR AUTOSAR AUTOSAR AUTOSAR 1

Interface Interface Interface Interface
established
Runtime Env ironment Runtime Env ironment
Services CDDs Services CDDs ◼ If no requester is found the interface stays

Software Cluster Connection Software Cluster Connection
open 2
Binary Manifest Binary Manifest
1
◼ If no provider is found, the interface stays
open, and default values are provided 3
Application Layer

Application
Software
Application
Software
◼ This enables update of Software Clusters
with interface changes
Component Component
RTE
SwCluC_Xcc
RTE-Plugin
4
SwCluC
➢ Cross Software Cluster Communication
Binary Manifest
(SwCluC_Xcc) implements the communication
pattern and the interface to the RTE
◼ RTE interface: RIPS-Plugin 4

R22-11
page id: toc02
Table of contents
1. Architecture
6. Interfaces
1. General
2. Interaction of Layers (Examples)
2. Configuration

R22-11
page id: 9000a
Configuration
Overview
The AUTOSAR Basic Software supports the following configuration classes:
1. Pre-compile time
◼ Preprocessor instructions
◼ Code generation (selection or synthetization)
2. Link time
◼ Constant data outside the module; the data can be configured after the module has been
compiled
3. Post-build time
◼ Loadable constant data outside the module. Very similar to [2], but the data is located in a
specific memory segment that allows reloading (e.g. reflashing in ECU production line)
Independent of the configuration class, single or multiple configuration sets can be provided by means
of variation points. In case that multiple configuration sets are provided, the actually used configuration
set is to be chosen at runtime in case the variation points are bound at run-time.
In many cases, the configuration parameters of one module will be of different configuration classes.
Example: a module providing Post-build time configuration parameters will still have some parameters
that are Pre-compile time configurable.
Note: Multiple configuration sets were modeled as a sub class of the Post-build time configuration class
up to AUTOSAR 4.1.x.

R22-11
page id: 9000b
Configuration
Pre-compile time (1)
Use cases
Pre-compile time configuration would be chosen for
➢ Enabling/disabling optional functionality
This allows to exclude parts of the source code that are not needed
➢ Optimization of performance and code size
Using #defines results in most cases in more efficient code than
access to constants or even access to constants via pointers.
Generated code avoids code and runtime overhead.
Restrictions
➢ The module must be available as source code
➢ The configuration is static and it may consist of one or more
configuration sets identified by means of variation points. To update
any configuration set (e.g. change the value of certain parameters),
the module has to be recompiled.
Nm_Cfg.c Nm_Cfg.h
Required implementation
Pre-compile time configuration shall be done via the module‘s two uses includes
configuration files (*_Cfg.h, *_Cfg.c) and/or by code generation: (optional)
◼ *_Cfg.h stores e.g. macros and/or #defines
Nm.c
◼ *_Cfg.c stores e.g. constants

R22-11
page id: 9000c
Configuration
Example 1: Enabling/disabling functionality

File Spi_Cfg.h:
#define SPI_DEV_ERROR_DETECT ON
File Spi_Cfg.c:
const uint8 myconstant = 1U;
File Spi.c (available as source code):

#include "Spi_Cfg.h" /* for importing the configuration parameters */
extern const uint8 myconstant;
#if (SPI_DEV_ERROR_DETECT == ON)

Det_ReportError(Spi_ModuleId, 0U, 3U, SPI_E_PARAM_LENGTH); /* only one instance available */
#endif
Note: The Memory Abstraction (as specified by AUTOSAR) is not used to keep the example simple.

R22-11
page id: 9000d
Configuration
Example 2: Event IDs reported to the Dem

XML configuration file of the NVRAM Manager:
Specifies that it needs the event symbol NVM_E_REQ_FAILED for production error reporting.
File Dem_Cfg.h (generated by Dem configuration tool):

typedef uint8 Dem_EventIdType; /* total number of events = 46 => uint8 sufficient */
#define DemConf_DemEventParameter_FLS_E_ERASE_FAILED_0 1U
Example for a multiple
instance driver (e.g. internal
#define DemConf_DemEventParameter_FLS_E_WRITE_FAILED_0 3U
and external flash module)
#define DemConf_DemEventParameter_NVM_E_REQ_FAILED 5U
#define DemConf_DemEventParameter_CANSM_E_BUS_OFF 6U
...
File Dem.h:
#include "Dem_Cfg.h" /* for providing access to event symbols */
File NvM.c (available as source code):

#include "Dem.h" /* for reporting production errors */
Dem_SetEventStatus(DemConf_DemEventParameter_NVM_E_REQ_FAILED, DEM_EVENT_STATUS_PASSED);

R22-11
page id: 9000e
Configuration
Link time (1)
Use cases
Link time configuration would be chosen for
➢ Configuration of modules that are only available as object code
(e.g. IP protection or warranty reasons)
➢ Creation of configuration after compilation but before linking.
1. One configuration set, no runtime selection
Configuration data shall be captured in external constants. These external constants are
located in a separate file. The module has direct access to these external constants.
2. 2..n configuration sets, runtime selection possible
Configuration data shall be captured within external constant structs. The module gets a
pointer to one of those structs at initialization time. The struct can be selected at each
initialization.

R22-11
page id: 9000f
Configuration
Link time (2)
Example 1: Event IDs reported to the Dem by a multiple instantiated module (Flash Driver) only available as object code
XML configuration file of the Flash Driver:
Specifies that it needs the event symbol FLS_E_WRITE_FAILED for production error reporting.
File Dem_Cfg.h (generated by Dem configuration tool):

typedef uint16 Dem_EventIdType; /* total number of events = 380 => uint16 required */
#define DemConf_DemEventParameter_NVM_E_REQ_FAILED 5U
#define DemConf_DemEventParameter_CANSM_E_BUS_OFF 6U
...
File Fls_Lcfg.c:
#include "Dem_Cfg.h" /* for providing access to event symbols */
const Dem_EventIdType Fls_WriteFailed[2] = {DemConf_DemEventParameter_FLS_E_WRITE_FAILED_1,

DemConf_DemEventParameter_FLS_E_WRITE_FAILED_2};
File Fls.c (available as object code):

#include "Dem.h" /* for reporting production errors */
extern const Dem_EventIdType Fls_WriteFailed[];
Dem_SetEventStatus(Fls_WriteFailed[instance], DEM_EVENT_STATUS_FAILED);
Note: the complete include file structure with all forward declarations is not shown here to keep the example simple.

R22-11
page id: y000g
Configuration
Link time (3)
Example 2: Event IDs reported to the Dem by a module (Flash Driver) that is available as object code only
Problem
Dem_EventIdType is also generated depending of the total number of event IDs on this ECU. In this example it is represented
as uint16. The Flash Driver uses this type, but is only available as object code.
Solution
In the contract phase of the ECU development, a bunch of variable types (including Dem_EventIdType) have to be fixed and
distributed for each ECU. The object code suppliers have to use those types for their compilation and deliver the object code
using the correct types.

