1、 Reference number ISO 17356-3:2005(E) ISO 2005INTERNATIONAL STANDARD ISO 17356-3 First edition 2005-11-01 Road vehicles Open interface for embedded automotive applications Part 3: OSEK/VDX Operating System (OS) Vhicules routiers Interface ouverte pour applications automobiles embarques Partie 3: Sys
2、tme dexploitation OSEK/VDX ISO 17356-3:2005(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer per
3、forming the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this
4、PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central
5、 Secretariat at the address given below. ISO 2005 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at t
6、he address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2005 All rights reservedISO 17356-3:2005(E) ISO 2005 All r
7、ights reserved iii Contents Page Foreword. v Introduction . vi 1 Scope 1 2 Normative references 1 3 Architecture of the operating system “OS” 1 3.1 Processing levels.1 3.2 Conformance classes3 3.3 Relationship between OS and OSEKtime OS .4 4 Task management5 4.1 Task concept5 4.2 Task state model5 4
8、.3 Activating a task 8 4.4 Task switching mechanism 8 4.5 Task priority .8 4.6 Scheduling policy 9 4.7 Termination of tasks12 5 Application modes.12 5.1 General12 5.2 Scope of application modes .12 5.3 Start-up performance 13 5.4 Support for application modes.13 6 Interrupt processing13 6.1 General1
9、3 7 Event mechanism 14 8 Resource management .16 8.1 General16 8.2 Behaviour during access to occupied resources 16 8.3 Restrictions when using resources.17 8.4 Scheduler as a resource .17 8.5 General problems with synchronization mechanisms 17 8.6 Priority Ceiling Protocol18 8.7 Priority Ceiling Pr
10、otocol with extensions for interrupt levels.19 8.8 Internal resources21 9 Alarms.22 9.1 General22 9.2 Counters .22 9.3 Alarm management22 9.4 Alarm-callback routines 23 10 Messages24 11 Error handling, tracing and debugging .24 11.1 Hook routines.24 11.2 Error handling 25 11.3 System start-up26 11.4
11、 System shutdown 28 11.5 Debugging 28 12 Description of system services29 ISO 17356-3:2005(E) iv ISO 2005 All rights reserved12.1 Definition of system objects 29 12.2 Conventions. 29 13 Specification of OS services 31 13.1 Basics. 31 13.2 Common data types 32 13.3 Task management. 33 13.4 Interrupt
12、handling . 38 13.5 Resource management. 41 13.6 Event control . 43 13.7 Alarms 46 13.8 OS execution control 50 13.9 Hook routines 51 14 Implementation- and application-specific topics. 54 14.1 General . 54 14.2 Implementation hints 54 14.3 Application design hints 56 14.4 Implementation-specific too
13、ls . 60 ISO 17356-3:2005(E) ISO 2005 All rights reserved v Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committ
14、ees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the Int
15、ernational Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International
16、Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the s
17、ubject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 17356-3 was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 3, Electrical and electronic equipment. ISO 17356 consists of the following parts, under the general tit
18、le Road vehicles Open interface for embedded automotive applications: Part 1: General structure and terms, definitions and abbreviations terms Part 2: OSEK/VDX specifications for binding OS, COM and NM Part 3: OSEK/VDX Operating System (OS) Part 4: OSEK/VDX Communication (COM) Part 5: OSEK/VDX Netwo
19、rk Management (NM) Part 6: OSEK/VDX Implementation Language (OIL) ISO 17356-3:2005(E) vi ISO 2005 All rights reservedIntroduction 0.1 System philosophy Automotive applications are characterized by stringent real-time requirements. Therefore, the operating system (OS) offers the necessary functionali
20、ty to support event-driven control systems. The specified OS services constitute a basis to enable the integration of software modules made by various manufacturers. To be able to react to the specific features of the individual control units as determined by their performance and the requirements o
21、f a minimum consumption of resources, the prime focus was not to achieve 100 % compatibility between the application modules, but their direct portability. As the OS is intended for use in any type of control units, it supports time-critical applications on a wide range of hardware. A high degree of
22、 modularity and ability for flexible configuration are prerequisites to making the OS suitable for low-end microprocessors and complex control units alike. These requirements have been supported by definition of “conformance classes” (see 3.2) and a certain capability for application specific adapta
23、tions. For time-critical applications, dynamic generation of system objects was left out. Instead, generation of system objects was assigned to the system generation phase. Error inquiries within the operating system are obviated to a large extent, so as not to affect the speed of the overall system
24、 unnecessarily. On the other hand, a system version with extended error inquiries has been defined. It is intended for the test phase and for less time-critical applications. Even at that stage, defined uniform system appearance is ensured. 0.1.1 Standardized interfaces The interface between the app
25、lication software and the OS is defined by system services. The interface is identical for all implementations of the OS on various processor families. System services are specified in an ISO/ANSI-C-like syntax, however the implementation language of the system services is not specified. 0.1.2 Scala
26、bility Different conformance classes, various scheduling mechanisms and the configuration features make the OS feasible for a broad spectrum of applications and hardware. The OS is designed to require only a minimum of hardware resources (RAM, ROM, CPU time) and therefore runs even on 8-bit microcon
27、trollers. 0.1.3 Error checking The OS offers two levels of error checking, extended status for development phase and standard status for production phase. The extended status allows for enhanced plausibility checks on calling OS services. Due to the additional error checking, it requires more execut
28、ion time and memory space than the standard version. However, many errors can be found in a test phase. After all errors have been eliminated, the system can be recompiled with the standard version. ISO 17356-3:2005(E) ISO 2005 All rights reserved vii 0.1.4 Portability of application software One of
