diff --git a/docs/cFE_FunctionalRequirements.csv b/docs/cFE_FunctionalRequirements.csv index dac2c9181..72dce9752 100644 --- a/docs/cFE_FunctionalRequirements.csv +++ b/docs/cFE_FunctionalRequirements.csv @@ -26,8 +26,7 @@ ES: Start Application - Command Contents,cES1005.1,"The Command shall include th - Application Entry Point - Application Name - Application Priority -- Application Stack Size -- Application Load Address +- Application Stack Size - Exception Action (restart application or perform processor reset)", ES: Start Application - Location,cES1005.2,The Command specified cFE Application file shall be in any valid cFE file system including the volatile file system and the non-volatile file system.,"The command itself does not care about where the cFE Application comes from, it is specified In the path." ES: Start Application - Reject Undefined,cES1005.3,"If the Command specified Application is undefined then the cFE shall reject the Command, increment the invalid command counter and generate an event message.",Can't start an undefined application. @@ -56,8 +55,6 @@ ES: Application Status Message,cES1011,"Upon receipt of a Command, the cFE shall - cFE Application Child Task Count","In order to support remote Application management then the Application's properties and current state need to be externally observable. Because the ground interface is with Applications rather than Tasks, Task information should be included as well." ES: Application Status Record To File,cES1012,"Upon receipt of a Command, the cFE shall generate a Command specified file that contains all properties and states of all cFE Applications that are defined in the Systems Resources Definition.",May want information about all applications and tasks defined in the Systems Resources Definition in order to diagnose a problem. ES: Application Status Record To File - Default Filename,cES1012.1,"If a file is not specified, the cFE shall use the `` filename.",Want to specify a default if the user does not want to specify a new filename. -ES: Pass String To Shell,cES1013,"[DELETED]Upon receipt of a Command, the cFE shall submit to the operating system shell, the string supplied as a parameter.","Having access to the operating system shell has proved invaluable during FSW development on missions such as JWST and Triana. Although it is available on-orbit, it is not intended to be used during normal operations." -ES: Pass String To Shell - Message Response,cES1013.1,"[DELETED]Upon execution of the operating system Command, the cFE shall generate one or more messages containing the ascii output generated by the operating system command.","This message will provide the ""output"" from the shell command to allow the implementation of a shell like interface to the cFE." ES: System Log,cES1014,The cFE shall maintain an Executive Services System Log which contains a series of ASCII text strings describing significant events or errors.,"Examples of ES System Log information includes: ""Created new cFE Application: StoredCommand.app"" or ""Could Not Create OS Queue"" or ""File not found error: /eebank1/StoredCommand.app"" This requirement states that the cFE needs to maintain this information. There is a separate requirement for the creation of a file to transfer the information to the ground. Note that the information can also be obtained with a raw memory read." ES: System Log - Timestamps,cES1014.1,Each entry in the Executive Services System Log shall be time tagged with the time that the event happened.,Need to be able to determine when the event occurred. ES: System Log - Calculate Usage,cES1014.2,"The cFE shall calculate the number of bytes used and number of entries in @@ -100,8 +97,6 @@ ES: Get Memory Pool Statistics,cES1033,"Upon receipt of a Command, the cFE shall ES: Register Application,cES1300,"Upon receipt of a Request, the cFE shall register the calling cFE Application with the system.",cFE Applications must register with the cFE in order to allow the cFE to track the Application's resources. This function also allows the system to synchronize the application startup. The cFE Application will wait in this function until the cFE starts up. ES: Report Last Reset,cES1301,"Upon receipt of a Request, the cFE shall provide the type of last reset performed by the processor.",cFE Applications may perform processing that is specific to each reset type. ES: Report Last Reset - Types,cES1301.1,The reset types include: Power On Reset Processor Reset.,cFE Applications may perform processing that is specific to each reset type. -ES: Report Processor ID,cES1302,"[DELETED]Upon receipt of a Request, the cFE shall provide the Processor ID on which the Request was made.","Need to determine the Processor ID. This feature is useful in missions with multiple processors, or to help distinguish prototype vs. flight processor features." -ES: Report Spacecraft ID,cES1303,"[DELETED]Upon receipt of a Request, the cFE shall provide the Spacecraft ID on which the Request was made.","Need to determine the Spacecraft ID. This feature is useful in missions with multiple Spacecraft, or Spacecraft with multiple processors." ES: Report Application ID,cES1304,"Upon receipt of a Request, the cFE shall provide the cFE Application ID of the calling cFE Application.",A cFE Application needs to determine its own Application ID. ES: Report Task and Application Name,cES1305,"Upon receipt of a Request, the cFE shall provide the cFE Task Name and cFE Application Name which corresponds to the specified cFE Task ID.",The command will provide a way to find the cFE Task Name and the parent cFE Application name from any cFE Application or Child task. ES: Report Application ID,cES1306,"Upon receipt of a Request, the cFE shall provide the cFE Application ID which corresponds to the specified cFE Application Name.",The Executive Services will assign an Application ID. The Application Name is specified when the cFE Application is created. This Request will provide a way to determine the cFE Application ID when the pre-determined