R22-11
page id: y000h
Configuration
Post-build time (1)
Use cases
Post-build time configuration would be chosen for
➢ Configuration of data where only the structure is defined but the contents not known during ECU-build time
➢ Configuration of data that is likely to change or has to be adapted after ECU-build time
(e.g. end of line, during test & calibration)
➢ Reusability of ECUs across different car versions (same application, different configuration), e.g. ECU in a low-cost car
version may transmit less signals on the bus than the same ECU in a luxury car version.
Restrictions
➢ Implementation requires storing all possibly relevant configuration items in a flashable area and requires pointer dereferencing
upon config access. Implementation precludes generation of code, which has impact on performance, code and data size.
1. One configuration set, no runtime selection

Configuration data shall be captured in external constant structs. These external structs are located in a separate memory
segment that can be individually reloaded. The module gets a pointer to a base struct at initialization time.
2. 2..n configuration sets, runtime selection possible

Configuration data shall be captured within external constant structs. These external structs are located in a separate memory
segment that can be individually reloaded. The module gets a pointer to one of several base structs at initialization time. The
struct can be selected at each initialization.

R22-11
page id: y000i
Configuration
Post-build time (2)
Example 1
If the configuration data is fix in memory size and position, the module has direct access to these external structs.
PduR.c Compiler Linker PduR.o
Direct access
(via reference as given by
Linker control file the pointer parameter of
PduR’s initialization function)
PduR_PBcfg.c Compiler Linker PduR_PBcfg.o

R22-11
page id: y000k
Configuration
Post-build time (3)
Required implementation 2: Configuration of CAN Driver that is available as object code only; a configuration set can be
selected out of multiple configuration sets during initialization time.
File Can_PBcfg.c:
#include “Can.h” /* for getting Can_ConfigType */
const Can_ConfigType MySimpleCanConfig [2] =
{
{
Can_BitTiming = 0xDF,
Can_AcceptanceMask1 = 0xFFFFFFFF,
Can_AcceptanceMask2 = 0xFFFFFFFF,
Can_AcceptanceMask3 = 0x00034DFF, Compiler
Can_AcceptanceMask4 = 0x00FF0000
},
{ … }
};
File EcuM.c:
#include “Can.h“ /* for initializing the CAN Driver */
Can_Init(&MySimpleCanConfig[0]); Linker
File Can.c (available as object code):

#include “Can.h“ /* for getting Can_ConfigType */
void Can_Init(Can_ConfigType* Config)

{
/* write the init data to the CAN HW */ Binary file
};

R22-11
page id: y000m
Configuration
Variants
Different use cases require different kinds of configurability. Therefore the following configuration variants are
provided:
➢ VARIANT-PRE-COMPILE
Only parameters with "Pre-compile time" configuration are allowed in this variant.
➢ VARIANT-LINK-TIME
Only parameters with "Pre-compile time" and "Link time" are allowed in this variant.
➢ VARIANT-POST-BUILD
Parameters with "Pre-compile time", "Link time" and "Post-build time" are allowed in this variant.
Example use cases:

➢ Reprogrammable PDU routing tables in gateway (Post-build time configurable PDU Router required)
➢ Statically configured PDU routing with no overhead (Pre-compile time configuration of PDU Router
required)
To allow the implementation of such different use cases in each BSW module, up to 3 variants can be
specified:
➢ A variant is a dedicated assignment of the configuration parameters of a module to configuration
classes
➢ Within a variant a configuration parameter can be assigned to only ONE configuration class
➢ Within a variant a configuration class for different configuration parameters can be different (e.g. Pre-
Compile for development error detection and post-build for reprogrammable PDU routing tables
➢ It is possible and intended that specific configuration parameters are assigned to the same
configuration class for all variants (e.g. development error detection is in general Pre-compile time
configurable).
R22-11
page id: y000n
Configuration
Memory Layout Example: Post-build configuration
EcuM defines the index: Description where to find what is an overall agreement:
1. EcuM needs to know all addresses including index
0x8000 &index (=0x8000)
2. The modules (xx, yy, zz) need to know their own
0x8000 &xx_configuration = 0x4710
start address: in this case: 0x4710, 0x4720 …
0x8002 &yy_configuration = 0x4720
3. The start addresses might be dynamic i.e. changes
0x8004 &zz_configuration = 0x4730
with new configuration
…
4. When initializing a module (e.g. xx, yy, zz), EcuM
passes the base address of the configuration data (e.g.
Xx defines the modules configuration data: 0x4710, 0x4720, 0x4730) to the module to allow for
0x4710 &the_real_xx_configuration variable sizes of the configuration data.
0x4710 lower = 2
0x4712 upper =7 The module data is agreed locally (in the module) only
0x4714 more_data 1. The module (xx, yy) knows its own start address
… (to enable the implementer to allocate data section)
2. Only the module (xx, yy) knows the internals of
Yy defines the modules configuration data:
its own configuration
0x4720 &the_real_yy_configuration
0x4720 Xx_data1=0815
0x4722 Yy_data2=4711
0x4724 more_data
…

R22-11
page id: axcvb
Configuration
Memory Layout Example: Multiple configuration sets
0x8000 &index[] (=0x8000) As before, the description where to find what is an

FL 0x8000 &xx_configuration = 0x4710 overall agreement
0x8002 &yy_configuration = 0x4720 1. The index contains more than one description (FL,
FR,..) in an array
0x8004 &zz_configuration = 0x4730
(here the size of an array element is agreed to be
… 8)
0x8008 &xx_configuration = 0x5000 2. There is an agreed variable containing the position
FR
0x800a &yy_configuration = 0x5400 of one description
selector = CheckPinCombination()
0x800c &zz_configuration = 0x5200
3. Instead of passing the pointer directly there is one
…
indirection:
0x8010 &xx_configuration = … (struct EcuM_ConfigType *) &index[selector];
RL 0x8012 &yy_configuration = … 4. Everything else works as in conventional single
0x8014 &zz_configuration = … configuration case.
…

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
1. Mapping of Runnables
2. Partitioning
3. Scheduling
4. Mode Management
5. Error Handling, Reporting and Diagnostic
6. Measurement and Calibration
7. Functional Safety
8. Security
9. Energy Management
10. Global Time Synchronization

R22-11
page id: 11eer
Integration and Runtime Aspects
Mapping of Runnables
➢ Runnables are the 1 0..*
VFB-
active parts of
view
SW-C Runnable
Software Components
➢ They can be executed 0..* 0..*
concurrently, by
Implementation/ECU-view
1
mapping them to
different Tasks. Task
➢ The figure shows
further entities like OS- 0..*
applications, Partitions, 1 1
µC-Cores and BSW-
Resources which have 1 1
Partition OS-Application
to be considered for
this mapping. 0..*
1
0..* 1
BSW-Ressource µC-Core
(E.g., NV-block)

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
2. Partitioning
3. Scheduling
4. Mode Management
8. Security

R22-11
page id: w weev
Integration and Runtime Aspects - Partitioning
Introduction
➢ Partitioning is implemented by using OS-Applications within the OS
➢ OS-Applications are used as error containment regions:

◼ Permit logical grouping of SW-Cs and resources
◼ Recovery policies defined individually for each OS-Application
➢ OS-Application consistency is ensured by the system/platform, for instance for:

◼ Memory access violation
◼ Time budget violation
➢ OS-Applications can be terminated or restarted during run-time as a result of a detected error:

◼ Further actions required: see example on following slides
◼ All BSW modules are placed in privileged OS-Applications
◼ These OS-Applications should not be restarted or terminated
➢ OS-Applications are configured in the ECU configuration:

◼ SW-Cs are mapped to OS-Applications (Consequence: restricts runnable to task
mapping)
◼ An OS-Application can be configured as restartable or not
➢ Communication across OS-Application boundaries is realized by the IOC

R22-11
page id: w weeu
Example of restarting OS-Application
A violation (error) has occurred in the system (e.g., memory or

SW-C SW-C SW-C
timing violation)
SW-C SW-C SW-C SW-C SW-C SW-C
Decision (by integrator code) to restart the OS-Application
RTE Other OS-Applications remain unaffected
The OS-Application is terminated by the OS, cleanup possible

SW-C SW-C SW-C
Communication to the OS-Application is stopped

Communication from the OS-Application is stopped (e.g., default

values for ports used)
RTE
The OS-Application is restarting (integrator code), initial environ-

SW-C SW-C SW-C
ment for OS-Application setup (init runnables, port values etc)

Communication to the OS-Application is stopped
Communication from the OS-Application is stopped

RTE
SW-C SW-C SW-C The OS-Application is restarted and up and running

Communication is restored
OS-Application internally handles state consistency

RTE
R22-11
page id: w weet
Involved components
➢ Protection Hook
◼ Executed on protection violation (memory or timing)
◼ Decides what the action is (Terminate, Restart, Shutdown, Nothing)
◼ Provided by integrator
◼ OS acts on decision by inspecting return value
➢ OsRestartTask
◼ Started by OS in case Protection Hook returns Restart
◼ Provided by integrator
◼ Runs in the OS-Application’s context and initiates necessary cleanup and restart activities, such as:
▪ Stopping communication (ComM)
▪ Updating NvM
▪ Informing Watchdog, CDDs etc.
➢ RTE
◼ Functions for performing cleanup and restart of RTE in OS-Application
◼ Triggers init runnables for restarted OS-Application
◼ Handles communication consistency for restarting/terminated OS-Applications
➢ Operating System
◼ OS-Applications have states (APPLICATION_ACCESSIBLE, APPLICATION_RESTART,
APPLICATION_TERMINATED)
◼ OS provides API to terminate other OS-Applications (for other errors than memory/timing)

R22-11
page id: w wees
Restart example
sd TerminateRestartPartition
Os-Application
state for the OS ProtectionHook OSRestartTask RTE BSW modules
considered
Partition.
APPLICATION_ACTIVE
ProtectionHook
inform the RTE
APPLICATION_RESTARTING ActivateTask
Trigger cleanup in the BSW partition
Polling end of asynchronous cleanups
request a restart of the partition to the RTE
AllowAccess
APPLICATION_ACTIVE
TerminateTask

R22-11
page id: w weer
Other examples
➢ Termination
◼ An OS-Application can be terminated directly
◼ Also for termination, some cleanup may be needed, and this shall be performed in the
same way as when restarting an OS-Application
➢ Error detection in applications

◼ SW-Cs may require restart for other reasons than memory or timing violation
◼ A termination/restart can be triggered from a SW-C using the OS service
TerminateApplication()
◼ Example: a distributed application requires restart on multiple ECUs

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
2. Partitioning
3. Scheduling
4. Mode Management
8. Security

R22-11
page id: y331a
Integration and Runtime Aspects - Scheduling
General Architectural Aspects
➢ Basic Software Scheduler and the RTE are generated together.

➢ This enables
◼ that the same OS Task schedules BSW Main Functions and Runnable Entities of
Software Components
▪ to optimize the resource consumption
▪ to configure interlaced execution sequences of Runnable Entities and BSW Main functions.
◼ a coordinated switching of a Mode affecting BSW Modules and Application Software

Components
◼ the synchronized triggering of both, Runnable Entities and BSW Main Functions by the
same External Trigger Occurred Event.

R22-11
page id: y331b
Basic Scheduling Concepts of the BSW
BSW Scheduling shall

➢ Assure correct timing behavior of the BSW, i.e., correct interaction of all BSW modules with respect to time
Data consistency mechanisms

➢ Applied data consistency mechanisms shall be configured by the ECU/BSW integrator dependent from the configured
scheduling.
Single BSW modules do not know about

➢ ECU wide timing dependencies
➢ Scheduling implications
➢ Most efficient way to implement data consistency
Centralize the BSW schedule in the BSW Scheduler configured by the ECU/BSW integrator and generated by the RTE
generator together with the RTE
➢ Eases the integration task
➢ Enables applying different scheduling strategies to schedulable objects
◼ Preemptive, non-preemptive, ...
➢ Enables applying different data consistency mechanisms
➢ Enables reducing resources (e.g., minimize the number of tasks)
➢ Enables interlaced execution sequences of Runnable Entities and BSW Main functions
Restrict the usage of OS functionality

➢ Only the BSW Scheduler and the RTE shall use OS objects or OS services
(exceptions: EcuM, Complex Drivers and services: GetCounterValue and GetElapsedCounterValue of OS; MCAL
modules may enable/disable interrupts )
➢ Rationale:
◼ Scheduling of the BSW shall be transparent to the system (integrator)
◼ Enables reducing the usage of OS resources (Tasks, Resources,...)
◼ Enables re-using modules in different environments

R22-11
page id: y331c
Scheduling Objects, Triggers and Mode Disabling Dependencies
BSW Scheduling objects

RTE
➢ Main functions
◼ n per module
◼ located in all layers
Zzz_MainFunction_Aaa
BSW Events
➢ BswTimingEvent
➢ BswBackgroundEvent
➢ BswModeSwitchEvent
➢ BswModeSwitchedAckEvent
➢ BswInternalTriggerOccuredEvent
Yyy_MainFunction_Aaa
➢ BswExternalTriggerOccuredEvent
➢ BswOperationInvokedEvent
Triggers
➢ Main functions can be triggered in all layers by
Xxx_Isr_Yyy
the listed BSW Events
Mode Disabling Dependencies

➢ The scheduling of Main functions can be Microcontroller
disabled in particular modes.

R22-11
page id: y331d
Transformation Process
Logical Architecture (Model) Technical Architecture (Implementation)

➢ Ideal concurrency ➢ Restricted concurrency
➢ Unrestricted resources ➢ Restricted resources
➢ Only real data dependencies ➢ Real data dependencies
➢ Dependencies given by restrictions
➢ Scheduling objects ➢ OS objects

➢ Trigger ◼ Tasks
◼ BSW Events ◼ ISRs
➢ Sequences of scheduling objects ◼ Alarms
➢ Scheduling Conditions ◼ Resources
➢ ... ◼ OS services
➢ Sequences of scheduling objects within tasks
➢ Sequences of tasks
➢ ...
Transformation
➢ Mapping of scheduling objects to OS Tasks

➢ Specification of sequences of scheduling objects within tasks
➢ Specification of task sequences
➢ Specification of a scheduling strategy
➢ ...

