- Task Scheduling
The Real-Time Operating System (RTOS) schedules tasks to a resolution of 1 millisecond. Portions of the model which run at the same rate, are gathered together into tasks which are each assigned a unique priority and are fully pre-emptive. The priority of each task is assigned according to model rate (quickest rate is assigned the highest priority) with the angular rate (if enabled in the RTW options) assigned the highest priority. Tasks are also set up to handle CCP communications; polling for received CAN messages and software queuing for CAN transmit messages.
The blockset library provides access to information about the tasks at run time:
Some operations are performed in parallel on different devices to the processor that runs tasks. On some target ECU, information is available about how heavily loaded these devices are:
If enabled, OpenECU interprets the fastest rate task defined in the Simulink model as a task that is triggered at specific engine angles if the check-box 'Angular Rate Functionality' is checked. This check-box can be found in the menu option Simulation Parameters -> Real Time Workshop -> OpenECU code generation options. The following screen is an example:
The angular task is run at the engine angles defined in the engine configuration block, i.e. the TDC angle + Angular Task Calc Angle. The angular task is intended for calculating values such as the fuelling per cylinder. Note that if the engine is not rotating, the angular task will not execute. In simulation, the angular task will behave as the fastest rate task and all other task time-steps must be a multiple of the angular task time-step. A figure of 0.001s is suggested for the angular task time-step.
- Stack
Each task shares the same stack space, an area of RAM dedicated to storing temporary information about the task and the functionality the task is performing. The amount of stack space is finite and must be specified when the model is built. The blockset library provides information about how much stack has be used since ECU power on or last reset:
- Watchdog
Each ECU implements a watchdog, a mechanism to reset the ECU if the ECU software appears to be misbehaving. A simple watchdog scheme is implemented by the platform software but the application model can take control of the watchdog and implement a more complex scheme.
- Memory tests
Each ECU implements an internal memory test during startup to check for hard memory faults. Hard memory faults are memory faults that have become permanent such as a shorted address line, or a memory cell that cannot change state. RAM is tested by performing a destructive walking one's test on the address and data lines and a memory recall test on the memory cells. ROM is tested by calculating a checksum of the contents. If a hard memory fault is detected, then the ECU will reset itself to force safety related outputs to a default state.
Some ECUs also implement a continuous internal memory test during runtime to check for soft memory faults. Soft memory faults are transient memory faults, such as might occur when a memory cell changes state due to stray electron releases. The error correction module hardware is capable of detecting and correcting errors that are limited to a single bit wrong in a 64-bit double word. If more than one bit is wrong in a 64-bit double word, then the hardware can detect the error, but it cannot be corrected. If an uncorrectable soft memory fault is detected, then the ECU will reset itself to force safety related outputs to a default state.
The blockset library provides Simulink blocks to report the status of the continuous internal memory soft error test as well as the address of the last detected correctable error.
The framework of OpenECU requires application processing to occur in one or more tasks. These tasks are declared in the interface specification file, each declaring an application function to call and a priority to schedule the task relative to others.
In order to support the services provided by the library (e.g., J1939 messaging), the library defines a number of auxiliary tasks. These tasks have a unique priority relative to each other and the application tasks, as shown in Table 4.8, “Library and application tasks”.
Table 4.8. Library and application tasks
| Priority | Task | Trigger | Targets | Description |
|---|---|---|---|---|
| 20+n | Module protection task | 10ms periodic | M220, M221, M250, M460, M461, and M670 | Handles protection mechanisms to avoid ECU damage. |
| 19+n | TPU task | Sporadic | M220, M221, M250, and M670 | Handles the event processing required of the TPU peripheral on some ECUs. |
| 18+n | Power management task | 100ms periodic | M221 and M670 | Handles the power hold processing on some ECUs. |
| 17+n | Flash code task | 100ms periodic | M220, M221, M250, M460, M461, and M670 | Handles the Flash code output pin on some ECUs. |
| 16+n | High-Side ASIC task | 100ms periodic | M670 | Handles the high side output pin(s) on some ECUs. |
| 15+n | SPI messaging task | Sporadic | M220, M221, M250, M460, M461, and M670 | Handles SPI messaging between peripherals on-board the ECU. |
| 14+n | CAN messaging (event) task | 2ms periodic burst | All | Handles CAN messaging. |
| 13+n | J1939 messaging task | 5ms periodic | All | Handles J1939 messaging. |
| 12+n | PFF task | 10ms periodic | All | Handles freeze frame processing. |
| 11+n | PFS task | 10ms periodic | All | Handles non-volatile filesystem. |
| 10+n | PISO messaging task | 5ms periodic | All | Handles ISO-15765 messaging. |
| 9+n | PDG messaging task | 10ms periodic | All | Handles ISO-15765 based diagnostics messaging. |
| 8+n | Application crank sync-point trigger task | Angular | M220, M221, M250 and M670 | Handles crank synchronous sync-point processing. |
| 7+n | Application TDC-calculation task | Angular | M220, M221, M250 and M670 | Handles engine synchronous TDC-calculation processing. |
| 6..6+n | Application tasks | Periodic | All | Handles application processing. |
| 5 | PDTC task | 100ms | All | Handles diagnostic trouble code processing. |
| 4 | CAN messaging task | 2ms periodic burst | All | Handles CAN messaging. |
| 3 | SPI task | 1000ms periodic | M220, M221, M250, M460, M461, and M670 | Handles SPI messaging utility functions. |
| 2 | Watchdog task | 200ms periodic | All | Handles the processor watchdog. |
| 1 | CCP task | 5ms periodic | All | Handles the CAN Calibration Protocol messaging to and from the calibration tool. |
Tasks can have different triggers. Triggers make the task become ready to run. The highest priority task ready to run is given the CPU.
- Sporadic
The task becomes ready to run based on an event. The event is generally not periodic, but may be periodic under some conditions.
- Angular
The task becomes ready to run based on the crank or engine position. See Chapter 6, Angular detail for more about supported engine functionality.
- Periodic
The task becomes ready to run on a periodic basis.
- Periodic (burst)
The task becomes ready to run based on an event. Once ready, the task becomes periodic for a number of iterations, before stopping and waiting for another event.
Note
The scheduler deals with both application and library tasks. It is possible for a high priority application task to use the processor for as long as it needs and there is no protection offered by the library to prevent tasks from using up more processor time than they should.
The application tasks are scheduled to relative to the library tasks such that a long running task may cause a lower priority library task to become unduly delayed.
An example of this would be the CCP task which runs every 5ms. It is conceivable that an application task may take longer than 5ms to complete and that is a desirable property of the application. However, when the application task takes longer than 5ms, the CCP task becomes delayed by the application task.
The design of the library tries to mitigate the consequences of delayed library tasks. Delaying the library CCP task may cause a burst of DAQ messages to the calibration tool to become delayed and the calibration tool may complain, but delaying the CCP task will not cause the I/O functionality to become delayed or mis-behave.
However, mitigation is all that the library can achieve if the application uses large amounts of the processor, and, for this reason the design of the application must take this into account by keeping the application tasks short. For instance, by splitting long running tasks up into discrete parts which are scheduled on successive task invocations.