Application Name is passed in. @@ -132,7 +127,6 @@ ES: Exit Application,cES1319,"Upon receipt of a Request, the cFE shall exit the ES: Prepare Memory Pool,cES1320,"Upon receipt of a Request, the cFE shall prepare a Memory Pool for run time memory allocation/de-allocation.","The Memory Allocation interface allows the cFE Application to supply a Pool of memory, which can be used for efficient memory allocation and de-allocation." ES: Prepare Memory Pool - Too Small,cES1320.1,"If the specified size is less than the minimum block size, the cFE shall record the error in the System Log, and return an error code.","If the size of the Pool is not valid, then an error must be returned." ES: Allocate Memory,cES1321,"Upon receipt of a Request the cFE shall allocate a block of memory of the specified size from the specified Memory Pool, protected with a semaphore while processing.",The Memory Allocation interface allows the cFE Application to allocate a block of memory from a previously created memory pool. -ES: Allocate Memory - Round Up,cES1321.1,[DELETED]To ensure memory allocation and accesses are compatible with processors requiring a 32-bit boundary to access memory.,"If the specified size is not an integral multiple of 32 bit words, the size shall be rounded up to an integral of 32 bit words. " ES: Allocate Memory - Invalid ID,cES1321.2,"If the specified Memory Pool identifier is invalid then the cFE shall record the error in the System Log, and return an error code.","If the handle or Memory Pool ID is not valid, then an error must be returned." ES: Allocate Memory - Too Large,cES1321.3,"If the specified size is too large for the specified Memory Pool, the cFE shall record the error in the System Log, and return an error code.",Cannot allocate a memory block bigger than the pool. ES: De-allocate Memory,cES1322,Upon receipt of a Request the cFE shall de-allocate the specified block of memory from the specified Memory Pool.,The Memory Allocation interface allows the cFE Application to de-allocate a block of memory from a previously created memory pool. @@ -142,12 +136,6 @@ ES: Calculate Data Integrity Value,cES1323,"Upon receipt of a Request, the cFE s - XOR: Exclusive OR - CRC16: 16 Bit Cyclic Redundancy Check - CRC32: 32 Bit Cyclic Redundancy Check",We need to provide a checksum/CRC utility. -ES: Load Device Driver,cES1324,"[DELETED]Upon receipt of a Request, the cFE shall load and initialize a hardware device driver and connect it with the specified hardware handshaking and device processing code.",Need a standard device driver interface. -ES: Unload Device Driver,cES1325,"[DELETED]Upon receipt of a Request, the cFE shall unload a specified hardware device driver and de-allocate all previously allocated resources used by the driver.","Need a way of unloading, stopping a hardware device driver." -ES: Disable Device Driver,cES1326,"[DELETED]Upon receipt of a Request, the cFE shall disable a specified hardware device driver.","Need a way of unloading, stopping a hardware device driver." -ES: Disable Device Driver - Not Loaded,cES1326.1,"[DELETED]If the specified hardware device driver is not loaded, then the cFE shall record the error in the System Log, and return an error code.",Cannot disable a device driver that is not loaded. -ES: Enable Device Driver,cES1327,"[DELETED]Upon receipt of a Request, the cFE shall re-enable a specified hardware device driver.",Need a way to re-enable the device driver and it's associated interrupt. -ES: Enable Device Driver - Not Loaded,cES1327.1,"[DELETED]If the specified hardware device driver is not loaded, then the cFE shall record the error in the System Log, and return an error code.",Cannot disable a device driver that is not loaded. ES: Copy To Critical Data Store,cES1328,"Upon receipt of a Request, the cFE shall copy the data starting at the Request specified address to the Request specified Critical Data Store.",Applications need to periodically copy the local data into the CDS so that it can be preserved. Note that the CDS is not required to exist on-card (local address space). This provides the capability for a mission to use off-card bulk storage. ES: Copy To Critical Data Store - Calculate Data Integrity Value,cES1328.1,The cFE shall calculate a Data Integrity Value for the Request specified Critical Data Store and store it.,"Every time data is written to the CDS, a CRC must be recalculated in order to have a reference for any CDS validation. Note that Applications are responsible for determining whether the contents of a CDS Block are still logically valid." ES: Copy To Critical Data Store - Invalid Critical Data Store,cES1328.2,If the Request Specified Critical Data Store does not exist then the data shall not be copied.,Can't copy data if the reference is wrong. @@ -177,7 +165,6 @@ ES: Power On Reset Set Up Volatile File System,cES1507,"Upon a Power-on Reset, t ES: Power On Reset Process Startup File,cES1508,"Upon a Power-on Reset, the cFE shall process all entries in the cFE Startup File located in the non-volatile file system.","There is a file that contains all of the Applications, Shared Libraries, and Device Drivers that are to be created and started." ES: Power On Reset Process Startup File - Start Apps,cES1508.1,The cFE shall create and start cFE Applications according to the entry in the cFE Startup File.,The cFE supports loading and creating new cFE Applications during system startup. ES: Power On Reset Process Startup File - Init Libs,cES1508.2,The cFE shall create and initialize cFE Shared Libraries according to the entry in the cFE Startup File.,The cFE supports creating and initializing cFE Shared Libraries during system startup. -ES: Power On Reset Process Startup File - Init Device Drivers,cES1508.3,[DELETED]The cFE shall create and initialize cFE Device Drivers according to the entry in the cFE Startup File.,The cFE supports loading and initializing cFE Device Drivers during system startup. ES: Power On Reset Exception and Reset Log Entry,cES1509,"Upon a Power On Reset, the cFE shall make an entry