R22-11
page id: yqqq1
Transformation Process – Example 1
Logical Architecture (Model) Technical Architecture (Schedule Module)
Task1 {
Zzz_MainFunction_Bbb();
Zzz_MainFunction_Bbb(); Yyy_MainFunction_Aaa();
Yyy_MainFunction_Aaa(); glue code
Xxx_MainFunction_Aaa(); Xxx_MainFunction_Aaa();
glue code
...
}
Transformation

➢ Specification of sequences of scheduling objects within tasks

R22-11
page id: yqqq2
Transformation Process – Example 2

Task2 {
...
Xxx_MainFunction_Bbb();
...
Xxx_MainFunction_Bbb(); }
Yyy_MainFunction_Bbb(); Task3 {
...
Yyy_MainFunction_Bbb();
...
}
Transformation

R22-11
page id: yqqq3
Data Consistency – Motivation

➢ Access to resources by different and concurrent entities of the implemented technical architecture
(e.g., main functions and/or other functions of the same module out of different task contexts)
Xxx_Module
Xxx_MainFunction();
Yyy_ AccessResource();
XYZ resource
?
Yyy_MainFunction();
Yyy_Module
Transformation
Data consistency strategy to be used:

➢ Sequence, Interrupt blocking, Cooperative Behavior,
Semaphores (OSEK Resources), Copies of ...

R22-11
page id: yqqq4
Data Consistency – Example 1 – “Criti al Se tions” Approa h
Logical Architecture (Model)/ Implementation of Schedule Module

#define SchM_Enter_<mod>_<name> \
Technical Architecture (Schedule Module) DisableAllInterrupts
#define SchM_Exit_<mod>_<name> \
EnableAllInterrupts
Task1 Xxx_Module
Yyy_AccessResource() {
Xxx_MainFunction(); ...
SchM_Enter_Xxx_XYZ();
<access_to_shared_resource>
SchM_Exit_Xxx_XYZ();
Yyy_ AccessResource(); ...
}
Yyy_MainFunction() {
XYZ resource ...
SchM_Enter_Yyy_XYZ();
Yyy_MainFunction(); SchM_Exit_Yyy_XYZ();
...
Task2 }
Transformation
Data consistency is ensured by:

➢ Interrupt blocking

R22-11
page id: yqqq5
Data Consistency – Example 1 – “Criti al Se tions” Approa h
Logical Architecture (Model)/ Implementation of Schedule Module

#define SchM_Enter_<mod>_<name> \
Technical Architecture (Schedule Module) /* nothing required */
#define SchM_Exit_<mod>_<name> \
/* nothing required */
Task1 Xxx_Module
Yyy_AccessResource() {
Xxx_MainFunction(); ...
SchM_Enter_Xxx_XYZ();
SchM_Exit_Xxx_XYZ();
Yyy_ AccessResource(); ...
}
Yyy_MainFunction() {
XYZ resource ...
SchM_Enter_Yyy_XYZ();
Yyy_MainFunction(); SchM_Exit_Yyy_XYZ();
...
Task2 }
Transformation
Data consistency is ensured by:

➢ Sequence

R22-11
page id: y331e
Mode Communication / Mode Dependent Scheduling
➢ The mode dependent scheduling of BSW Modules is identical to the mode dependent
scheduling of runnables of software components.
➢ A mode manager defines a Provide ModeDeclarationGroupPrototype in its Basic
Software Module Description, and the BSW Scheduler provides an API to communicate mode
switch requests to the BSW Scheduler
➢ A mode user defines a Required ModeDeclarationGroupPrototype in its Basic Software
Module Description. On demand the BSW Scheduler provides an API to read the current
active mode
➢ If the Basic Software Module Description defines Mode Disabling Dependencies, the BSW
Scheduler suppresses the scheduling of BSW Main functions in particular modes.

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
2. Partitioning
3. Scheduling
4. Mode Management
8. Security

R22-11
page id: q222b
Vehicle and application mode management (1)
Relation of Modes: Vehicle

1
3
2
Modes
➢ Every system contains Modes at
Influence each other
different levels of granularity. As shown
in the figure, there are vehicle modes Application
1
1
2
2
3 1 2
and several applications with modes and Modes 3

3
ECUs with local BSW modes. Influence each other

Influence each other
➢ Modes at all this levels influence each 1

1
2
2
BSW
other. Modes
3
3
1 2
Therefore:
➢ Depending on vehicle modes, applications may be active or inactive and thus be in different
application modes.
➢ Vice versa, the operational state of certain applications may cause vehicle mode changes.
➢ Depending on vehicle and application modes, the BSW modes may change, e.g. the
communication needs of an application may cause a change in the BSW mode of a
communication network.
➢ Vice versa, BSW modes may influence the modes of applications and even the whole
vehicle, e.g. when a communication network is unavailable, applications that depend on it
may change into a limp-home mode.

R22-11
page id: q222e
Processing of Mode Requests

The basic idea of vehicle mode management is to distribute and arbitrate mode requests and to
control the BSW locally based on the results.
This implies that in each OS-Application, there has to be a mode manager that switches the modes
for its local mode users and controls the BSW. Of course there can also be multiple mode
managers that switch different Modes.
he mode request is a “normal” sender/receiver communication (system wide) while the mode
switch always a local service.
Mode Mode
Mode Mode Mode
Request Switch
Requester Manager User
Mode
Mode Mode
Switch
Manager User

R22-11
page id: q222c
Integration and Runtime Aspects Application Layer
Vehicle and application mode management (3) RTE
System Services
Layer Functionality per module
App Mode Arbitration SW-C

RTE Mode Request Distribution + Mode Handling

➢ The major part of the needed functionality is
BswM placed in the Basic Software Mode Manager
(BswM for short). Since the BswM is located
BSW Mode Arbitration Mode Control
in the BSW, it is present in every OS-
Application and local to the mode users as
well as the controlled BSW modules.
➢ The distribution of mode requests is performed by the RTE and the RTE also implements
the handling of mode switches.
➢ E.g. for vehicle modes, a mode request originates from one central mode requestor SW -C
and has to be received by the BswMs in many ECUs. This is an exception of the rule that
SW-Cs may only communicate to local BSW.
➢ BswMs running in different OS-Applications can propagate mode requests by Sender-
Receiver communication (SchMWrite, SchMRead).

