OS21

OperatingSystem

Version2.122.May2000

Thisdocumentisanofficialreleaseandreplacesallpreviouslydistributeddocuments.TheOSEKgroupretainstherightto

makechangestothisdocumentwithoutnoticeanddoesnotacceptanyliabilityforerrors.

Allrightsreserved.Nopartofthisdocumentmaybereproduced,inanyformorbyanymeans,withoutpermissionin

writingfromtheOSEK/VDXsteeringcommittee.

OSEKOS2.1©byOSEKDocument:Os21

OSEK/VDXWhatisOSEK/VDX?

OperatingSystemSpecification2.1OSEK/VDXisajointprojectoftheautomotiveindustry.Itaimsatanindustrystandardforanopen-endedarchitecturefordistributedcontrolunitsinvehicles.

Areal-timeoperatingsystem,softwareinterfacesandfunctionsforcommunicationandnetworkmanagementtasksarethusjointlyspecified.

ThetermOSEKmeans”OffeneSystemeundderenSchnittstellenfürdieElektronikimKraftfahrzeug”(Opensystemsandthecorrespondinginterfacesforautomotiveelectronics).ThetermVDXmeans„VehicleDistributedeXecutive“.ThefunctionalityofOSEKoperatingsystemwasharmonisedwithVDX.ForsimplicityOSEKwillbeusedinsteadofOSEK/VDXinthedocument.

OSEK/VDXpartners

ThefollowingcompaniesattendedandcontributedtotheOSEK/VDXTechnicalCommittee:AcceleratedTechnologyInc.,ACTIA,

AdamOpelAG,AFTGmbH,

ATMComputerGmbH,Blaupunkt,BMWAG,

BorgInstrumentsGmbH,CambridgeConsultants,ContinentalTeves,

CumminsEngineCompany,DaimlerChryslerAG,DelcoElectronics,Denso,

EpsilonGmbH,

ETASGmbH&CoKG,FIAT-CentroRicerche,FZI,

GMEuropeGmbH,HellaKG,

HewlettPackardFrance,

HitachiMicroSystemsEuropeLtd.,Hitex,

IBMDeutschlandEntwicklungGmbH,IIIT-UniversityofKarlsruhe,Infineon,INRIA,

IntegratedSystemsInc.,IRISA,

LucasVarity,MagnetiMarelli,

Mecel,Motorola,

NationalSemiconductor,NECElectronicsGmbH,NRTA,

PhilipsCarSystems,PorscheAG,PSA,Renault,

RobertBoschGmbH,

SagemElectronicDivision,SiemensAutomotive,SoftingGmbH,

STMircroelectronics,StenkilSystemsAB,

SysgoReal-TimeSolutionsGmbH,TECSI,

TelelogicGmbH,TEMIC,

TexasInstruments,Thomson-CSFDetexis,Trialog,

UTA-UnitedTechnologiesAutomotive,VDOAdolfSchindlingGmbH,VectorInformatik,Visteon,

VolkswagenAG,

VolvoCarCorporation,WindRiverSystems,3SoftGmbH.

2©byOSEKOSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.1Motivation• High,recurringexpensesinthedevelopmentandvariantmanagementofnon-application

relatedaspectsofcontrolunitsoftware.• Incompatibilityofcontrolunitsmadebydifferentmanufacturersduetodifferent

interfacesandprotocols.Goal

Supportoftheportabilityandreusabilityoftheapplicationsoftwareby:• Specificationofinterfaceswhichareabstractandasapplication-independentaspossible,

inthefollowingareas:real-timeoperatingsystem,communicationandnetworkmanagement.• Specificationofauserinterfaceindependentofhardwareandnetwork.• Efficientdesignofarchitecture:Thefunctionalityshallbeconfigurableandscaleable,to

enableoptimaladjustmentofthearchitecturetotheapplicationinquestion.• Verificationoffunctionalityandimplementationofprototypesinselectedpilotprojects.Advantages• Clearsavingsincostsanddevelopmenttime.• Enhancedqualityofthesoftwareofcontrolunitsofvariouscompanies.• Standardisedinterfacingfeaturesforcontrolunitswithdifferentarchitecturaldesigns.• Sequencedutilisationoftheintelligence(existingresources)distributedinthevehicle,to

enhancetheperformanceoftheoverallsystemwithoutrequiringadditionalhardware.• Providesindependencewithregardstoindividualimplementation,asthespecification

doesnotprescribeimplementationaspects.

Remarksbytheauthors

Thisdocumentdescribestheconceptofareal-timeoperatingsystem,capableofmultitasking,whichcanbeusedformotorvehicles.Itisnotaproductdescriptionwhichrelatestoaspecificimplementation.

ThisdocumentalsospecifiestheOSEKoperatingsystem-ApplicationProgramInterface.Generalconventions,explanationsoftermsandabbreviationshavebeencompiledintheadditionalinter-project\"OSEKOverallGlossary\".

Regardingimplementationandsystemgenerationaspectspleaserefertothe\"OSEKImplementationLanguage\"(OIL)specification.

OSEKOS2.1©byOSEK3

OSEK/VDXTableofContents

OperatingSystemSpecification2.11Introduction......................................................................................................................81.1Systemphilosophy....................................................................................................81.2Purposeofthisdocument.......................................................................................101.3Structureofthisdocument......................................................................................112Summary........................................................................................................................133ArchitectureoftheOSEKoperatingsystem....................................................................143.1Processinglevels.....................................................................................................143.2Conformanceclasses...............................................................................................1Taskmanagement...........................................................................................................174.1Taskconcept..........................................................................................................174.2Taskstatemodel.....................................................................................................174.2.1Extendedtasks..............................................................................................174.2.2Basictasks....................................................................................................184.2.3Comparisonofthetasktypes.........................................................................194.3Activatingatask.....................................................................................................204.4Taskswitchingmechanism......................................................................................204.5Taskpriority...........................................................................................................204.6Schedulingpolicy...................................................................................................214.6.1Nonpre-emptivescheduling..........................................................................214.6.2Fullpre-emptivescheduling...........................................................................224.6.3Mixedpre-emptivescheduling.......................................................................234.6.4Selectingtheschedulingpolicy......................................................................244.7Terminationoftasks...............................................................................................244.8Applicationmodes..................................................................................................244.8.1Startupperformance.....................................................................................2.8.2Supportofexclusiveapplications...................................................................2.8.3Supportedbyallconformanceclasses............................................................255Interruptprocessing........................................................................................................266Eventmechanism............................................................................................................297Resourcemanagement....................................................................................................317.1Behaviourduringaccesstooccupiedresources.......................................................317.2Restrictionswhenusingresources...........................................................................317.3Schedulerasaresource..........................................................................................327.4Generalproblemswithsynchronisationmechanisms................................................327.4.1Explanationofpriorityinversion....................................................................327.4.2Deadlocks.....................................................................................................337.5OSEKPriorityCeilingProtocol..............................................................................337.6OSEKPriorityCeilingProtocolwithextensionsforinterruptlevels........................348Alarms............................................................................................................................378.1Counters.................................................................................................................378.2Alarmmanagement.................................................................................................379Messages........................................................................................................................3910Errorhandling,tracinganddebugging.............................................................................40

4

©byOSEK

OSEKOS2.1

OSEK/VDX10.110.210.310.410.5

OperatingSystemSpecification2.1Hookroutines.........................................................................................................40Errorhandling.........................................................................................................41Systemstart-up.......................................................................................................42Systemshutdown....................................................................................................43Debugging...............................................................................................................44

11Descriptionofsystemservices.........................................................................................4511.1Definitionofsystemobjects.....................................................................................4511.2Conventions............................................................................................................4511.2.1Typeofcalls...................................................................................................4511.2.2Legitimacyofcalls..........................................................................................4511.2.3Errorcharacteristics.......................................................................................4512Specificationofoperatingsystemservices........................................................................4712.1Commondatatypes..................................................................................................4712.2Taskmanagement....................................................................................................4812.2.1Datatypes......................................................................................................4812.2.2Constructionalelements..................................................................................49

12.2.2.1DeclareTask............................................................................................................49

12.2.3Systemservices..............................................................................................49

12.2.3.112.2.3.212.2.3.312.2.3.412.2.3.512.2.3.6

ActivateTask...........................................................................................................49TerminateTask........................................................................................................50ChainTask...............................................................................................................50Schedule..................................................................................................................51GetTaskID...............................................................................................................51GetTaskState...........................................................................................................52

12.2.4Constants.......................................................................................................5212.2.5Namingconvention.........................................................................................5312.3Interrupthandling....................................................................................................5312.3.1Datatypes......................................................................................................5312.3.2Systemservices..............................................................................................53

12.3.2.112.3.2.212.3.2.312.3.2.412.3.2.512.3.2.612.3.2.712.3.2.812.3.2.9

EnterISR.................................................................................................................53LeaveISR.................................................................................................................EnableInterrupt.......................................................................................................DisableInterrupt......................................................................................................55GetInterruptDescriptor............................................................................................55EnableAllInterrupts.................................................................................................56DisableAllInterrupts................................................................................................56ResumeOSInterrupts...............................................................................................57SuspendOSInterrupts...............................................................................................57

12.3.3Constants.......................................................................................................5812.3.4Namingconvention.........................................................................................5812.4Resourcemanagement.............................................................................................5812.4.1Datatypes......................................................................................................5812.4.2Constructionalelements..................................................................................58

12.4.2.1DeclareResource......................................................................................................58

12.4.3Systemservices..............................................................................................59

12.4.3.1GetResource............................................................................................................5912.4.3.2ReleaseResource......................................................................................................59

12.4.4Constants.......................................................................................................6012.5Eventcontrol...........................................................................................................6012.5.1Datatypes......................................................................................................6012.5.2Constructionalelements..................................................................................60

12.5.2.1DeclareEvent...........................................................................................................60

OSEKOS2.1

©byOSEK

5

OSEK/VDX12.5.3

12.5.3.112.5.3.212.5.3.312.5.3.4

OperatingSystemSpecification2.1Systemservices.............................................................................................60

SetEvent.................................................................................................................60ClearEvent..............................................................................................................61GetEvent.................................................................................................................61WaitEvent...............................................................................................................62

12.6Alarms....................................................................................................................6212.6.1Datatypes.....................................................................................................6212.6.2Constructionalelements.................................................................................63

12.6.2.1DeclareAlarm.........................................................................................................63

12.6.3Systemservices.............................................................................................63

12.6.3.112.6.3.212.6.3.312.6.3.412.6.3.5

GetAlarmBase.........................................................................................................63GetAlarm................................................................................................................SetRelAlarm...........................................................................................................SetAbsAlarm..........................................................................................................65CancelAlarm...........................................................................................................66

12.6.4Constants......................................................................................................6612.7Operatingsystemexecutioncontrol........................................................................6612.7.1Datatypes.....................................................................................................6612.7.2Systemservices.............................................................................................67

12.7.2.1GetActiveApplicationMode.....................................................................................6712.7.2.2StartOS...................................................................................................................6712.7.2.3ShutdownOS...........................................................................................................67

12.7.3Constants......................................................................................................6812.8Hookroutines.........................................................................................................6812.8.1ErrorHook....................................................................................................6812.8.2PreTaskHook................................................................................................6812.8.3PostTaskHook...............................................................................................6812.8.4StartupHook.................................................................................................6912.8.5ShutdownHook.............................................................................................6913Implementationandapplicationspecifictopics................................................................7013.1Implementationhints..............................................................................................7013.1.1Aspectsofimplementation.............................................................................7013.1.2Parametersofimplementation........................................................................70

13.1.2.113.1.2.213.1.2.313.1.2.4

Functionality...........................................................................................................70Hardwareresources.................................................................................................71Performance............................................................................................................71Configurationofruntimecontext...........................................................................71

13.2Applicationdesignhints..........................................................................................7213.2.1Resourcemanagement...................................................................................72

13.2.1.1OccupationinLIFOorder.......................................................................................7213.2.1.2CalllevelofAPI-services........................................................................................7213.2.1.3Resourcesstilloccupiedattasktermination.............................................................73

13.2.213.2.3PlacementofAPIcalls...................................................................................73Interruptserviceroutines...............................................................................73

13.2.3.1LocalvariablesinISRsofcategory3.......................................................................7313.2.3.2Nestedinterruptsofdifferentcategories..................................................................7413.2.3.3Directmanipulationofinterruptlevels....................................................................75

13.2.4Priorityandpre-emption................................................................................7513.2.5ParametertopasstoShutdownOS.................................................................7513.2.6Errorhandling...............................................................................................7513.2.7Errorsandwarnings......................................................................................7613.3Implementationspecifictools..................................................................................76

6

©byOSEK

OSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.114Changesfromspecification1.0to2.1..............................................................................7814.1Changesfromspecification1.0to2.0r1...................................................................7814.1.1Conceptualchanges........................................................................................78

14.1.1.114.1.1.214.1.1.314.1.1.414.1.1.514.1.1.614.1.1.7

Conformanceclasses...............................................................................................78Messages.................................................................................................................78Multiplerequestingoftaskactivation......................................................................78Applicationmodes...................................................................................................78Counters..................................................................................................................78Hookroutines..........................................................................................................79OSexecutioncontrol...............................................................................................79Schedulingofnonpre-emptivetasks.......................................................................79Servicesavailableonwhichlevel.............................................................................79Interruptprocessing.................................................................................................79Priorityceiling........................................................................................................79Typesandconstants................................................................................................79Namingconventions................................................................................................79

14.1.2Clarifications..................................................................................................79

14.1.2.114.1.2.214.1.2.314.1.2.414.1.2.514.1.2.6

14.1.3Changesofthedocumentation........................................................................80

14.1.3.1Documentstructure.................................................................................................8014.1.3.2Newchapters...........................................................................................................8014.1.3.3Removedchapters...................................................................................................80

14.2Changesfromspecification2.0r1to2.1...................................................................8014.2.1BehaviourofChainTask/TerminateTaskwithallocatedresourcesis

undefined.......................................................................................................80

14.2.2GetTaskIDisallowedinISRs.........................................................................8014.2.3Interrupthandlinghasbeenclarifiedandextended..........................................8114.2.4ErrorcheckingofGetResource/ReleaseResourcehavebeenmodified.............8114.2.5AddedconstantOSTICKSPERBASE.............................................................8114.2.6ShutdownOSisallowedinISRsandcertainhookroutines.............................8114.2.7BehaviourofShutdownOSafterShutdownHookreturnsis

implementationdefined...................................................................................81

14.2.8AddedconstantOSDEFAULTAPPMODE.....................................................8114.2.9ErrorHookisnevercalledrecursively.............................................................8114.2.10LocalMessagesaddedtospecification............................................................8115Index...............................................................................................................................8215.1Listoffigures..........................................................................................................8316History............................................................................................................................84

OSEKOS2.1©byOSEK7

OSEK/VDX1Introduction

OperatingSystemSpecification2.1ThespecificationoftheOSEKoperatingsystemistorepresentauniformenvironmentwhichsupportsefficientutilisationofresourcesforautomotivecontrolunitapplicationsoftware.TheOSEKoperatingsystemisasingleprocessoroperatingsystemmeantfordistributedembeddedcontrolunits.

1.1Systemphilosophy

Automotiveapplicationsarecharacterisedbystringentreal-timerequirements.ThereforetheOSEKoperatingsystemoffersthenecessaryfunctionalitytosupporteventdrivencontrolsystems.

Thespecifiedoperatingsystemservicesconstituteabasistoenabletheintegrationofsoftwaremodulesmadebyvariousmanufacturers.Tobeabletoreacttothespecificfeaturesoftheindividualcontrolunitsasdeterminedbytheirperformanceandtherequirementsofaminimumconsumptionofresources,theprimefocuswasnottoachieve100%compatibilitybetweentheapplicationmodules,buttheirdirectportability.

Astheoperatingsystemisintendedforuseinanytypeofcontrolunits,itmustsupporttime-criticalapplicationsonawiderangeofhardware.Ahighdegreeofmodularityandabilityforflexibleconfigurationareprerequisitestomaketheoperatingsystemsuitableforlow-endmicroprocessorsandcomplexcontrolunitsalike.Theserequirementshavebeensupportedbydefinitionof\"conformanceclasses\"(seechapter3.2,Conformanceclasses)andacertaincapabilityforapplicationspecificadaptations.

Fortime-criticalapplicationsdynamicgenerationofsystemobjectswasleftout.Instead,generationofsystemobjectswasassignedtothesystemgenerationphase.Errorinquirieswithintheoperatingsystemareobviatedtoalargeextent,soasnottoaffectthespeedoftheoverallsystemunnecessarily.Ontheotherhand,asystemversionwithextendederrorinquirieshasbeendefined.Itisintendedforthetestphaseandforlesstime-criticalapplications.Evenatthatstagedefineduniformsystemappearanceisensured.Standardisedinterfaces

Theinterfacebetweentheapplicationsoftwareandtheoperatingsystemisdefinedbysystemservices.Theinterfaceisidenticalforallimplementationsoftheoperatingsystemonvariousprocessorfamilies.

SystemservicesarespecifiedinanISO/ANSI-C-likesyntax,howevertheimplementationlanguageofthesystemservicesisnotspecified.Scaleability

Differentconformanceclasses,variousschedulingmechanismsandtheconfigurationfeaturesmaketheOSEKoperatingsystemfeasibleforabroadspectrumofapplicationsandhardware.TheOSEKoperatingsystemisdesignedtorequireonlyaminimumofhardwareresources(RAM,ROM,CPUtime)andthereforerunsevenon8bitmicrocontrollers.Errorchecking

TheOSEKoperatingsystemofferstwolevelsoferrorchecking,extendedstatusfordevelopmentphaseandstandardstatusforproductionphase.

OSEKOS2.1©byOSEK8

OSEK/VDXOperatingSystemSpecification2.1Theextendedstatusallowsforenhancedplausibilitychecksoncallingoperatingsystemservices.Duetotheadditionalerrorcheckingitrequiresmoreexecutiontimeandmemoryspacethanthestandardversion.However,manyerrorscanbefoundinatestphase.Afterallerrorshavebeeneliminated,thesystemcanberecompiledwiththestandardversion.Portabilityofapplicationsoftware

OneofthegoalsofOSEKistosupporttheportabilityandre-usabilityofapplicationsoftware.Thereforetheinterfacebetweentheapplicationsoftwareandtheoperationsystemisdefinedbystandardisedsystemserviceswithwell-definedfunctionality.Useofstandardisedsystemservicesreducestheefforttomaintainandtoportapplicationsoftwareanddevelopmentcost.PortabilitymeanstheabilitytotransferanapplicationsoftwaremodulefromoneECUtoanotherECUwithoutbiggerchangesinsidetheapplication.

Theapplicationsoftwareliesontheoperatingsystemandinparallelonaapplication-specificInput/OutputSysteminterfacewhichisnotstandardisedintheOSEKspecification.Theapplicationsoftwaremodulecanhaveseveralinterfaces.Thereareinterfacestotheoperatingsystemforrealtimecontrolandresourcemanagement,butalsointerfacestoothersoftwaremodulestorepresentacompletefunctionalityinasystemandatleasttothehardware,iftheapplicationhastoworkdirectlywithmicrocontrollermodules.

Forbetterportabilityofapplicationsoftware,theOSEKdefinesalanguageforastandardisedconfigurationinformation.Thislanguage\"OIL\"(OSEKImplementationLanguage)supportsaportabledescriptionofallOSEKspecificobjectssuchas\"tasks\"and\"alarms\"etc.

module1module2module3modulenapplicationsoftwareOSEKoperationsystemInput/OutputSystemµControllerFigure1-1

SoftwareinterfacesinsideECU1

DuringtheprocesstoportapplicationsoftwarefromoneECUtoanotherECUitisnecessarytoconsidercharacteristicsofthesoftwaredevelopmentprocess,thedevelopmentenvironment,andthehardwarearchitectureoftheECU,forexample:

1

OSEKOSallowsdirectinterfacingbetweenapplicationandthehardware.

©byOSEK

9

OSEKOS2.1

OSEK/VDX• • • • • • •

OperatingSystemSpecification2.1SoftwaredevelopmentguidelinesFilemanagementsystem

DataallocationandstackusageofthecompilerMemoryarchitectureoftheECUTimingbehaviouroftheECU

Differentmicrocontrollerspecificinterfacese.g.ports,A/Dconverter,serialcommunicationandwatchdogtimerPlacementoftheAPIcalls

ThismeansthattheOSEKspecificationsarenotenoughtodescribeanOSEKimplementationcompletely.Theimplementationhastosupplyspecificdocumentation.SupportofPortability

Thecertificationprocessensurestheconformanceofdifferentimplementationstothespecification.Chapter13ofthisspecificationcollectsimplementationspecificdetailswhichhavetoberegardedtoincreaseportabilityofanapplicationbetweenvariousOSEKimplementations.Hereinonlytheoperatingsysteminterfacetotheapplicationisconsidered.Specialsupportforautomotiverequirements

SpecificrequirementsforanOSEKoperatingsystemariseintheapplicationcontextofsoftwaredevelopmentforautomotivecontrolunits.Requirementssuchasreliability,real-timecapability,andcostsensitivityareaddressedbythefollowingfeatures:• TheOSEKoperatingsystemisconfiguredandscaledstatically.Thenumberoftasks,

resources,andservicesrequiredisstaticallyspecifiedbytheuser.• ThespecificationoftheOSEKoperatingsystemsupportsimplementationscapableof

runningonROM,i.e.thecodecouldbeexecutedfromRead-Only-Memory.• TheOSEKoperatingsystemsupportsportabilityofapplicationtasks.• ThespecificationoftheOSEKoperatingsystemprovidesapredictableanddocumented

behaviourtoenableoperatingsystemimplementations,whichmeetautomotivereal-timerequirements.• ThespecificationoftheOSEKoperatingsystemallowstheimplementationof

predictableperformanceparameters.