29、 the goals of ISO 17356 is to support the portability and re-usability of application software. Therefore, the interface between the application software and the OS is defined by standardized system services with well-defined functionality. Use of standardized system services reduces the effort to m
30、aintain and to port application software and development cost. Portability means the ability to transfer an application software module from one ECU to another without bigger changes inside the application. The standardized interface (service calls, type definitions and constants) to the operating s
31、ystem supports the portability on source code level. Exchange of object code is not addressed by ISO 17356. The application software lies on the operating system and in parallel on an application-specific Input/Output System interface which is not standardized in ISO 17356. The application software
32、module can have several interfaces. There are interfaces to the OS for real-time control and resource management, but also interfaces to other software modules to represent a complete functionality in a system, and at least to the hardware, if the application works directly with microcontroller modu
33、les. Figure 1 Software interfaces inside ECU 1)During the process to port application software from one ECU to another, it is necessary to consider characteristics of the software development process, the development environment and the hardware architecture of the ECU, for example: software develop
34、ment guidelines; file management system; data allocation and stack usage of the compiler; memory architecture of the ECU; timing behaviour of the ECU; different microcontroller specific interfaces e.g. ports, A/D converter, serial communication and watchdog timer; and placement of the API calls. 1)
35、OSEK OS allows direct interfacing between application and the hardware. ISO 17356-3:2005(E) viii ISO 2005 All rights reservedThis means that the specifications are not enough to describe an implementation completely. The implementation supplies specific documentation. 0.1.5 Support of portability Th
36、e certification process ensures the conformance of different implementations to the specification. Clause 14 of this International Standard collects implementation specific details which should be regarded to increase portability of an application between various implementations. Herein, only the OS
37、 interface to the application is considered. 0.1.6 Special support for automotive requirements Specific requirements for the OS arise in the application context of software development for automotive control units. The following features address requirements such as reliability, real-time capability
38、 and cost sensitivity: The OS is configured and scaled statically. The user statically specifies the number of tasks, resources and services required. The specification of the OS supports implementations capable of running on ROM, i.e. the code could be executed from Read-Only-Memory. The OS support
39、s portability of application tasks. The specification of the OS provides a predictable and documented behaviour to enable OS implementations, which meet automotive real-time requirements. The specification of the OS allows the implementation of predictable performance parameters. 0.2 Purpose of this
40、 document The following description is to be regarded as a generic description which is mandatory for any implementation of the OS. This concerns the general description of strategy and functionality, the interface of the calls, the meaning and declaration of the parameters and the possible error co
41、des. This part of ISO 17356 leaves a certain amount of flexibility. On the one hand, the description is generic enough for future upgrades; on the other hand, part of the description is explicitly specified and implementation-specific. Any implementation defines all implementation-specific issues. T
42、he conformance classes supported by the implementation are indicated precisely, and the issues identified as implementation-specific are documented. Because this description is mandatory, definitions have only been made where the general system strategy is concerned. In all other respects, it is up
43、to the system implementation to determine the optimal adaptation to a specific hardware type. 0.3 Structure of this document 0.3.1 General In the following text, the clauses of this International Standard are described briefly: 0.3.2 Clause 3 Architecture of the operating system “OS” This clause giv
44、es a survey about the design principles and the architecture of the operating system. ISO 17356-3:2005(E) ISO 2005 All rights reserved ix 0.3.3 Clause 4 Task management This clause explains task management with the different task types and scheduling mechanisms. 0.3.4 Clause 5 Application modes This
45、 clause describes application modes and how they are supported. 0.3.5 Clause 6 Interrupt processing This clause provides information about the interrupt strategy and the different types of interrupt service routines. 0.3.6 Clause 7 Event mechanism This clause explains the event mechanism and the dif
46、ferent behaviour depending on the scheduling. 0.3.7 Clause 8 Resource management This clause describes the resource management and discusses the benefits and implementation of the priority ceiling protocol. 0.3.8 Clause 9 Alarms This clause describes the two-stage concept to support time-based event
47、s (e.g. hardware-timer) as well as non-time-based events (e.g. angle measurement). 0.3.9 Clause 10 Messages The message handling for intra-processor communication is added to ISO 17356-3. Full message handling is described in ISO 17356-4. The exact subset to be implemented is described in ISO 17356-
48、4. 0.3.10 Clause 11 Error handling, tracing and debugging This clause describes the mechanisms to achieve centralized error handling. It also describes the services to initialize and shut down the system. 0.3.11 Clause 12 Description of system services This clause describes the conventions used for
49、description. 0.3.12 Clause 13 Specification of operating system services This clause describes all operating system services made available to the user. Structure of the description is identical for any service; it contains all the information the service user requires. 0.3.13 Clause 14 Implementation and application-specific topics This clause provides a list of all operating system-specific topics, including services, data types, and constants. ISO 17356-3:2005(E) x ISO 200