R22-11
page id: q222d
Applications
Mode Processing Cycle
Mode requesting Mode using
➢ The mode requester SW-C requests mode
SW-C SW-C
A through its sender port. The RTE
distributes the request and the BswM 3: switch
receives it through its receiver port. 1: request mode A´
mode A
➢ The BswM evaluates its rules and if a
rule triggers, it executes the corresponding
action list. RTE
➢ When executing the action list, the BswM Mode request Local mode
may issue a (configurable optional) RTE distribution handling
call to the mode switch API as a last action
to inform the mode users about the
arbitration result, e.g. the resulting mode A’. BswM
➢ Any SW-C, especially the mode Mode Mode
requester can register to receive the 2: execute Arbitration Control
mode switch indication. associated
action list
Action list
➢ The mode requests can originate from Action 1
Mode arbitration
local and remote ECUs or OS-Applications.
overrides the Action 2
➢ Note that the mode requestor can only request for mode
receive the mode switch indications from …
the local BswM, even if the requests are A with mode A´. RteSwitch(mode A´)
sent out to multiple OS-Applications.

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
2. Partitioning
3. Scheduling
4. Mode Management
8. Security

R22-11
page id: 09op0
Integration and Runtime Aspects - Error Handling, Reporting and Diagnostic
Error Classification (1)
Types of errors
Hardware errors / failures

◼ Root cause: Damage, failure or ‚value out of range‘, detected by software
◼ Example 1: EEPROM cell is not writable any more
◼ Example 2: Output voltage of sensor out of specified range
Software errors
◼ Root cause: Wrong software or system design, because software itself can never fail.
◼ Example 1: wrong API parameter (EEPROM target address out of range)
◼ Example 2: Using not initialized data
System errors
◼ Example 1: CAN receive buffer overflow
◼ Example 2: time-out for receive messages

R22-11
page id: nji99
Error Classification (2)
Error Classes
➢ Development Errors
Development errors are software errors. They shall be detected like assertions and fixed during
development phase. The detection of errors that shall only occur during development can be switched off
per module for production code (by static configuration namely preprocessor switches). The according API
is specified within AUTOSAR, but the functionality can be chosen/implemented by the developer according
to specific needs.
➢ Runtime Errors
Runtime errors are systematic software errors. They indicate severe exceptions that hinder correct
execution of the code. The monitors may stay in code even for a deployed systems. Synchronous handling
of these errors can be done optionally in integrator code.
➢ Transient Faults
Transient faults occur in hardware e. g. by passage of particles or thermal noise. Synchronous handling of
these faults can be done optionally in integrator code. The detecting module may offer behavioral
alternatives selectable by this integrator code.
➢ Production Errors / Extended Production Errors

Those errors are stored in fault memory for repair actions in garages. Their occurrence can be anticipated
and cannot be avoided in production code. Production errors have a detection and a healing condition.

R22-11
page id: g7zre
Error Reporting – Alternatives
There are several alternatives to report an error (detailed on the following slides):
Via API
Inform the caller about success/failure of an operation.
Via statically definable callback function (notification)

Inform the caller about failure of an operation
Via central Error Hooks (Default Error Tracer, Det)

For logging and tracing errors during product development. Can be switched off for production code.
Via central Callouts (Default Error Tracer, Det)

For handling errors during product life time.
Via central Error Function (AUTOSAR Diagnostic Event Manager)

For error reaction and logging in series (production code)
Each application software component (SW-C) can report errors to Diagnostic Event Manager (Dem).

R22-11
page id: tegz7
Mechanism in relation to AUTOSAR layers and system life time
Default
Error Tracer
(Det)
Diagnostic
Log End to End
and Trace Communication
(Dlt) Application Layer (E2E)
Basic Software
Diagnostic Event
Manger (Dem)
and Function
Inhibition
Manager (FiM)
Watchdog ECU Hardware

(Wdg)
Life cycle: development production After production

R22-11
page id: yaq12
Error Reporting via API
Error reporting via API

Informs the caller about failure of an operation by returning an error status.
Basic return type

Success: E_OK (value: 0)
Failure: E_NOT_OK (value: 1)
Specific return type

If different errors have to be distinguished for production code, own return types have to be
defined. Different errors shall only be used if the caller can really handle these. Specific
development errors shall not be returned via the API. They can be reported to the Default
Error Tracer (Det).
Example: services of EEPROM driver

Success: EEP_E_OK
General error (service not accepted): EEP_E_NOT_OK
Write Operation to EEPROM was not successful: EEP_E_WRITE_FAILED

R22-11
page id: oiuzt
Error Reporting – Introduction
Error reporting via Diagnostic Event Manager (Dem)

For reporting production / series errors.
Those errors have a defined reaction depending on the configuration of this ECU, e.g.:
➢ Writing to error memory
➢ Disabling of ECU functions (e.g. via Function Inhibition Manager)
➢ Notification of SW-Cs
The Diagnostic Event Manager is a standard AUTOSAR module which is always available in production code
and whose functionality is specified within AUTOSAR.
Error reporting via Default Error Tracer (Det)

For reporting development/runtime errors.
The Default Error Tracer is mainly intended for handling errors during development time but also for handling
systematic errors in production code. Within the Default Error Tracer many mechanisms are possible, e.g.:
➢ Count errors
➢ Write error information to ring buffer in RAM
➢ Send error information via serial interface to external logger
➢ Infinite Loop, Breakpoint
The detection and reporting of development errors to the Default Error Tracer can be statically switched on/off
per module (preprocessor switch or different object code builds of the module) but not for Runtime errors.

R22-11
page id: fghjk
Diagnostic Event Manager – Diagnostic Error Reporting
API
The Diagnostic Event Manager has the following API:
Dem_SetEventStatus(EventId, EventStatus)
Problem: the error IDs passed with this API have to be ECU wide defined, have to be statically defined and have to occupy a
compact range of values for efficiency reasons. Reason: The Diagnostic Event Manager uses this ID as index for accessing
ROM arrays.
Error numbering concept: XML based error number generation

Properties:
◼ Source and object code compatible
◼ Single name space for all production relevant errors
◼ Tool support required
◼ Consecutive error numbers → Error manager can easily access ROM arrays where handling and reaction of errors is
defined
Process:
◼ Each BS odule declares all production code relevant error variables it needs as “extern”
◼ Each BSW Module stores all error variables that it needs in the ECU configuration description (e.g. CANSM_E_BUS_OFF)
◼ The configuration tool of the Diagnostic Event Manager parses the ECU configuration description and generates a single
file with global constant variables that are expected by the SW modules (e.g.
const Dem_EventIdType DemConf_DemEventParameter_CANSM_E_BUS_OFF=7U; or
#define DemConf_DemEventParameter_CANSM_E_BUS_OFF ((Dem_EventIdType)7))
◼ The reaction to the errors is also defined in the Error Manager configuration tool. This configuration is project specific.