1.2Purposeofthisdocument

ThefollowingdescriptionistoberegardedasagenericdescriptionwhichismandatoryforanyimplementationoftheOSEKoperatingsystem.Thisconcernsthegeneraldescriptionofstrategyandfunctionality,theinterfaceofthecalls,themeaninganddeclarationoftheparametersandthepossibleerrorcodes.

Thespecificationleavesacertainamountofflexibility.Ontheonehand,thedescriptionisgenericenoughforfutureupgrades,ontheotherhand,thereissomeexplicitlyspecifiedimplementation-specificscopeinthedescription.

Anyimplementationdefinesallimplementationspecificissues.Theconformanceclassessupportedbytheimplementationmustbeindicatedprecisely,andtheissuesidentifiedasimplementation-specificmustbedocumented.

ItisassumedthatthedescriptionoftheOSEKoperatingsystemistobeupdatedinthefuture,andwillbeadaptedtoextendedrequirements.Therefore,eachimplementationmustspecify

10

©byOSEK

OSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.1whichofficiallyauthorisedversionoftheOSEKdescriptionhasbeenusedasareferencedescription.OfficiallyauthorisedversionsoftheOSEKoperatingsystemdescriptionarenamedx.y.Thisdocumentrepresents”Version2.1”.

Becausethisdescriptionismandatory,definitionshaveonlybeenmadewherethegeneralsystemstrategyisconcerned.Inallotherrespects,itisuptothesystemimplementationtodeterminetheoptimaladaptationtoaspecifichardwaretype.

1.3Structureofthisdocument

Inthefollowingtext,thespecificationchaptersaredescribedbriefly:Chapter2,Summary

ThischapterprovidesabriefintroductiontotheOSEKoperatingsystemconcept.Chapter3,ArchitectureoftheOSEKoperatingsystem

ThischaptergivesasurveyaboutthedesignprinciplesandthearchitectureoftheOSEKoperatingsystem.

Chapter4,Taskmanagement

ThischapterexplainstheOSEKtaskmanagementwiththedifferenttasktypesandschedulingmechanisms.

Chapter5,Interruptprocessing

ThischapterprovidesinformationabouttheOSEKinterruptstrategyandthedifferenttypesofinterruptserviceroutines.Chapter6,Eventmechanism

Thischapterexplainstheeventmechanismandthedifferentbehaviourdependingonthescheduling.

Chapter7,Resourcemanagement

ThischapterdescribestheOSEKresourcemanagementanddiscussesthebenefitsandimplementationoftheOSEKpriorityceilingprotocol.Chapter8,Alarms

Thischapterdescribesthetwo-stageconcepttosupporttime-basedevents(e.g.hardware-timer)aswellasnon-time-basedevents(e.g.anglemeasurement).Chapter9,Messages

ThemessagehandlingforintraprocessorcommunicationwillbeaddedtotheOSspecification.FullmessagehandlingisdescribedintheOSEKCOMspecification.Theexactsubsettobeimplementedisyettobedefined.Chapter10,Errorhandling,tracinganddebugging

Descriptionofthemechanismstoachievecentralisederror-handling.Thischapteralsodescribestheservicestoinitialiseandshutdownthesystem.Chapter11,Descriptionofsystemservices

Thischapterdescribestheconventionsusedfordescription.

OSEKOS2.1©byOSEK11

OSEK/VDXChapter12,Specificationofoperatingsystemservices

OperatingSystemSpecification2.1Thischapterdescribesalloperatingsystemservicesmadeavailabletotheuser.Structureofthedescriptionisidenticalforanyservice;itcontainsalltheinformationtheserviceuserrequires.Chapter13,Implementationandapplicationspecifictopics,

Thischapterprovidesalistofalloperatingsystemspecifictopics,includingservices,datatypes,andconstants.

Chapter14,Changesfromspecification1.0to2.1

Thischapterprovidesasurveyofmajorchangesintheoperatingsystemspecificationfromversion1.0toversion2.1.Chapter15,Index

Listofalloperatingsystemservicesandfigures.Chapter16,HistoryListofallofficialreleases.

12©byOSEKOSEKOS2.1

OSEK/VDX2Summary

OperatingSystemSpecification2.1TheOSEKoperatingsystemprovidesapoolofdifferentservicesandprocessingmechanisms.TheOSEKoperatingsystemisbuiltaccordingtotheuser'sconfigurationinstructionsatsystemgenerationtime.

FourconformanceclassesareavailabletosatisfydifferentrequirementsconcerningfunctionalityandcapabilityoftheOSEKoperatingsystem.Thus,theusercanadapttheoperatingsystemtothecontroltaskandthetargethardware.Theoperatingsystemcannotbemodifiedlateratexecutiontime.

ApplicationswhichhavebeenwrittenforacertainconformanceclasshavetobeportabletoOSEKimplementationsofthesameclass.Thisisensuredbyadefinitionoftheservices,theirscopeofcapabilities,andthebehaviourofeachconformanceclass.Onlyifalltheservicesofaconformanceclassareofferedwiththedeterminedscopeofcapabilities,theoperatingsystemimplementationconformstoOSEK.

Theservicegroupsarestructuredintermsoffunctionalities.Taskmanagement• Activationandterminationoftasks• Managementoftaskstates,taskswitchingSynchronisation

Theoperatingsystemsupportstwomeansofsynchronisationeffectiveontasks:• Resourcemanagement

Accesscontrolforinseparableoperationstojointlyused(logic)resourcesordevices,orforcontrolofaprogramflow.• Eventcontrol

Eventmanagementfortasksynchronisation.Interruptmanagement• ServicesforinterruptprocessingAlarms• RelativeandabsolutealarmsIntraprocessormessagehandling• Servicesforexchangeofdata

Errortreatment• Mechanismssupportingtheuserincaseofvariouserrors

OSEKOS2.1©byOSEK13

OSEK/VDXOperatingSystemSpecification2.13ArchitectureoftheOSEKoperatingsystem

3.1Processinglevels

TheOSEKoperatingsystemservesasabasisforapplicationprogramswhichareindependentofeachother,andprovidestheirenvironmentonaprocessor.TheOSEKoperatingsystemenablesacontrolledreal-timeexecutionofseveralprocesseswhichappeartoruninparallel.TheOSEKoperatingsystemprovidesadefinedsetofinterfacesfortheuser.TheseinterfacesareusedbyentitieswhicharecompetingfortheCPU.Therearetwotypesofentities:• Interruptserviceroutinesmanagedbytheoperatingsystem• Tasks(basictasksandextendedtasks)Thehardwareresourcesofacontrolunitcanbemanagedbyoperatingsystemservices.Theseoperatingsystemservicesarecalledbyauniqueinterface,eitherbytheapplicationprogramorinternallywithintheoperatingsystem.OSEKdefinesthreeprocessinglevels:• Interruptlevel

• Logicallevelforscheduler• Tasklevel

Withinthetaskleveltasksarescheduled(non,fullormixedpre-emptive)accordingtotheiruserassignedpriority.Theruntimecontextisoccupiedatthebeginningofexecutiontimeandisreleasedagainoncethetaskisfinished.

interruptlevel

withoutOS-services

priority

high

withOS-services

logicallevelforschedulingactivities

tasklevel

waiting:yes/no

n321

tasks

preemption:non/full

low

OSEKoperatingsystem

runtimecontext

Figure3-1ProcessinglevelsoftheOSEKoperatingsystem

Thefollowingpriorityruleshavebeenestablished:• Interruptshaveprecedenceovertasks• Theinterruptprocessinglevelconsistsofoneormoreinterruptprioritylevels• Interruptserviceroutineshaveastaticallyassignedinterruptprioritylevel

14

©byOSEK

OSEKOS2.1

OSEK/VDX•

OperatingSystemSpecification2.1Assignmentofinterruptserviceroutinestointerruptprioritylevelsisdependentonimplementationandhardwarearchitecture• Fortaskprioritiesandresourceceiling-prioritiesbiggernumbersrefertohigher

priorities.• Thetask’spriorityisstaticallyassignedbytheuser(themeaningoftaskprioritiesis

describedinchapter4.5)

Processinglevelsaredefinedforthehandlingoftasksandinterruptroutinesasarangeofconsecutivevalues.

Processinglevels

k...mj0...i

Figure3-2

Processedinstance

InterruptSchedulerTask

ProcessinglevelsoftheOSEKoperatingsystem

Thefollowingruleappliesfortheprocessinglevel:

0<=iTheoperatingsystemprovidesservicesandensurescompliancewiththepriorityrulesmentionedabove.

3.2Conformanceclasses

Variousrequirementsoftheapplicationsoftwareforthesystem,andvariouscapabilitiesofaspecificsystem(e.g.processor,memory)demanddifferentfeaturesoftheoperatingsystem.Inthefollowingdescription,theseoperatingsystemfeaturesaredescribedas\"conformanceclasses\"(CC).

Conformanceclassesexisttosupportthefollowingobjectives:

• ToprovideconvenientgroupsofoperatingsystemfeaturesforeasierunderstandinganddiscussionoftheOSEKoperatingsystem.

• Toallowpartialimplementationsalongpre-definedlines.ThesepartialimplementationsmaybecertifiedasOSEKcompliant.

• TocreateanupgradepathfromclassesoflesserfunctionalitytoclassesofhigherfunctionalitywithnochangestotheapplicationusingOSEKrelatedfeatures.Thecompleteconformanceclassmustbeimplementedtobecertified.However,systemgenerationneedsonlytolinkthosesystemservicesthatarerequiredforaspecificapplication.Conformanceclassescannotbechangedduringexecution.Conformanceclassesaredeterminedbythefollowingattributes:• Multiplerequestingoftaskactivation,asdescribedinchapter4.3• Tasktypes,asdescribedinchapter4.2• Numberoftasksperpriority

AllotherOSEKfeaturesaremandatoryifnotexplicitlystatedotherwise.

OSEKOS2.1©byOSEK15

OSEK/VDXBTonlyOperatingSystemSpecification2.1BTandET1task/prioritynomultipleactivationsBCC1ECC1>1task/prioritymultipleactivationsforbasictasksonlyBCC2ECC2Figure3-3Restrictedupwardcompatibilityforconformanceclasses

Thefollowingconformanceclassesaredefined:• BCC1(onlybasictasks,limitedtooneactivationrequestpertaskandonetaskper

priority,whilealltaskshavedifferentpriorities)• BCC2(likeBCC1,plusmorethanonetaskperprioritypossibleandmultiplerequesting

oftaskactivationallowed)• ECC1(likeBCC1,plusextendedtasks)• ECC2(likeECC1,plusmorethanonetaskperprioritypossibleandmultiplerequesting

oftaskactivationallowedforbasictasks)Theportabilityofapplicationscanonlybeassumediftheminimumrequirementsarenotexceeded.TheminimumrequirementsforConformanceClassesareshownintheFigure3-4.

BCC1

MultiplerequestingoftaskactivationNumberoftaskswhicharenotinthesuspendedstateMorethanonetaskperpriorityNumberofeventspertaskNumberoftaskprioritiesResourcesAlarm

ApplicationMode

Figure3-4

RES_SCHEDULER

BCC2yes

8

ECC1BT2:noET:no

ECC2BT:yesET:no

no

16

(anycombinationofBT/ET)

yes

no

(bothBT/ET)

8

8

8(includingRES_SCHEDULER)

11

yes

(bothBT/ET)

no

—

TheminimumrequirementsforConformanceClasses

2

BT=BasicTask,ET=ExtendedTask

©byOSEK

OSEKOS2.1

16

OSEK/VDX4Taskmanagement

4.1Taskconcept

OperatingSystemSpecification2.1Complexcontrolsoftwarecanconvenientlybesubdividedinpartsexecutedaccordingtotheirreal-timerequirements.Thesepartscanbeimplementedbythemeansoftasks.Ataskprovidestheframeworkfortheexecutionoffunctions.Theoperatingsystemprovidesconcurrentandasynchronousexecutionoftasks.Theschedulerorganisesthesequenceoftaskexecution.TheOSEKoperatingsystemprovidesataskswitchingmechanism(scheduler),includinganidlemechanism.(seechapter4.4,Taskswitchingmechanism).TwodifferenttaskconceptsareprovidedbytheOSEKoperatingsystem:• basictasks• extendedtasksBasicTasks

Basictasksonlyreleasetheprocessor,if• • •

theyterminate,

theOSEKoperatingsystemswitchestoahigher-prioritytask,or

interruptoccurswhichcausetheprocessortoswitchtoaninterruptserviceroutine(ISR).

ExtendedTasks

ExtendedtasksaredistinguishedfrombasictasksbybeingallowedtousetheoperatingsystemcallWaitEvent,whichmayresultinawaitingstate(seechapter6,Eventmechanism,andchapter12.5.3.4,WaitEvent).Thewaitingstateallowstheprocessortobereleasedandtobereassignedtoalower-prioritytaskwithouttheneedtoterminatetherunningextendedtask.Inviewoftheoperatingsystem,managementofextendedtasksis,inprinciple,morecomplexthanmanagementofbasictasksandrequiresmoresystemresources.

4.2Taskstatemodel

Thefollowingtextdescribesthetaskstatesandthetransitionsbetweenthestatesforbothtasktypes.

Ataskmustbeabletochangebetweenseveralstates,astheprocessorcanonlyexecuteoneinstructionofataskatanytime,whileseveraltasksmaybecompetingfortheprocessoratthesametime.TheOSEKoperatingsystemisresponsibleforsavingandrestoringtaskcontextinconjunctionwithtaskstatetransitionswhenevernecessary.4.2.1Extendedtasks

Extendedtaskshavefourtaskstates:runningIntherunningstate,theCPUisassignedtothetask,sothatitsinstructions

canbeexecuted.Onlyonetaskcanbeinthisstateatanypointintime,whilealltheotherstatescanbeadoptedsimultaneouslybyseveraltasks.ready

Allfunctionalprerequisitesforatransitionintotherunningstateexist,andthetaskonlywaitsforallocationoftheprocessor.Theschedulerdecideswhichreadytaskisexecutednext.

©byOSEK

17

OSEKOS2.1

OSEK/VDXwaitingsuspended

OperatingSystemSpecification2.1Ataskcannotcontinueexecutionbecauseithastowaitforatleastoneevent(seechapter6,Eventmechanism).

Inthesuspendedstatethetaskispassiveandcanbeactivated.

runningwaitterminatewaitingpreemptstartsuspendedreleasereadyactivateFigure4-1Transitionactivate

Extendedtaskstatemodel

Newstateready

Description

Anewtaskissetintothereadystatebyasystemservice.TheOSEKoperatingsystemensuresthattheexecutionofthetaskwillstartwiththefirstinstruction.

Areadytaskselectedbytheschedulerisexecuted.Thetransitionintothewaitingstateiscausedbyasystemservice.Tobeabletocontinueoperation,thewaitingtaskrequiresanevent.

Atleastoneeventhasoccurredwhichataskhaswaitedfor.

Theschedulerdecidestostartanothertask.Therun-ningtaskisputintothereadystate.Therunningtaskcausesitstransitionintothesuspendedstatebyasystemservice.

Formerstatesuspended

startwait

readyrunning

runningwaiting

releasepreemptterminate

waitingrunningrunning

readyreadysuspended

Figure4-2Statesandstatustransitionsforextendedtasks

Terminationofataskisonlypossibleifthetaskterminatesitself(\"self-termination\").Thisrestrictionreducescomplexityofanoperatingsystem.Thereisnoprovisionforadirecttransitionfromthesuspendedstateintothewaitingstate.Thistransitionisredundantandwouldaddtothecomplexityofthescheduler.4.2.2Basictasks

Thestatemodelofbasictasksisnearlyidenticaltotheextendedtasksstatemodel.Theonlyexceptionisthatbasictasksdonothaveawaitingstate.

18©byOSEKOSEKOS2.1

OSEK/VDXrunning

OperatingSystemSpecification2.1Intherunningstate,theCPUisassignedtothetask,sothatitsinstructionscanbeexecuted.Onlyonetaskcanbeinthisstateatanypointintime,whilealltheotherstatescanbeadoptedsimultaneouslybyseveraltasks.Allfunctionalprerequisitesforatransitionintotherunningstateexist,andthetaskonlywaitsforallocationoftheprocessor.Theschedulerdecideswhichreadytaskisexecutednext.

Inthesuspendedstatethetaskispassiveandcanbeactivated.

ready

suspended

runningterminatepreemptstartsuspendedactivatereadyFigure4-3Transitionactivate

Basictaskstatemodel

Newstateready3

Description

Anewtaskissetintothereadystatebyasystemservice.TheOSEKoperatingsystemensuresthattheexecutionofthetaskwillstartwiththefirstinstruction.

Areadytaskselectedbytheschedulerisexecuted.Theschedulerdecidestostartanothertask.Therunningtaskisputintothereadystate.Therunningtaskcausesitstransitionintothesuspendedstatebyasystemservice.

Formerstatesuspended

startpreemptterminate

readyrunningrunning

runningreadysuspended

Figure4-4Statesandstatustransitionsforbasictasks

4.2.3Comparisonofthetasktypes

Basictaskshavenowaitingstate,andthusonlycomprisesynchronisationpointsatthebeginningandtheendofthetask.Partsofapplicationwithinternalsynchronisationpoints,havetobeimplementedbymorethanonebasictasks.Anadvantageofbasictasksistheirmoderaterequirementregardingruntimecontext(RAM).

Anadvantageofextendedtasksisthattheycanhandleacoherentjobinasingletask,nomatterwhichsynchronisationrequestsareactive.Whenevercurrentinformationforfurtherprocessingismissing,theextendedtaskswitchesoverintothewaitingstate.Itexitsthisstate

Taskactivationwillnotimmediatelychangethestateofthetaskincaseofmultipleactivationrequests.Ifthetaskisnotsuspended,theactivationwillonlyberecordedandperformedlater.OSEKOS2.1

©byOSEK

19

3

OSEK/VDXOperatingSystemSpecification2.1whenevercorrespondingeventssignalthereceiptortheupdateofthedesireddataorevents.Extendedtasksalsocomprisemoresynchronisationpointsthanbasictasks.

4.3Activatingatask

TaskactivationsareperformedusingtheoperatingsystemservicesActivateTaskorChainTask.Afteractivationthetaskisreadytoexecutefromthefirststatement.

TheOSEKoperatingsystemdoesnotsupportC-likeparameterpassingwhenstartingatask.Thoseparametersshouldbepassedbymessagecommunication(see“Messages”)orbyglobalvariables.

Multiplerequestingoftaskactivation

Dependingontheconformanceclassabasictaskcanbeactivatedonceormultipletimes.\"Multiplerequestingoftaskactivation\"meansthattheOSEKoperatingsystemreceivesandrecordsparallelactivationsofabasictaskalreadyactivated.

Thenumberofmultiplerequestsinparallelisdefinedinabasictaskspecificattributeduringsystemgeneration.Ifthemaximumnumberofmultiplerequestshasnotbeenreached,therequestisqueued.Therequestsofbasictaskactivationsarequeuedperpriorityinactivationorder.

4.4Taskswitchingmechanism

Unlikeconventionalsequentialprogramming,theprincipleofmultitaskingallowstheoperatingsystemtoexecutevarioustasksconcurrently.Thereforetheschedulingpolicyhasclearlytobedefined(seechapter4.6,Schedulingpolicy).

TheentitydecidingwhichtaskhastobestartedandthetriggeringofallnecessaryOSEKoperatingsysteminternalactivitiesiscalledscheduler.Theschedulerisactivatedwheneverataskswitchispossibleaccordingtotheimplementedschedulingpolicy.Theschedulercanbeconsideredasaresourcewhichcanbeoccupiedandreleasedbytasks.Thus,ataskcanreservetheschedulertoavoidataskswitchuntilitisreleased.Forfurtherdetails,pleaserefertochapter7.3,Schedulerasaresource.

4.5Taskpriority

Theschedulerdecidesonthebasisofthetaskpriority(precedence)whichisthenextofthereadytaskstobetransferredintotherunningstate.

Thevalue0isdefinedasthelowestpriorityofatask.Accordinglybiggernumbersdefinehigherpriorities.

Toenhanceefficiency,adynamicprioritymanagementisnotsupported.Accordinglythepriorityofataskisdefinedstatically,i.e.itcannotbechangedbytheuseratthetimeofexecution.However,inparticularcasestheoperatingsystemcantreatataskwithadefinedhigherpriority.Inthiscontext,pleaserefertochapter7.5,OSEKPriorityCeilingProtocol.TasksofidenticalpriorityaresupportedintheconformanceclassesBCC2andECC2,seechapter3.2,Conformanceclasses.

Tasksonthesameprioritylevelarestarteddependingontheirorderofactivation,wherebyextendedtasksinthewaitingstatedonotblockthestartofsubsequenttasksofidenticalpriority.