in the Executive Services Exception and Reset Log, recording the Power On Reset.",One purpose of the Executive Services Exception and Reset Log is to log all resets. ES: Processor Reset Identify Sub-Type,cES1510,"Upon a Processor Reset, the cFE shall identify the Processor reset sub-type.",Each mission may want to further distinguish between Processor reset types in order to tailor their system's behavior. For example a mission may want to take different behavior for a watchdog time out and the execution of the processor's reset instructions. ES: Processor Reset Preserve System Log,cES1511,"Upon a Processor Reset, the cFE shall preserve the Executive Services System Log.",Want to be able to determine what errors are logged by the cFE. This log is not preserved on a Power-On reset. @@ -214,23 +201,9 @@ FS: Initialize File Header,cES1601,Upon receipt of a Request the cFE shall initi FS: Write File Header,cES1602,Upon receipt of a Request the cFE shall write the requested header information to the requested file.,File management support. FS: Set File Timestamp,cES1603,Upon receipt of a Request the cFE shall set the requested timestamp on the requested file.,File management support. FS: Extract Filename From Path,cES1604,Upon receipt of a Request the cFE shall provide the file name portion of the requested full path.,File management support. -ES: Maximum Apps,cES1700,[DELETED]The cFE shall support a maximum `` cFE Applications.,TBD has never been exceeded on past missions. Need to bound the number of Applications in order to size the Systems Resources information. -ES: Detect Unmasked Exceptions,cES1702,[DELETED]The cFE shall detect all unmasked CPU exceptions.,Need to be able to detect processor exceptions so that the appropriate action can be taken. -ES: Detect Unmasked Exceptions - Log,cES1702.1,"[DELETED]Upon detection of a CPU exception, the cFE shall add an entry in the Executive Services Exception And Reset Log.",Need to log processor exceptions so that the ground can have visibility into the exception. -ES: Detect Unmasked Exceptions - Restart App,cES1702.2,"[DELETED]If the CPU exception was caused by a cFE Application and the Exception Action indicates that the Application can be started individually, the cFE shall restart the cFE Application that caused the exception.","In most cases, restarting the cFE application will clear up the problem. In some cases, however, applications are tightly coupled with other applications in which case, starting an individual application may have undesirable consequences. The cFE should provide the ability to define if the application should can be restarted or if a processor reset should occur." -ES: Detect Unmasked Exceptions - Platform Response,cES1702.3,[DELETED]If the CPU exception was caused by the Operating System or cFE Core then the cFE shall initiate a `` response.,"An exception in the cFE core or OS will restart the cFE, which results in all cFE Applications being restarted." -ES: Detect FP Exceptions,cES1703,[DELETED]The cFE shall detect all unmasked processor Floating Point Exceptions.,"The low level BSP routines allow the mission to determine what Floating Point exceptions are masked, and what Floating Point exceptions can interrupt the software." -ES: Detect FP Exceptions - Log,cES1703.1,"[DELETED]Upon detection of an unmasked Floating Point exception, the cFE shall add an entry in the Executive Services Exception and Reset Log.",Need to log unmasked Floating Point exceptions so that the ground can have visibility into the exception. -ES: Detect FP Exceptions - Restart App,cES1703.2,"[DELETED]If the Floating Point exception was caused by a cFE Application and the Exception Action indicates that the Application can be started individually, the cFE shall restart the cFE Application that caused the exception.","Want the capability to restart an individual application on a processor reset. Not all Applications should be started individually as they may have some dependencies that result in undesirable behavior. When the Application is started, one of the parameters is whether to restart the app of perform a cFE processor reset." -ES: Detect FP Exceptions - Platform Response,cES1703.3,[DELETED]If the Floating Point exception was caused by the OS or cFE Core then the cFE shall initiate a `` response.,"An exception in the cFE core or OS will restart the cFE, which results in all cFE Applications being restarted." -ES: Volatile File System Size,cES1704,[DELETED]The cFE shall support a `` byte volatile file system.,TBD seems like a reasonable size based on heritage missions. -ES: Non-Volatile File System Size,cES1705,[DELETED]The cFE shall support a `` byte non-volatile file system.,TBD seems like a reasonable size based on heritage missions. -ES: System Log Size,cES1706,[DELETED]The cFE shall support a `` byte Executive Services System Log.,TBD seems like a reasonable size based on heritage missions. -ES: Exception And Reset Log Size,cES1707,[DELETED]The cFE shall support a `` byte Executive Services Exception And Reset Log.,TBD seems like a reasonable size based on heritage missions. -ES: Critical Data Store Size,cES1708,[DELETED]The cFE shall support a `` byte Critical Data Store.,TBD seems like a reasonable size based on heritage missions. ES: Maximum Processor Resets,cES1709,"If the cFE Core goes through `` Maximum Processor Resets, the cFE shall initiate a Power-On Reset of the cFE.","After a number of Processor Resets, the cFE will attempt to recover by doing a Power-on Reset." EVS: Control Message By Event Type,cEVS3000,"Upon receipt of Command the cFE shall enable/disable, as specified in the Command, the future generation of Event Messages for the Command-specified Event Type.",Filtering by type allows the system to behave differently for different users. -EVS: Set Event Format Mode,cEVS3001,"Upon receipt of Command, the cFE shall set the SB Event Format Mode to the command specified value, either Long or Short.",Providing a short format accommodates missions with limited telemetry bandwidth. A