R22-11
page id: ki87z
Default Error Tracer – Example: Development Error Reporting
API
The Default Error Tracer has the following API for reporting development errors (runtime errors and transient faults use identical
APIs with different names):
Det_ReportError(uint16 ModuleId, uint8 InstanceId, uint8 ApiId, uint8 ErrorId)
Error numbering concept

ModuleId (uint16)
The Module ID contains the AUTOSAR module ID from the Basic Software Module List.
As the range is 16 Bit, future extensions for development error reporting of application SW-C are possible. The Basic SW
uses only the range from 0..255.
InstanceId (uint8)
The Instance ID represents the identifier of an indexed based module starting from 0. If the module is a single instance
module it shall pass 0 as an instance ID.
ApiId (uint8)
The API-IDs are specified within the software specifications of the BSW modules. They can be #defines or constants
defined in the module starting with 0.
ErrorId (uint8)
The Error IDs are specified within the software specifications of the BSW modules. They can be #defines defined in the
module‘s header file.
If there are more errors detected by a particular software module which are not specified within the AUTOSAR module
software specification, they have to be documented in the module documentation.
All Error-IDs have to be specified in the BSW description.

R22-11
page id: yecvb
Diagnostic Log and Trace (1)
The module Diagnostic Log and Trace (Dlt) collects log messages and converts them into a
standardized format. The Dlt module forwards the data to the PduR, which sends it to the
configured communications bus.
Therefore the Dlt provides the following functionalities:
➢ Logging
◼ logging of errors, warnings and info messages from AUTOSAR SW-Cs, providing a
standardized AUTOSAR interface,
◼ gathering all log and trace messages from all AUTOSAR SW-Cs in a centralized
AUTOSAR service component (Dlt) in the BSW,
◼ logging of messages from Det and
◼ logging of messages from Dem.
➢ Tracing
◼ of RTE activities
➢ Control
◼ individual log and trace messages can be enabled/disabled and
◼ Log levels can be controlled individually by back channel.
➢ Generic
◼ Dlt is available during development and production phase,
◼ access over standard diagnosis or platform specific test interface is possible and
◼ security mechanisms to prevent misuse in production phase are provided.

R22-11
page id: dxcvb
The Dlt communication module is

enabled by an external client.
SW-C Application Layer
(1) A SW-C is generating a log
message. The log message is sent
to Dlt by calling the Interface
provided by Dlt 1 RTE
(2) Dlt implements the Dlt protocol

(3) Dlt sends the encoded log message
to the communication bus Diagnostic Log and Trace 2
(4) An external Dlt client collects the log

message and provides it for later 3
analysis
CAN / Flexray /
4 Ethernet / Serial

R22-11
page id: k387z
API
The Diagnostic Log and Trace has syntactically the following API:
Dlt_SendLogMessage(Dlt_SessionIDType session_id, Dlt_MessageLogInfoType log_info, uint8
*log_data,
uint16 log_data_length)
Log message identification :

session_id
Session ID is the identification number of a log or trace session. A session is the logical entity of the source of log or
trace messages. If a SW-C is instantiated several times or opens several ports to Dlt, a new session with a new Session
ID for every instance is used. A SW-C additionally can have several log or trace sessions if it has several ports opened
to Dlt.
log_info contains:
Application ID / Context ID
Application ID is a short name of the SW-C. It identifies the SW-C in the log and trace message. Context ID is a user
defined ID to group log and trace messages produced by a SW-C to distinguish functionality. Each Application ID can
own several Context IDs. Context ID’s are grouped by Application ID’s. Both are composed by four 8 bit ASCII
characters.
Message ID
Messaged ID is the ID to characterize the information, which is transported by the message itself. It can be used for
identifying the source (in source code) of a message and shall be used for characterizing the payload of a message. A
message ID is statically fixed at development or configuration time.
log_data
Contain the log or trace data it self. The content and the structure of this provided buffer is specified by the Dlt
transmission protocol.
Description File
Normally the log_data contains only contents of not fixed variables or information (e.g. no static strings are transmitted).
Additionally a description file shall be provided. Within this file the same information for a log messages associated with t he
Message ID are posted. These are information how to interpret the log_data buffer and what fixed entries belonging to a log
message.

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
2. Partitioning
3. Scheduling
4. Mode Management
8. Security

R22-11
page id: y0099
Integration and Runtime Aspects - Measurement and Calibration
XCP
XCP is an ASAM standard for calibration purpose of an ECU.
RTE
XCP within AUTOSAR provides
the following basic features:
Signals
➢ Synchronous data acquisition

➢ Synchronous data stimulation IPDU
AUTOSAR
Diagnostic
Communi-
Diagnostic
Multi- Log and
➢ Online memory calibration (read / write
COM cation
plexer Trace
Manager
access) XCP Protocol I-PDU I-PDU I-PDU I-PDU
➢ Calibration data page initialization and XCPonFr /

XCPonCAN / PDU Router
switching XCPonTCP/IP / NM
Interfaces Module
➢ Flash Programming for ECU I-PDU 1
I-PDU
development purposes AUTOSAR Tp
N-PDU N-PDU
Bus Interface(s)
(or Socket Adaptor on ethernet)
L-PDU
Bus Driver(s)

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
2. Partitioning
3. Scheduling
4. Mode Management
8. Security

R22-11
page id: yxcvb
Integration and Runtime Aspects – Safety End to End (E2E) Communication Protection
Wrapper Approach – Overview
Typical sources of interferences,

causing errors detected by E2E
Libraries OS-Application 2 OS-Application 1 protection:
Receiver 1 Sender
SW-related sources:
S1. Error in mostly generated RTE,
S2. Error in partially generated and
partially hand-coded COM
E2E protection E2E protection S3. Error in netw ork stack
wrapper wrapper S4. Error in generated IOC or OS
Direct function call Direct function call S1
H3 HW-related sources:
RTE H1. Failure of HW netw ork
E2E
Lib
H2. Netw ork electromagnetic

interference
System Services Memory Services Com munication I/O Hardw are CDD H3. Microcontroller failure during
Services Abstraction context sw itch or on the
S4 S2 communication betw een cores
IOC
Direct function call

Onboard Device Memory Hardware Com munication RTE int. wrapper
Abstraction Abstraction Hardw are Abstraction
S3 Receiver
2
Microcontroller Memory Drivers Com munication I/O Drivers

Drivers Drivers
H1 H2
Microcontroller 2
Microcontroller 1 / ECU 1
/ ECU 2

R22-11
page id: yx3vb
Wrapper Approach – Logic
Libraries OS-Application 2 OS-Application 1
Receiver 1 Sender 1
Application logic Application logic
9. Consume safe data elements 1. Produce safe data elements
6. Invoke safe read do get the 2. Invoke safe transmission

E2E protection data element - E2E protection
request -
wrapper E2EWRP_Read__<o>() wrapper E2EWRP_Write__<o>()
8. Call E2E check on array

- E2E_P0xCheck()
3. Call E2E protect on array – E2E_P0x_Protect()
7. Invoke RTE read - RTE_Read__<o>() to get 4. Invoke RTE - RTE_Write__<o>() to

the data element transmit the data element
E2E
Lib
AUTOSAR Runtim e Environment (RTE)
5. RTE communication (intra or inter ECU), either through COM, IOC,

or local in RTE
Notes:
➢ For each RTE Write or Read function that transmits safety-related data (like Rte_Write__<o>()), there is the
corresponding E2E protection wrapper function.
➢ The wrapper function invokes AUTOSAR E2E Library.
➢ The wrapper function is a part of Software Component and is preferably generated.
➢ The wrapper function has the same signature as the corresponding RTE function, just instead of Rte_ there is E2EPW_.
➢ The E2EPW_ function is called by Application logic of SW-Cs, and the wrapper does the protection/checks and calls
internally the RTE function.
➢ For inter-ECU communication, the data elements sent through E2E Protection wrapper are be byte arrays. The byte
arrays are put without any alterations in COM I-PDUs.