Apre-emptedtaskisconsideredtobethefirsttaskinthereadylistofitscurrentpriority.

20

©byOSEK

OSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.1Ataskbeingreleasedfromthewaitingstateistreatedlikethenewesttaskinthereadyqueueofitspriority.

Figure4-5showsanexampleimplementationoftheschedulerusingforeachprioritylevel.Severaltasksofdifferentprioritiesareinthereadystate;i.e.threetasksofpriority3,oneofpriority2andoneofpriority1,plustwotasksofpriority0.Thetaskwhichhaswaitedthelongesttime,dependingonitsorderofrequesting,isshownatthebottomofeachqueue.Theprocessorhasjustprocessedandterminatedatask.Theschedulerselectsthenexttasktobeprocessed(priority3,firstqueue).Beforepriority2taskscanbeprocessed,alltasksofhigherprioritymusthavelefttherunningandreadystate,i.e.startedandthenremovedfromthequeueeitherduetoterminationorduetotransitionintowaitingstate.

nexttasktobeprocessedn3210FIFOqueuetaskpriorityhighschedulerlowprocessoractuallyprocessedandterminatedtaskFigure4-5Scheduler:orderofevents

Thefollowingfundamentalstepsarenecessarytodeterminethenexttasktobeprocessed:• Theschedulersearchesforalltasksintheready/runningstate.• Fromthesetoftasksintheready/runningstate,theschedulerdeterminesthesetoftasks

withthehighestpriority.• Withinthesetoftasksintheready/runningstateandofhighestpriority,thescheduler

findstheoldesttask.

4.6Schedulingpolicy

4.6.1Nonpre-emptivescheduling

Theschedulingpolicyisdescribedasnonpre-emptive,iftaskswitchingisonlyperformedviaoneofaselectionofexplicitlydefinedsystemservices(explicitpointsofrescheduling).Nonpre-emptiveschedulingimposesparticularconstraintsonthepossibletimingrequirementsoftasks.Specificallythenonpre-emptablesectionofarunningtaskwithlowerprioritydelaysthestartofataskwithhigherpriorityuptothenextpointofrescheduling.

InFigure4-6,taskT2withthelowerprioritydelaystaskT1withhigherpriorityuptothenextpointofrescheduling(inthiscaseterminationoftaskT2).

OSEKOS2.1©byOSEK21

OSEK/VDXactivationoftaskT1OperatingSystemSpecification2.1latencytimefortaskT1TaskT1suspendedTaskT2runningreadyrunningsuspendedterminationoftaskT2Figure4-6Nonpre-emptivescheduling

Pointsofrescheduling

Inthecaseofanonpre-emptivetask,reschedulingwilltakeplaceexactlyinthefollowing

cases:• Successfulterminationofatask(systemserviceTerminateTask,seechapter12.2.3.2).• Successfulterminationofataskwithexplicitactivationofasuccessortask(system

serviceChainTask,seechapter12.2.3.3).• Explicitcallofscheduler(systemserviceSchedule,seechapter12.2.3.4).• Atransitionintothewaitingstatetakesplace(systemserviceWaitEvent,seechapter

12.5.3.4)4.Implementationsofnonpre-emptivesystemsmayprescribethatoperatingsystemserviceswhichcausereschedulingmayonlybecalledatthehighesttaskprogramlevel(notintasksubfunctions).Consequently,ataskswitchatthesepointsofschedulingonlyrequiressavingminimumtaskcontext(nostack,onlyfewregisterse.g.programcounterand/orprocessorstatus).

4.6.2Fullpre-emptivescheduling

Fullpre-emptiveschedulingmeansthatataskwhichispresentlyrunningmayberescheduledatanyinstructionbytheoccurrenceoftriggerconditionspre-setbytheoperatingsystem.Fullpre-emptiveschedulingwillputtherunningtaskintothereadystate,assoonasahigher-prioritytaskhasgotready.Thetaskcontextissavedsothatthepre-emptedtaskcanbecontinuedatthelocationwhereitwaspre-empted.

Withfullpre-emptiveschedulingthelatencytimeisindependentoftheruntimeoflowerprioritytasks.Certainrestrictionsarerelatedtotheincreased(RAM-)memoryspacerequiredforsavingthecontext,andtheenhancedcomplexityoffeaturesnecessaryforsynchronisationbetweentasks.Aseachtaskcantheoreticallyberescheduledatanylocation,accesstodatawhichareusedjointlywithothertasksmustbesynchronised.

InFigure4-7,taskT2withthelowerprioritydoesnotdelaytheschedulingoftaskT1withhigherpriority.

4

ThecallofWaitEventdoesnotleadtoawaitingstateifoneoftheeventspassedintheeventmasktoWaitEventisalreadyset.InthiscaseWaitEventdoesnotleadtoarescheduling.

©byOSEK

OSEKOS2.1

22

OSEK/VDXactivationoftaskT1

OperatingSystemSpecification2.1terminationoftaskT1

TaskT1suspendedTaskT2running

dyarerunning

suspendedrunning

ready

Figure4-7Fullpre-emptivescheduling

Inthecaseofafullpre-emptivesystem,theusermustconstantlyexpectpre-emptionoftherunningtask.Ifataskfragmentmustnotbepre-empted,thiscanbeachievedbyblockingtheschedulertemporarilyviathesystemserviceGetResource.

Summarised,reschedulingisperformedinallofthefollowingcases:• Successfulterminationofatask(systemserviceTerminateTask,seechapter12.2.3.2).• Successfulterminationofataskwithexplicitactivatingofasuccessortask(system

serviceChainTask,seechapter12.2.3.3).•

Activatingataskattasklevel(e.g.systemserviceActivateTask,seechapter12.2.3.1,messagenotificationmechanism,alarmexpiration,iftaskactivationisdefined,seechapter8.2).

Explicitwaitcall,ifatransitionintothewaitingstatetakesplace(extendedtasksonly,systemserviceWaitEvent,seechapter12.5.3.4).

Settinganeventtoawaitingtaskattasklevel(e.g.systemserviceSetEvent,seechapter12.5.3.1,messagenotificationmechanism,alarmexpiration,ifeventsettingdefined,seechapter8.2).

Releaseofresourceattasklevel(systemserviceReleaseResource,seechapter11.3.3.2)Returnfrominterruptleveltotasklevel

• •

• •

Duringinterruptserviceroutinesnoreschedulingisperformed(seefigure3-1).

Toenableportableapplicationstobewritteninspiteofthedifferentschedulingpolicies,theusercanenforceareschedulingviathesystemserviceScheduleatlocationswhereheassumesacorrectassignmentoftheCPU.

4.6.3Mixedpre-emptivescheduling

Iffullpre-emptiveandnonpre-emptivetasksaremixedonthesamesystem,theresulting

policyiscalled\"mixedpre-emptive\"scheduling.Inthiscaseschedulingpolicydependsonpre-emptionpropertiesofrunningtask.Iftherunningtaskisnonpre-emptive,thennonpre-emptiveschedulingisperformed.Iftherunningtaskispre-emptive,thenpre-emptiveschedulingisperformed.

Thedefinitionofanonpre-emptivetaskmakessenseinafullpre-emptiveoperatingsystem,• iftheexecutiontimeofthetaskisinthesamemagnitudeofthetimeofataskswitch,• ifRAMistobeusedeconomicallytoprovidespaceforsavingthetaskcontext,or• ifthetaskmustnotbepre-empted.Manyapplicationscompriseonlyfewparalleltaskswithalongexecutiontime,forwhichafullpre-emptiveoperatingsystemwouldbeconvenient,andmanyshorttaskswithadefinedexecutiontimewherenonpre-emptiveschedulingwouldbemoreefficient.Forthisconfigura-OSEKOS2.1

©byOSEK

23

OSEK/VDXOperatingSystemSpecification2.1tion,themixedpre-emptiveschedulingpolicywasdevelopedasacompromise(seealsothedesignhintinchapter13.2.4).

4.6.4Selectingtheschedulingpolicy

Thesoftwaredeveloperorthesystemintegratordeterminesthetaskexecutionsequencebyconfiguringthetaskprioritiesandassigningthepre-emptibilityasataskattribute.

Wewouldliketopointoutexpresslythatthepre-emptibilityofthesystemdependsneitherontheconformanceclass,noronthetasktype.Aboveall,afullpre-emptivesystemmaythereforecontainbasictasks,andanonpre-emptivesystemextendedtasks.

Ifanoperatingsystemserviceisrunning,pre-emptionandcontextswitchmightbedelayeduntilthecompletionoftheservice.

4.7Terminationoftasks

IntheOSEKoperatingsystem,ataskcanonlyterminateitself(\"self-termination\").

TheOSEKoperatingsystemprovidestheserviceChainTasktoensurethatadedicatedtaskactivationisperformedjustaftertheterminationoftherunningtask.Chainingitselfputsthetaskintothelastelementofthepriorityqueue.

Eachtaskhastoterminateitselfattheendofit’scode.EndingthetaskwithoutacalltoTerminateTaskorChainTaskisstrictlyforbidden!

4.8Applicationmodes

ApplicationmodesaredesignedtoallowanOSEKoperatingsystemtocomeupunderdifferentmodesofoperation.Theminimumnumberofsupportedapplicationmodesisone.Itisintendedonlyformodesofoperationthataretotallymutuallyexclusive.Anexampleoftwoexclusivemodesofoperationwouldbeend-of-lineprogrammingandnormaloperation.Oncetheoperatingsystemhasbeenstarted,itisnotallowedtochangetheapplicationmode.Thecharacteristicsofapplicationmodesare:• startupperformance• supportofexclusiveapplications• supportedbyallconformanceclassesScopeofapplicationmodes

ManyECUsmayexecutecompletelyindependentapplicationsase.g.factorytest,Flashpro-grammingornormaloperation.TheapplicationmodeisameanstostructurethesoftwarerunningintheECUaccordingtothosedifferentconditions.Typicallyeachapplicationmodeconsistsofanownsetoftasks,ISRsandtimingconditions,althoughthereisnolimitationtohavingataskorISRrunningindifferentmodes.Sharingatask/ISRbetweendifferentmodesisrecommendedifthesamefunctionalityisneededagain,becausecheckingthecurrentapplicationmodeinsidethetask/ISRatruntimeisveryinefficient.

Havingsystemgenerationandoptimisationinmind,applicationmodesarehelpfultoreducethenumberofOSobjectstakenintoconsideration.

Switchingbetweenapplicationmodesatruntimeisnotastrongrequestfromapplications.Itcouldbehelpfule.g.ifend-of-fabrication-testisdesignedasaseparatemode.Onereasonwhymodeswitchingatruntimeisnotallowedisthatnormallytimingconstrainshavetobemet

24©byOSEKOSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.1throughouttheoperationasforexamplethestill-alive-protocolbetweenmainandsupervisorprocessors.

4.8.1Startupperformance

ThestartupperformanceisasafetycriticalissueforECUsinautomotiveapplicationssinceresetconditionsmayoccurduringnormaloperation.Asaresultthecodeusedtodeterminetheapplicationmodeshouldbeveryquick.Itisrecommendedthatonlypinstates,orsimilarlyeasytoassessconditionsbeusedtodeterminethemode.Themodewillbedeterminedbeforethekernelisstartedandtheresultingcodeisnon-portable.Itisclearthatalengthyorcomplicatedstartingprocedureshouldbeavoided.4.8.2Supportofexclusiveapplications

Applicationmodesallowindependentdevelopmentoftotallyseparatesystems.

Forsystemsthatarecompletelyexclusive,thisfeaturewillallowaverycleanmechanismforindependentsystemdevelopment.

4.8.3Supportedbyallconformanceclasses

Becausetheoverheadofmodedetectionisminimal,thereisnoreasontorestrictthefeatureofapplicationmodestoasubsetofconformanceclasses.Itisrequiredforallclasses.Atstartup,theusercodeusingnosystemservices(seeFigure10-2),willdeterminethemodeandpassitasaparametertotheAPI-serviceStartOS.Thiswillallowtheoperatingsystemtoloadthecorrectcontexts,andotherOSinformationtoallowtheexecutionofthecorrectapplications.Thereisnoimpactontheshutdownfunctionality.

OSEKOS2.1©byOSEK25

OSEK/VDX5Interruptprocessing

OperatingSystemSpecification2.1Thefunctionsforprocessinganinterrupt(InterruptServiceRoutine:ISR)aresubdividedintothreeISRcategories:

ISRcategory1TheISRdoesnotuseanoperatingsystemservice.AftertheISRisfinished,

processingcontinuesexactlyattheinstructionwheretheinterrupthasoccurred,i.e.theinterrupthasnoinfluenceontaskmanagement.ISRsofthiscategoryhavetheleastoverhead.ISRcategory2TheOSEKoperatingsystemprovidesanISR-frametopreparearun-time

environmentforadedicateduserroutine.Duringsystemgenerationtheuserroutineisassignedtotheinterrupt.Fromtheapplications'pointofview,thiscategoryisthemostcomfortableone.

Withinaninterruptserviceroutineofcategory2,usageofOSEKoperatingsystemservicesisrestrictedaccordingtoFigure5-2.ISRcategory3SuchISRscanbeusedlikecategory1ISRs.However,iftheuserneedsto

callsystemservices,hehasfirsttocallEnterISR.AfterEnterISR,theISRactslikeanISRofcategory2.IfEnterISRwascalled,aLeaveISRcallisneededtoreturnfromtheISR.Thiscategoryisthemostflexibleone.TheservicesEnterISRandLeaveISRareprovidedasapartoftheAPI.

BetweenEnterISRandLeaveISRrestrictionsonOSEKoperatingsystemservicesareequaltocategory2.Concerningtheuseofstack,registersandlocalvariablesoutsideandbetweenEnterISRandLeaveISRimplementationspecificrestrictionsmightapply.LeaveISRmustbethelaststatementexecutedintheISR.TheimplementationofISRcategories1and2ismandatory,whereasISRcategory3isoptional.

Category1{codewithoutanyAPIcalls}}}Category2ISR(isr_name){codewithAPIcalls{Category3codewithoutanyAPIcallsEnterISR();codewithAPIcallsLeaveISR();Figure5-1ISRcategoriesoftheOSEKoperatingsystem

InsidetheISRnoreschedulingwilltakeplace.ReschedulingtakesplaceonterminationoftheISRcategory2or3ifapre-emptivetaskhasbeeninterruptedandifnootherinterruptisactive.

TheimplementationensuresthattasksareexecutedaccordingtotheOSEKschedulingpoints(seechapter4.6.2Fullpre-emptivescheduling).ToachievethistheimplementationmayprescriberestrictionsconcerninginterruptprioritylevelsforISRsofallcategoriesand/orperformchecksatconfigurationtime(seechapter13.2.3.2,Nestedinterruptsofdifferentcategories).

26

©byOSEK

OSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.1Themaximumnumberofinterruptprioritiesdependsonthecontrollerusedaswellasontheimplementation.TheschedulingofinterruptsishardwaredependentandnotspecifiedinOSEK.Interruptsarescheduledbyhardwarewhiletasksarescheduledbythescheduler.Regardingtheinterruptprioritylevelstheremayberestrictionsasdescribedin13.2.3.2.Interruptscaninterrupttasks(nonandfullpre-emptivetasks).Ifataskisactivatedfromaninterruptroutinethetaskisscheduledaftertheendofallactiveinterruptroutines.

IninterruptserviceroutinesthefollowingservicesoftheOSEKoperatingsystemcanbeused:

ServiceActivateTaskTerminateTaskChainTaskScheduleGetTaskIDGetTaskStateEnterISRLeaveISREnableInterruptDisableInterruptGetInterruptDescriptorDisableAllInterruptsEnableAllInterruptsSuspendOSInterruptsResumeOSInterruptsGetResourceReleaseResourceSetEventClearEventGetEventWaitEventGetAlarmBaseGetAlarmSetRelAlarmSetAbsAlarmCancelAlarm

GetActiveApplicationModeStartOSShutdownOS

calledbyTaskallowedallowedallowedallowedallowedallowed----allowedallowedallowedallowedallowedallowedallowedallowedallowedallowedallowedallowedallowedallowedallowedallowedallowedallowedallowed--allowed

calledbyISRcategory2and3

allowed------allowedallowedallowedallowed

55

allowedallowedallowedallowedallowedallowedallowedallowedallowedallowed--allowed--allowedallowedallowedallowedallowedallowed--allowed

Figure5-2APIservicesallowedtobecalledbytasksandISRs

5

ThisserviceisallowedinISRcategory3only.

©byOSEK

27

OSEKOS2.1

OSEK/VDXSourcerelatedDisable/EnableinterruptAPI

OperatingSystemSpecification2.1Operatingsystemserviceshavebeenprovidedtoenableanddisableselectedinterruptsources.Aninterruptsourcewhichhasbeendisabledwillstaydisableduntilitisre-enabledbytheapplication.

Hint:Duetonormalschedulingalgorithms,interruptsorhigherprioritytasksmaydelaythetimeuntilaninterruptsourceisenabled.Tokeepthedelayshort,interruptsandtaskscanbeblockedoutusingresourcemanagement.FastDisable/EnableAPI-functions

OSEKoffersfastfunctionstodisableallinterrupts(seechapter12.3.2.6,EnableAllInterruptsand12.3.2.7,DisableAllInterrupts),andtodisableallinterruptsofcategory2and3(seechapter12.3.2.8,ResumeOSInterruptsand12.3.2.9,SuspendOSInterrupts).Typicalusageistoprotectshortcriticalsections.Operatingsystemservicecallsarenotallowedbetweendisableandenablepairs.Exception:SuspendOSInterruptsandResumeOSInterruptsareallowedtobenested.

28©byOSEKOSEKOS2.1

OSEK/VDX6Eventmechanism

Theeventmechanism• isameansofsynchronisation• •

OperatingSystemSpecification2.1isonlyprovidedforextendedtasks

initiatesstatetransitionsoftaskstoandfromthewaitingstate.

Eventsareobjectsmanagedbytheoperatingsystem.Theyarenotindependentobjects,butassignedtoextendedtasks.Eachextendedtaskhasadefinitenumberofevents.Thistaskiscalledtheowneroftheseevents.Anindividualeventisidentifiedbyitsowneranditsname(ormask).Whenactivatinganextendedtask,theseeventsareclearedbytheoperatingsystem.Eventscanbeusedtocommunicatebinaryinformationtotheextendedtasktowhichtheyareassigned.Themeaningofeventsisdefinedbytheapplication,e.g.signallingofanexpiringtimer,theavailabilityofaresource,thereceptionofamessage,etc.

Variousoptionsareavailabletomanipulateevents,dependingonwhetherthededicatedtaskistheowneroftheeventoranothertaskwhichdoesnotnecessarilyhavetobeanextendedtask.Alltaskscansetanyeventsofanyextendedtask.Onlytheownerisabletoclearitseventsandtowaitforthereception(=setting)ofitsevents.

Eventsarethecriteriaforthetransitionofextendedtasksfromthewaitingstateintothereadystate.Theoperatingsystemprovidesservicesforsetting,clearingandinterrogationofevents,andforwaitingforeventstooccur.

AnytaskorISRcansetaneventforanextendedtask,andthusinformtheextendedtaskaboutanystatuschangeviathisevent.

Thereceiverofaneventisanextendedtaskinanycase.Consequently,itisnotpossibleforaninterruptserviceroutineorabasictasktowaitforanevent.Aneventcanonlybeclearedbythetaskwhichistheowneroftheevent.Extendedtasksmayonlycleareventstheyown,whereasbasictasksmustnotusetheoperatingsystemserviceforclearingevents.

Anextendedtaskinthewaitingstateisreleasedtothereadystateifatleastoneeventforwhichthetaskiswaitinghasoccurred.Ifarunningextendedtasktriestowaitforaneventandthiseventhasalreadyoccurred,thetaskremainsintherunningstate.

OSEKOS2.1©byOSEK29

OSEK/VDXOperatingSystemSpecification2.1Figure6-1explainssynchronisationofextendedtasksbysettingeventsincaseoffullpre-emptivescheduling,whereextendedtaskT1hasthehigherpriority.

schedulereventofclearextendedtaskT1setclearextendedtaskT1waitingextendedtaskT2runningdyarerunningcleareventwaitforeventwaitingrunningrunningseteventreadyFigure6-1Fullpre-emptivesynchronisationofextendedtasks

Figure6-1illustratestheprocedureswhichareeffectedbysettinganevent:TaskT1waitsfor

anevent.TaskT2setsthiseventforT1.Theschedulerisactivated.Subsequently,T1istransferredfromthewaitingstateintothereadystate.DuetothehigherpriorityofT1thisresultsinataskswitch,T2beingpre-emptedbyT1.T1resetstheevent.ThereafterT1waitsforthiseventagainandtheschedulercontinuesexecutionofT2.

Ifnonpre-emptiveschedulingissupposed,reschedulingdoesnottakeplaceimmediatelyaftertheeventhasbeenset(seeFigure6-2,whereextendedtaskT1isofhigherpriority)

schedulereventofclearextendedtaskT1setclearextendedtaskT1waitingextendedtaskT2runningreadycleareventrunningreadywaitforeventwaitingrunningseteventreschedulingFigure6-2Nonpre-emptivesynchronisationofextendedtasks

30©byOSEKOSEKOS2.1

OSEK/VDX7Resourcemanagement

OperatingSystemSpecification2.1Theresourcemanagementisusedtoco-ordinateconcurrentaccessesofseveraltaskswithdifferentprioritiestosharedresources,e.g.managemententities(scheduler),programsequences,memoryorhardwareareas.