long format is desirable because it contains the most information. +EVS: Set Event Format Mode,cEVS3001,"Upon receipt of Command, the cFE shall set the Event Format Mode to the command specified value, either Long or Short.",Providing a short format accommodates missions with limited telemetry bandwidth. A long format is desirable because it contains the most information. EVS: NOOP Event,cEVS3002,Upon receipt of Command the cFE shall generate a NO-OP event message.,This command is useful as a general sub-system aliveness test. EVS: Zero Counters,cEVS3003,"Upon receipt of Command the cFE shall set the following counters to zero in Event Services telemetry: @@ -311,9 +284,9 @@ EVS: Create Message - Data Types,cEVS3103.2,"The cFE shall support the following - Unsigned Long Integer",Not all processors supported under the cFE will allow floating point or real types. EVS: Create Message - Increment Filter Counter,cEVS3103.3,"If the request specified Event ID has been registered for binary event filtering, the cFE shall increment the request specified Application's Binary Filter Counter for the request-specified Event ID.",Support binary event filtering algorithm. EVS: Create Message - Increment Filter Counter - Retain Maximum Value,cEVS3103.3.1,"If the Binary Filter Counter has reached its maximum `` value, the cFE shall retain the maximum value (i.e. do not rollover to zero).",Preventing a counter rollover to zero eliminates the case when a user may think no events have occurred when in fact many events have occurred. -EVS: Create Message - Long Format,cEVS3103.4,"If the SB Format Mode is set to Long, the cFE shall generate an SB Event Message formatted as specified in the cFE User's Guide containing the Spacecraft Time, Processor ID, Application ID, Event ID, Event Type, and the Request-specified Event Data.","To assist with system test and diagnostics it is important to distinguish otherwise identical messages by their sources. This is especially true in a distributed system with common subsystems. It is the intent of this requirement to allow identical subsystems to be resident in multiple processors within the flight system. In cases like this, the subsystem identifier, and message identifier may be the same; only the processor identifier would make the messages unique. A long format is desirable because it contains the most information. Design Note: It is expected that in the implemented event service, the API only requires the Event ID and Type, and that the underlying utility code fills in the processor ID, and Application ID before the message is sent." +EVS: Create Message - Long Format,cEVS3103.4,"If the Format Mode is set to Long, the cFE shall generate an Event Message formatted as specified in the cFE User's Guide containing the Spacecraft Time, Processor ID, Application ID, Event ID, Event Type, and the Request-specified Event Data.","To assist with system test and diagnostics it is important to distinguish otherwise identical messages by their sources. This is especially true in a distributed system with common subsystems. It is the intent of this requirement to allow identical subsystems to be resident in multiple processors within the flight system. In cases like this, the subsystem identifier, and message identifier may be the same; only the processor identifier would make the messages unique. A long format is desirable because it contains the most information. Design Note: It is expected that in the implemented event service, the API only requires the Event ID and Type, and that the underlying utility code fills in the processor ID, and Application ID before the message is sent." EVS: Create Message - Long Format - Truncation,cEVS3103.4.1,"If the Event Data is greater than the `` maximum Event Data, the cFE shall truncate the Event Message with a string-termination character and increment the Message Truncation Counter.","It's important to know if data is lost, but it doesn't need to be maintained on a per-Event ID basis, therefore a single counter is used. A platform-defined length was considered but this prevents application reuse unless a minimum length is specified." -EVS: Create Message - Short Format,cEVS3103.5,"If the SB Format Mode is set to Short, the cFE shall generate an SB Event Message formatted as specified in the cFE User's Guide containing the spacecraft time, Processor ID, Application ID, Event ID, and Event Type.",Providing a short format accommodates missions with limited telemetry bandwidth. +EVS: Create Message - Short Format,cEVS3103.5,"If the Format Mode is set to Short, the cFE shall generate an Event Message formatted as specified in the cFE User's Guide containing the spacecraft time, Processor ID, Application ID, Event ID, and Event Type.",Providing a short format accommodates missions with limited telemetry bandwidth. EVS: Create Message - App ID,cEVS3103.6,The requester shall be able to specify the Application ID to be used in the Event Message.,Need to provide APIs a way to specify an Application ID to ensure the context of the Event is correct. EVS: Create Message - Time,cEVS3103.7,The requester shall be able to specify the time to be used in the Event Message.,"This routine should be used in situations where an error condition is detected at one time, but the event message is reported at a later time." EVS: Increment App Message Sent Counter,cEVS3104,"For each created Event Message, the cFE shall increment the Application Event Message Sent Counter for the request specified Application.",A counter provides a means for keeping track of how many events an application has sent through the event service. Note: The Application Event Message Sent Counter is incremented once regardless of how many enabled ports the message has been sent through. @@ -327,26 +300,12 @@ EVS: Store Message In Event Log - Set Full Flag,cEVS3108.1,"_(OPTIONAL)_ If the EVS: Store Message In Event Log - Increment Overflow Counter,cEVS3108.2,"_(OPTIONAL)_ If the Local Event Log is full, the cFE shall increment the Local Event Log Overflow