R22-11
page id: yx3vc
Wrapper Approach – Caveat
NOTE:
➢ The E2E wrapper approach involves technologies that are not subjected to the AUTOSAR
standard and is superseded by the superior E2E transformer approach (which is fully
standardized by AUTOSAR). Hence, new projects (without legacy constraints due to carry-
over parts) shall use the fully standardized E2E transformer approach.

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
2. Partitioning
3. Scheduling
4. Mode Management
8. Security

R22-11
page id: soc72
Integration and Runtime Aspects – Secure Onboard Communication
Overview - Message Authentication and Freshness Verification
RTE RTE
Sender Receiver Secret

Secret key K
key K
Input data OK
(arbitrary MAC verification
length) MAC generation NOK
Last rcv
full MAC counter
Monotonic (128 Bit)
FV
counter
FV MAC Monotonic
counter
Truncation sync
MAC
MAC
FV
FV
Authentic Authentic Authentic Authentic
I-PDU I-PDU I-PDU I-PDU
Secured I-PDU Secured I-PDU

MAC: Message Authentication Code
FV: Freshness Counter Value

R22-11
page id: soc73
Integration as communication service
SecOC BSW:
AUTOSAR COM ➢ adds/verifies authentication information
(for/from lower layer)
➢ realizes interface of upper and lower
layer modules
➢ is addressed by PduR routing
configuration
PDU Router SecOC ➢ maintains buffers to store and modify
Routing Table BSW secured I-PDUs
Upper Layer SW Module (e.g. COM)

TP
FrTp CanTp
Authentic I-PDU
SecOC
PDUR (Secure Onboard
Com munication)
FrIf CanIf
Secured I-PDU
Authentication
Authentic I-PDU Inf ormation
Low er Layer Communication Modules

(e.g. CanIf, CanTp)

R22-11
page id: soc74
Integration with other services
PDU-Routing
SW-C Key & Counter Management SW-C
Cryptographic
Services
RTE
Key & Counter
Management
Communication Services Crypto Services System Services Services
Crypto Diagnostic Key Management

AUTOSAR COM (optional)
Service Event
Manager Manager
Error Reporting
PDU Router SecOC

BSW
Routing Table
TP
FrTp CanTp
FrIf CanIf

R22-11
page id: mka23
Integration and Runtime Aspects – MACsec Key Agreement
Integration with other services
SW-C Key & Counter Management SW-C
RTE
Communication Services Crypto Services System Services Memory
Services
Com. Manager
Diagnostic Log
Generic NM
Large Data
Diagnostic
AUTOSAR
and Trace
Interface
COM
COM
MKA Crypto Service Diagnostic

Manager Event Manager NvM
Ethernet
State
UDP NM
Secure Onboard
IPDU Multiplexer
Manager
Communication
PDU Router
Socket Adaptor

Data Path
Ethernet Interface
Services
Ethernet Sw itch Driver
Ethernet Transceiver Driver Key & Counter

Management
Services
MACsec Key Agreement:
➢ Configures the MACsec entities to enable MACsec protected traffic Error Reporting
➢ Generates and processes MKPDUs

➢ Uses Crypto Services to generate and validate ICVs of MKPDUs

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
2. Partitioning
3. Scheduling
4. Mode Management
8. Security

R22-11
page id: eep2q
Energy Management
Introduction
The goal of efficient energy management in AUTOSAR is to provide mechanisms for power
saving, especially while bus communication is active (e.g. charging or clamp 15 active).
AUTOSAR R3.2 and R4.0.3 support only Partial Networking.
Partial Networking
➢ Allows for turning off network communication across multiple ECUs in case their provided
functions are not required under certain conditions. Other ECUs can continue to
communicate on the same bus channel.
➢ Uses NM messages to communicate the request/release information of a partial network
cluster between the participating ECUs.
ECU Degradation
➢ Allows to switch of peripherals.

R22-11
page id: eep3e
Energy Management – Partial Networking
Example scenario of a partial network going to sleep
Initial situation:
➢ ECUs “A” and “B” are members of Partial Network Cluster (PNC) 1.
1
ECU A ECUs “B”, “C” and “D” are members of PNC 2.

➢ All functions of the ECUs are organized either in PNC 1 or PNC 2.
1 ➢ Both PNCs are active.
ECU B ➢ PNC 2 is only requested by ECU “C”.
2
➢ he function requiring PNC 2 on ECU “C” is terminated, therefore
ECU “C” can release PNC 2.
This is what happens:
ECU C
2 ➢ ECU “C” stops requesting PNC 2 to be active.
➢ ECUs “C” and “D” are no longer participating in any PNC and can
be shutdown.
ECU D ➢ ECU “B” ceases transmission and reception of all signals
2
associated with PNC 2.
➢ ECU “B” still participates in PNC 1. hat means it remains awake
Physical CAN Bus
and continues to transmit and receive all signals associated with
Partial Network Cluster 1 PNC 1.
Partial Network Cluster 2 ➢ ECU “A” is not affected at all.

R22-11
page id: eep3c
Conceptual terms
➢ A significant part of energy management is about mode handling. For the terms
◼ Vehicle Mode,
◼ Application Mode and
◼ Basic Software Mode
see chapter 3.4 of this document.
➢ Virtual Function Cluster (VFC): groups the communication on port level between SW -
components that are required to realize one or more vehicle functions.
This is the logical view and allows for a reusable bus/ECU independent design.
➢ VFC-Controller: Special SW-component that decides if the functions of a VFC are required at
a given time and requests or releases communication accordingly.
➢ Partial Network Cluster (PNC): is a group of system signals necessary to support one or
more vehicle functions that are distributed across multiple ECUs in the vehicle network.
This represents the system view of mapping a group of buses to one ore more VFCs.

R22-11
page id: eep3r
Restrictions
➢ Partial Networking (PN) is currently supported on CAN and FlexRay buses.

➢ LIN and CAN slave buses (i.e. CAN buses without network management) can be activated* using
PN but no wake-up or communication of NM messages (including a PNC bit vector) are supported
on those buses
➢ To wake-up a PN ECU, a special transceiver HW is required as specified in ISO 11898-5.
◼ The standard wake-up without special transceiver HW known from previous AUTOSAR
releases is still supported.
➢ A VFC can be mapped to any number of PNCs (including zero)
◼ The concept of PN considers a VFC with only ECU-internal communication by mapping it to the
internal channel type in ComM as there is no bus communication and no physical PNC
➢ Restrictions for CAN
◼ J1939 and PN exclude each other, due to address claiming and J1939 start-up behaviour
◼ J1939 need to register first their address in the network before they are allowed to start
communication after a wake-up.
◼ A J1939 bus not using address claiming can however be activated using PN as a CAN slave
bus as described above
➢ Restrictions on FlexRay
◼ FlexRay is only supported for requesting and releasing PNCs.
◼ FlexRay nodes cannot be shut down since there is no HW available which supports PN.
* All nodes connected to the slave buses are always activated. It is not possible only to activate a subset of the nodes.