Theresourcemanagementismandatoryforallconformanceclasses.

Theresourcemanagementcanoptionallybeextendedtoco-ordinateconcurrentaccessesoftasksandinterruptroutines.

Resourcemanagementensuresthat• twotaskscannotoccupythesameresourceatthesametime.• priorityinversioncannotoccur.• deadlocksdonotoccurbyuseoftheseresources.• accesstoresourcesneverresultsinawaitingstate.

Iftheresourcemanagementisextendedtotheinterruptlevelitassuresinadditionthat• twotasksorinterruptroutinescannotoccupythesameresourceatthesametime.Thefunctionalityofresourcemanagementisonlyrequiredinthefollowingcases:• fullpre-emptivetasks• nonpre-emptivetasks,ifresourcesarealsotoremainoccupiedbeyondascheduling

point• nonpre-emptivetasks,iftheuserintendstohavetheapplicationcodeexecutedunder

otherschedulingpolicies,too• resourcesharingbetweentasksandinterruptserviceroutines• resourcesharingbetweeninterruptserviceroutinesIftheuserrequiresprotectionagainstinterruptionsnotonlycausedbytasks,butalsocausedbyinterrupts,hecanalsousetheoperatingsystemservicestosetandresetinterruptmasks.Resettinginterruptmasksdoesnotcauserescheduling.(Seechapter5,Interruptprocessing,andchapter12.3,Interrupthandling).

7.1Behaviourduringaccesstooccupiedresources

OSEKOSprescribestheOSEKpriorityceilingprotocol(seechapter7.5)Consequently,nosituationoccursinwhichataskoraninterrupttriestoaccessanoccupiedresource.

Iftheresourceconceptisusedfortask-andinterrupt-coordinationtheOSEKoperatingsystemensuresalsothataninterruptserviceroutineisonlyprocessedifallresourceswhichmightbeoccupiedbythatinterruptserviceroutineduringitsexecutionhavebeenreleased.Additionally,OSEKstrictlyforbidsnestedaccesstothesameresource!

7.2Restrictionswhenusingresources

NeitherTerminateTask,ChainTasknorWaitEventmustbecalledwhilearesourceisoccupied.Interruptserviceroutinemustnotbecompletedwitharesourceoccupied.

Incaseofmultipleresourceoccupationwithinonetask,theuserhastorequestandreleaseresourcesfollowingtheLIFOprinciple(stack).

OSEKOS2.1

©byOSEK

31

OSEK/VDX7.3Schedulerasaresource

OperatingSystemSpecification2.1Ifataskhastoprotectitselfagainstpre-emptionsbyothertasks,itcanlockthescheduler.Thescheduleristreatedlikearesourcewhichisaccessibletoalltasks.ThereforearesourcewithapredefinednameRES_SCHEDULERisgenerated.

Interruptsarereceivedandprocessedindependentofthestateoftheresourcescheduler.However,itpreventsthereschedulingoftasks.

7.4Generalproblemswithsynchronisationmechanisms

7.4.1Explanationofpriorityinversion

Atypicalproblemofcommonsynchronisationmechanisms-e.g.theuseofsemaphores-istheproblemrelatingtopriorityinversion.

Thismeansthatalower-prioritytaskdelaystheexecutionofhigher-prioritytask.OnesolutiontoavoidpriorityinversionistousetheOSEKPriorityCeilingProtocol(seechapter7.5).Figure7-1illustratessequencingofthecommonaccessoftwotaskstoasemaphore(inafullpre-emptivesystem,taskT1hasthehighestpriority)

TaskT4whichhasalowpriority,occupiesthesemaphoreS1.T1pre-emptsT4andrequeststhesamesemaphore.AsthesemaphoreS1isalreadyoccupied,T1entersthewaitingstate.Nowthelow-priorityT4isinterruptedandpre-emptedbytaskswithaprioritybetweenthoseofT1andT4.T1canonlybeexecutedafteralllower-prioritytaskshavebeenterminated,andthesemaphoreS1hasbeenreleasedagain.AlthoughT2andT3donotusesemaphoreS1,theydelayT1withtheirruntime.

adreyaccesstosemaphoreS1denied

waiting

running

running

running

runningsuspendedsuspended

ready

taskT1taskT2taskT3taskT4

suspendedsuspendedsuspendedrunning

runningreadyreadyready

semaphoreS1occupiedsemaphoreS1released

Figure7-1Priorityinversiononoccupyingsemaphores

32©byOSEKOSEKOS2.1

OSEK/VDX7.4.2Deadlocks

OperatingSystemSpecification2.1Anothertypicalproblemofcommonsynchronisationmechanisms,suchastheuseofsema-phores,istheproblemofdeadlocks.Inthiscasedeadlockmeanstheimpossibilityoftaskexecutionduetoinfinitewaitingformutuallylockedresources.

Thefollowingscenarioresultsinadeadlock(seeFigure7-2):

TaskT1occupiesthesemaphoreS1andsubsequentlycannotcontinuerunning,e.g.becauseitiswaitingforanevent.Thus,thelower-prioritytaskT2istransferredintotherunningstate.ItoccupiesthesemaphoreS2.IfT1getsreadyagainandtriestooccupysemaphoreS2,itentersthewaitingstateagain.IfnowT2triestooccupysemaphoreS1,thisresultsinadeadlock.

e.gwaitaccessto

semaphoreS1foreventtaskT1taskT2

runningready

waitingrunning

eventaccesstosemaphoreS2happeneddenied

yadrerunning

waiting

Deadlock!

ready

running

waiting

accessto

semaphoreS2accessto

semaphoreS1denied

Figure7-2Deadlocksituationusingsemaphores

7.5OSEKPriorityCeilingProtocol

ToavoidtheproblemsofpriorityinversionanddeadlockstheOSEKoperatingsystemrequiresfollowingbehaviour:

• Atthesystemgeneration,toeachresourceitsownceilingprioritywillbeassigned.Theceilingprioritywillbesetatleasttothehighestpriorityofalltasksthataccessaresource.Theceilingprioritymustbelowerthanthelowestpriorityofalltasksthatdonotaccesstheresource,andwhichhaveprioritieshigherthanthehighestpriorityofalltasksthataccesstheresource.• Ifataskrequiresaresource,anditscurrentpriorityislowerthantheceilingpriorityoftheresource,thepriorityofthetaskwillberaisedtotheceilingpriorityoftheresource.• Ifthetaskreleasestheresource,thepriorityofthistaskwillberesettotheprioritybeforerequiringthatresource.Priorityceilingresultsinapossibletimedelayfortaskswithprioritiesequalorbelowtheresourcepriority.Thisdelayislimitedbythemaximumtimetheresourceisoccupiedbyanylowerprioritytask.

Taskswhichmightoccupythesameresourceastherunningtaskdonotentertherunningstate,duetotheirlowerorequalprioritythantherunningtask.Ifaresourceoccupiedbyataskisreleased,othertaskwhichmightoccupytheresourcecanentertherunningstate.Forpre-emptivetasksthisisapointofrescheduling.

OSEKOS2.1©byOSEK33

OSEK/VDXtaskT0ceilingprioritysuspendedrunningsuspendedOperatingSystemSpecification2.1releaseresourcereleaseresourcerunningreadysuspendedsuspendedsuspendedrunningreadyrunningreadyreadyreadyrunningrunningsuspendedrunningsuspendedrunningrunningtaskT1taskT2taskT3taskT4requestresourcerequestresourceFigure7-3Resourceassignmentwithpriorityceilingbetweenpre-emptivetasks.

TheexampleshowninFigure7-3illustratesthemechanismofthepriorityceiling.TaskT0hasthehighest,andtaskT4thelowestpriority.TaskT1andtaskT4wanttoaccessthesameresource.Thesystemshowsclearlythatnounboundedpriorityinversionisentailed.Thehigh-prioritytaskT1waitsforashortertimethanthemaximumdurationofresourceoccupationbyT4.

7.6OSEKPriorityCeilingProtocolwithextensionsforinterruptlevels

Theextensionofresourcemanagementtointerruptlevelisoptional.

Todeterminetheceilingpriorityofresourceswhichareusedininterrupts,virtualprioritieshigherthanalltasksprioritiesareassignedtointerrupts.Thecalculatedceilingprioritymeansforaresourcewhichisonlyoccupiedbytasksadifferenthandlingthanforaresourceoccupiedbytasksandinterruptroutines.Themanipulationofsoftwareprioritiesandofhardwareinterruptlevelsisuptotheimplementation.

• Atthesystemgeneration,toeachresourceitsownceilingprioritywillbeassigned.Theceilingprioritywillbesetatleasttothehighestpriorityofalltasksandinterruptroutinesthataccessaresource.Theceilingprioritymustbelowerthanthelowestpriorityofalltasksorinterruptroutinesthatdonotaccesstheresource,andwhichhaveatthesametimehigherprioritiesthanthehighestpriorityofalltasksorinterruptroutinesthataccesstheresource.• Ifataskorinterruptroutinerequiresaresource,anditscurrentpriorityislowerthantheceilingpriorityoftheresource,thepriorityofthetaskorinterruptwillberaisedtotheceilingpriorityoftheresource.• Ifthetaskorinterruptroutinereleasestheresource,thepriorityofthistaskorinterruptwillberesettotheprioritybeforerequiringthatresource.Tasksorinterruptroutineswhichmightoccupythesameresourceastherunningtaskorinterruptroutinehasoccupieddonotrun,duetotheirlowerorequalprioritythantherunningtaskorinterruptroutine.Ifaresourceoccupiedbyataskisreleased,anothertaskorinterruptroutineswhichmightoccupytheresourcecouldrun.Forpre-emptivetasksthisisapointofrescheduling.

34©byOSEKOSEKOS2.1

OSEK/VDXinterruptoccursisrINT2ceilingpriorityexecutionOperatingSystemSpecification2.1releaseresourcerunninginterruptedpendingexecutionisrINT1interruptoccurstaskT3taskT2taskT1suspendedsuspendedrunningreadyreadyrunningsuspendedrunningsuspendedrunningreadyrequestresourceFigure7-4

Resourceassignmentwithpriorityceilingbetweenpre-emptivetasksandinterruptservicesroutines.

Theexampleshowninfigure7-4describesthefollowingscenario:

Thepre-emptivetaskT1isrunningandrequestsaresourcesharedwiththeinterruptserviceroutineINT1.ThetaskT1activatesthehigherpriortasksT2andT3.BecauseofOSEK

PriorityCeilingProtocolthetaskT1isstillrunning.InterruptINT1occurs.BecauseofOSEKPriorityCeilingProtocolthetaskT1isstillrunning,theinterruptINT1ispending.InterruptINT2occurs.TheinterruptserviceroutineINT2interruptsthetaskT1anditisexecuted.AfterINT2isdonethetaskT1iscontinued.ThetaskT1releasestheresource.TheinterruptserviceroutineINT1isexecuted,thetaskT1isinterrupted.AfterINT1isdonetheTask3isrunning.AfterterminationoftaskT3thetaskT2isrunning.AfterterminationoftaskT2thetaskT1iscontinued.

Theexamplebelowshowninfigure7-5describesthefollowingscenario:

Thepre-emptivetaskT1isrunning.TheinterruptINT1occurs.ThetaskT1isinterruptedandtheinterruptserviceroutineINT1isexecuted..TheINT1requestsaresourcesharedwiththeinterruptserviceroutineINT2.ThehigherpriorinterruptINT2occurs.BecauseofOSEKPriorityCeilingProtocoltheINT1isstillexecuted,theINT2ispending.TheinterruptINT3occurs.BecauseofhigherprioritythantheINT1,theINT3interruptsthisinterruptserviceroutineandisexecuted.TheINT3activatesthetaskT2.AftertheINT3isdonetheINT1iscontinued.AftertheINT1releasestherequestedresourcetheINT2isexecutedbecauseofhigherprioritythantheINT1.AftertheINT2isdonetheINT1iscontinued.AftertheINT1isdonethetaskT2isrunningbecauseofhigherprioritythanthetaskT1,thetaskT1isready.AfterthetaskT2isterminatedthetaskT1iscontinued.

OSEKOS2.1©byOSEK35

OSEK/VDXinterruptoccursisrINT3ceilingpriorityexecutionOperatingSystemSpecification2.1releaseresourceexecutioninterruptedinterruptoccursisrINT2pendingexecutionisrINT1interruptoccursexecutioninterruptedrequestresourcetaskT2taskT1runningsuspendedreadyreadyrunningsuspendedrunningFigure7-5

Resourceassignmentwithpriorityceilingbetweeninterruptservicesroutines

36©byOSEKOSEKOS2.1

OSEK/VDX8Alarms

OperatingSystemSpecification2.1TheOSEKoperatingsystemprovidesservicesforprocessingrecurringevents.Sucheventsmaybeforexampletimerswhichprovideaninterruptatregularintervals,orencodersataxleswhichgenerateaninterruptincaseofaconstantchangeofa(camshaftorcrankshaft)angle,orotherregularapplicationspecifictriggers.

TheOSEKoperatingsystemprovidesatwo-stageconcepttoprocesssuchevents.Therecurringevents(sources)areregisteredbyimplementationspecificcounters.Basedoncounters,theOSEKoperatingsystemsoftwareoffersalarmmechanismstotheapplicationsoftware.

8.1Counters

Acounterisrepresentedbyacountervalue,measuredin”ticks”,andsomecounterspecificconstants.

TheOSEKoperatingsystemdoesnotprovideastandardisedAPItomanipulatecountersdirectly.

TheOSEKoperatingsystemtakescareofthenecessaryactionsofmanagingalarmswhenacounterisadvancedandhowthecounterisadvanced.

TheOSEKoperatingsystemoffersatleastonecounterwhichisderivedfroma(hardwareorsoftware)timer.Theusercanassumetheexistenceofthiscounter.

8.2Alarmmanagement

TheOSEKoperatingsystemprovidesservicestoactivatetasksorseteventswhenanalarmexpires.Analarmwillexpirewhenapredefinedcountervalueisreached.Thiscountervaluecanbedefinedrelativetotheactualcountervalue(ðrelativealarm)orasanabsolutevalue(ðabsolutealarm).Alarmscanbedefinedtobeeithersinglealarmsorcyclicalarms.Alarmsmaybeforexamplethereceiptofanumberoftimerinterrupts,aspecificangularposition,orreceivingamessage.InadditiontheOSprovidesservicestocancelalarmsandtogetthecurrentstateofanalarm.

Morethanonealarmcanbeattachedtoacounter.

Analarmisstaticallyassignedatsystemgenerationtimeto:• onecounter• onetask

Dependingonconfigurationthistaskwillbeactivated,oraneventwillbesetforthistask

whenthealarmexpires.Taskactivationandeventsettingwhenanalarmexpireshavethesamepropertiesasnormaltaskactivationandeventsetting.

OSEKOS2.1©byOSEK37

OSEK/VDXsourceforcounterOperatingSystemSpecification2.1implementationOSinternalapplicationviewcounteralarmsFigure8-1Layeredmodelofalarmmanagement

Countersandalarmsaredefinedstatically.Theassignmentofalarmstocounters,aswellastheactiontobeperformedwhenanalarmexpires,aredefinedstatically,too.

Dynamicparametersarethecountervaluewhenanalarmhastoexpire,andtheperiodforcyclicalarms.

38©byOSEKOSEKOS2.1

OSEK/VDX9Messages

OperatingSystemSpecification2.1ForanOSEKimplementationtobecompliant,messagehandlingforintraprocessor

communicationhastobeoffered.TheminimumfunctionalityrequiredisCCCAasdescribedintheOSEKCOMspecification.CCCAdescribesacommunicationconformanceclass

specificallytailoredtotheneedsofintraprocessorcommunicationwhichsupportsunqueuedmessages.CCCBdefinesanextensionwhichaddsqueuedmessages.

IfanimplementationoffersevenmorefunctionalitywhichisspecifiedinotherconformanceclassesdescribedintheOSEKCOMspecification,theimplementationmuststicktosyntaxandsemanticoftherespectiveOSEKCOMfunctionality.

PleasenotethatformessagestherulesstatedintheOSEKCOMspecificationarevalid.Forexample,OSEKCOMsysteminterfacesdonotcallErrorHook.However,iftheOSEKCOMfunctionalityinternallycallsOSsystemfunctionlikeActivateTask,ErrorHookwillbecalledifnecessaryfromActivateTask.Formoredetails,refertotheOSEKCOMspecification.

OSEKOS2.1©byOSEK39

OSEK/VDXOperatingSystemSpecification2.110Errorhandling,tracinganddebugging

10.1Hookroutines

TheOSEKoperatingsystemprovidessystemspecifichookroutinestoallowuser-definedactionswithintheOSinternalprocessing.ThefirstparameterisfixedforallimplementationsofOSEKoperatingsystems,additionalparametersareoptionalandimplementationdependent.Thosehookroutinesare• calledbytheoperatingsystem,inaspecialcontextdependingontheimplementationof

theoperatingsystem• higherpriorthanalltasks• notinterruptedbycategory2and3interruptroutines• usinganimplementationdependentcallinginterface.• partoftheoperatingsystem• implementedbytheuserwithuserdefinedfunctionality• standardisedininterfaceperOSEKOSimplementation,butnotstandardisedin

functionality(environmentandbehaviourofthehookroutineitself),thereforeusuallyhookroutinesarenotportable• areonlyallowedtouseasubsetofAPIfunctions• optional(theimplementationshouldomitcallstohookroutineswhichdonotexist)IntheOSEKoperatingsystemhookroutinesmaybeusedfor:• systemstart-up(seechapter10.3,Systemstart-up).

Thecorrespondinghookroutine(StartupHook)iscalledaftertheoperatingsystemstart-upandbeforetheschedulerisrunning.• systemshutdown(seechapter10.4,Systemshutdown).

Thecorrespondinghookroutine(ShutdownHook)iscalledwhenasystemshutdownisrequestedbytheapplicationorbytheoperatingsystemincaseofasevereerror.• tracingorapplicationdependentdebuggingpurposesaswellasuserdefinedextensions

ofthecontextswitch(seechapter10.5,Debugging).• errorhandling.

EachimplementationofOSEKhastodescribetheinterfacesandconventionsforthehookroutines.

IftheapplicationcallsanotallowedAPIserviceinhookroutinesthebehaviourisnotdefined.Ifanerrorisraised,theimplementationshouldreturnanimplementationspecificerrorcode.

40©byOSEKOSEKOS2.1

OSEK/VDXService

ActivateTaskTerminateTaskChainTaskScheduleGetTaskIDGetTaskStateEnterISRLeaveISREnableInterruptDisableInterruptGetInterruptDescriptorDisableAllInterruptsEnableAllInterruptsSuspendOSInterruptsResumeOSInterruptsGetResourceReleaseResourceSetEventClearEventGetEventWaitEventGetAlarmBaseGetAlarmSetRelAlarmSetAbsAlarmCancelAlarm

GetActiveApplicationModeStartOSShutdownOS

OperatingSystemSpecification2.1PostTaskHook

--------allowedallowed--------allowed----------------allowed--allowedallowed------allowed----

ErrorHook

--------allowed--------allowed----------------allowed--allowedallowed------allowed--allowed

6

PreTaskHook

--------allowedallowed--------allowed----------------allowed--allowedallowed------allowed----

StartupHook

allowed--------------------------------------------------allowed--allowed

ShutdownHook

----------------------------------------------------allowed----

allowed

Figure10-1APIservicesforhookroutines

Mostoperatingsystemservicesarenotallowedforhookroutines.Thisrestrictionisnecessarytoreducesystemcomplexity.

10.2Errorhandling

AnerrorserviceisprovidedtohandletemporarilyandpermanentlyoccurringerrorswithintheOSEKoperatingsystem.Itsbasicframeworkispredefinedandhastobecompletedbytheuser.Thisgivestheuserachoiceofefficientcentralisedordecentralisederrorhandling.

6

Itmayhappenthatcurrentlynotaskisrunning.InthiscasetheservicereturnsthetaskIDINVALID_TASK(seechapter12.2.3.5GetTaskID).

©byOSEK

41

OSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.1Twodifferentkindsoferrorsaredistinguished:• Applicationerrors

Theoperatingsystemcouldnotexecutetherequestedservicecorrectly,butassumesthecorrectnessofitsinternaldata.

Inthiscase,centralisederrortreatmentiscalled.Additionallytheoperatingsystemreturnstheerrorbythestatusinformationfordecentralisederrortreatment.Itisuptotheusertodecidewhattododependingonwhicherrorhasoccured.• Fatalerrors

Theoperatingsystemcannolongerassumecorrectnessofitsinternaldata.Inthiscasetheoperatingsystemcallsthecentralisedsystemshutdown.Allthoseerrorservicesareassignedwithaparameterthatspecifiestheerror.

ThereturnvalueoftheOSEKAPI-serviceshasprecedenceovertheoutputparameters.IfanAPIservicereturnsanerror,thevaluesoftheoutputparametersareundefined.

Thecorrespondinghookroutine(ErrorHook)iscalledifasystemservicereturnsaStatusTypevaluenotequaltoE_OK.ThehookroutineErrorHookisnotcalledifasystemserviceiscalledfromtheErrorHookitself(i.e.,arecursivecalloferrorhookneveroccurs).AnypossiblyoccuringerrorbycallingsystemservicesfromtheErrorHookcanonlybedetectedbyevaluatingthereturnvalue.

ErrorHookalsoiscalledifanerrorisdetectedduringtaskactivationoreventsetting,forexampleuponalarmexpirationormessagearrival.

Ifataskisactivatedintheversionwithstandardstatus,only\"E_OK\"isreturned.Moreover,inaversionwithextendedstatus,theadditionalreturnvalues\"Taskisinvalid\"or\"Toomanytaskactivations\etc.canbereturned.Theseextendedreturnvaluesmustnolongeroccurinthetargetapplicationatthetimeofexecution,i.e.thecorrespondingerrorsarenotinterceptedintheruntimeversionoftheoperatingsystem.

10.3Systemstart-up

Initialisationafteraprocessorresetisuptotheimplementation,butOSEKOSofferssupportforastandardisedwayofinitialisation.

Interfacesforinitialisationofhardware,operatingsystemandapplicationhavetobeclearlydefinedbytheimplementation.

OSEKOSdoesnotforcetheapplicationtodefinespecialtaskswhichhavetobestartedaftertheoperatingsysteminitialisation,butitallowstheusertospecifyautostart-tasksduringsystemgeneration.

AfteraresetoftheCPU,hardware-specificapplicationsoftwareisexecuted(nooperatingsystemcontext).Thenon-portablesectionendswiththedetectionoftheapplicationmode.Forsafetyreasonsthisdetectionshouldnotrelyonsystemhistory.

Theportablesectionoftheapplicationstartswiththecalltoafunctionwhichstartsuptheoperatingsystem,i.e.StartOSwiththeapplicationmodeasaparameter.Aftertheoperatingsystemisinitialised(schedulerisnotrunning),itcallsthehookroutineStartupHook,wheretheusercanplacetheinitialisationcodeforallhisoperatingsystemdependentinitialisation.InordertostructuretheinitialisationcodeinStartupHookaccordingtothestartedapplicationmode,theserviceGetActiveApplicationModeisprovided.Afterthereturnfromthathookroutinetheoperatingsystemsenablestheinterruptsaccordingtothe

42©byOSEKOSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.1INITIAL_INTERRUPT_DESCRIPTOR7,andstartsthescheduler.Afterthatthesystemisrunningandexecutesusertasks.

(Re-)Starthardware-specificcalltoinitializationcodeStartOS12OSexecutesoperatingsysteminitializationcode3OSexecutesStartupHook4OSkernelisrunning5firstusertaskisrunningDuringStartupHookalluserinterruptsaredisabledFigure10-2Systemstart-up

(1)Afterareset,theuserisfreetoexecute(non-portable)hardwarespecificcode.Interruptsofcategory2and3arenotallowedtorununtilthephase5.Thenon-portablesectionendsbydetectionoftheapplicationmode.

(2)CallStartOSwiththeapplicationmodeasaparameter.Thiscallstartstheoperatingsystem.

(3)Theoperatingsystemperformsinternalstart-upfunctionsand

(4)callsthehookroutineStartupHook,wheretheusermayplaceinitialisationprocedures.Duringthishookroutine,alluserinterruptsaredisabled.(5)TheoperatingsystemenablesuserinterruptsaccordingtotheINITIAL_INTERRUPT_DESCRIPTOR,andstartstheschedulingactivity.TheINITIAL_INTERRUPT_DESCRIPTORisstaticallyassignedbytheuser.

10.4Systemshutdown

TheOSEKOSspecificationdefinesaservicetoshutdowntheoperatingsystem,ShutdownOSThisservicecanberequestedbytheapplicationorbytheoperatingsystemduetoafatalerror.WhenShutdownOSiscalledtheoperatingsystemwillcallthehookroutineShutdownHookandshutdownafterwards.

TheuserisfreetodefineanysystembehaviourinShutdownHooke.g.nottoreturnfromtheroutine.(Seechapter12.7.2.3,ShutdownOS).

7

ThevalueoftheINITIAL_INTERRUPT_DESCRIPTORisdefinedbytheuserorbytheimplementation.

©byOSEK

43

OSEKOS2.1

OSEK/VDX10.5Debugging

OperatingSystemSpecification2.1Twohookroutines(PreTaskHookandPostTaskHook)arecalledontaskcontextswitches.Thesetwohookroutinesmaybeusedfordebuggingortimemeasurement(includingcontextswitchtime).ThereforePostTaskHookiscalledafterleavingthecontextoftheoldtask,PreTaskHookiscalledbeforeenteringthecontextofanewtask.

PostTaskHookOSinternalactivitiesPreTaskHooktaskT1taskT2runningsuspendedreadyrunningFigure10-3PreTaskHookandPostTaskHook

WhenShutdownOSiscalledwhileataskisrunningShutdownOSmayormaynotcallPostTaskHook.IfPostTaskHookiscalleditisundefinedifitiscalledbeforeorafterShutdownHook.

44©byOSEKOSEKOS2.1

OSEK/VDX11Descriptionofsystemservices

11.1Definitionofsystemobjects

OperatingSystemSpecification2.1WithintheOSEKoperatingsystemallsystemobjectshavetobedeterminedstaticallybytheuser.Thedefinitionoftheoperatingsystemobjectsisprovidedbytheoperatingsystemsupplier.Theactualcreationoftheobjects(uniquenamesandspecificcharacteristics)isdoneduringthesystemgenerationphase.Thedeclarationsdoneintheapplicationsourceareexternalreferencestothoseoperatingsystemobjects.Therearenosystemservicesavailabletodynamicallycreatesystemobjects.Declarationsprovideinformationthatasystemobjectistobeusedwhichhasbeencreatedatanotherlocation.Thenamesareusedasidentificationswithinthesystemservices.

UsuallythescopeofthosenamesislikeanexternalvariableinC-language.

Thecreationofsystemobjectswithinthesourceshouldbeconsideredasanexception,duetolossofportability.

Internalrepresentationofsystemobjectsisimplementationspecific.Therearevariousalternativesforimplementationofsystemobjects.Forexample,aTaskTypecouldbeimplementedeitherasapointertothedatastructureofthetaskorasanindextothecorrespondinglistelement.Applicationprogrammerscannotassumeaspecificrepresentation.Thecreationofsystemobjectsmayrequireadditionaltools.Theyenabletheusertoaddortomodifyvalueswhichhavebeenspecifiedindefinitions.Consequently,thesystemgenerationandthetoolsusedtothiseffectarealsoimplementation-specific.

11.2Conventions

11.2.1Typeofcalls

ThesystemserviceinterfaceisISO/ANSI-C.Itsimplementationisnormallyafunctioncall,butmayalsobesolveddifferently,asrequiredbytheimplementation-forexamplebymacrosoftheCpre-processor.Aspecifictypeofimplementationcannotbeassumed.11.2.2Legitimacyofcalls

Systemservicesarecalledfromtasks,interruptserviceroutines,andhookroutines.Dependingonthesystemservice,theremayberestrictionsregardingtheavailability.Furtherrestrictionsareimposedbytheconformanceclasses.11.2.3Errorcharacteristics

Tokeepthesystemefficientandfast,theOSEKoperatingsystemdoesnottestallerrors.Iftheapplicationusesoperatingsystemservicesincorrectly,undefinedsystembehaviourmayresult.

Mostsystemservicesreturnastatustotheuser.ThereturnstatusisE_OKifitwaspossibletoexecutethesystemservicewithoutanyrestrictions.Ifthesystemrecognisesanexceptionalconditionwhichrestrictsexecutionofthesystemservice,adifferentstatusisreturned.AstatusotherthanE_OKmaybeinformationwhichisnotconsideredtobeanerror(\"warning\").AnexampleisthereturnstatusofthesystemserviceCancelAlarm,whichinformsthatthealarmtobecancelledhasalreadyexpired.Auserprogramisthusinformedthate.g.a

OSEKOS2.1

©byOSEK

45

OSEK/VDXOperatingSystemSpecification2.1taskactivationhastakenplacewhichwasnotwanted.Thedetectionofmilderrors(warnings)ispartofthesystemservices.

Ifitispossibletoexcludeerrorsbeforeruntime,theruntimeversionmayomitcheckingoftheseerrors.IftheonlypossiblereturnstatusisE_OK,theimplementationisfreenottoreturnastatus.

Allreturnvaluesofasystemservicearelistedundertheindividualdescriptions.Thereturnstatusdistinguishesbetweenthe”standard”and”extended”status.The”standard”versionfulfilstherequirementsofadebuggedapplicationsystemasdescribedbefore.The\"extended\"versionisconsideredtosupporttestingofnotyetfullydebuggedapplications.Itcomprisesextendederrorcheckingcomparedtothestandardversion.

Thesequenceoferrorcheckingwithintheoperatingsystemisnotspecified.Whenevermultipleerrorsoccur,itisimplementationdependentwhichstatusisreturnedtotheapplication.

Incaseofapplicationerrors,theOSEKoperatingsystemwillcallthehookroutineErrorHookifdefined.ThepurposeofErrorHookistotreatstatusinformationcentralised.

Incaseoffatalerrors,thesystemservicedoesnotreturntotheapplication,butactivatesShutdownOS.Anexampleisanon-detectedincorrectparameterofasystemservicewhichgeneratesaninconsistencyinthesystem.TheparameterpassedtoShutdownOSisanimplementationdependentsystemerrorcode.Systemerrorcodesoccupyarangeofnumbersoftheirownanddonotconflictwiththestatesoftheoperatingsystemservices.

ThefunctionalityofShutdownOSisimplementation-specific.Possibleimplementationsaretostoptheapplicationortoissueanassertion.TheapplicationitselfcanaccessShutdownOStoshutdowntheoperatingsysteminacontrolledfashion.

CallingofShutdownOSisalsorecommendedwhenprocessingnon-assignableerrors,forexample\"illegalinstructioncode\".Thisisnotrequiredbecausethismustbesupportedbythehardware,whichcannotbetakenforgranted.

46©byOSEKOSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.112Specificationofoperatingsystemservices

Structureofthedescription

Operatingsystemservicesarearrangedinlogicalgroups.Acoherentdescriptionisprovidedforallservicesofthetaskmanagement,theinterruptmanagement,etc.

Thedescriptionofeachlogicalgroupstartswithdatatypedefinitions.Adescriptionofthegroup-specificconstructionalelementsandsystemservicesfollows.Thelastitemsareadescriptionofconstants,andofanyadditionalconventions.Constructionalelements

Thedescriptionofconstructionalelementscontainsthefollowingfields:Syntax:InterfaceinC-likesyntax.Parameter(In):Listofallinputparameters.Description:Explanationoftheconstructionalelement.Particularities:Explanationofrestrictionsrelatingtotheutilisation.Conformance:Specifiestheconformanceclasseswheretheconstructional

elementisprovided.Servicedescription

Aservicedescriptioncontainsthefollowingfields:Syntax:InterfaceinC-likesyntax.Parameter(In):Listofallinputparameters.Parameter(Out):Listofalloutputparameters.Description:Explanationofthefunctionalityoftheoperatingsystemservice.Particularities:Explanationofrestrictionsrelatingtotheutilisationoftheop-eratingsystemservice.Status:Listofpossiblereturnvalues.

Standard:•Listofreturnvaluesprovidedintheoperatingsystem'sstan-dardversion.Specialcase:Servicedoesnotreturn.

Extended:•Listofadditionalreturnvaluesintheoperatingsystem'sex-tendedversion.

Conformance:Specifiestheconformanceclasseswheretheoperatingsystem

serviceisprovided.Thespecificationofoperatingsystemservicesusesthefollowingnamingconventionsfordatatypes:...Type:...RefType:

describesthevaluesofindividualdata(includingpointers).describesapointertothe...Type(forcallbyreference).

12.1Commondatatypes

StatusType

ThisdatatypeisusedforallstatusinformationtheAPIservicesoffer.Namingconvention:allerrorsforAPIservicesstartwithE_.ThosereservedfortheoperatingsystemwillbeginwithE_OS_.

OSEKOS2.1

©byOSEK

47

OSEK/VDXThefollowingerrorvaluesaredefined:

OperatingSystemSpecification2.1ThenormalreturnvalueisE_OKwhichisassociatedwiththevalue0.

AllerrorsofAPIservices:• E_OS_ACCESS=1,• E_OS_CALLEVEL=2,• E_OS_ID=3,• E_OS_LIMIT=4,• E_OS_NOFUNC=5,• E_OS_RESOURCE=6,• E_OS_STATE=7,• E_OS_VALUE=8

IftheonlypossiblereturnstatusisE_OK,theimplementationisfreenottoreturnastatus,thisisnotseparatelystatedinthedescriptionoftheindividualservices.Internalerrorsoftheoperatingsystem:

Theseerrorsareimplementationspecificandnotpartoftheportablesection.Theerrornamesresideinthesamename-spaceastheerrorsforAPIservicesmentionedabove,i.e.therangeofnumbersmustnotoverlap.

Toshowthedifferenceinuse,thenamesinternalerrorsmuststartwithE_OS_SYS_Examples:• E_OS_SYS_STACK• E_OS_SYS_PARITY• ...andotherimplementation-specificerrors,whichhavetobedescribedinthevendor-specificdocument.ThenamesandrangeofnumbersoftheinternalerrorsoftheOSEKoperatingsystemdonotoverlapthenamesandrangeofnumbersofotherOSEKservices(i.e.communicationandnetworkmanagement)ortherangeofnumbersoftheAPIerrorvalues.

12.2Taskmanagement

12.2.1DatatypesTaskType

Thisdatatypeidentifiesatask.

TaskRefType

ThisdatatypepointstoavariableofTaskType.TaskStateType

Thisdatatypeidentifiesthestateofatask.

TaskStateRefType

ThisdatatypepointstoavariableofthedatatypeTaskStateType.

48©byOSEKOSEKOS2.1

OSEK/VDX12.2.2Constructionalelements

OperatingSystemSpecification2.112.2.2.1DeclareTaskSyntax:DeclareTask(TaskIdentifier)Parameter(In):

-Taskidentifier(C-identifier)

Description:DeclareTaskservesasanexternaldeclarationofatask.The

functionanduseofthisservicearesimilartothatoftheexter-naldeclarationofvariables.

Particularities:-Conformance:BCC1,BCC2,ECC1,ECC212.2.3Systemservices

12.2.3.1ActivateTaskSyntax:StatusTypeActivateTask(TaskType)Parameter(In):

TaskIDTaskreferenceParameter(Out):noneDescription:Thetaskistransferredfromthesuspendedstateinto

8

thereadystate.Theoperatingsystemensuresthatthetaskcodeisbeingexecutedfromthefirststatement.

Particularities:Theservicemaybecalledfrominterruptlevel,fromtasklevel

andthehookroutineStartupHook(seeFigure10-1).

ReschedulingafterthecalltoActivateTaskdependsontheplaceitiscalledfrom(ISR,non-preemptivetask,preemptivetask).

IfE_OS_LIMITisreturnedtheactivationisignored.

Whenanextendedtaskistransferredfromsuspendedstateintoreadystateallitseventsarecleared.

Status:

Standard:•Noerror,E_OK

Extended:•Taskisinvalid,E_OS_ID

•Toomanytaskactivationsof,E_OS_LIMIT

Conformance:BCC1,BCC2,ECC1,ECC2

ActivateTaskwillnotimmediatelychangethestateofthetaskincaseofmultipleactivationrequests.Ifthetaskisnotsuspended,theactivationwillonlyberecordedandperformedlater.OSEKOS2.1

©byOSEK

49

8

OSEK/VDXOperatingSystemSpecification2.112.2.3.2TerminateTaskSyntax:StatusTypeTerminateTask(void)Parameter(In):noneParameter(Out):noneDescription:Thisservicecausestheterminationofthecallingtask.The

callingtaskistransferredfromtherunningstateintothesuspendedstate9.

Particularities:Theresourcesoccupiedbythetaskmusthavebeenreleased

beforethecalltoTerminateTask.Iftheresourceisstilloccupiedinstandardstatusthebehaviourisundefined.

Ifthecallwassuccessful,TerminateTaskdoesnotreturntothecalllevelandthestatuscannotbeevaluated.

Iftheversionwithextendedstatusisused,theservicereturnsincaseoferror,andprovidesastatuswhichcanbeevaluatedintheapplication.

IftheserviceTerminateTaskiscalledsuccessfully,itenforcesarescheduling.

EndingataskfunctionwithoutcalltoTerminateTaskorChainTaskisstrictlyforbiddenandmayleavethesysteminanundefinedstate.

Status:

Standard:Noreturntocalllevel

Extended:•Taskstilloccupiesresources,E_OS_RESOURCE

•Callatinterruptlevel,E_OS_CALLEVEL

Conformance:BCC1,BCC2,ECC1,ECC212.2.3.3ChainTaskSyntax:StatusTypeChainTask(TaskType)Parameter(In):

TaskIDReferencetothesequentialsucceedingtasktobeactivated.Parameter(Out):noneDescription:Thisservicecausestheterminationofthecallingtask.After

terminationofthecallingtaskasucceedingtaskisactivated.Usingthisservice,itensuresthatthesucceedingtaskstartstorunattheearliestafterthecallingtaskhasbeenterminated.

Particularities:Ifthesucceedingtaskisidenticalwiththecurrenttask,this

doesnotresultinmultiplerequests.Thetaskisnottransferedtothesuspendedstate.

TheresourcesoccupiedbythecallingtaskmusthavebeenreleasedbeforeChainTaskiscalled.Iftheresourceisstilloccupiedinstandardstatusthebehaviourisundefined.

Incaseoftaskswithmultipleactivationrequests,terminatingthecurrentinstanceofthetaskautomaticallyputsthenextinstanceofthesametaskintothereadystate.50

©byOSEK

OSEKOS2.1

9

OSEK/VDXOperatingSystemSpecification2.1Ifcalledsuccessfully,ChainTaskdoesnotreturntothecalllevelandthestatuscannotbeevaluated.

Iftheversionwithextendedstatusisused,theservicereturnsincaseoferrortothecallingtask,andprovidesastatuswhichcanthenbeevaluatedintheapplication.

IftheserviceChainTaskiscalledsuccessfully,thisenforcesarescheduling.

EndingataskfunctionwithoutcalltoTerminateTaskorChainTaskisstrictlyforbiddenandmayleavethesysteminanundefinedstate.

IfE_OS_LIMITisreturnedtheactivationisignored.

Whenanextendedtaskistransferredfromsuspendedstateintoreadystateallitseventsarecleared.

Status:

Standard:Extended:

•••••

Noreturntocalllevel

Taskisinvalid,E_OS_ID

Toomanytaskactivationsof,E_OS_LIMITCallingtaskstilloccupiesresources,E_OS_RESOURCECallatinterruptlevel,E_OS_CALLEVELBCC1,BCC2,ECC1,ECC2

Conformance:12.2.3.4ScheduleSyntax:

Parameter(In):Parameter(Out):Description:

Particularities:

StatusTypeSchedule(void)nonenone

Ifahigher-prioritytaskisready,thecurrenttaskisputintothereadystate,itscontextissavedandthehigher-prioritytaskisexecuted.Otherwisethecallingtaskiscontinued.

Innonpre-emptivetasksScheduleenablesaprocessorassignmenttoothertasksinapplication-specificlocations.Thisservicehasnoinfluenceonfullpre-emptivetasks.

Status:

Standard:Extended:Conformance:

•Noerror,E_OK

•Callatinterruptlevel,E_OS_CALLEVELBCC1,BCC2,ECC1,ECC2

12.2.3.5GetTaskIDSyntax:StatusTypeGetTaskID(TaskRefType)Parameter(In):noneParameter(Out):

TaskIDReferencetothetaskwhichiscurrentlyrunningDescription:GetTaskIDreturnstheinformationabouttheTaskIDofthetask

whichiscurrentlyrunning.

OSEKOS2.1©byOSEK51

OSEK/VDXParticularities:

OperatingSystemSpecification2.1Allowedontasklevel,ISRlevelandinseveralhookroutines(seeFigure10-1).

Thisserviceisintendedtobeusedbylibraryfunctionsandhookroutines.

Ifcan’tbeevaluated(notaskcurrentlyrunning),theservicereturnsINVALID_TASKasTaskType.•Noerror,E_OK•Noerror,E_OK

BCC1,BCC2,ECC1,ECC2

Status:

Standard:Extended:Conformance:

12.2.3.6GetTaskStateSyntax:StatusTypeGetTaskState(TaskType,

TaskStateRefType)

Parameter(In):

TaskIDTaskreferenceParameter(Out):

StateReferencetothestateofthetaskDescription:Returnsthestateofatask(running,ready,waiting,suspended)

atthetimeofcallingGetTaskState.

Particularities:Theservicemaybecalledfrominterruptserviceroutines,task

level,andsomehookroutines(seeFigure10-1).

Withinafullpre-emptivesystem,callingthisoperatingsystemserviceonlyprovidesameaningfulresultifthetaskrunsinaninterruptdisablingstateatthetimeofcalling.

Whenacallismadefromataskinafullpre-emptivesystem,theresultmayalreadybeincorrectatthetimeofevaluation.Whentheserviceiscalledforatask,whichismultiplyactivated,thestateissettorunningifanyinstanceofthetaskisrunning.

Status:

Standard:•Noerror,E_OK

Extended:•Taskisinvalid,E_OS_IDConformance:BCC1,BCC2,ECC1,ECC212.2.4ConstantsRUNNING•ConstantofdatatypeTaskStateTypefortaskstaterunning.WAITINGREADY

SUSPENDEDINVALID_TASK

•ConstantofdatatypeTaskStateTypefortaskstatewaiting.•ConstantofdatatypeTaskStateTypefortaskstateready.•ConstantofdatatypeTaskStateTypefortaskstatesuspended.•ConstantofdatatypeTaskTypeforanotdefinedtask.

52©byOSEKOSEKOS2.1

OSEK/VDX12.2.5Namingconvention

OperatingSystemSpecification2.1Theoperationsystemmustbeabletoassigntheentryaddressofthetaskfunctiontothenameofthecorrespondingtaskforidentification.Withtheentryaddresstheoperatingsystemisabletocallthetask.

Withintheapplication,ataskisdefinedaccordingtothefollowingpattern:

TASK(TaskName){}

WiththemacroTASKtheusermayusethesamenamefor\"taskidentification\"and\"nameoftaskfunction\".

ThetaskidentificationwillbegeneratedfromtheTaskNameduringsystemgenerationtime.10

12.3Interrupthandling

12.3.1DatatypesIntDescriptorType

Datatypeforlogicalinterruptmasks.IntDescriptorRefType

Referencetothelogicalinterruptmask,thisdatatypeusuallyisimplementedas\"pointertoIntDescriptorType\".12.3.2Systemservices12.3.2.1EnterISRSyntax:

Parameter(In):Parameter(Out):Description:

Particularities:

voidEnterISR(void)nonenone

EnterISRestablishestheconditionsneededtorequestOSservicesinaninterruptserviceroutinecategory3(seeparticularities).InsideEnterISRthefollowingfunctionsareexecutedifneeded:

•Registrationoftheswitchingtotheinterruptlevelinsidetheoperatingsystem.

•Switchofthecurrentcontext(e.g.totheISRstack).

EnterISRestablishesinISRscategory3thepossibilitytouseoperatingsystemservices.ItisnecessarytoplaceEnterISRbeforethefirstcallofanoperatingsystemservice.

ThedetailedimplementationofEnterISRdependsonthetargetsystem.Itisexplicitlyallowedtousesystemspecificvariations.

Thepre-processorcouldforexamplegeneratethenameofthetaskfunctionbyusingthepre-processorsymbolsequence##toaddastring„Func“tothetaskname:

#defineTASK(TaskName)StatusTypeFunc##TaskName(void)Withthismacro,TASK(MyTask)hastheentryfunctionFuncMyTaskOSEKOS2.1

©byOSEK

53

10

OSEK/VDXOperatingSystemSpecification2.1ThecalltothisserviceisonlyallowedinISRscategory3,butthespecificationdoesnotforceanerrorstatus.Forexamplesomemicrocontrollerscannotperformthetest\"calledoutsidefromISR\".Butasystemanalysistoolmaycheckwhetherthecallisperformedwithintasklevel.

ThisserviceisacounterpartofLeaveISRservice(seeChapter5).

Status:

Standard:Extended:Conformance:12.3.2.2LeaveISRSyntax:

Parameter(In):Parameter(Out):Description:

nonenone

BCC1,BCC2,ECC1,ECC2

Particularities:

voidLeaveISR(void)nonenone

LeaveISRisthecounterpartofEnterISRandresetstheconditionstorequestoperatingsystemservicesinanISRcategory3.LeaveISRmayonlybecalledafterEnterISRhasbeencalled.

ThisfunctiondoesnotimplythereturnfromISRalthoughithastobethelaststatementexecutedintheISR.

ThecalltothisserviceisonlyallowedinISRscategory3.

ThedetailedimplementationofLeaveISRdependsonthetargetsystem.Itisexplicitlyallowedtousesystemspecificvariations.

nonenone

BCC1,BCC2,ECC1,ECC2

Status:

Standard:Extended:Conformance:

12.3.2.3EnableInterruptSyntax:StatusTypeEnableInterrupt(IntDescriptorType)Parameter(In):

DescriptorHardwaredependentparameterforselectionsofinterrupt

sourcestoenable.In,a\"1\"means\"enable\".

Parameter(Out):noneDescription:Thisserviceallowsenablingofseveralinterruptsources

simultaneously.

Particularities:TheservicemaybecalledfromanISRandfromthetasklevel,

butnotfromhookroutines.

TosavethecurrentstateofinterruptsourcestheapplicationmustuseGetInterruptDescriptorbefore.

Theimplementationhastoadaptthisservicetothetargethardware.

©byOSEK

OSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.1Ifnotallrequestedinterruptsourcesaredisabled,thisserviceisneverthelessexecutedforthedisabledinterruptsourcesandreturnsE_OS_NOFUNCinExtendedStatus.

Status:

Standard:Extended:Conformance:

•Noerror,E_OK

•Atleastoneoftheinterruptsourceswasnotdisabled,E_OS_NOFUNC

BCC1,BCC2,ECC1,ECC2

12.3.2.4DisableInterruptSyntax:StatusTypeDisableInterrupt(IntDescriptorType)Parameter(In):

DescriptorHardwaredependentparameterforselectionsofinterrupt

sourcestodisable.In,a\"1\"means\"disable\".

Parameter(Out):noneDescription:Thisserviceallowsdisablingofseveralinterruptsources

simultaneously.

Particularities:TheservicemaybecalledfromanISRandfromthetasklevel,

butnotfromhookroutines.

TosavethecurrentstateofinterruptsourcestheapplicationmustuseGetInterruptDescriptorbefore.

Theimplementationhastoadaptthisservicetothetargethardware.

Ifnotallrequestedinterruptsourcesareenabled,thisserviceisneverthelessexecutedfortheenabledinterruptsourcesandreturnsE_OS_NOFUNCinExtendedStatus.

Status:

Standard:•Noerror,E_OK

Extended:•Atleastoneinterruptsourcewasnotenabled,E_OS_NOFUNCConformanceBCC1,BCC2,ECC1,ECC212.3.2.5GetInterruptDescriptorSyntax:StatusTypeGetInterruptDescriptor(IntDescriptorRefType

)

Parameter(In):noneParameter(Out):

DescriptorReferencetocurrentstatusofinterruptsources.In

allinterruptsources,whichareenabled,aremarkedby\"1\“0”otherwise.

Description:QueryofinterruptstatusParticularities:TheservicemaybecalledfromanISR,tasklevel,andsome

hookroutines(seeFigure10-1).

Theimplementationhastoadaptthisservicetothetargethardware.

OSEKOS2.1©byOSEK55

OSEK/VDXStatus:

Standard:Extended:Conformance:

•Noerror,E_OK•none

BCC1,BCC2,ECC1,ECC2

OperatingSystemSpecification2.112.3.2.6EnableAllInterruptsSyntax:voidEnableAllInterrupts(void)Parameter(In):

DescriptornoneParameter(Out):noneDescription:ThisservicerestoresthestatesavedbyDisableAllInterrupts.Particularities:TheservicemaybecalledfromanISRandfromthetasklevel,

butnotfromhookroutines.

ThisserviceisacounterpartofDisableAllInterruptsservice,anditsaimisthecompletionofthecriticalsectionofcode.NoAPIservicecallsareallowedwithinthiscriticalsection.

Theimplementationshouldadaptthisservicetothetargethardwareprovidingaminimumoverhead.Usuallythisserviceenablesrecognitionofinterruptsbythecentralprocessingunit.

Status:

Standard:•noneExtended:•noneConformance:BCC1,BCC2,ECC1,ECC212.3.2.7DisableAllInterruptsSyntax:voidDisableAllInterrupts(void)Parameter(In):

DescriptornoneParameter(Out):noneDescription:Thisserviceallowsdisablingofallinterruptssupportedbythe

hardware.ThestatebeforeissavedfortheEnableAllInterruptscall.

Particularities:TheservicemaybecalledfromanISRandfromthetasklevel,

butnotfromhookroutines.

Thisserviceisintendedtostartacriticalsectionofthecode.ThissectionmustbefinishedbycallingtheEnableAllInterruptsservice.NoAPIservicecallsareallowedwithinthiscriticalsection.

Theimplementationshouldadaptthisservicetothetargethardwareprovidingaminimumoverhead.Usuallythisservicedisablesrecognitionofinterruptsbythecentralprocessingunit.Notethatthisservicedoesnotsupportnesting.Ifnestingisneededforcriticalsectionse.g.forlibrariesSuspendOSInterruptsandResumeOSInterruptsshouldbeused.

56

©byOSEK

OSEKOS2.1

OSEK/VDXStatus:

Standard:Extended:Conformance:

•none•none

BCC1,BCC2,ECC1,ECC2

OperatingSystemSpecification2.112.3.2.8ResumeOSInterruptsSyntax:voidResumeOSInterrupts(void)Parameter(In):

DescriptornoneParameter(Out):noneDescription:Thisservicerestorestherecognitionstatusofinterruptssaved

bytheSuspendOSInterruptsservice.

Particularities:TheservicemaybecalledfromanISRandfromthetasklevel,

butnotfromhookroutines.

ThisserviceisthecounterpartofSuspendOSInterruptsservice,anditsaimisthecompletionofthecriticalsectionofcode.NoAPIservicecallsbesideSupendOSInterrupts/ResumeOSInterruptsareallowedwithinthiscriticalsection.Theimplementationshouldadaptthisservicetothetargethardwareprovidingaminimumoverhead.

IncaseofnestingpairsofthecallsSuspendOSInterruptsandResumeOSInterruptstheinterruptrecognitionstatussavedbythefirstcallofSuspendOSInterruptsisrestoredbythelastcalloftheResumeOSInterruptsservice.

Status:

Standard:•noneExtended:•noneConformance:BCC1,BCC2,ECC1,ECC212.3.2.9SuspendOSInterruptsSyntax:voidSuspendOSInterrupts(void)Parameter(In):

DescriptornoneParameter(Out):noneDescription:Thisservicesavestherecognitionstatusofinterruptsof

categories2and3anddisablestherecognitionoftheseinterrupts.

Particularities:TheservicemaybecalledfromanISRandfromthetasklevel,

butnotfromhookroutines.

Thisserviceisintendedtoprotectacriticalsectionofcode.ThissectionmustbefinishedbycallingtheResumeOSInterruptsservice.NoAPIservicecallsbesideSupendOSInterrupts/ResumeOSInterruptsareallowedwithinthiscriticalsection.

OSEKOS2.1©byOSEK57

OSEK/VDXOperatingSystemSpecification2.1Theimplementationshouldadaptthisservicetothetargethardwareprovidingaminimumoverhead.

Itisintendedonlytodisableinterruptsofcategory2and3.Howeverifthisisnotpossibleinanefficientwaymoreinterruptsmaybedisabled.

Status:

Standard:Extended:Conformance:

•none•none

BCC1,BCC2,ECC1,ECC2

12.3.3Constants

INITIAL_INTERRUPT_DESCRIPTOR

•ConstantofdatatypeIntDescriptorType(seechapter10.3,Systemstart-up).12.3.4Namingconvention

Withintheapplication,aninterruptserviceroutineofcategory2isdefinedaccordingtothefollowingpattern:

ISR(FuncName){}

ThekeywordISRisevaluatedbythesystemgenerationtoclearlydistinguishbetweenfunc-tionsandinterruptserviceroutinesinthesourcecode.

Forcategory1and3interruptserviceroutinesnonamingconventionsareprescribed,theirdefinitionisimplementationspecific.

12.4Resourcemanagement

12.4.1DatatypesResourceTypeDatatypeforaresource.

12.4.2Constructionalelements

12.4.2.1DeclareResourceSyntax:DeclareResource(ResourceIdentifier)Parameter(In):

-Resourceidentifier(C-identifier)

Description:DeclareResourceservesasanexternaldeclarationofare-source.Thefunctionanduseofthisservicearesimilartothat

oftheexternaldeclarationofvariables.

Particularities:-Conformance:BCC1,BCC2,ECC1,ECC2

58©byOSEKOSEKOS2.1

OSEK/VDX12.4.3Systemservices

OperatingSystemSpecification2.112.4.3.1GetResourceSyntax:StatusTypeGetResource(ResourceType)Parameter(In):

ResIDReferencetoresourceParameter(Out):noneDescription:Thiscallservestoentercriticalsectionsinthecodethatare

assignedtotheresourcereferencedby.AcriticalsectionmustalwaysbeleftusingReleaseResource.

Particularities:TheOSEKpriorityceilingprotocolforresourcemanagementis

describedinchapter7.5.

Nestedresourceoccupationisonlyallowediftheinnercriticalsectionsarecompletelyexecutedwithinthesurroundingcriticalsection(strictlystacked,seechapter7.2,Restrictionswhenusingresources).Nestedoccupationofoneandthesameresourceisalsoforbidden!

CorrespondingcallstoGetResourceandReleaseResourceshouldappearwithinthesamefunctiononthesamefunctionlevel.

Serviceswhichputtherunningtaskintothestatesuspendedorwaitingmustnotbeusedincriticalsections(i.e.TerminateTask,ChainTaskandWaitEvent).

Generallyspeaking,criticalsectionsshouldbeshort.

TheservicemaybecalledfromanISRandfromtasklevel(seeFigure10-1).

Status:

Standard:•Noerror,E_OK

Extended:•Resourceisinvalid,E_OS_ID

•AttempttogetresourcewhichisalreadyoccupiedbyanytaskorISR,ortheassignedpriorityofthecallingtaskorinterruptroutineishigherthanthecalculatedceilingpriority,E_OS_ACCESSConformance:

BCC1,BCC2,ECC1,ECC2

12.4.3.2ReleaseResourceSyntax:StatusTypeReleaseResource(ResourceType)Parameter(In):

ResIDReferencetoresourceParameter(Out):noneDescription:ReleaseResourceisthecounterpartofGetResourceand

servestoleavecriticalsectionsinthecodethatareassignedtotheresourcereferencedby.

OSEKOS2.1©byOSEK59

OSEK/VDXParticularities:

OperatingSystemSpecification2.1Forinformationonnestingconditions,seeparticularitiesofGetResource.

TheservicemaybecalledfromanISRandfromtasklevel(seeFigure10-1).

•Noerror,E_OK

•Resourceisinvalid,E_OS_ID

•AttempttoreleasearesourcewhichisnotoccupiedbyanytaskorISR,oranotherresourcehastobereleasedbeforeE_OS_NOFUNC

•AttempttoreleasearesourcewhichhasalowerceilingprioritythantheassignedpriorityofthecallingtaskorinterruptroutineE_OS_ACCESS

BCC1,BCC2,ECC1,ECC2

Status:

Standard:Extended:

Conformance:

12.4.4Constants

RES_SCHEDULER•ConstantofdatatypeResourceType(seechapter7,Resource

management).

12.5Eventcontrol

12.5.1DatatypesEventMaskType

Datatypeoftheeventmask.EventMaskRefTypeReferencetoaneventmask.12.5.2Constructionalelements

12.5.2.1DeclareEventSyntax:DeclareEvent(EventIdentifier)Parameter(In):

Eventidentifier(C-identifier)Description:DeclareEventservesasanexternaldeclarationofanevent.

Thefunctionanduseofthisservicearesimilartothatoftheexternaldeclarationofvariables.

Particularities:-Conformance:ECC1,ECC212.5.3Systemservices

12.5.3.1SetEventSyntax:StatusTypeSetEvent(TaskType

EventMaskType)

60©byOSEKOSEKOS2.1

OSEK/VDXParameter(In):

TaskIDMask

Parameter(Out):Description:

OperatingSystemSpecification2.1Particularities:Status:

Standard:Extended:

Referencetothetaskforwhichoneorseveraleventsaretobeset.

Maskoftheeventstobesetnone

Theservicemaybecalledfromaninterruptserviceroutineandfromthetasklevel,butnotfromhookroutines.

Theeventsoftaskaresetaccordingtotheeventmask.CallingSetEventcausesthetasktobetransferredtothereadystate,ifitwaswaitingforatleastoneoftheeventsspecifiedin.

Anyeventsnotsetintheeventmaskremainunchanged.••••

Noerror,E_OK

Taskisinvalid,E_OS_ID

Referencedtaskisnoextendedtask,E_OS_ACCESSEventscannotbesetasthereferencedtaskisinthesuspendedstate,E_OS_STATEECC1,ECC2

Conformance:

12.5.3.2ClearEventSyntax:StatusTypeClearEvent(EventMaskType)Parameter(In)

MaskMaskoftheeventstobeclearedParameter(Out)noneDescription:TheeventsoftheextendedtaskcallingClearEventarecleared

accordingtotheeventmask.

Particularities:ThesystemserviceClearEventisrestrictedtoextendedtasks

whichowntheevent.

Status:

Standard:•Noerror,E_OK

Extended:•Callnotfromextendedtask,E_OS_ACCESS

•Callatinterruptlevel,E_OS_CALLEVEL

Conformance:ECC1,ECC212.5.3.3GetEventSyntax:StatusTypeGetEvent(TaskType

EventMaskRefType)

Parameter(In):

TaskIDTaskwhoseeventmaskistobereturned.Parameter(Out):

EventReferencetothememoryofthereturndata.Description:Thisservicereturnsthecurrentstateofalleventbitsofthetask

,nottheeventsthattaskiswaitingfor.

OSEKOS2.1©byOSEK61

OSEK/VDXOperatingSystemSpecification2.1Particularities:Status:

Standard:Extended:

Theservicemaybecalledfrominterruptserviceroutines,tasklevelandsomehookroutines(seeFigure10-1).

Thecurrentstatusoftheeventmaskoftaskiscopiedto.

Thereferencedtaskmustbeanextendedtask.•Noerror,E_OK

•Taskisinvalid,E_OS_ID

•Referencedtaskisnotanextendedtask,E_OS_ACCESS

•Referencedtaskisinthesuspendedstate,E_OS_STATEECC1,ECC2

Conformance:

12.5.3.4WaitEventSyntax:

Parameter(In):

Mask

Parameter(Out):Description:Particularities:

StatusTypeWaitEvent(EventMaskType)

Maskoftheeventswaitedfor.none

Thestateofthecallingtaskissettowaiting,unlessatleastoneoftheeventsspecifiedinhasalreadybeenset.Thiscallenforcestherescheduling,ifthewaitconditionoccurs.Thisservicemaybecalledfromtheextendedtaskowningtheevent.

Noerror,E_OK

Callingtaskisnotanextendedtask,E_OS_ACCESSCallingtaskoccupiesresources,E_OS_RESOURCECallatinterruptlevel,E_OS_CALLEVELECC1,ECC2

Status:

Standard:Extended:

••••

Conformance:

12.6Alarms

12.6.1DatatypesTickType

Thisdatatyperepresentscountvaluesinticks.TickRefType

ThisdatatypepointstothedatatypeTickType.AlarmBaseType

Thisdatatyperepresentsastructureforstorageofcountercharacteristics.Theindividualelementsofthestructureare:maxallowedvalue•Maximumpossibleallowedcountvalueinticks

62

©byOSEK

OSEKOS2.1

OSEK/VDXticksperbasemincycle

OperatingSystemSpecification2.1•Numberofticksrequiredtoreachacounter-specific(significant)unit.

•Smallestallowedvalueforthecycle-parameterof

SetRelAlarm/SetAbsAlarm)(onlyforsystemswithextendedstatus).

AllelementsofthestructureareofdatatypeTickType.AlarmBaseRefType

ThisdatatypepointstothedatatypeAlarmBaseType.AlarmType

Thisdatatyperepresentsanalarmobject.12.6.2Constructionalelements

12.6.2.1DeclareAlarmSyntax:DeclareAlarm(AlarmIdentifier)Parameter(In):

Alarmidentifier(C-identifier)

Description:DeclareAlarmservesasexternaldeclarationofanalarm

element.

Particularities:Conformance:BCC1,BCC2,ECC1,ECC212.6.3Systemservices

12.6.3.1GetAlarmBaseSyntax:StatusTypeGetAlarmBase(Parameter(In):

AlarmIDParameter(Out):

InfoDescription:

AlarmType,

AlarmBaseRefType)

Referencetoalarm

Referencetostructurewithconstantsofthealarmbase.

ThesystemserviceGetAlarmBasereadsthealarmbasecharacteristics.ThereturnvalueisastructureinwhichtheinformationofdatatypeAlarmBaseTypeisstored.

Allowedontasklevel,ISR,andinseveralhookroutines(seeFigure10-1).

•Noerror,E_OK

•Alarmisinvalid,E_OS_IDBCC1,BCC2,ECC1,ECC2

Particularities:Status:

Standard:Extended:Conformance:

OSEKOS2.1©byOSEK63

OSEK/VDXOperatingSystemSpecification2.112.6.3.2GetAlarmSyntax:StatusTypeGetAlarm(AlarmType

TickRefType)

Parameter(In):

AlarmIDReferencetoanalarmParameter(Out):

TickRelativevalueinticksbeforethealarmexpires.Description:ThesystemserviceGetAlarmreturnstherelativevalueinticks

beforethealarmexpires.

Particularities:Itisuptotheapplicationtodecidewhetherforexamplea

CancelAlarmmaystillbeuseful.

Ifisnotinuse,isnotdefined.

Allowedontasklevel,ISR,andinseveralhookroutines(seeFigure10-1).Status:

Standard:•Noerror,E_OK

•Alarmisnotused,E_OS_NOFUNC

Extended:•Alarmisinvalid,E_OS_IDConformance:BCC1,BCC2,ECC1,ECC212.6.3.3SetRelAlarmSyntax:StatusTypeSetRelAlarm(AlarmType,

TickType,TickType)

Parameter(In):

AlarmIDReferencetothealarmelementincrementRelativevalueintickscycleCyclevalueincaseofcyclicalarm.Incaseofsinglealarms,

cyclehastobezero.

Parameter(Out):noneDescription:Thesystemserviceoccupiesthealarmelement.

Aftertickshaveelapsed,thetaskassignedtothealarmisactivatedortheassignedevent(onlyforextendedtasks)isset.

Particularities:Thebehaviourofequalto0isuptothe

implementation.

Iftherelativevalueisverysmall,thealarmmayexpire,andthetaskmaybecomereadybeforethesystemservicereturnstotheuser.

Ifisunequalzero,thealarmelementisloggedonagainimmediatelyafterexpirywiththerelativevalue.Thealarmmustnotalreadybeinuse.

Tochangevaluesofalarmsalreadyinusethealarmhastobecancelledfirst.

Ifthealarmisalreadyinuse,thiscallwillbeignoredandtheerrorE_OS_STATEisreturned.

©byOSEK

OSEKOS2.1

OSEK/VDXStatus:

Standard:

Extended:

••••

OperatingSystemSpecification2.1AllowedontasklevelandinISR,butnotinhookroutines.Noerror,E_OK

Alarmisalreadyinuse,E_OS_STATEAlarmisinvalid,E_OS_ID

Valueofoutsideoftheadmissiblelimits(lowerthanzeroorgreaterthanmaxallowedvalue),E_OS_VALUE

•Valueofunequalto0andoutsideoftheadmissiblecounterlimits(lessthanmincycleorgreaterthanmaxallowedvalue),E_OS_VALUE

Conformance:

BCC1,BCC2,ECC1,ECC2;EventsonlyECC1,ECC2

12.6.3.4SetAbsAlarmSyntax:StatusTypeSetAbsAlarm(

AlarmType,

TickType,TickType)

Parameter(In):

AlarmIDstartcycleParameter(Out):Description:

Particularities:

ReferencetothealarmelementAbsolutevalueinticks

Cyclevalueincaseofcyclicalarm.Incaseofsinglealarms,cyclehastobe=zero.none

Thesystemserviceoccupiesthealarmelement.Whenticksarereached,thetaskassignedtothealarmisactivatedortheassignedevent(onlyforextendedtasks)isset.

Iftheabsolutevalueisveryclosetothecurrentcountervalue,thealarmmayexpire,andthetaskmaybecomereadybeforethesystemservicereturnstotheuser.

Iftheabsolutevaluealreadywasreachedbeforethesystemcall,thealarmwillonlyexpirewhentheabsolutevaluewillbereachedagain,i.e.afterthenextoverrunofthecounter.

Ifisunequalzero,thealarmelementisloggedonagainimmediatelyafterexpirywiththerelativevalue.Thealarmmustnotalreadybeinuse.

Tochangevaluesofalarmsalreadyinusethealarmhastobecancelledfirst.

Ifthealarmisalreadyinuse,thiscallwillbeignoredandtheerrorE_OS_STATEisreturned.

AllowedontasklevelandinISR,butnotinhookroutines.•Noerror,E_OK

•Alarmisalreadyinuse,E_OS_STATE

©byOSEK

65

Status:

Standard:

OSEKOS2.1

OSEK/VDXExtended:

OperatingSystemSpecification2.1•Alarmisinvalid,E_OS_ID

•Valueofoutsideoftheadmissiblecounterlimit(lessthanzeroorgreaterthanmaxallowedvalue),E_OS_VALUE•Valueofunequalto0andoutsideoftheadmissiblecounterlimits(lessthanmincycleorgreaterthanmaxallowedvalue),E_OS_VALUE

Conformance:BCC1,BCC2,ECC1,ECC2;EventsonlyECC1,ECC2

12.6.3.5CancelAlarmSyntax:StatusTypeCancelAlarm(AlarmType)Parameter(In):

AlarmIDReferencetoanalarmParameter(Out):noneDescription:Thesystemservicecancelsthealarm.Particularities:AllowedontasklevelandinISR,butnotinhookroutines.

Status:

Standard:•Noerror,E_OK

•Alarmnotinuse,E_OS_NOFUNC

Extended:•Alarmisinvalid,E_OS_IDConformance:BCC1,BCC2,ECC1,ECC212.6.4Constants

Therealwaysexistsatleastonecounterwhichisatimecounter(systemcounter).Tofacilitateprogrammingofthiscounter,thereturnvaluesofthecallGetAlarmBasearealsodefinedasconstants.

OSMAXALLOWEDVALUE•Maximumpossibleallowedvalueofthesystemcounterinticks.OSTICKSPERBASEOSMINCYCLE

•Numberofticksrequiredtoreachspecificunitofthesystemcounter.

•Minimumallowednumberofticksforacyclicalarm.

Additionallythefollowingconstantissupplied:OSTICKDURATION•Durationofatickofthesystemcounterinnanoseconds.

12.7Operatingsystemexecutioncontrol

12.7.1DatatypesAppModeType

Thisdatatyperepresentstheapplicationmode.

66©byOSEKOSEKOS2.1

OSEK/VDX12.7.2Systemservices

OperatingSystemSpecification2.112.7.2.1GetActiveApplicationModeSyntaxAppModeTypeGetActiveApplicationMode(void)Description:Thisservicereturnsthecurrentapplicationmode.Itmaybe

usedtowritemodedependentcode.

Particularities:Seechapter4.8forageneraldescriptionofapplicationmodes.

Allowedfortask,ISRandallhookroutines.

Conformance:BCC1,BCC2,ECC1,ECC212.7.2.2StartOSSyntax

Parameter(In):

Mode

Parameter(Out):Description:Particularities:

voidStartOS(AppModeType)

applicationmodenone

Theusercancallthissystemservicetostarttheoperatingsysteminaspecificmode,seechapter4.8,Applicationmodes.Onlyallowedoutsideoftheoperatingsystem,thereforeimplementationspecificrestrictionsmayapply.Seealsochapter10.3,Systemstart-up.Thiscalldoesnotneedtoreturn.

BCC1,BCC2,ECC1,ECC2

Conformance:

12.7.2.3ShutdownOSSyntaxvoidShutdownOS(StatusType)Parameter(In):

ErrorerroroccurredParameter(Out):noneDescription:Theusercancallthissystemservicetoaborttheoverall

system(e.g.emergencyoff).Theoperatingsystemalsocallsthisfunctioninternally,ifithasreachedanundefinedinternalstateandisnolongerreadytorun.

IfaShutdownHookisconfiguredthehookroutineShutdownHookisalwayscalled(withasargument)beforeshuttingdowntheoperatingsystem.

IfShutdownHookreturns,furtherbehaviourofShutdownOSisimplementationspecific.

Particularities:Afterthisservicetheoperatingsystemisshutdown.

Allowedattasklevel,ISRlevel,inErrorHookandStartupHook,andalsocalledinternallybytheoperatingsystem.

IftheoperatingsystemcallsShutdownOSitneverusesE_OKasthepassedparametervalue.

Conformance:BCC1,BCC2,ECC1,ECC2

OSEKOS2.1©byOSEK67

OSEK/VDX12.7.3ConstantsOSDEFAULTAPPMODE

OperatingSystemSpecification2.1•Defaultapplicationmode,alwaysavalidparametertoStartOS.

12.8Hookroutines

Thespecificationallowsforimplementationspecificadditionalparametersinhookroutines.Inthefollowingdescriptiononlymandatoryparametersarelisted.12.8.1ErrorHookSyntax

Parameter(In):

Error

Parameter(Out):Description:

voidErrorHook(StatusType)

erroroccurrednone

ThishookroutineiscalledbytheoperatingsystemattheendofasystemservicewhichreturnsStatusTypenotequalE_OK.Itiscalledbeforereturningtothetasklevel.

Thishookroutineiscalledwhenanalarmexpiresandanerrorisdetectedduringtaskactivationoreventsetting.

TheErrorHookisnotcalled,ifasystemservicecalledfromErrorHookdoesnotreturnE_OKasstatusvalue.AnyerrorbycallingofsystemservicesfromtheErrorHookcanonlybedetectedbyevaluatingthestatusvalue.

Seechapter10.1forgeneraldescriptionofhookroutines.BCC1,BCC2,ECC1,ECC2

Particularities:Conformance:

12.8.2PreTaskHookSyntaxvoidPreTaskHook(void)Parameter(In):noneParameter(Out):noneDescription:Thishookroutineiscalledbythetheoperatingsystembefore

executinganewtask,butafterthetransitionofthetasktotherunningstate(toallowevaluationoftheTaskIDbyGetTaskID).

Particularities:Seechapter10.1forgeneraldescriptionofhookroutines.Conformance:BCC1,BCC2,ECC1,ECC212.8.3PostTaskHookSyntaxvoidPostTaskHook(void)Parameter(In):noneParameter(Out):noneDescription:Thishookroutineiscalledbytheoperatingsystemafter

executingthecurrenttask,butbeforeleavingthetask'srunningstate(toallowevaluationoftheTaskIDbyGetTaskID).

Particularities:Seechapter10.1forgeneraldescriptionofhookroutines.Conformance:BCC1,BCC2,ECC1,ECC2

68©byOSEKOSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.112.8.4StartupHookSyntaxvoidStartupHook(void)Parameter(In):noneParameter(Out):noneDescription:Thishookroutineiscalledbytheoperatingsystemattheend

oftheoperatingsysteminitialisationandbeforetheschedulerisrunning.Atthistimetheapplicationcanstarttasks,initialisedevicedriversetc.

Particularities:Seechapter10.1forgeneraldescriptionofhookroutines.Conformance:BCC1,BCC2,ECC1,ECC212.8.5ShutdownHookSyntaxvoidShutdownHook(StatusType)Parameter(In):

ErrorerroroccurredParameter(Out):noneDescription:Thishookroutineiscalledbytheoperatingsystemwhenthe

OSserviceShutdownOShasbeencalled.Thisroutineiscalledduringtheoperatingsystemshutdown.

Particularities:ShutdownHookisahookroutineforuserdefinedshutdown

functionality,seechapter10.4.

Conformance:BCC1,BCC2,ECC1,ECC2

OSEKOS2.1©byOSEK69

OSEK/VDXOperatingSystemSpecification2.113Implementationandapplicationspecifictopics

Thischapterisnotnormativenormandatory.Itprovidesinformationforimplementersandapplicationprogrammers.

13.1Implementationhints.

OSEKspecifiesanoperatingsysteminterfaceanditsfunctionality.Implementationaspectsarenotprescribed.Thereisnorestrictionontheimplementationoftheoperatingsystemaslongastheimplementationcorrespondstoanyofthedefinedconformanceclasses.13.1.1Aspectsofimplementation

Therangeofautomotiveapplicationsvariesgreatlysuchthatnoperformancecharacteristicsoftheoperatingsystemimplementationcanbespecified,i.e.astotheexecutiontimeandmemoryspacerequired.

Asaresult,• theOSEKoperatingsystemcanbeimplementedwithvariousdegreesofefficiency.• Thelinkerneedsonlytolinkthoseobjectsandservicesoftheoperatingsystemwhich

areactuallyused.• theoperatingsystemusedinaproduct(e.g.inacontrolunit'sEPROM)cannotbede-scribedasOSEKoperatingsystem,butasanoperatingsystemwhichconformstoan

OSEKoperatingsystemconformanceclass.• thetoolenvironmentoftheoperatingsystemconfigurationandinitialisationisnotpartof

theoperatingsystemspecificationandthereforeimplementation-specific.• commercialsystemswhichprovidetheuserwithallOSEKoperatingsystemspecific

servicesandtheirfunctionalitiesviaanOSEKadaptationlayer,arealsoOSEKoperatingsystemcompliant.Theyarecompliantirrespectiveoftheiractualsuitabilityforcontrolunitsasregardsthememoryspacetheyrequireandtheirprocessingspeed.Theconformanceclassselectedforanapplicationsoftwareisdeterminedbytheneedsonfunctionalityandflexibility.

Thereal-timebehaviouroftheapplicationsoftwareusedwithaspecifichardwareisalsodefinedbythequalityofimplementation.

13.1.2Parametersofimplementation

Theoperatingsystemvendorprovidesalistofparametersspecifyingtheimplementation.Detailedinformationisrequiredconcerningthefunctionality,performanceandmemorydemand.Furthermorethebasicconditionstoreproducethemeasurementofthoseparametershavetobementioned,e.g.functionality,targetCPU,clockspeed,busconfiguration,waitstatesetc.

13.1.2.1Functionality

• Maximumnumberoftasks

• Maximumnumberofnotsuspendedtasks• Maximumnumberofpriorities

70

©byOSEK

OSEKOS2.1

OSEK/VDX• • • •

OperatingSystemSpecification2.1Numberoftasksperpriority(forBCC2andECC2)

Upperlimitfornumberoftaskactivations(mustbe\"1\"forBCC1andextendedtasks)Maximumnumberofeventspertask

Limitsforthenumberofalarmobjects(persystem/pertask)

• Limitsforthenumberofnestedresources(persystem/pertask)• LowestprioritylevelusedinternallybytheOS13.1.2.2Hardwareresources

• RAMandROMrequirementforeachoftheoperatingsystemcomponents• Sizeforeachlinkablemodule

• ApplicationdependentRAMandROMrequirementsforoperatingsystemdata(e.g.bytesRAMpertask,RAMrequiredperalarm,...)

• Executioncontextoftheoperatingsystem(e.g.sizeofOSinternaltables)• TimerunitsreservedfortheOS

• Interrupts,trapsandotherhardwareresourcesoccupiedbytheoperatingsystem13.1.2.3Performance

• Totalexecutiontimeforeachservice11

• OSstart-uptime(beginningofStartOSuntilexecutionoffirsttaskinstandardmode)withoutinvokinghookroutines

• Interruptlatency12forISRsofcategory1,2and3• Taskswitchingtimesforalltypesofswitching13• Baseloadofsystemwithoutapplicationsrunning

Allperformancefiguresshallbestatedasminimumandmaximum(worstcase)values.13.1.2.4Configurationofruntimecontext

Aruntimecontextisassignedtoeachtask.Thisreferstoallmemoryresourcesofthetaskwhichareoccupiedatthebeginningoftheexecutiontime,andwhicharereleasedagainoncethetaskisterminated.Typicallytheruntimecontextconsistsofsomeregisters,ataskcontrolblockandacertainamountofstacktooperate.

Dependingonthedesignoftasks(e.g.typeandpre-emptibility)anddependingontheschedulingmechanism(non-,mixed-orfullpre-emptive)theruntimecontextmayhave

11

Thetimeofexecutionmaydependonthecurrentstateofthesystem,e.g.therearedifferentexecutiontimesof\"SetEvent\"dependingonthestateofthetask(waitingorready).Thereforecomparableresultshavetobeextractedfromacommonbenchmarkprocedure.

TimebetweeninterruptrequestandexecutionofthefirstinstructionofusercodeinsidetheISR.A

comparisonofinterruptlatenciesofISRsfromcategory1toISRsfromcategory2or3specifiestheoperatingsystemoverhead.

12

13

Shouldbemeasuredfromthelastuserinstructionoftheprecedingtasktothefirstuserinstructionofthefollowingtasksothatalloverheadiscovered.Taskswitchingtypesaredifferentfor:normalterminationofatask,terminationforcedbyChainTask(),preemptivetaskswitch,taskactivationwhenOSidletaskisrunning,alarmtriggeredtaskactivationandtaskactivationsfromISRsoftypes2and3.

©byOSEK

71

OSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.1differentsizes.Taskswhichcanneverpre-empteachothermaybeexecutedinthesameruntimecontextinordertoachieveanefficientutilisationoftheavailableRAMspace.

Theoperatingsystemvendorshouldprovideinformationabouttheimplementedhandlingoftheruntimecontext(e.g.onecontextpertaskoronecontextperprioritylevel).ConsideringthisinformationtheusermayoptimisethedesignofhisapplicationregardingRAMrequirementsversusruntimeefficiency.

13.2Applicationdesignhints

ThepurposeofthischapteristoprovideadditionalinformationaboutpossibleproblemswhichmightarisewhendesigningapplicationsfortheOSEKoperatingsystem.Notalloftheconsequencesforthesystemdesigncanbementionedinthespecificationitself.OtherdesignhintsresultfromtheexperienceofcurrentECUapplications.13.2.1Resourcemanagement

Someaspectsarementionedinthischapterinordertoguaranteeaproperhandlingofallresources.

13.2.1.1OccupationinLIFOorder

EachaccesstoaresourceshouldbeencapsulatedwithcallstotheservicesGetResourceandReleaseResource.Resourceshavetobereleasedinreversedorderoftheiroccupation.Thefollowingcodesequenceisincorrectbecausefunctionfooisnotallowedtoreleaseresourceres_1.

TASK(incorrect){

GetResource(res_1);

/*somecodeaccessingresourceres_1*/...foo();...

ReleaseResource(res_2);}

voidfoo(){

GetResource(res_2);

/*codeaccessingresourceres_2*/...

ReleaseResource(res_1);}

Nestedresourceoccupationsisallowed.TheoccupationofresourceshastobeperformedinstrictLIFOorder(stackprinciple).Ifthecodeaccessingtheresourceasshownaboveispre-emptedbyataskwithhigherpriority(higherthantheceilingpriorityoftheresource),anotherresourcemightberequestedinthattaskleadingtoanestedresourceoccupationwhichconformstotheLIFOorder.

13.2.1.2CalllevelofAPI-services

TheOSEKAPI-servicesGetResourceandReleaseResourceshouldbecalledfromthesamefunctionalcalllevel.IffunctionfooiscorrectedconcerningtheLIFOorderofresourceoccupationlike:

voidfoo(void){72

©byOSEK

OSEKOS2.1

OSEK/VDXReleaseResource(res_1);GetResource(res_2);

/*somecodeaccessingresourceres_2*/...

ReleaseResource(res_2);}

OperatingSystemSpecification2.1therestillmaybeaproblembecauseReleaseResource(res_1)iscalledonadifferentlevelthanGetResource(res_1).CallingtheAPIservicesfromdifferentcalllevelsmightcauseproblemsinsomeimplementations.

13.2.1.3Resourcesstilloccupiedattasktermination

TheaccesstoaresourceshouldbeencapsulateddirectlybythecallsofGetResourceandReleaseResource.Otherwiseonemightmisstoreleasetheresourceandpossiblyterminatethetask.

GetResource(res_1);...

switch(condition){

caseCASE_1:

do_something1();

ReleaseResource(res_1);break;caseCASE_2:/*!!!WRONG:noreleaseof

/*resourcehere!!!

do_something2();break;default:

do_something3();

ReleaseResource(res_1);

}...

*/*/

Ifinstandardstatusoftheoperatingsystemataskterminateswithoutreleasingalloftheoccupiedresourcestheresultingbehaviourisnotdefinedbythespecification.Dependingontheimplementationoftheoperatingsystemtheresourcemaybelockedforeversincefurtheraccessesarerejectedbytheoperatingsystem.13.2.2PlacementofAPIcalls

Forthesamereasonsasabovementionedinchapter13.2.1.2theplacementofAPIservicesTerminateTaskandChainTaskiscrucialfortheoperatingsystem.Bothservicesareusedtoterminatetherunningtask.Callingtheseservicesfromasubroutinelevelofthetask,theoperatingsystemisresponsibleforacorrecttreatmentofthestackwhenterminatingthetask.Onesolutioncouldbetostorethepositionofthestackpointerattheentrypointoftherunningtaskandrestorethatvalueafterterminatingthetask.13.2.3Interruptserviceroutines

TheuserhastobeawareofsomepossibleerrorcaseswhenusingISRsofcategory1,2and3asdescribedinchapter5.

13.2.3.1LocalvariablesinISRsofcategory3

InISRsofcategory3theuserisallowedtowriteapplicationcodebeforetheoperatingsystemcontextisenteredusingtheserviceEnterISR.IfEnterISRswitchestoadifferentstack,automaticvariablesdefinedintheprecedingapplicationcodemightbenolongeraccessibleintheoperatingsystemcontext.

OSEKOS2.1

©byOSEK

73

OSEK/VDXOperatingSystemSpecification2.1TheapplicationcodeatthebeginningoftheISRmightnotbeportablebetweendifferentcompilerswhenusinglocalvariables.Thisisbecausetheconventionforregisterusageisnotalwaysthesameforcompilersfromdifferentmanufacturers.13.2.3.2Nestedinterruptsofdifferentcategories

Sinceallinterruptsareofhigherprioritythanthetasklevels,theprocessingofinterruptshastobeterminatedbeforethesystemreturnstotasklevel.IfanISRofcategory2interruptsanISRofcategory1thesystemwillcontinueprocessingofISR1afterISR2terminates.HavingtasksactivatedoreventssetfrominterruptlevelinISR2theoperatingsystemisnotinvokedafterterminationofISR1inordertoperformarescheduling.

Pleasenotethat,inthisrespect,anISR3,beforeEnterISRiscalled,actslikeanISRcategory1,afterwardslikeanISRcategory2.

InterruptISRofcategory1{ISRofcategory2{codewithoutcalltoanOSservicecodewithcalltoanOSservicee.g.ActivateTask();SetEvent();NoOScallattheendofISR1Figure13-1Nestedinterrupts

BecauseISRsofcategory1(orcategory3beforeEnterISR)donotrunundercontroloftheoperatingsystemtheOShasnopossibilitytoperformareschedulingwhentheISRterminates.ThusanyactivitiescorrespondingtothecallsoftheoperatingsystemintheinterruptingISR2(orISR3afterEnterISR)areunboundeddelayeduntilthenextreschedulingpoint.

Asaresultoftheproblemsdiscussedabove,eachsystemshouldsetuprulestoavoidtheseproblems.Theremaybespecificimplementationswhichcanavoidtheseproblems,ortheapplicationmighthavespecificpropertiessuchthattheseproblemscannotoccur(e.g.innonpre-emptivesystems).Therulesmustthereforetakeintoaccountboththespecificimplementationsandtheapplications.

However,formaximalapplicationportability,aneasyruleofthumbwhichalwaysworksisthefollowing:

• allinterruptsofcategory1havetohaveahigherorequalhardwareprioritycomparedwithinterruptsofcategory2.• allinterruptsofcategory3havetoshareonehardwareprioritynothigherthanthelowestcategory1interruptpriority,andnotlowerthanthehighestcategory2interruptpriority.

74

©byOSEK

OSEKOS2.1

OSEK/VDX13.2.3.3Directmanipulationofinterruptlevels

OperatingSystemSpecification2.1Directmanipulationofinterruptlevelsisnotportableandrestrictedbytheimplementation.13.2.4Priorityandpre-emption

Tasksarescheduledbytheoperatingsystemaccordingtotheirpriority.Ataskisdeclaredasbeingpre-emptive/nonpre-emptive(seechapter4.6.3).Theapplicationhastotreatthesetwotaskattributesinaconsistentmannertoavoidconflictsintherun-timebehaviourofthesystem.Carehastobetakenbecausenonpre-emptivetasksoflowerprioritydelaytasksofhigherpriority.

Typicallythepre-emptionofataskisassignedwhendesigning,whereaspriorityisconfiguredduringsystemintegration.Becausemanypeopleareinvolvedinlargersoftwareprojects,thedevelopmentprocesshastobeco-ordinatedprecisely.Toachieveawell-definedrun-timebehaviourofthesystemthisco-ordinationiscrucial.13.2.5ParametertopasstoShutdownOS

TheparameterpassedtoShutdownOSisalsopassedtotheShutdownHook.IftheoperatingsystemcallstheShutdownHook,thepassedparameterisanimplementationdependenterrorvalue.IftheusercallsShutdownOShehastouseoneoftheexistingerrornumbers.

Itisrecommendedtousetheerrornumberdescribedintheimplementationdocumentation.IfnospecificerrornumberforShutdownOSisdefined,itispossibletouseE_OKandtodistinguishthiswaybetweenoperatingsystemcallsofShutdownOSandapplicationcalls.13.2.6Errorhandling

Errorsintheapplicationsoftwarearetypicallycausedby:• Errorsonhandlingtheoperatingsystem,i.e.incorrectconfiguration/initialisation/

dimensioningoftheoperatingsystemorviolationsofrestrictionsregardingtheoperatingsystemservice.• Errorinsoftwaredesign,e.g.inappropriatechoiceoftaskpriorities,unprotectedcritical

sections,incorrectscalingoftime,inefficientconceptualdesignoftaskorganisationTestofimplementation

Breakpoints,tracesandtimestampscanbeintegratedindividuallyintotheapplicationsoftware.

Example:Theusercansettimestampsenablinghimtotracetheprogramexecutionatthefollowinglocationsbeforecallingoperatingsystemservices:• Whenactivatingorterminatingtasks.• Whensettingorclearingeventsinthecaseofextendedtasks.• Atexplicitpointsoftheschedule.• AtthebeginningortheendofISRs.• Whenoccupyingandreleasingresourcesoratcriticallocations.Timemonitoring

Theoperatingsystemneedsnotincludeatimemonitoringfeaturewhichensuresthateachoronly,e.g.thelowest-prioritytaskhasbeenactivatedinanycaseafteradefinedmaximumtimeperiod.

OSEKOS2.1

©byOSEK

75

OSEK/VDXOperatingSystemSpecification2.1Theusercanoptionallyusehookroutinesorestablishawatchdogtaskthattakes\"one-shotdisplays\"oftheoperatingsystemstatus.

Constructionalelements

Constructionalelements(e.g.DeclareTask)wereintroducedinOSEKOSasmeanstocreatereferencestosystemobjectsusedintheapplication.Likeexternaldeclarationsconstructorswouldbeplacedatthebeginningofsourcefiles.Withrespecttotheimplementationtheycanbeimplementedasmacros.WiththedefinitionofOILmostimplementationsdonotneedthemanymore.Howevertheyarestillkeptforcompatibility.

13.2.7Errorsandwarnings

Mostoftheerrorvaluesofsystemservicespointtoapplicationerrors.However,insomespecialcaseserrorvaluesindicatewarningswhichmightcomeupduringnormaloperation.Thesecasesare:

• EnableInterrupt,DisableInterruptE_OS_NOFUNC• GetAlarmE_OS_NOFUNC• SetAbsAlarm,SetRelAlarm• CancelAlarm

(standard)E_OS_STATE

(standard)

(standard)(extended)

E_OS_NOFUNC

EspeciallywhenimplementingacentralerrorhandlingbyErrorHook,thishastobetakenintoaccount.

13.3Implementationspecifictools

Whenbuyingorwritingportablecodeonehastobeawareofthedifferentimplementationtoolsonthemarket.Thishasanimpact,onwhatkindofdocumentationhastogoinparallelwiththecode.

VersionAincludeOSEK.xDeclarationsUser-programUser-programVersionBGenerationToolCompilerCompilerLinkerCompilerLinkerExecutableExecutableFigure13-2Implementationspecifictools

Theexamplehereshowstwopossibleimplementationsofatoolchain:• VersionA,withalldeclarationsrelatedtotaskpropertiesetc.withinthecode

76

©byOSEK

OSEKOS2.1

OSEK/VDX•

OperatingSystemSpecification2.1VersionB,usingaseparategenerationtoolforthesetaskpropertiesetc.

FordefinitionswhichshouldbesuppliedwithportablecodepleaseconsulttheOILspecification.

OSEKOS2.1©byOSEK77

OSEK/VDXOperatingSystemSpecification2.114Changesfromspecification1.0to2.1

14.1Changesfromspecification1.0to2.0r1

ThischaptermentionsallchangesintheconceptandtheAPIoftheOSEKoperatingsystem,withexplanationforthereasonofchange.14.1.1Conceptualchanges14.1.1.1Conformanceclasses

Thischapterreferstochapter3.2Conformanceclasses.

TheOSEKOSspecificationversion2.0nowsupportsonlyfourconformanceclassesinsteadoffive(asinversion1.0).AlsotheCCsarerenamed,soforexampleECC1(version1.0)hasotherfeaturesthanECC1(version2.0).Theexperienceofworkingwithversion1.0hasshownthatthefourCCsofversion2.0willbettermeetapplicationrequirements.Changesindetailare:

• Multiplerequestingoftaskactivationforextendedtasksisnotsupported.Thatisonlyallowedforbasictasks.• Thenumberofmultiplerequestingoftaskactivationisanattributeofthebasictaskandnorequirementoftheconformanceclass.• Theconformanceclassesofversion2.0arenolongerstrictlyupwardcompatible.14.1.1.2Messages

Specificationversion2.0doesnotsupportcommunicationviamessages.AllmessageservicesarepartofthecommunicationspecificationandthereforedescribedintheOSEKCOMspecification.

14.1.1.3MultiplerequestingoftaskactivationThischapterreferstochapter4.3,Activatingatask.

Inversion1.0theorderofactivationincaseofmultiplerequestwasnotexplicitlydefinedbutuptotheimplementation.Inversion2.0itisclearlydefinedthattheactivationsarequeuedinaFIFOstructureaccordingtotheorderofrequesting.14.1.1.4Applicationmodes

Thischapterreferstochapter4.8,Applicationmodes.

Forsomeapplicationsitshouldbeusefultohavedifferentapplicationmodesdependingonexternalconditions.14.1.1.5Counters

TheAPIforcountershasbeenremoved(seechapter8.1,Counters).Inversion1.0accesstocounterswasallowedfortheapplication.Thisfeatureisstronglydependingontheunderlyinghardware.ThereforetheAPIservicesforcountersarecancelledinversion2.0.TheAPIservicesforalarmsarestillavailable.

78©byOSEKOSEKOS2.1

OSEK/VDX14.1.1.6Hookroutines

Thischapterreferstochapter10.1Hookroutines.

OperatingSystemSpecification2.1ThenamingofhookroutineschangedfromOSxxxxtoxxxxHook.

Inversion2.0twoadditionalhookroutinesStartupHook(seechapter12.8.4)andShutdownHook(seechapter12.8.5)areintroduced.Thisfeatureoffersthepossibilityofuserdefinedstart-upandshutdown.14.1.1.7OSexecutioncontrol

Inversion2.0oftheOSEKOSspecificationtwonewAPIservicesareintroduced,StartOS(seechapter12.7.2.1)andShutdownOS(seechapter12.7.2.3).Withthistwoservices,theusercanstart-upandshutdowntheoverallsystem.14.1.2Clarifications

14.1.2.1Schedulingofnonpre-emptivetasks

Whenanonpre-emptivetaskispre-emptedbycallingthescheduler,thetaskcontextissaved.Ifthetaskisassignedtotheprocessoragain,thetaskwillcontinueatthepointofpre-emptionandwillnotberestartedfromthebeginning.14.1.2.2Servicesavailableonwhichlevel

Inversion2.0twotablesarespecifyingwhichserviceisavailableoninterruptlevel,ontasklevelandinwhichhookroutine.14.1.2.3Interruptprocessing

Inversion2.0theISRcategory3ismandatoryandnotoptionalanymore.14.1.2.4Priorityceiling

Thischapterreferstochapter7.5,OSEKPriorityCeilingProtocol.

Inversion2.0,theceilingpriorityofaresourceisdefinedexactlyas:

a)identicalorhighertothehighesttaskprioritywithaccesstothisresource(e.g.TaskX)and

b)lowerthanthepriorityoffallotherofhigherprioritythanthattask(TaskX).14.1.2.5Typesandconstants

Inversion2.0thetypeTaskTypeisspecified.Thefollowingtypesaredefined:• TaskType:identifiesatask• TaskRefType:pointstoavariableofTaskType• TaskStateType:identifiesthestateofatask• TaskStateRefType:pointstoavariableofTaskStateType14.1.2.6Namingconventions

Inversion2.0themacroTASKhasgotanewmeaning(seechapterFehler!Verweisquellekonntenichtgefundenwerden.).ThischangewasnecessarybecausetheoldversionofTASKhadadrawback;theuserwasforcedtodefineanameforthetaskfunctionhewasnotallowedtouseastaskname

OSEKOS2.1

©byOSEK

79

OSEK/VDXOperatingSystemSpecification2.1TASKTaskFuncName(void)

{/*TaskfunctionfortheTask\"TaskName\"*/

/*Thename\"TaskFuncName\"mustNOTbeusedasataskname*/}

14.1.3Changesofthedocumentation14.1.3.1Documentstructure

Thespecificationdocumentationofversion1.0consistsoftwodocuments,the\"concept\"andthe\"API\".Inversion2.0thesetwopapersareintegratedintothisone,calledOSEKOSspecification.

14.1.3.2Newchapters

Portabilityofapplicationsoftware(paragraphinchapter1.1)ThisnewchapterregardsaspectsofportabilityofOSEKsoftware.Implementationandapplicationspecifictopics(seechapter13)ThisnewchaptergiveshintsforimplementinganOSEKoperatingsystem.14.1.3.3RemovedchaptersChaptermessages

ThemessageconceptisdescribedintheOSEKCOMspecification.Thereforethemessagepartsareremoved.Systemgeneration

AllquestionsofsystemgenerationaredescribedinanextrapapercalledOILspecification(OIL=OSEKImplementationLanguage).Severalreferencestothatpaperaremadethroughoutthisdocument.

14.2Changesfromspecification2.0r1to2.1

Alotofwordingwithinthedocumenthasbeenchangedforclarificationandtoimprovereadability.Thedocumentstructurewasalsochangedforthesamereason.Thesechangesarenotexplicitlymentionedinthissection,butonlychangesintheconceptandtheAPIoftheOSEKoperatingsystem.

14.2.1BehaviourofChainTask/TerminateTaskwithallocatedresourcesisundefined.

In2.0r1thebehaviourwasnotundefinedbutonlytheoccupationoftheresourcewas.Asthisisaclearapplicationerrorresultinginunsafebehaviouritwasnotconsideredusefultodefinepartofthebehaviourincaseofseriouserrors.14.2.2GetTaskIDisallowedinISRs.

AsGetTaskStatewasallowedinISRsandhookroutines,andGetTaskIDwasalreadyallowedinhookroutines,itseemedinconsistentandproblematicnottoallowitinISRs.

80©byOSEKOSEKOS2.1

OSEK/VDXOperatingSystemSpecification2.114.2.3Interrupthandlinghasbeenclarifiedandextended.• Supportforinterruptsofcategory3isoptional.

• ClarificationthatEnableInterrupt/DisableInterruptmanipulatesinterruptsourcesandthattheInterruptDescriptorisglobal.• AddedfunctionsDisableAllInterrupts/EnableAllInterrupts.• AddedfunctionsSuspendOSInterrupts/ResumeOSInterrupts.

• Optionalextensionofresourcestointerrupts(includingtheconceptofinterruptpriorities).14.2.4ErrorcheckingofGetResource/ReleaseResourcehavebeenmodified.Thedefinitionin2.0r1wasincompleteandtheextensionoftheresourceconcepttoISRsrequiredthischange.

14.2.5AddedconstantOSTICKSPERBASE.

TherehavebeenconstantsfortwoofthethreevaluesreturnedbyGetAlarmBaseforasinglesystemcounter.Themissingthirdonewasaddedforcompleteness.

14.2.6ShutdownOSisallowedinISRsandcertainhookroutines.

ShutdownOSismeanttobecalledbytheapplicationincaseoffatalerrors.AssucherrorsarelikelytobediscoveredinISRsorhooks(e.g.ErrorHook)itwasconsidereddangeroustopreventtheapplicationfromimmediatelyshuttingdowntheoperatingsystem.14.2.7BehaviourofShutdownOSafterShutdownHookreturnsisimplementationdefined.

Version2.0r1ofthespecificationwasinconsistentinthispoint.14.2.8AddedconstantOSDEFAULTAPPMODE.Thisconstantwasaddedtoincreaseportabilityofapplications.14.2.9ErrorHookisnevercalledrecursively.

RecursivecallingofErrorHookpossiblyleadstounboundedrecursionandwasconsideredtoodangerous.

14.2.10LocalMessagesaddedtospecification.

Intraprocessormessagehandling(refertoconformanceclassCCCA/CCABasdefinedintheOSEKCommunicationSpecification)hasbeenadded.

OSEKOS2.1©byOSEK81

OSEK/VDX15Index

ActivateTask........................................49AlarmBaseRefType..............................63AlarmBaseType....................................62alarms..................................................37AlarmType...........................................63AppModeType.....................................66CancelAlarm........................................66ChainTask............................................50ClearEvent...........................................61counters...............................................37DeclareAlarm.......................................63DeclareEvent.......................................60DeclareResource..................................58DeclareTask.........................................49DisableInterrupt...................................55E_OS_ACCESS...................................48E_OS_CALLEVEL.............................48E_OS_ID.............................................48E_OS_LIMIT......................................48E_OS_NOFUNC.................................48E_OS_RESOURCE.............................48E_OS_STATE.....................................48E_OS_SYS_PARITY..........................48E_OS_SYS_STACK............................48E_OS_VALUE....................................48EnableInterrupt.........................,56,57EnterISR..............................................53ErrorHook...........................................68EventMaskRefType..............................60EventMaskType...................................60GetActiveApplicationMode..................66GetAlarm.............................................63GetAlarmBase......................................63GetEvent..............................................61GetInterruptDescriptor.........................55GetResource........................................59GetTaskID...........................................51GetTaskState.......................................52INITIAL_INTERRUPT_DESCRIPTOR58

OperatingSystemSpecification2.1IntDescriptorRefType...........................53IntDescriptorType................................53ISR.......................................................58LeaveISR.............................................maxallowedvalue..................................62message................................................39mincycle...............................................62multiplerequesting................................20OSMAXALLOWEDVALUE.........66,67OSTICKDURATION...........................66PostTaskHook......................................68PreTaskHook.......................................68READY................................................52ReleaseResource...................................59RES_SCHEDULER.............................60rescheduling....................................22,26ResourceType.......................................58RUNNING...........................................52Schedule...............................................51SetAbsAlarm........................................65SetEvent...............................................60SetRelAlarm.........................................ShutdownHook....................................69ShutdownOS........................................67StartOS................................................66StartupHook.........................................68StatusType...........................................47SUSPENDED......................................52TASK...................................................53TaskRefType........................................48TaskStateRefType................................48TaskType.............................................48TerminateTask......................................50TickRefType.........................................62ticksperbase..........................................62TickType..............................................62WaitEvent............................................62WAITING............................................52

82©byOSEKOSEKOS2.1

OSEK/VDX15.1Listoffigures

Figure1-1Figure3-1Figure3-2Figure3-3Figure3-4Figure4-1Figure4-2Figure4-3Figure4-4Figure4-5Figure4-6Figure4-7Figure5-1Figure5-2Figure6-1Figure6-2Figure7-1Figure7-2Figure7-3Figure8-1Figure10-1Figure10-2Figure10-3Figure13-1Figure13-2

OperatingSystemSpecification2.1SoftwareinterfacesinsideECU.......................................................................9ProcessinglevelsoftheOSEKoperatingsystem.............................................14ProcessinglevelsoftheOSEKoperatingsystem.............................................15Restrictedupwardcompatibilityforconformanceclasses................................16TheminimumrequirementsforConformanceClasses.....................................16Extendedtaskstatemodel..............................................................................18Statesandstatustransitionsforextendedtasks...............................................18Basictaskstatemodel....................................................................................19Statesandstatustransitionsforbasictasks.....................................................19Scheduler:orderofevents..............................................................................21Nonpre-emptivescheduling...........................................................................22Fullpre-emptivescheduling............................................................................23ISRcategoriesoftheOSEKoperatingsystem................................................26APIservicesallowedtobecalledbytasksandISRs.......................................27Fullpre-emptivesynchronisationofextendedtasks.........................................30Nonpre-emptivesynchronisationofextendedtasks........................................30Priorityinversiononoccupyingsemaphores....................................................32Deadlocksituationusingsemaphores..............................................................33Resourceassignmentwithpriorityceilingbetweenpre-emptivetasks..............34Layeredmodelofalarmmanagement..............................................................38APIservicesforhookroutines........................................................................41Systemstart-up..............................................................................................43PreTaskHookandPostTaskHook...................................................................44Nestedinterrupts............................................................................................74Implementationspecifictools..........................................................................76

OSEKOS2.1©byOSEK83

OSEK/VDX16History

Version1.0

Date

11.Sept.1995

OperatingSystemSpecification2.1RemarksAuthors:

ThomasWollstadtWolfgangKremerJochemSpohr

StephanSteinhauerThomasThurner

KarlJoachimNeumannHelmarKuderFrançoisMosnier

DietrichSchäfer-SiebertJürgenSchiemannReinerJohnAuthors:

WolfgangKremerSalvatoreParisiAndreeZahir

StephanSteinhauerJochemSpohrJanSöderbergPieroMortaraHelmarKuderBobFranceKenjiSuganumaStefanPolednaGerhardGöserGeorgWeilAlainCalvyKarlWesterholzJürgenMeyerAnsgarMaischAuthorsseeversion2.0

AdamOpelAGBMWAG

Daimler-BenzAGDaimler-BenzAGDaimler-BenzAG

UniversityofKarlsruheMercedes-BenzAGRenaultSA

RobertBoschGmbHRobertBoschGmbHSiemensAG

BMWAG

CentroRicercheFiatETASGmbH&CoKGDaimler-BenzAG

ATMComputerGmbHDelco

MagnetiMarelliMercedes-BenzAGMotorolaSPS

Nippondensoco.,ltdRobertBoschAG

SiemensAutomotiveSASiemensAutomotiveSASiemensAutomotiveSASiemensSemiconductorsSoftingGmbH

UniversityofKarlsruhe

2.002.June1997

2.0revision12.1

15.October199722.May2000

Authors:ManfredGeischederBMWKlausGresserBMWAdamJankowiakDaimlerChryslerJochemSpohrDaimlerChryslerAndreeZahirETASMarkusSchwabInfineonErikSvenskeMecelMaximTchervinskyMotorolaKenTindellNRTAGerhardGöserSiemensAutomotiveCarstenThiererUniversityofKarlsruheWinfriedJanzVectorInformatikVolkerBarthelmann3Soft

©byOSEK

OSEKOS2.1

84