counter.",Ground operations needs to know how many Event Messages were discarded or overwritten. EVS: Store Message In Event Log - Log Full Behavior,cEVS3108.3,"_(OPTIONAL)_ If the Local Event Log is full, the cFE shall either (1) overwrite the oldest Event Message if the Event Logging Mode is overwrite, or (2) discard the Event Message if the Event Logging Mode is discard.",Overwriting the oldest message is useful for nominal operations because a user doesn't need to periodically clear the Log. If an error occurs when there's no communication then the Local Event Log size must be large enough to retain the Event Messages since communications was lost. Discarding the newest Event Message is useful for trouble shooting a problem. For example there may be a problem during processor initialization that occurs when there's no communications with the processor interfacing with the User. In this case the original Event Messages are critical to solving the problem so they should be preserved. Note that the Event Logging Mode can be changed via stored commanding. EVS: Message Port Routing,cEVS3109,"For each created Event Message, the cFE shall route the Event Message, formatted as an ASCII text string, to each enabled Event Message Output Port.",Debug ports are very useful for FSW development and maintenance. -EVS: Free App Resources,cEVS3110,[DELETED]Upon receipt of Request the cFE shall free resources allocation for the specified Application.,"Need to be able to remove all resources associated with an application when Deleting, Restarting or Reloading an Application. In addition, this is required as part of a Processor Reset." -EVS: Initialize Message Port State On Power On Reset,cEVS3200,"[DELETED]Upon a Power-on Reset, the cFE shall set the `` Event Message Output Ports to their `` default state: - -- Port Number 1: `` -- Port Number 2: `` -- Port Number 3: `` -- Port Number 4: `` -",Event Message Ports are customized for each platform. A rationale for all of the Power-on Reset requirements is that the cFE must initialize to a known state. EVS: Initialize Format On Power On Reset,cEVS3201,"Upon a Power-on Reset, the cFE shall set SB Event Format Mode to `` default mode.","Each mission must determine what format they need, defaulted to LONG." EVS: Initialize Full Flag To False On Power On Reset,cEVS3202,"_(OPTIONAL)_ Upon a Power-on Reset, the cFE shall set the Local Event Log Full Flag to false.",Set cFE to default status across Power-on Resets. EVS: Initialize Logging Mode On Power On Reset,cEVS3203,"_(OPTIONAL)_ Upon a Power-on Reset, the cFE shall set the Event Logging Mode to ``.",Set cFE to default status across Power-on Resets. EVS: Preserve Event Log Reset Mode On Processor Reset,cEVS3207,"_(OPTIONAL)_ Upon a Processor Reset, the cFE shall preserve the Event Logging Mode configuration parameter.",Try to retain mode across a processor reset. The contents of the Local Event Log will be preserved if the Event Logging Mode is configured to Discard. The contents of the Local Event Log may be overwritten (depending on the size and contents of the log prior to the reset) if the Event Logging Mode is configured to Overwrite. EVS: Preserve Log Full State On Processor Reset,cEVS3208,"_(OPTIONAL)_ Upon a Processor Reset, the cFE shall preserve the Local Event Log Full state.",Retain the cFE state across Processor Resets. -EVS: Set Logging Mode On Processor Reset,cEVS3209,"[DELETED]_(OPTIONAL)_ Upon a Processor Reset, the cFE shall set the Event Logging Mode to the `` value. - -TBD - doesn't match rationale",Retain the cFE state across Processor Resets. EVS: Preserve Log Overflow Counter On Processor Reset,cEVS3210,"_(OPTIONAL)_ Upon a Processor Reset, the cFE shall preserve the Local Event Log Overflow Counter.",Retain the cFE state across Processor Resets. -EVS: Support Message Ports,cEVS3300,"[DELETED]The cFE shall support `` Event Message Ports.",Since the number of Event Message Ports is hardware dependent a mission must be able to specify how many ports it will support. -EVS: Event Log Size,cEVS3301,"[DELETED]_(OPTIONAL)_ The cFE shall define a Local Event Log with a capacity of `` Event Messages.",Each mission's processor card memory capacities will dictate what is reasonable. -EVS: Event Filters Per App,cEVS3302,"[DELETED]The cFE shall support `` Event Message Filters per cFE Application.",Each cFE Application that register with EVS is allocated memory to support this limit. SB: NOOP Event,cSB4000,"Upon receipt of a Command, the cFE shall generate a NO-OP event message.",This command is useful as a general sub-system aliveness test. SB: Zero Counters,cSB4001,"Upon receipt of Command the cFE shall set to zero the following counters in housekeeping telemetry: @@ -381,9 +340,7 @@ SB: Invalid Command Counter,cSB4010,"Upon receipt of an invalid Command, the cFE SB: Enable Subscription Reporting,cSB4011,"Upon receipt of a Message, the cFE shall enable generation of a message when a subscription is received.",Subscription reporting intended for use by software bus network class of applications. SB: Disable Subscription Reporting,cSB4012,"Upon receipt of a Message, the cFE shall disable generation of a message when a subscription is received.",Subscription reporting intended for use by software bus network class of applications. SB: Send Previous Subscriptions,cSB4013,"Upon receipt of a Message, the cFE shall generation messages for current subscriptions.",Subscription reporting intended for use by software bus network class of applications. -SB: Zero Copy Message Transfer Mode,cSB4300,[DELETED]The cFE shall provide a zero-copy message transfer mode for intra-processor communication.,"The heritage software bus offered a zero-copy mode, it was used for transferring large packets from one application to another on the same processor. The cost of the zero-copy mode is a more complex application interface." SB: Create Pipe,cSB4301,"Upon receipt of a Request to create a Pipe, the cFE shall create a Pipe with the Request-specified Pipe Depth and the Request-specified name.",Run time creation of Pipes supports the cFE goals of easy Application integration and system reconfiguration. -SB: Delete Pipe,cSB4302,"Upon receipt of a Request to delete a Pipe, the cFE shall Unsubscribe all messages to the Request-specified Pipe, then remove the Pipe from the Routing Information.",An Application must be capable of freeing its own resources. SB: Subscribe To Message,cSB4303,"Upon receipt of a Request to Subscribe to an SB message, the cFE shall establish a route using the Request-specified Message ID, the Request-specified Pipe ID, the Request-specified MsgId-to-Pipe limit and the Request-specified QoS.",Run time subscription supports the cFE goals of easy system integration and run time reconfigurations. SB: Subscribe To Message - Duplicate,cSB4303.1,If the Subscription is a duplicate of a previous subscription then the cFE shall issue an event message.,"Duplicate subscriptions are still a success, however, want to notify the ground." SB: Unsubscribe To Message,cSB4304,"Upon receipt of a Request to Unsubscribe to an SB Message, the cFE shall remove the route corresponding to the Request-specified Message Id and the Request-specified Pipe Id from the Routing Information.","Allow an Application to dynamically change what Messages it receives. Since the ground can manipulate the state of the routing, it is not considered an error if the Message is not currently being subscribed to when an unsubscribe request is made." @@ -400,7 +357,6 @@ SB: Receive Message With Timeout,cSB4307,"Upon receipt of a Request to receive a " SB: Receive Message Infinite Timeout,cSB4308,"Upon receipt of a Request to receive a SB Message from a Pipe with an infinite timeout, the cFE shall suspend execution of the Application until a SB Message is present on the Pipe.",This mode of receiving has been the most commonly used mode on the heritage SB. SB: Last Message Sender Info,cSB4309,"Upon receipt of a Request, the cFE shall provide sender information for the last message received on an Application's Pipe.","Heritage SB did a 'valid senders check' before delivering a packet to a pipe. Since the cFE supports a dynamic environment and the sender of a packet is somewhat unknown, the cFE must provide a means for the application to do the 'valid sender check'." -SB: Free App Resources,cSB4310,[DELETED]Upon receipt of Request the cFE shall free resources allocation for the specified Application.,"Need to be able to remove all resources associated with an application when Deleting, Restarting or Reloading an Application. In addition, this is required as part of a Processor Reset." SB: Get Message ID,cSB4311,"Upon receipt of a Request, the cFE shall provide the message ID of the requested message.",Message management utility. SB: Set Message ID,cSB4312,"Upon receipt of a Request, the cFE shall set the received message with the received message ID.",Message management utility. SB: Get Message String,cSB4313,"Upon receipt of a Request, the cFE shall provide the requested string from the requested message.",Message management utility. @@ -436,13 +392,10 @@ SB: Zero Copy Get Pointer,cSB4340,"Upon receipt of a Request, the cFE shall prov SB: Zero Copy Release Pointer,cSB4341,"Upon receipt of a Request, the cFE shall release the requested zero copy pointer.",Zero copy message passing support for reduced overhead at the cost of additional pointer management. SB: Zero Copy Send Message,cSB4342,"Upon receipt of a Request, the cFE shall route the requested zero copy message to all subscribed pipes.",Zero copy message passing support for reduced overhead at the cost of additional pointer management. SB: Zero Copy Pass Message,cSB4343,"Upon receipt of a Request, the cFE shall route the requested zero copy message to all subscribed pipes without updating the message sequence counter.",Zero copy message passing support for reduced overhead at the cost of additional pointer management. +SB: Get Packet Type,cSB4344,"Upon receipt of a Request, the CFE shall provide the message packet type.",Provides abstraction for apps to get the packet type (command or telemetry). +SB: Validate Message ID,cSB4345,"Upon receipt of a Request, the cFE shall provide the validation status of the message ID.",Provides abstraction for apps to validate a message ID. SB: Initialize Routing On Power On Reset,cSB4500,Upon a Power-on Reset the cFE shall initialize the Routing Information and clear all error counters.,The cFE must initialize to a known state. SB: Initialize Routing On Processor Reset,cSB4501,Upon a Processor Reset the cFE shall initialize the Routing Information and clear all error counters,The cFE must initialize to a known state. -SB: Maximum Message IDs,cSB4700,"[DELETED]The cFE shall support a maximum of `` Message ID's.",Allow a mission to scale the number of messages it can process to reduce SB memory usage. A maximum is specified to yield an efficient design. 1024 was chosen as the default based on the message count of previous missions. -SB: Maximum Message Size,cSB4701,"[DELETED]The cFE shall support a `` bytes maximum system packet size.",The cFE must have some protection in the event that the packet length field of a sender's packet becomes corrupted or is invalid. -SB: Maximum Destinations,cSB4704,"[DELETED]The cFE shall support a maximum of `` Destinations for a Message ID.",Allow a mission to scale the number of destinations per message ID to reduce memory requirements. A maximum is specified to yield an efficient design. The default of 16 is used in the heritage SB. -SB: Maximum Pipes,cSB4705,"[DELETED]The cFE shall support a maximum of `` Pipes per processor.",Allow a mission to scale the number of Pipes to reduce memory requirements. The default of 255 allows a single byte to be used for the pipe id. -SB: Maximum Pipe Depth,cSB4706,"The cFE shall support a maximum Pipe depth of `` SB Messages.",Allow a mission to scale the Pipe depth to reduce memory requirements. The default of 65535 is a power of 2 which may simplify implementation and based on recent missions 64 SB Messages is more than adequate. TBL: Load Inactive Table From File,cTBL6000,Upon receipt of Command the cFE shall load an Inactive Table Image with the contents of the Command specified File.,Loading from a file allows for multiple versions of a table to be stored on board and loaded to the active table when appropriate. The file header will identify the Table that the file contents are for. TBL: Load Inactive Table From File - Partial Load,cTBL6000.1,"If the Command specified file's header indicates that the file contains only a portion of the Table, the cFE shall first load an Inactive Table Image with the contents of the Active Table Image and then load the contents of the Command specified File.","A Partial Table load capability is useful when dealing with large Tables. It helps to ensure that additional parameters are not unintentionally modified, reduces command time required to perform a Table update and is a feature that has been used on previous missions." TBL: Load Inactive Table From File - Greater Than Max Size,cTBL6000.2,If the number of data bytes contained in the file is greater than the maximum size of the table then the load shall be aborted and an event message shall be generated.,This is a sanity check to make sure that the ground generated table load does not include more data than a table can handle. @@ -454,7 +407,7 @@ TBL: Validate,cTBL6002,Upon receipt of Command the cFE shall determine the valid TBL: Validate - Compute Data Integrity Check Value,cTBL6002.1,The cFE shall compute a Data Integrity Check Value on the contents of either the Active or Inactive Table Image of the Command specified Table and report the result in telemetry.,A Data Integrity Check Value can provide a quick method of validating the proper contents of a Table without performing a Table Dump and Comparison. TBL: Validate - App Content,cTBL6002.2,The cFE shall Request an Application to validate the contents of either the Active or Inactive Table Image of the Command specified Table and report the result in telemetry.,A Table Validation function provided by the Application can verify that the data content of a Table are reasonable. TBL: Activate,cTBL6003,Upon receipt of Command the cFE shall make an Inactive Table Image of the Command specified Table the Active Table Image.,"A Commit Command is useful by allowing modifications and the verification of those modifications to be accomplished in the background while an Application continues to use its previous Table data. Then, upon Command, the new Table data is made Active." -TBL: Activate - Validate,cTBL6003.1,"If a Table Validation Function exists for the specified Table, the Inactive Table Image shall be validated.",Validation functions are there for a reason so want to prevent loading invalid tables. Inactive buffer retains the data so that the ground can dump the contents to see why the validation failed. +TBL: Activate - Validate,cTBL6003.1,The cFE shall reject an activate table command for a table that has a validation function but has not been validated.,Validation functions are there for a reason so want to prevent loading invalid tables. Inactive buffer retains the data so that the ground can dump the contents to see why the validation failed. TBL: Activate - Validate - Failure,cTBL6003.1.1,If the Inactive Table Image fails validation then the Inactive Table Image shall not be loaded into the Active Table Image.,Prevent loading of an invalid table. Note that the Inactive Table still contains the table image so that the ground can dump it. TBL: Activate - Validate - No Validation Function,cTBL6003.1.2,"If a Table Validation Function does not exist for the specified Table, the Table shall be considered valid.",If there is no validation function then assume the table has good data in it (no way to check otherwise). TBL: Write Table Registry To File,cTBL6005,Upon receipt of Command the cFE shall write the contents of the Table Registry to a file.,"The Table Registry will provide a list of the Tables currently registered, their attributes (double or single-buffered, dump-only, etc), a history of what files were last loaded into the Active Table Images, what time the load occurred and whether the image has been modified via Partial Table Load." @@ -496,7 +449,6 @@ TBL: Delete CDS - Not Critical Table,cTBL6013.2,If the specified table is not a TBL: Delete CDS - Already Deleted,cTBL6013.3,If the specified Table CDS has already been deleted the command shall be rejected and an event message generated.,Reject if table CDS has already been deleted. TBL: Create,cTBL6300,"Upon receipt of Request, the cFE shall create a zero filled Table Image with the Request specified name, size, buffering characteristics (single or double-buffer), dump-only characteristics, criticality and Table Validation Function address.","Supports the cFE's dynamic Application model. Tables will be able to be either single or double-buffered. Double-buffering will allow instantaneous updates from the Application's point of view and will be useful for interrupt service routines, etc. However, double-buffering will consume more memory resources. The Table Validation Function is optionally provided by the Application and is called when a Command to Validate the table is made. Note that a zero filled image will not be created if the Application specifies an address for the dump-only table (see cTBL6300.1)." TBL: Create - App Supplied Address For Dump Only,cTBL6300.1,The cFE shall allow an Application to specify an address as the one and only buffer for a dump-only Table.,"Heritage code allowed for dump only tables to come from an address instead of a true table. In this case, table services does not allocate any memory for the dump only table. This is referred to an an Application-Defined-Address-Table." -TBL: Free App Resources,cTBL6301,"[DELETED]Upon receipt of Request, the cFE shall free the resources associated the Request specified Application.","When an Application exits prematurely, the cFE requires a mechanism to free resources allocated to that Application." TBL: Initialize Contents,cTBL6302,"Upon receipt of Request, the cFE shall initialize the contents of the Request specified Table Image with the contents of the Request specified File.",Supports the cFE's dynamic Application model. TBL: Initialize Contents - Greater Than Max Size,cTBL6302.1,"If the Request specified File contains more data than the size of the Request specified Table, the Table Image will not be initialized and an Event Message shall be generated.","If a File contains more data than memory allows, there is a high likelihood that the Application is expecting the data to be in a different format. Additionally, the cFE would not know whether to throw out the last part or the first part of the data." TBL: Initialize Contents - Partial,cTBL6302.2,"If the Request specified File contains less data than the size of the Request specified Table, the first portion of the Table Image will be initialized with the contents of the File and an Event Message shall be generated.",Some tables may allocate more space than is necessary at all times. The Event Message will serve as a warning but not prevent the initialization of the Table. @@ -542,8 +494,6 @@ TBL: Manage,cTBL6316,"Upon receipt of a Request, the cFE shall perform the follo TBL: Free Resources On Power On Reset,cTBL6500,Upon a Power-on Reset all Table resources shall be freed.,The Table Service cannot assume the contents of any Table is legitimate after a reset. TBL: Free Resources On Processor Reset,cTBL6501,Upon a Processor Reset all Table resources shall be freed.,The Table Service cannot assume the contents of any Table is legitimate after a reset. TBL: Free Resources On Processor Reset - Preserve Critical,cTBL6501.1,If the Table is a critical table then the contents of the Table shall be preserved.,Goal of a processor reset is preserve certain data to facilitate recovery. -TBL: Maximum Tables,cTBL6700,"[DELETED]The cFE shall support `` Tables.",Each mission's processor card memory capacities will dictate what is reasonable. -TBL: Maximum Simultaneous Loads and Dumps,cTBL6701,"[DELETED]The cFE shall support Single-Buffer Table Loads and Application-Defined-Address-Table dumps simultaneously. ","It is desirable to allow for Tables to be modified by ground command while other Tables are be being modified autonomously by on board software (i.e. stored command processor, etc). This limit represents the total supported for the combined number of Single-Buffer and Application-Defined-Address-Table Tables being loaded." TIME: Housekeeping Message,cTIME2000,"Upon receipt of a Message, the cFE shall generate a housekeeping message that includes the following Time Services items: - Time Status @@ -560,7 +510,6 @@ TIME: Set STCF,cTIME2006,Upon receipt of Command the cFE shall set the STCF to t TIME: Update STCF Given Current Time,cTIME2007,Upon receipt of Command the cFE shall compute a new value for STCF using the Command-specified value as current time.,"This command provides a useful alternative to setting the STCF explicitly, as the command does not require knowledge of the current MET value. If the default time format is TAI then the new value for STCF is the Command-specified time value less MET." -TIME: Adjust STCF,cTIME2008,[DELETED]Upon receipt of Command the cFE shall make a one time delta adjustment to the STCF by the Command-specified value.,"It is common to set the clock as a delta adjustment from the current time value. The commanded value is signed so a positive or negative adjustment may be made. Note, there's no need for a command to apply a 'large' adjustment over a command-spec." TIME: Delta Adjust STCF,cTIME2009,Upon receipt of Command the cFE shall make a continuous 1Hz delta adjustment to the STCF by the Command-specified value.,"Upon receipt of a Command to make a 'continuous' adjustment to the STCF, the cFE shall adjust the STCF each second by the Command-specified value. The commanded value is signed so a positive or negative adjustment may be made." TIME: Switch Tone Signal Source,cTIME2010,Upon receipt of Command the cFE shall switch to the Command-specified Tone Signal source.,"The behavior of this command is hardware specific, but provides the capability to command Tone Signal source selection if implemented at the hardware level." TIME: Diagnostic Message,cTIME2011,Upon receipt of Command the cFE shall generate a Software Bus message that includes time diagnostic information.,"When testing or debugging the time application, more details about time services are required." @@ -618,6 +567,3 @@ TIME: CDS Elements,cTIME2700,"During normal operation, the cFE shall preserve th - STCF - Leap Seconds - MET",Time is a critical system resource and every effort should be made to preserve it. Preserving time allows applications to 'fly through' resets. -TIME: Time At Tone Window,cTIME2701,[DELETED]The cFE Time Services Server shall send a time at the tone Software Bus message within a `` period of time preceding or following the tone.,"The primary purpose of a time server is to distribute time updates to time clients. Although the time tone is generally a 1PPS signal, there is no cFE restriction on the frequency of the tone. Also, there is no cFE restriction on whether the ""time at the tone"" message precedes or follows the tone." -TIME: Update MET,cTIME2702,[DELETED]The cFE Time Services Server shall update its MET using the timer hardware interface defined in the cFE Application Developer's Guide.,Every mission needs an MET and using a cFE-defined software interface to the timer hardware driver makes the Time Services portable. -TIME: MET Resolution,cTIME2703,[DELETED]The cFE shall define a MET with a `` resolution.,"The resolution (clock ticks per second) is hardware dependent. Since no other cFE component places any constraints on the resolution this requirement is not bounded with a minimum. However, both the maximum number of MET seconds and the resolution of sub-seconds are both restricted to a value that can be stored as an unsigned 32 bit integer."