R22-11
page id: eep3m
Mapping of Virtual Function Cluster to Partial Network Cluster
SW-C
SW-C SW-C SW-Component of VFC1
4 6
2
SW-C SW-Component of VFC2
1 SW-C
5
SW-C SW-C SW-Component of VFC3
3 7
CompositionType Communication Port
VFC1 VFC2 VFC3

Mapping of
VFC on PNC
PNC1 PNC2
ECU A ECU B ECU C

• Here both Partial Networks
map to one CAN bus.
SW-C SW-C SW-C SW-C SW-C SW-C SW-C
1 2 3 4 5 6 7 • One Partial Network can also
span more than one bus.
RTE RTE RTE
Basic Software Basic Software Basic Software PNC1 PNC2
ECU Hardware ECU Hardware ECU Hardware CAN

PNC1 CAN Bus PNC2

R22-11
page id: eep3b
Involved modules – Solution for CAN
Application Layer SW-C SW-C

• VFC to PNC to channel
translation
• Coordination of I-PDU • PNC management (request /
Mode ComM_User
RTE group switching or release of PNCs)
• Start / stop I-PDU-groups request Request • Indication of PNC states
System Services
Communication Services ComM_UserRequest
BswM ComM
PNC states
Network
I-PDU GroupSwitch
PNC request/release Request Request
information ComMode
• Exchange PNC request / release COM NmIf
information between NM and
ComM via NM user data
• Enable / disable I-PDU-groups
Trigger Transmit
PduR CanNm CanSM
Communication Hardware Abstraction
• Filter incoming NM messages CanIf

• Collect internal and external PNC requests
• Send out PNC request infocmation in NM user data
• Spontaneous sending of NM messages on PNC
startup CanTrcv

R22-11
page id: eep5b
Energy Management – ECU Degradation
Involved modules – Solution for I/O Drivers
Application Layer SW-C SW-C
Mode
RTE
request
System Services Complex

Drivers
OS BswM
Control core HALT
Prepare / Enter power state Notify power state ready
I/O Hardware Abstraction

IOHwA
Switch power state

I/O Drivers
Adc Pwm

R22-11
page id: eep5r
Energy Management – ECU Degradation
Restrictions
➢ ECU Degradation is currently supported only on MCAL drivers Pwm and Adc.
➢ Core HALT and ECU sleep are considered mutually exclusive modes.
➢ Clock modifications as a means of reducing power consumption are not in the scope of the
concept (but still remain available as specific MCU driver configurations).

R22-11
page id: toc03
Table of contents
1. Architecture
2. Configuration
2. Partitioning
3. Scheduling
4. Mode Management
8. Security

R22-11
page id: gtsc5
Integration and Runtime Aspects – Global Time Synchronization
Global Time Synchronization provides synchronized time base(s) over multiple in-vehicle
networks.
RTE
StbM provides the following features:
➢ Time provision
Signals
➢ Time base status
➢ Time gateway
Sychronized Timebase Manager IPDU Diagnostic
Multi- AUTOSAR Communi-
plexer COM cation
CanTSyn / FrTSyn / EthTSyn provides Manager
the network-specific time synchronization SoAd I-PDU I-PDU I-PDU
protocol. TcpIp PDU Router

EthTSyn provides additionally a rate- OS
correction and latency calculation. I-PDU 1
I-PDU
NM
Datagram
CanTSyn FrTSyn EthTSyn AUTOSAR Module
Tp
GeneralPurpose- GeneralPurpose- N-PDU N-PDU
Use-case examples: PDU PDU
➢ Sensor data fusion
CanIf FrIf EthIf
➢ Cross-ECU logging
L-PDU
Can Fr Eth GPT
Driver Driver Driver Driver

R22-11
page id: gtsc6
Integration and Runtime Aspects – Secure Global Time Synchronization
Secure Global Time Synchronization ensures integrity and authenticity of synchronized time
base(s) over in-vehicle networks.
Master - SWC FVM FVM Slave - SWC

Authentic global time Authentic global time
FV FV
RTE RTE
Master Slave
KeyM KeyM
COM COM
services Crypto Crypto services
services services
Synchronized Time- Synchronized Time-
Crypto Crypto
base Manager base Manager
Service Service
Manager Manager
Authentic
Authentic global time FV ICV
global time FV
EthTSyn EthTSyn
OK
FrTSyn ICV NOK FrTSyn
CanTSyn CanTSyn
Truncated Truncated
ICV
ICV
FV
FV
Authentic Authentic
global time global time
Secured Global Time Secured Global Time

ICV: Integrity Check Value
FV: Freshness Value
FVM: Freshness Value Manager

R22-11

AUTOSAR EXP LayeredSoftwareArchitecture

Uploaded by

Copyright:

Available Formats

AUTOSAR EXP LayeredSoftwareArchitecture

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AUTOSAR EXP LayeredSoftwareArchitecture

Uploaded by

Copyright:

Available Formats

Layered Software Architecture

AUTOSAR Classic Platform

Document Owner AUTOSAR

Document Responsibility AUTOSAR

Document Status published

Part of AUTOSAR Standard Classic Platform

Part of Standard Release R22-11

2 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

3 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

4 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

5 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

6 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

7 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

8 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

19 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

Purpose of this document

This document focuses on static views of a conceptual layered software architecture:

20 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

Application scope of AUTOSAR

➢ further layers cannot be added.

21 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

Runtime Environment (RTE)

Basic Software (BSW)

22 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

Microcontroller Abstraction Layer

23 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

Onboard Memory Crypto Wireless Communication

Microcontroller Memory Crypto Drivers Wireless Communication I/O Drivers

24 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

The Microcontroller Abstraction Layer is the

It contains internal drivers, which are software

25 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

The ECU Abstraction Layer interfaces the Application Layer

26 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

The Complex Drivers Layer spans from the

27 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

The Services Layer is the highest layer of the Basic

the application software: while access to I/O

the Services Layer offers:

28 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

The RTE is a layer providing communication services

The AUTOSAR Software Components communicate Microcontroller Abstraction Layer

with other components (inter and/or intra ECU)

29 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

30 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

31 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

32 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

The interface does not change the content of the data.

In general, interfaces are located in the ECU Abstraction Layer.

33 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

The handler does not change the content of the data.

34 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

In general, managers are located in the Services Layer

35 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

Libraries are a collection of functions for

➢ do not have internal states

36 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

37 Document ID 53 : AUTOSAR_EXP_LayeredSoftw areArchitecture

The µC Abstraction Layer consists of the following module groups: