From 8e69e05c890e851f7e92318f3d37fbc01325558d Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Tue, 28 Jan 2020 12:35:04 -0500 Subject: [PATCH 1/3] Fix #377, Remove device driver requirements --- docs/cFE_FunctionalRequirements.csv | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) mode change 100755 => 100644 docs/cFE_FunctionalRequirements.csv diff --git a/docs/cFE_FunctionalRequirements.csv b/docs/cFE_FunctionalRequirements.csv old mode 100755 new mode 100644 index e4e2651a8..d3f554093 --- a/docs/cFE_FunctionalRequirements.csv +++ b/docs/cFE_FunctionalRequirements.csv @@ -1,7 +1,6 @@ Summary,Custom field (Requirement ID),Description,Custom field (Requirement Rationale) ES: Allocate Memory,cES1321,Upon receipt of a Request the cFE shall allocate a block of memory of the specified size from the specified Memory Pool.,The Memory Allocation interface allows the cFE Application to allocate a block of memory from a previously created memory pool. ES: Allocate Memory - Invalid ID,cES1321.2,"If the specified Memory Pool identifier is invalid then the cFE shall record the error in the System Log, and return an error code.","If the handle or Memory Pool ID is not valid, then an error must be returned." -ES: Allocate Memory - Round Up,cES1321.1,Upon receipt of a Request the cFE shall allocate a block of memory of the specified size from the specified Memory Pool.,The Memory Allocation interface allows the cFE Application to allocate a block of memory from a previously created memory pool. ES: Allocate Memory - Too Large,cES1321.3,"If the specified size is too large for the specified Memory Pool, the cFE shall record the error in the System Log, and return an error code.",Cannot allocate a memory block bigger than the pool. ES: Analyzer Log,cES1021,The cFE shall maintain an Executive Services Logic Analyzer Capture Log for capturing application specified timestamps and events for off-line performance analysis.,The Logic Analyzer Capture Log is used along with a performance log API to allow the cFE and cFE Applications to save performance data that can be downloaded. ES: Analyzer Log Record Tag,cES1022,"Upon receipt of a Request, the cFE shall record the specified Logic Analyzer Capture Tag in the Logic Analyzer Capture Log.",The cFE Core and cFE Applications make specific calls to create log entries in the Logic Analyzer Capture Log. @@ -58,10 +57,6 @@ ES: Detect Unmasked Exceptions,cES1702,The cFE shall detect all unmasked CPU exc ES: Detect Unmasked Exceptions - Log,cES1702.1,"Upon detection of a CPU exception, the cFE shall add an entry in the Executive Services Exception And Reset Log.",Need to log processor exceptions so that the ground can have visibility into the exception. ES: Detect Unmasked Exceptions - Platform Response,cES1702.3,If the CPU exception was caused by the Operating System or cFE Core then the cFE shall initiate a `` response.,"An exception in the cFE core or OS will restart the cFE, which results in all cFE Applications being restarted." ES: Detect Unmasked Exceptions - Restart App,cES1702.2,"If the CPU exception was caused by a cFE Application and the Exception Action indicates that the Application can be started individually, the cFE shall restart the cFE Application that caused the exception.","In most cases, restarting the cFE application will clear up the problem. In some cases, however, applications are tightly coupled with other applications in which case, starting an individual application may have undesirable consequences. The cFE should provide the ability to define if the application should can be restarted or if a processor reset should occur." -ES: Disable Device Driver,cES1326,"Upon receipt of a Request, the cFE shall disable a specified hardware device driver.","Need a way of unloading, stopping a hardware device driver." -ES: Disable Device Driver - Not Loaded,cES1326.1,"If the specified hardware device driver is not loaded, then the cFE shall record the error in the System Log, and return an error code.",Cannot disable a device driver that is not loaded. -ES: Enable Device Driver,cES1327,"Upon receipt of a Request, the cFE shall re-enable a specified hardware device driver.",Need a way to re-enable the device driver and it's associated interrupt. -ES: Enable Device Driver - Not Loaded,cES1327.1,"If the specified hardware device driver is not loaded, then the cFE shall record the error in the System Log, and return an error code.",Cannot disable a device driver that is not loaded. ES: End Child Task,cES1314,"Upon receipt of a Request, the cFE shall end execution of the calling cFE Child Task.", cFE Child Task needs to be able to exit and end execution. ES: End Child Task - Error If Application Main Task,cES1314.1,"If the calling task is the cFE Application Main Task, the cFE shall record the error in the System Log, and return an error code.",Cannot use Child Task Exit or Delete on the cFE Application Main Task. ES: Exception And Reset Log Size,cES1707,The cFE shall support a `` byte Executive Services Exception And Reset Log.,TBD seems like a reasonable size based on heritage missions. @@ -92,7 +87,6 @@ ES: Housekeeping Message,cES1000,"Upon receipt of a Command, the cFE shall gener - ES Valid Command Counter - ES Invalid Command Counter",It is common for sub-systems to report housekeeping status upon receipt of a housekeeping request command. ES: Invalid Command Counter,cES1003,"Upon receipt of an invalid Command, the cFE shall increment the invalid Command counter and generate an event message.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE Application Developer's Guide and the cFE User's Guide. -ES: Load Device Driver,cES1324,"Upon receipt of a Request, the cFE shall load and initialize a hardware device driver and connect it with the specified hardware handshaking and device processing code.",Need a standard device driver interface. ES: Maximum Apps,cES1700,The cFE shall support a maximum `` cFE Applications.,TBD has never been exceeded on past missions. Need to bound the number of Applications in order to size the Systems Resources information. ES: Maximum Processor Resets,cES1709,"If the cFE Core goes through `` Maximum Processor Resets, the cFE shall initiate a Power-On Reset of the cFE.","After a number of Processor Resets, the cFE will attempt to recover by doing a Power-on Reset." ES: NOOP Event,cES1001,"Upon receipt of a Command, the cFE shall generate a NO-OP event message.",This command is useful as a general sub-system aliveness test. @@ -110,7 +104,6 @@ ES: Power On Reset Exception and Reset Log Entry,cES1509,"Upon a Power On Reset, ES: Power On Reset Identify Sub-Type,cES1500,"Upon a Power-on Reset, the cFE shall identify the Power On reset sub-type.",Each mission may want to further distinguish between Processor reset types in order to tailor their system's behavior. For example a mission may want to take different behavior for a watchdog time out and the execution of the processor's reset instructions. ES: Power On Reset Mount Non-Volatile File System,cES1506,"Upon a Power-on Reset, the cFE shall mount the non-volatile file system.","Non-volatile file system contains the files for each of the cFE Applications. On a Power-On reset, the external cFE Applications are loaded from the Volatile file system." ES: Power On Reset Process Startup File,cES1508,"Upon a Power-on Reset, the cFE shall process all entries in the cFE Startup File located in the non-volatile file system.","There is a file that contains all of the Applications, Shared Libraries, and Device Drivers that are to be created and started." -ES: Power On Reset Process Startup File - Init Device Drivers,cES1508.3,The cFE shall create and initialize cFE Device Drivers according to the entry in the cFE Startup File.,The cFE supports loading and initializing cFE Device Drivers during system startup. ES: Power On Reset Process Startup File - Init Libs,cES1508.2,The cFE shall create and initialize cFE Shared Libraries according to the entry in the cFE Startup File.,The cFE supports creating and initializing cFE Shared Libraries during system startup. ES: Power On Reset Process Startup File - Start Apps,cES1508.1,The cFE shall create and start cFE Applications according to the entry in the cFE Startup File.,The cFE supports loading and creating new cFE Applications during system startup. ES: Power On Reset Set Up Volatile File System,cES1507,"Upon a Power-on Reset, the cFE shall create, format and mount the volatile file system.","The volatile file system is a key part of the cFE. It is used for logs, data files and new cFE Applications." @@ -119,7 +112,7 @@ ES: Prepare Memory Pool - Too Small,cES1320.1,"If the specified size is less tha ES: Processor Reset,cES1010,"Upon receipt of a Command, the cFE shall perform a Processor Reset of the Core Flight Executive.","Need to be able to restart the cFE in the event that there is a problem with the Real Time OS or cFE Core software. Note that restarting the cFE will result in a restart of all of the cFE applications. In addition, a restart of the cFE will initialize the (TBD - missing text from pre 2011)." ES: Processor Reset,cES1318,"Upon receipt of a Request, the cFE shall perform a Processor Reset of the Core Flight Executive.",Need to be able to restart the cFE in the event that there is a problem with the cFE core. The direct call is provided in the case where the normal task message passing is not working. ES: Processor Reset Create OS Objects,cES1515,"Upon a Processor Reset, the cFE shall create all operating system objects required by the cFE.","Items such as tasks, semaphores, queues, and shared memory segments would be initialized." -ES: Processor Reset Create OS Objects - Power On Reset On Failure,cES1515.1,"If the creation of the operating system object fails, the cFE shall perform a `` response.","The response to operating system object creation failure depends on the platform configuration, and is abstracted at the platform layer." +ES: Processor Reset Create OS Objects - Platform Response On Failure,cES1515.1,"If the creation of the operating system object fails, the cFE shall perform a `` response.","The response to operating system object creation failure depends on the platform configuration, and is abstracted at the platform layer." ES: Processor Reset Exception and Reset Log Entry,cES1520,"Upon a Processor Reset, the cFE shall make an entry in the Executive Services Exception and Reset Log recording the Processor Reset.",The purpose of the Executive Services Exception and Reset Log is to log all resets and all exceptions that occur. ES: Processor Reset Identify Sub-Type,cES1510,"Upon a Processor Reset, the cFE shall identify the Processor reset sub-type.",Each mission may want to further distinguish between Processor reset types in order to tailor their system's behavior. For example a mission may want to take different behavior for a watchdog time out and the execution of the processor's reset instructions. ES: Processor Reset Mount Non-Volatile File System,cES1516,"Upon a Processor Reset, the cFE shall mount the non-volatile file system.","Non-volatile file system contains the files for each of the cFE Applications. On a Power-On reset, the external cFE Applications can be loaded from the Volatile file system." @@ -198,7 +191,6 @@ ES: System Log - Timestamps,cES1014.1,Each entry in the Executive Services Syste ES: System Log - Write To File,cES1016,"Upon receipt of a Command, the cFE shall copy the information contained in the Executive Services System Log into a Command specified file.",We did not want to count on a file system for storing the ES System errors in the event that there was a problem with the file system or the file system was not mounted yet. We did want to provide an easy ground interface for getting the data to the ground ES: System Log Mode,cES1028,"Upon receipt of Command, the cFE shall set the System Log Mode to the Command-specified mode, either overwrite or discard.","While in Overwrite Mode the oldest logged System message will be overwritten by the new System message when the System Log Full Flag is set to true. While in Discard Mode the new message will be discarded, preserving the contents of the full log." ES: System Log Size,cES1706,The cFE shall support a `` byte Executive Services System Log.,TBD seems like a reasonable size based on heritage missions. -ES: Unload Device Driver,cES1325,"Upon receipt of a Request, the cFE shall unload a specified hardware device driver and de-allocate all previously allocated resources used by the driver.","Need a way of unloading, stopping a hardware device driver." ES: Valid Command Counter,cES1002,"Upon receipt of a valid Command, the cFE shall increment a valid Command counter.",The ground needs the capability to verify that the command was received and accepted by the cFE. Details of valid commands are documented in the cFE Application Developer's Guide and the cFE User's Guide. ES: Volatile File System Size,cES1704,The cFE shall support a `` byte volatile file system.,TBD seems like a reasonable size based on heritage missions. ES: Zero Command Counters,cES1004,"Upon receipt of a Command, the cFE shall set to zero the valid Command counter and invalid Command counter.","This command is a common feature in heritage sub-system software design. In general, command counter (valid and invalid) are reset." From e72fd7632d1d1cd8fb5611841bc304e093fda8f1 Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Tue, 28 Jan 2020 13:11:59 -0500 Subject: [PATCH 2/3] Fix #377, Order requirements by ID --- docs/cFE_FunctionalRequirements.csv | 704 ++++++++++++++-------------- 1 file changed, 352 insertions(+), 352 deletions(-) diff --git a/docs/cFE_FunctionalRequirements.csv b/docs/cFE_FunctionalRequirements.csv index d3f554093..8f51f28e7 100644 --- a/docs/cFE_FunctionalRequirements.csv +++ b/docs/cFE_FunctionalRequirements.csv @@ -1,13 +1,49 @@ Summary,Custom field (Requirement ID),Description,Custom field (Requirement Rationale) -ES: Allocate Memory,cES1321,Upon receipt of a Request the cFE shall allocate a block of memory of the specified size from the specified Memory Pool.,The Memory Allocation interface allows the cFE Application to allocate a block of memory from a previously created memory pool. -ES: Allocate Memory - Invalid ID,cES1321.2,"If the specified Memory Pool identifier is invalid then the cFE shall record the error in the System Log, and return an error code.","If the handle or Memory Pool ID is not valid, then an error must be returned." -ES: Allocate Memory - Too Large,cES1321.3,"If the specified size is too large for the specified Memory Pool, the cFE shall record the error in the System Log, and return an error code.",Cannot allocate a memory block bigger than the pool. -ES: Analyzer Log,cES1021,The cFE shall maintain an Executive Services Logic Analyzer Capture Log for capturing application specified timestamps and events for off-line performance analysis.,The Logic Analyzer Capture Log is used along with a performance log API to allow the cFE and cFE Applications to save performance data that can be downloaded. -ES: Analyzer Log Record Tag,cES1022,"Upon receipt of a Request, the cFE shall record the specified Logic Analyzer Capture Tag in the Logic Analyzer Capture Log.",The cFE Core and cFE Applications make specific calls to create log entries in the Logic Analyzer Capture Log. -ES: Analyzer Log Record Tag - Overwrite On Full,cES1022.2,"If the Logic Analyzer Capture Log is full, then the cFE shall write all new entries from the top of the log.", -ES: Analyzer Log Record Tag - Timestamp,cES1022.1,The cFE shall store a timestamp along with the specified Logic Analyzer Capture Tag.,Each entry is time-stamped. -ES: Analyzer Log Write To File,cES1023,"Upon receipt of a Command, the cFE shall copy the information contained in the Logic Analyzer Capture Log into a Command Specified file.",Want to be able to capture the log to a file for post processing. -ES: Analyzer Log Write To File - Default Filename,cES1023.1,"If a file is not specified, the cFE shall use the `` filename.",Want to have a default filename. +ES: Housekeeping Message,cES1000,"Upon receipt of a Command, the cFE shall generate a Software Bus message that includes the following items: + +- Number of Registered Applications +- Number of Registered Child Tasks +- Number of Registered Shared Libraries +- Reset Type +- Reset Subtype +- Number of entries in System Log +- Size of the System Log +- Number of bytes used in the System Log +- Current Exception and Reset Log Index +- Number of Processor Resets +- Maximum Number of Processor Resets before a Power On Reset +- Boot Source +- ES Valid Command Counter +- ES Invalid Command Counter",It is common for sub-systems to report housekeeping status upon receipt of a housekeeping request command. +ES: NOOP Event,cES1001,"Upon receipt of a Command, the cFE shall generate a NO-OP event message.",This command is useful as a general sub-system aliveness test. +ES: Valid Command Counter,cES1002,"Upon receipt of a valid Command, the cFE shall increment a valid Command counter.",The ground needs the capability to verify that the command was received and accepted by the cFE. Details of valid commands are documented in the cFE Application Developer's Guide and the cFE User's Guide. +ES: Invalid Command Counter,cES1003,"Upon receipt of an invalid Command, the cFE shall increment the invalid Command counter and generate an event message.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE Application Developer's Guide and the cFE User's Guide. +ES: Zero Command Counters,cES1004,"Upon receipt of a Command, the cFE shall set to zero the valid Command counter and invalid Command counter.","This command is a common feature in heritage sub-system software design. In general, command counter (valid and invalid) are reset." +ES: Start Application,cES1005,"Upon receipt of a Command, the cFE shall create the Command specified Application by defining the Application in the System Resources Definition using information from the Command specified file, and beginning execution of the Application.",A basic feature of the cFE is to be able to dynamically (while the cFE is running) start applications. This requirement allows for an application to be created and started from one of the cFE file systems. +ES: Start Application - Command Contents,cES1005.1,"The Command shall include the following parameters: + +- Application Path/Filename +- Application Entry Point +- Application Name +- Application Priority +- Application Stack Size +- Application Load Address +- Exception Action (restart application or perform processor reset)", +ES: Start Application - Location,cES1005.2,The Command specified cFE Application file shall be in any valid cFE file system including the volatile file system and the non-volatile file system.,"The command itself does not care about where the cFE Application comes from, it is specified In the path." +ES: Start Application - Reject Undefined,cES1005.3,"If the Command specified Application is undefined then the cFE shall reject the Command, increment the invalid command counter and generate an event message.",Can't start an undefined application. +ES: Start Application - Reject Already Running,cES1005.4,"If the Command specified Application is already defined and executing, then the cFE shall reject the Command, increment the invalid Command counter and generate an event message.",Can't start an application that is already running. +ES: Delete Application,cES1006,"Upon receipt of a Command, the cFE shall delete the Command specified Application including all child tasks.",Need to be able to stop the execution of an Application and remove its System Resources. The delete will clean-up the application's main task and all of its child tasks. Note: other cFE components are required to have cleanup routines that ES calls. +ES: Delete Application - Reject Undefined,cES1006.1,"If the specified Application is undefined then the cFE shall reject the Command, increment the invalid command counter and generate an event message.",Can't delete an undefined application. +ES: Restart Application,cES1007,"Upon receipt of a Command, the cFE shall Restart the Command specified Application.","Need to be able to restart an Application. A restart involves deleting it (cleaning up) and then starting it again. This is similar to starting the cFE Application from a file system. When an Application is restarted, the only command parameter required is the application name. All other parameters including the filename are the same as the original cFE Application Create command. The restart is intended for error recovery such as an exception, and should not be used to start a new version of an Application. If a Critical Data Store Area is allocated for the Application, it is preserved, and the Application may re-connect to the Critical Data Store Area when it is running again." +ES: Restart Application - Reject Undefined,cES1007.1,"If the Command specified Application is undefined then the cFE shall reject the Command, increment the invalid Command counter and generate an event message.",Can't restart an undefined application. +ES: Restart Application - Reject On Missing File,cES1007.2,"If the original cFE Application file is not found then the cFE shall reject the Command, increment the invalid Command counter, and generate an event message.","Can't restart the Application if the original file has been removed. In this case, the Application will continue without a restart." +ES: Restart Application - Delete On Non-Parameter Error,cES1007.3,"If the cFE Application Restart fails due to a non-parameter error, then the cFE shall delete the Application, increment the invalid Command counter, and generate an event message.","If the Application is already stopped and there is an error restarting it, then the cFE application will be deleted." +ES: Reload Application,cES1008,Upon receipt of a Command the cFE shall Reload the Command specified cFE Application from the Command specified cFE Application file.,"This command enables the ground to replace an Application with only one command. This is required for applications such as a Command Uplink Application, which must be replaced with one command. The specified cFE Application file may be from any valid cFE." +ES: Reload Application - Reject Undefined,cES1008.1,"If the specified Application is undefined then the cFE shall reject the Command, increment the invalid Command counter and generate an event message.",Can't reload an undefined Application. +ES: Reload Application - Reject On Missing File,cES1008.2,"If the specified cFE Application file does not exist then the cFE shall reject the command, increment the invalid Command counter, and generate an event message.",Can't reload the Application if the new file does not exist. +ES: Reload Application - Delete On Non-Parameter Error,cES1008.3,"If the cFE Application Reload fails due to a non-parameter error, then the cFE shall delete the Application, increment the invalid Command counter, and generate an event message.","If the Application is already stopped and there is an error restarting it, then the cFE application will be deleted. Should the old Application be restarted? Need to be able to reset the cFE in the event that there is a critical problem. As a result of the Power On Reset, all code and data are re-initialized and the cFE is returned to a default power-on state. This reset is initiated through a common interface." +ES: Power On Reset,cES1009,"Upon receipt of a Command, the cFE shall perform a Power On Reset of the Core Flight Executive.","On a flight processor or other embedded processor this command results in rebooting the processor board through the Boot Software. On a desktop system this command will result in the restarting of the cFE, but not the operating system. Note: If the cFE implementation includes more than one cFE core images, it is the responsibility of the Boot Software to select which cFE image is booted." +ES: Processor Reset,cES1010,"Upon receipt of a Command, the cFE shall perform a Processor Reset of the Core Flight Executive.","Need to be able to restart the cFE in the event that there is a problem with the Real Time OS or cFE Core software. Note that restarting the cFE will result in a restart of all of the cFE applications. In addition, a restart of the cFE will initialize the (TBD - missing text from pre 2011)." ES: Application Status Message,cES1011,"Upon receipt of a Command, the cFE shall generate a message that contains a summary of the Command specified Application's properties and state as defined in the Systems Resources Definition including: - cFE Application Name @@ -20,102 +56,117 @@ ES: Application Status Message,cES1011,"Upon receipt of a Command, the cFE shall - cFE Application Child Task Count","In order to support remote Application management then the Application's properties and current state need to be externally observable. Because the ground interface is with Applications rather than Tasks, Task information should be included as well." ES: Application Status Record To File,cES1012,"Upon receipt of a Command, the cFE shall generate a Command specified file that contains all properties and states of all cFE Applications that are defined in the Systems Resources Definition.",May want information about all applications and tasks defined in the Systems Resources Definition in order to diagnose a problem. ES: Application Status Record To File - Default Filename,cES1012.1,"If a file is not specified, the cFE shall use the `` filename.",Want to specify a default if the user does not want to specify a new filename. -ES: Calculate Data Integrity Value,cES1323,"Upon receipt of a Request, the cFE shall calculate a Data Integrity value over the given range of memory using the specified algorithm. The algorithm shall be one of the following: +ES: Pass String To Shell,cES1013,"Upon receipt of a Command, the cFE shall submit to the operating system shell, the string supplied as a parameter.","Having access to the operating system shell has proved invaluable during FSW development on missions such as JWST and Triana. Although it is available on-orbit, it is not intended to be used during normal operations." +ES: Pass String To Shell - Message Response,cES1013.1,"Upon execution of the operating system Command, the cFE shall generate one or more messages containing the ascii output generated by the operating system command.","This message will provide the ""output"" from the shell command to allow the implementation of a shell like interface to the cFE." +ES: System Log,cES1014,The cFE shall maintain an Executive Services System Log which contains a series of ASCII text strings describing significant events or errors.,"Examples of ES System Log information includes: ""Created new cFE Application: StoredCommand.app"" or ""Could Not Create OS Queue"" or ""File not found error: /eebank1/StoredCommand.app"" This requirement states that the cFE needs to maintain this information. There is a separate requirement for the creation of a file to transfer the information to the ground. Note that the information can also be obtained with a raw memory read." +ES: System Log - Timestamps,cES1014.1,Each entry in the Executive Services System Log shall be time tagged with the time that the event happened.,Need to be able to determine when the event occurred. +ES: System Log - Calculate Usage,cES1014.2,"The cFE shall calculate the number of bytes used and number of entries in +Executive Services System Log.","Ground operations need indication of how full the System Log is so that they can clear it, if necessary, in order to make room for new entries (or at least write it to a file to preserve it)." +ES: System Log - Overwrite On Full,cES1014.2.1,If the Executive Services System Log is full and the System Log Mode is set to OVERWRITE then the cFE shall write all new entries from the top of the log.,Want to provide the capability to continuously record all new System Messages. +ES: System Log - Discard On Full,cES1014.2.2,If the Executive Services Syste Log is full and the System Log Mode is set to DISCARD then the cFE shall discard all new entries.,Want to provide capability to stop writing to the System Log in order to preserve to Log which may contain important anomalous messages. +ES: System Log - Clear On Command,cES1015,"Upon receipt of a Command, the cFE shall clear the Executive Services System Log.",Want to be able to clear the Executive Services System Log Buffer so that only the new information is saved. +ES: System Log - Write To File,cES1016,"Upon receipt of a Command, the cFE shall copy the information contained in the Executive Services System Log into a Command specified file.",We did not want to count on a file system for storing the ES System errors in the event that there was a problem with the file system or the file system was not mounted yet. We did want to provide an easy ground interface for getting the data to the ground +ES: System Log - Default Filename,cES1016.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event a user does not want to have to specify one. +ES: Exception and Reset Log,cES1017,"The cFE shall maintain an Executive Services Exception and Reset Log which will log critical system data for exceptions and resets including: -- XOR: Exclusive OR -- CRC16: 16 Bit Cyclic Redundancy Check -- CRC32: 32 Bit Cyclic Redundancy Check",We need to provide a checksum/CRC utility. -ES: Copy From Critical Data Store,cES1316,"Upon receipt of a Request, the cFE shall copy the contents from the Request specified Critical Data Store to the Request specified address.",Provides the capability to restore the local data with the contents of the critical data store. -ES: Copy From Critical Data Store - Invalid Data Integrity,cES1316.1,If the Data Integrity Value is invalid then the data shall not be copied from the Critical Data Store.,Critical Data Store should be verified before restoring. Assumes that if the calculated CRC does not match the stored CRC than the CDS cannot be trusted. -ES: Copy From Critical Data Store - Non-Existent,cES1316.2,If the Request Specified Critical Data Store does not exist then the data shall not be copied.,Can't copy data if the reference is wrong. -ES: Copy To Critical Data Store,cES1328,"Upon receipt of a Request, the cFE shall copy the data starting at the Request specified address to the Request specified Critical Data Store.",Applications need to periodically copy the local data into the CDS so that it can be preserved. Note that the CDS is not required to exist on-card (local address space). This provides the capability for a mission to use off-card bulk storage. -ES: Copy To Critical Data Store - Calculate Data Integrity Value,cES1328.1,The cFE shall calculate a Data Integrity Value for the Request specified Critical Data Store and store it.,"Every time data is written to the CDS, a CRC must be recalculated in order to have a reference for any CDS validation. Note that Applications are responsible for determining whether the contents of a CDS Block are still logically valid." -ES: Copy To Critical Data Store - Invalid Critical Data Store,cES1328.2,If the Request Specified Critical Data Store does not exist then the data shall not be copied.,Can't copy data if the reference is wrong. -ES: Create Child Task,cES1311,"Upon receipt of a Request, the cFE shall create the specified cFE Child Task within the cFE Application that owns the task and begin execution of the task.",Each cFE Application's main task has the capability to create and start one or more child tasks. -ES: Create Child Task - Invalid From Child Task,cES1311.2,"In the event a child task attempts to create another child task, the cFE shall record the error in the System Log, and return an error code.",Only the cFE Application's main task can create a child task. This prevents confusion with parent/child task relationships and the allocation/deallocation of resources. -ES: Create Child Task - Report Error,cES1311.1,"In the event that the cFE Child Task cannot be created, the cFE shall record the error in the System Log, and return an error code.",Need to keep track of the Child Task Create Failures. -ES: Critical Data Store Delete,cES1027,"Upon receipt of a Command, the cFE shall delete the Command Specified Critical Data Store.","As part of an Application clean-up, want to clean-up the allocated resources." -ES: Critical Data Store Size,cES1708,The cFE shall support a `` byte Critical Data Store.,TBD seems like a reasonable size based on heritage missions. +- A time stamp +- Processor Context information +- Critical system variables +- ASCII string stating the reason for the reset","Want to be able to save state information prior to a restart (processor, power-on, application, task etc) to help with diagnosing problems. There is a separate requirement for the creation of a file to transfer the information to the ground." +ES: Exception and Reset Log - Clear On Command,cES1018,"Upon receipt of a Command, the cFE shall clear the Executive Services Exception and Reset Log.",Want to be able to clear the Executive Services Exception and Reset Log so that only the new information is saved. +ES: Exception and Reset Log - Write To File,cES1019,"Upon receipt of a Command, the cFE shall copy the information contained in the Executive Services Exception and Reset Log Buffer into a Command specified file.","The cFE Exception and Reset Log contains a large amount of data, and is variable in size. It is easier to dump the contents to a file." +ES: Exception and Reset Log - Default Filename,cES1019.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event a user does not want to have to specify one. +ES: Analyzer Log,cES1021,The cFE shall maintain an Executive Services Logic Analyzer Capture Log for capturing application specified timestamps and events for off-line performance analysis.,The Logic Analyzer Capture Log is used along with a performance log API to allow the cFE and cFE Applications to save performance data that can be downloaded. +ES: Analyzer Log Record Tag,cES1022,"Upon receipt of a Request, the cFE shall record the specified Logic Analyzer Capture Tag in the Logic Analyzer Capture Log.",The cFE Core and cFE Applications make specific calls to create log entries in the Logic Analyzer Capture Log. +ES: Analyzer Log Record Tag - Timestamp,cES1022.1,The cFE shall store a timestamp along with the specified Logic Analyzer Capture Tag.,Each entry is time-stamped. +ES: Analyzer Log Record Tag - Overwrite On Full,cES1022.2,"If the Logic Analyzer Capture Log is full, then the cFE shall write all new entries from the top of the log.", +ES: Analyzer Log Write To File,cES1023,"Upon receipt of a Command, the cFE shall copy the information contained in the Logic Analyzer Capture Log into a Command Specified file.",Want to be able to capture the log to a file for post processing. +ES: Analyzer Log Write To File - Default Filename,cES1023.1,"If a file is not specified, the cFE shall use the `` filename.",Want to have a default filename. +ES: Processor Resets Counter Reset,cES1024,"Upon receipt of a Command, the cFE shall set the Processor Resets counter to zero.",Ground may want to clear this counter so that infrequent Processor Resets don't result in a Power-on Reset. +ES: Set Maximum Processor Resets,cES1025,"Upon receipt of a Command, the cFE shall set the Maximum Processor Resets counter to the Command Specified value.","Based on ST-5 experience, want to be able to increase the maximum number of Processor Resets in order to prevent a Power-on Reset. ST-5 used these features when they were having the multiple bit errors in their recorder memory. They set both numbers to 4." ES: Critical Data Store Write To File,cES1026,"Upon receipt of a Command, the cFE shall copy the following Critical Data Store information into the Command Specified file: 1. Critical Data Store Name 2. Size 3. Data Integrity Value",This provides a registry of the Critical Data Store. -ES: De-allocate Memory,cES1322,Upon receipt of a Request the cFE shall de-allocate the specified block of memory from the specified Memory Pool.,The Memory Allocation interface allows the cFE Application to de-allocate a block of memory from a previously created memory pool. -ES: De-allocate Memory - Invalid ID,cES1322.1,"If the specified Memory Pool identifier is invalid, then the cFE shall record the error in the System Log, and return an error code.",Need to have a valid Memory Pool identifier in order to de-allocate a block of memory. -ES: Delete Application,cES1006,"Upon receipt of a Command, the cFE shall delete the Command specified Application including all child tasks.",Need to be able to stop the execution of an Application and remove its System Resources. The delete will clean-up the application's main task and all of its child tasks. Note: other cFE components are required to have cleanup routines that ES calls. +ES: Critical Data Store Delete,cES1027,"Upon receipt of a Command, the cFE shall delete the Command Specified Critical Data Store.","As part of an Application clean-up, want to clean-up the allocated resources." +ES: System Log Mode,cES1028,"Upon receipt of Command, the cFE shall set the System Log Mode to the Command-specified mode, either overwrite or discard.","While in Overwrite Mode the oldest logged System message will be overwritten by the new System message when the System Log Full Flag is set to true. While in Discard Mode the new message will be discarded, preserving the contents of the full log." +ES: Register Application,cES1300,"Upon receipt of a Request, the cFE shall register the calling cFE Application with the system.",cFE Applications must register with the cFE in order to allow the cFE to track the Application's resources. This function also allows the system to synchronize the application startup. The cFE Application will wait in this function until the cFE starts up. +ES: Report Last Reset,cES1301,"Upon receipt of a Request, the cFE shall provide the type of last reset performed by the processor.",cFE Applications may perform processing that is specific to each reset type. +ES: Report Last Reset - Types,cES1301.1,The reset types include: Power On Reset Processor Reset.,cFE Applications may perform processing that is specific to each reset type. +ES: Report Processor ID,cES1302,"Upon receipt of a Request, the cFE shall provide the Processor ID on which the Request was made.","Need to determine the Processor ID. This feature is useful in missions with multiple processors, or to help distinguish prototype vs. flight processor features." +ES: Report Spacecraft ID,cES1303,"Upon receipt of a Request, the cFE shall provide the Spacecraft ID on which the Request was made.","Need to determine the Spacecraft ID. This feature is useful in missions with multiple Spacecraft, or Spacecraft with multiple processors." +ES: Report Application ID,cES1304,"Upon receipt of a Request, the cFE shall provide the cFE Application ID of the calling cFE Application.",A cFE Application needs to determine its own Application ID. +ES: Report Task and Application Name,cES1305,"Upon receipt of a Request, the cFE shall provide the cFE Task Name and cFE Application Name which corresponds to the specified cFE Task ID.",The command will provide a way to find the cFE Task Name and the parent cFE Application name from any cFE Application or Child task. +ES: Report Application ID,cES1306,"Upon receipt of a Request, the cFE shall provide the cFE Application ID which corresponds to the specified cFE Application Name.",The Executive Services will assign an Application ID. The Application Name is specified when the cFE Application is created. This Request will provide a way to determine the cFE Application ID when the pre-determined Application Name is passed in. +ES: Report Application Name,cES1307,"Upon receipt of a Request, the cFE shall provide the cFE Application Name which corresponds to the specified cFE Application ID.",The Executive Services will assign an Application ID. This Request will provide a way to determine an Application's name from its Application ID. ES: Delete Application,cES1309,"Upon receipt of a Request, the cFE shall delete the specified Application including all child tasks.",Need to be able to stop the execution of an Application and remove its System Resources. The delete will clean-up the application's main task and all of its child tasks. Note: other cFE components are required to have cleanup routines that ES calls. -ES: Delete Application - Reject Undefined,cES1006.1,"If the specified Application is undefined then the cFE shall reject the Command, increment the invalid command counter and generate an event message.",Can't delete an undefined application. ES: Delete Application - Reject Undefined,cES1309.1,"If the specified Application is undefined then the cFE shall record the error in the System Log, and return an error code.",Can't delete an undefined application. +ES: Restart Application,cES1310,Upon receipt of a Request the cFE shall Restart the specified Application.,"Need to be able to restart an Application. A restart involves deleting it (cleaning up) and then starting it again. This is similar to starting the cFE Application from a file system. When an Application is restarted, the only parameter required is the application name. All other parameters including the filename are the same as the original cFE Application Create Request. The restart is intended for error recovery such as an exception, and should not be used to start a new version of an Application. If a Critical Data Store Area is allocated for the Application, it is preserved, and the Application may re-connect to the Critical Data Store Area when it is running again." +ES: Restart Application- Reject Undefined,cES1310.1,"If the specified Application is undefined then the cFE shall record the error in the System Log, and return an error code.",Can't restart an undefined application. +ES: Restart Application - Reject On Missing File,cES1310.2,"If the original cFE Application file is not found then the cFE shall record the error in the System Log, and return an error code.","Can't restart the Application if the original file has been removed. In this case, the Application will continue without a restart." +ES: Restart Application - Delete On Non-Parameter Error,cES1310.3,"If the cFE Application Restart fails due to a non-parameter error, then the cFE shall record the error in the System Log, and return an error code.","If the Application is already stopped and there is an error restarting it, then the cFE application will be deleted." +ES: Create Child Task,cES1311,"Upon receipt of a Request, the cFE shall create the specified cFE Child Task within the cFE Application that owns the task and begin execution of the task.",Each cFE Application's main task has the capability to create and start one or more child tasks. +ES: Create Child Task - Report Error,cES1311.1,"In the event that the cFE Child Task cannot be created, the cFE shall record the error in the System Log, and return an error code.",Need to keep track of the Child Task Create Failures. +ES: Create Child Task - Invalid From Child Task,cES1311.2,"In the event a child task attempts to create another child task, the cFE shall record the error in the System Log, and return an error code.",Only the cFE Application's main task can create a child task. This prevents confusion with parent/child task relationships and the allocation/deallocation of resources. ES: Delete Child Task,cES1312,"Upon receipt of a Request, the cFE shall delete the specified cFE Child Task within the cFE Application that owns the task.","As part of a cFE Application cleanup, the Application needs to be able to delete each child task." ES: Delete Child Task - Error If Application Main Task,cES1312.1,"If the specified task is the cFE Application Main Task, the request shall record the error in the System Log, and return an error code.",Cannot use Child Task Exit or Delete on the cFE Application Main Task. -ES: Detect FP Exceptions,cES1703,The cFE shall detect all unmasked processor Floating Point Exceptions.,"The low level BSP routines allow the mission to determine what Floating Point exceptions are masked, and what Floating Point exceptions can interrupt the software." -ES: Detect FP Exceptions - Log,cES1703.1,"Upon detection of an unmasked Floating Point exception, the cFE shall add an entry in the Executive Services Exception and Reset Log.",Need to log unmasked Floating Point exceptions so that the ground can have visibility into the exception. -ES: Detect FP Exceptions - Platform Response,cES1703.3,If the Floating Point exception was caused by the OS or cFE Core then the cFE shall initiate a `` response.,"An exception in the cFE core or OS will restart the cFE, which results in all cFE Applications being restarted." -ES: Detect FP Exceptions - Restart App,cES1703.2,"If the Floating Point exception was caused by a cFE Application and the Exception Action indicates that the Application can be started individually, the cFE shall restart the cFE Application that caused the exception.","Want the capability to restart an individual application on a processor reset. Not all Applications should be started individually as they may have some dependencies that result in undesirable behavior. When the Application is started, one of the parameters is whether to restart the app of perform a cFE processor reset." -ES: Detect Unmasked Exceptions,cES1702,The cFE shall detect all unmasked CPU exceptions.,Need to be able to detect processor exceptions so that the appropriate action can be taken. -ES: Detect Unmasked Exceptions - Log,cES1702.1,"Upon detection of a CPU exception, the cFE shall add an entry in the Executive Services Exception And Reset Log.",Need to log processor exceptions so that the ground can have visibility into the exception. -ES: Detect Unmasked Exceptions - Platform Response,cES1702.3,If the CPU exception was caused by the Operating System or cFE Core then the cFE shall initiate a `` response.,"An exception in the cFE core or OS will restart the cFE, which results in all cFE Applications being restarted." -ES: Detect Unmasked Exceptions - Restart App,cES1702.2,"If the CPU exception was caused by a cFE Application and the Exception Action indicates that the Application can be started individually, the cFE shall restart the cFE Application that caused the exception.","In most cases, restarting the cFE application will clear up the problem. In some cases, however, applications are tightly coupled with other applications in which case, starting an individual application may have undesirable consequences. The cFE should provide the ability to define if the application should can be restarted or if a processor reset should occur." +ES: Register Child Task,cES1313,"Upon receipt of a Request, the cFE shall register the calling cFE Child Task with the system.","Just like cFE Applications, Child Tasks must be registered to work properly in the cFE. This function call is intended to be called by the newly created cFE Child Task." ES: End Child Task,cES1314,"Upon receipt of a Request, the cFE shall end execution of the calling cFE Child Task.", cFE Child Task needs to be able to exit and end execution. ES: End Child Task - Error If Application Main Task,cES1314.1,"If the calling task is the cFE Application Main Task, the cFE shall record the error in the System Log, and return an error code.",Cannot use Child Task Exit or Delete on the cFE Application Main Task. -ES: Exception And Reset Log Size,cES1707,The cFE shall support a `` byte Executive Services Exception And Reset Log.,TBD seems like a reasonable size based on heritage missions. -ES: Exception and Reset Log,cES1017,"The cFE shall maintain an Executive Services Exception and Reset Log which will log critical system data for exceptions and resets including: - -- A time stamp -- Processor Context information -- Critical system variables -- ASCII string stating the reason for the reset","Want to be able to save state information prior to a restart (processor, power-on, application, task etc) to help with diagnosing problems. There is a separate requirement for the creation of a file to transfer the information to the ground." -ES: Exception and Reset Log - Clear On Command,cES1018,"Upon receipt of a Command, the cFE shall clear the Executive Services Exception and Reset Log.",Want to be able to clear the Executive Services Exception and Reset Log so that only the new information is saved. -ES: Exception and Reset Log - Default Filename,cES1019.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event a user does not want to have to specify one. -ES: Exception and Reset Log - Write To File,cES1019,"Upon receipt of a Command, the cFE shall copy the information contained in the Executive Services Exception and Reset Log Buffer into a Command specified file.","The cFE Exception and Reset Log contains a large amount of data, and is variable in size. It is easier to dump the contents to a file." +ES: Reserve Critical Data Store,cES1315,"Upon receipt of a Request, the cFE shall reserve the Request specified amount of memory in the Critical Data Store for the cFE Application using the Request specified name.",The Critical Data Store will be used by Applications to store critical parameters that will be preserved after an application or processor restart. ES will allocate the memory for the application. A pointer or memory address will be provided to the alloc. +ES: Reserve Critical Data Store - Size Change,cES1315.1,"If a Critical Data Store exists for the Request specified name but has a different size than what is specified in the Request, the cFE shall remove the existing Critical Data Store and create a new one using the Request specified name and size.",Assumes that if the sizes don't match then something has changed and the CDS can't be trusted. +ES: Reserve Critical Data Store - Invalid Data Integrity,cES1315.2,"If a Critical Data Store exists for the Request specified name but the Data Integrity value is invalid, the cFE shall remove the existing Critical Data Store and create a new one using the Request specified name and size.",Assumes that if the CRC is invalid then the CDS can't be trusted. +ES: Copy From Critical Data Store,cES1316,"Upon receipt of a Request, the cFE shall copy the contents from the Request specified Critical Data Store to the Request specified address.",Provides the capability to restore the local data with the contents of the critical data store. +ES: Copy From Critical Data Store - Invalid Data Integrity,cES1316.1,If the Data Integrity Value is invalid then the data shall not be copied from the Critical Data Store.,Critical Data Store should be verified before restoring. Assumes that if the calculated CRC does not match the stored CRC than the CDS cannot be trusted. +ES: Copy From Critical Data Store - Non-Existent,cES1316.2,If the Request Specified Critical Data Store does not exist then the data shall not be copied.,Can't copy data if the reference is wrong. +ES: Power On Reset,cES1317,"Upon receipt of a Request, the cFE shall perform a Power On Reset of the Core Flight Executive.","Need to be able to reset the cFE in the event that there is a critical problem. The direct call is provided in the case where the normal task message passing is not working. As a result of the Power On Reset, all code and data are re-initialized and the cFE is returned to it’s default power-on state." +ES: Processor Reset,cES1318,"Upon receipt of a Request, the cFE shall perform a Processor Reset of the Core Flight Executive.",Need to be able to restart the cFE in the event that there is a problem with the cFE core. The direct call is provided in the case where the normal task message passing is not working. ES: Exit Application,cES1319,"Upon receipt of a Request, the cFE shall exit the calling cFE Application and delete the Applications' resources.",Need to have a cFE program exit. This request can be used for both critical errors and a planned shutdown of a cFE application. -ES: Housekeeping Message,cES1000,"Upon receipt of a Command, the cFE shall generate a Software Bus message that includes the following items: +ES: Prepare Memory Pool,cES1320,"Upon receipt of a Request, the cFE shall prepare a Memory Pool for run time memory allocation/de-allocation.","The Memory Allocation interface allows the cFE Application to supply a Pool of memory, which can be used for efficient memory allocation and de-allocation." +ES: Prepare Memory Pool - Too Small,cES1320.1,"If the specified size is less than the minimum block size, the cFE shall record the error in the System Log, and return an error code.","If the size of the Pool is not valid, then an error must be returned." +ES: Allocate Memory,cES1321,Upon receipt of a Request the cFE shall allocate a block of memory of the specified size from the specified Memory Pool.,The Memory Allocation interface allows the cFE Application to allocate a block of memory from a previously created memory pool. +ES: Allocate Memory - Invalid ID,cES1321.2,"If the specified Memory Pool identifier is invalid then the cFE shall record the error in the System Log, and return an error code.","If the handle or Memory Pool ID is not valid, then an error must be returned." +ES: Allocate Memory - Too Large,cES1321.3,"If the specified size is too large for the specified Memory Pool, the cFE shall record the error in the System Log, and return an error code.",Cannot allocate a memory block bigger than the pool. +ES: De-allocate Memory,cES1322,Upon receipt of a Request the cFE shall de-allocate the specified block of memory from the specified Memory Pool.,The Memory Allocation interface allows the cFE Application to de-allocate a block of memory from a previously created memory pool. +ES: De-allocate Memory - Invalid ID,cES1322.1,"If the specified Memory Pool identifier is invalid, then the cFE shall record the error in the System Log, and return an error code.",Need to have a valid Memory Pool identifier in order to de-allocate a block of memory. +ES: Calculate Data Integrity Value,cES1323,"Upon receipt of a Request, the cFE shall calculate a Data Integrity value over the given range of memory using the specified algorithm. The algorithm shall be one of the following: -- Number of Registered Applications -- Number of Registered Child Tasks -- Number of Registered Shared Libraries -- Reset Type -- Reset Subtype -- Number of entries in System Log -- Size of the System Log -- Number of bytes used in the System Log -- Current Exception and Reset Log Index -- Number of Processor Resets -- Maximum Number of Processor Resets before a Power On Reset -- Boot Source -- ES Valid Command Counter -- ES Invalid Command Counter",It is common for sub-systems to report housekeeping status upon receipt of a housekeeping request command. -ES: Invalid Command Counter,cES1003,"Upon receipt of an invalid Command, the cFE shall increment the invalid Command counter and generate an event message.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE Application Developer's Guide and the cFE User's Guide. -ES: Maximum Apps,cES1700,The cFE shall support a maximum `` cFE Applications.,TBD has never been exceeded on past missions. Need to bound the number of Applications in order to size the Systems Resources information. -ES: Maximum Processor Resets,cES1709,"If the cFE Core goes through `` Maximum Processor Resets, the cFE shall initiate a Power-On Reset of the cFE.","After a number of Processor Resets, the cFE will attempt to recover by doing a Power-on Reset." -ES: NOOP Event,cES1001,"Upon receipt of a Command, the cFE shall generate a NO-OP event message.",This command is useful as a general sub-system aliveness test. -ES: Non-Volatile File System Size,cES1705,The cFE shall support a `` byte non-volatile file system.,TBD seems like a reasonable size based on heritage missions. -ES: Pass String To Shell,cES1013,"Upon receipt of a Command, the cFE shall submit to the operating system shell, the string supplied as a parameter.","Having access to the operating system shell has proved invaluable during FSW development on missions such as JWST and Triana. Although it is available on-orbit, it is not intended to be used during normal operations." -ES: Pass String To Shell - Message Response,cES1013.1,"Upon execution of the operating system Command, the cFE shall generate one or more messages containing the ascii output generated by the operating system command.","This message will provide the ""output"" from the shell command to allow the implementation of a shell like interface to the cFE." -ES: Power On Reset,cES1009,"Upon receipt of a Command, the cFE shall perform a Power On Reset of the Core Flight Executive.","On a flight processor or other embedded processor this command results in rebooting the processor board through the Boot Software. On a desktop system this command will result in the restarting of the cFE, but not the operating system. Note: If the cFE implementation includes more than one cFE core images, it is the responsibility of the Boot Software to select which cFE image is booted." -ES: Power On Reset,cES1317,"Upon receipt of a Request, the cFE shall perform a Power On Reset of the Core Flight Executive.","Need to be able to reset the cFE in the event that there is a critical problem. The direct call is provided in the case where the normal task message passing is not working. As a result of the Power On Reset, all code and data are re-initialized and the cFE is returned to it’s default power-on state." -ES: Power On Reset Clear Critical Data Store,cES1504,"Upon a Power-On Reset, the cFE shall clear the contents of the Critical Data Store.",The purpose of the critical data store is to save data that an Application wants to preserve across a processor restart. This area will be cleared during a Power-On Reset. -ES: Power On Reset Clear Exception and Reset Log,cES1502,"Upon a Power-On Reset, the cFE shall clear the Executive Services Exception and Reset Log.",Want to be able to get a snapshot of some critical parameters prior to a reset as well as log the resets that have occurred. +- XOR: Exclusive OR +- CRC16: 16 Bit Cyclic Redundancy Check +- CRC32: 32 Bit Cyclic Redundancy Check",We need to provide a checksum/CRC utility. +ES: Copy To Critical Data Store,cES1328,"Upon receipt of a Request, the cFE shall copy the data starting at the Request specified address to the Request specified Critical Data Store.",Applications need to periodically copy the local data into the CDS so that it can be preserved. Note that the CDS is not required to exist on-card (local address space). This provides the capability for a mission to use off-card bulk storage. +ES: Copy To Critical Data Store - Calculate Data Integrity Value,cES1328.1,The cFE shall calculate a Data Integrity Value for the Request specified Critical Data Store and store it.,"Every time data is written to the CDS, a CRC must be recalculated in order to have a reference for any CDS validation. Note that Applications are responsible for determining whether the contents of a CDS Block are still logically valid." +ES: Copy To Critical Data Store - Invalid Critical Data Store,cES1328.2,If the Request Specified Critical Data Store does not exist then the data shall not be copied.,Can't copy data if the reference is wrong. +ES: Power On Reset Identify Sub-Type,cES1500,"Upon a Power-on Reset, the cFE shall identify the Power On reset sub-type.",Each mission may want to further distinguish between Processor reset types in order to tailor their system's behavior. For example a mission may want to take different behavior for a watchdog time out and the execution of the processor's reset instructions. ES: Power On Reset Clear System Log,cES1501,"Upon a Power-On Reset, the cFE shall clear the Executive Services System Log.",Want to be able to determine what errors are logged by the cFE. This log is not preserved on a Power-On reset. +ES: Power On Reset Clear Exception and Reset Log,cES1502,"Upon a Power-On Reset, the cFE shall clear the Executive Services Exception and Reset Log.",Want to be able to get a snapshot of some critical parameters prior to a reset as well as log the resets that have occurred. ES: Power On Reset Clear Volatile File System,cES1503,"Upon a Power-On Reset, the cFE shall clear the Volatile File system.",The Volatile File system is initialized during a Power-on Reset. +ES: Power On Reset Clear Critical Data Store,cES1504,"Upon a Power-On Reset, the cFE shall clear the contents of the Critical Data Store.",The purpose of the critical data store is to save data that an Application wants to preserve across a processor restart. This area will be cleared during a Power-On Reset. ES: Power On Reset Create OS Objects,cES1505,"Upon a Power-on Reset, the cFE shall create all operating system objects required by the cFE.","This is a table driven startup that includes: Core cFE Applications, semaphores, queues, and shared memory segments. It can also contain calls to initialize device drivers and interrupts." -ES: Power On Reset Exception and Reset Log Entry,cES1509,"Upon a Power On Reset, the cFE shall make an entry in the Executive Services Exception and Reset Log, recording the Power On Reset.",One purpose of the Executive Services Exception and Reset Log is to log all resets. -ES: Power On Reset Identify Sub-Type,cES1500,"Upon a Power-on Reset, the cFE shall identify the Power On reset sub-type.",Each mission may want to further distinguish between Processor reset types in order to tailor their system's behavior. For example a mission may want to take different behavior for a watchdog time out and the execution of the processor's reset instructions. ES: Power On Reset Mount Non-Volatile File System,cES1506,"Upon a Power-on Reset, the cFE shall mount the non-volatile file system.","Non-volatile file system contains the files for each of the cFE Applications. On a Power-On reset, the external cFE Applications are loaded from the Volatile file system." +ES: Power On Reset Set Up Volatile File System,cES1507,"Upon a Power-on Reset, the cFE shall create, format and mount the volatile file system.","The volatile file system is a key part of the cFE. It is used for logs, data files and new cFE Applications." ES: Power On Reset Process Startup File,cES1508,"Upon a Power-on Reset, the cFE shall process all entries in the cFE Startup File located in the non-volatile file system.","There is a file that contains all of the Applications, Shared Libraries, and Device Drivers that are to be created and started." -ES: Power On Reset Process Startup File - Init Libs,cES1508.2,The cFE shall create and initialize cFE Shared Libraries according to the entry in the cFE Startup File.,The cFE supports creating and initializing cFE Shared Libraries during system startup. ES: Power On Reset Process Startup File - Start Apps,cES1508.1,The cFE shall create and start cFE Applications according to the entry in the cFE Startup File.,The cFE supports loading and creating new cFE Applications during system startup. -ES: Power On Reset Set Up Volatile File System,cES1507,"Upon a Power-on Reset, the cFE shall create, format and mount the volatile file system.","The volatile file system is a key part of the cFE. It is used for logs, data files and new cFE Applications." -ES: Prepare Memory Pool,cES1320,"Upon receipt of a Request, the cFE shall prepare a Memory Pool for run time memory allocation/de-allocation.","The Memory Allocation interface allows the cFE Application to supply a Pool of memory, which can be used for efficient memory allocation and de-allocation." -ES: Prepare Memory Pool - Too Small,cES1320.1,"If the specified size is less than the minimum block size, the cFE shall record the error in the System Log, and return an error code.","If the size of the Pool is not valid, then an error must be returned." -ES: Processor Reset,cES1010,"Upon receipt of a Command, the cFE shall perform a Processor Reset of the Core Flight Executive.","Need to be able to restart the cFE in the event that there is a problem with the Real Time OS or cFE Core software. Note that restarting the cFE will result in a restart of all of the cFE applications. In addition, a restart of the cFE will initialize the (TBD - missing text from pre 2011)." -ES: Processor Reset,cES1318,"Upon receipt of a Request, the cFE shall perform a Processor Reset of the Core Flight Executive.",Need to be able to restart the cFE in the event that there is a problem with the cFE core. The direct call is provided in the case where the normal task message passing is not working. +ES: Power On Reset Process Startup File - Init Libs,cES1508.2,The cFE shall create and initialize cFE Shared Libraries according to the entry in the cFE Startup File.,The cFE supports creating and initializing cFE Shared Libraries during system startup. +ES: Power On Reset Exception and Reset Log Entry,cES1509,"Upon a Power On Reset, the cFE shall make an entry in the Executive Services Exception and Reset Log, recording the Power On Reset.",One purpose of the Executive Services Exception and Reset Log is to log all resets. +ES: Processor Reset Identify Sub-Type,cES1510,"Upon a Processor Reset, the cFE shall identify the Processor reset sub-type.",Each mission may want to further distinguish between Processor reset types in order to tailor their system's behavior. For example a mission may want to take different behavior for a watchdog time out and the execution of the processor's reset instructions. +ES: Processor Reset Preserve System Log,cES1511,"Upon a Processor Reset, the cFE shall preserve the Executive Services System Log.",Want to be able to determine what errors are logged by the cFE. This log is not preserved on a Power-On reset. +ES: Processor Reset Preserve Exception and Reset Log,cES1512,"Upon a Processor Reset, the cFE shall preserve the Executive Services Exception and Reset Log.",ES needs to retain this information to support diagnosing cause of processor reset as well as preserving information that is required to count the number of resets. +ES: Processor Reset Preserve Volatile File System,cES1513,"Upon a Processor Reset, the cFE shall preserve the Volatile File system.","During a processor reset, the Volatile File System and it's contents will be preserved." +ES: Processor Reset Preserve Critical Data Store,cES1514,"Upon a Processor Reset, the cFE shall preserve the contents of the Critical Data Store.",The purpose of the critical data store is to save data that an Application wants to preserve across a processor restart. ES: Processor Reset Create OS Objects,cES1515,"Upon a Processor Reset, the cFE shall create all operating system objects required by the cFE.","Items such as tasks, semaphores, queues, and shared memory segments would be initialized." ES: Processor Reset Create OS Objects - Platform Response On Failure,cES1515.1,"If the creation of the operating system object fails, the cFE shall perform a `` response.","The response to operating system object creation failure depends on the platform configuration, and is abstracted at the platform layer." -ES: Processor Reset Exception and Reset Log Entry,cES1520,"Upon a Processor Reset, the cFE shall make an entry in the Executive Services Exception and Reset Log recording the Processor Reset.",The purpose of the Executive Services Exception and Reset Log is to log all resets and all exceptions that occur. -ES: Processor Reset Identify Sub-Type,cES1510,"Upon a Processor Reset, the cFE shall identify the Processor reset sub-type.",Each mission may want to further distinguish between Processor reset types in order to tailor their system's behavior. For example a mission may want to take different behavior for a watchdog time out and the execution of the processor's reset instructions. ES: Processor Reset Mount Non-Volatile File System,cES1516,"Upon a Processor Reset, the cFE shall mount the non-volatile file system.","Non-volatile file system contains the files for each of the cFE Applications. On a Power-On reset, the external cFE Applications can be loaded from the Volatile file system." +ES: Processor Reset Set Up Volatile File System,cES1517,"Upon a Processor Reset, the cFE shall check and mount the volatile file system.",Want to preserve the Volatile file system across a processor reset. +ES: Processor Reset Set Up Volatile File System - Format On Failure,cES1517.1,"If the volatile file system check fails, the cFE shall format the volatile file system and create a system log entry.","If the volatile file system is corrupt, it must be reformatted to allow the cFE to function." +ES: Processor Reset Process Volatile Startup File,cES1518,"Upon a Processor Reset, the cFE shall process all entries in the cFE Startup File located in the volatile file system.",There is a file that contains all of the cFE Applications and Shared Libraries that are to be loaded and started. The cFE will check to see if this file is in the volatile file system. This file facilitates restarting a processor using patches that were made. +ES: Processor Reset Process Volatile Startup File - Start Apps,cES1518.1,The cFE shall create and start cFE Applications according to the entry in the cFE Startup File.,The cFE supports loading and creating new cFE Applications during system startup. +ES: Processor Reset Process Volatile Startup File - Init Libs,cES1518.2,The cFE shall create and initialize Shared Libraries according to the entry in the cFE Startup File.,The cFE supports loading and initializing cFE Shared Libraries during system startup. +ES: Processor Reset Process Non-Volatile Startup File,cES1519,If the system startup file is not present in the volatile file system then the cFE shall process all entries in the cFE Startup File located in the non-volatile file system.,Need to have a default system startup file which is used if there is no system startup file in volatile memory. +ES: Processor Reset Process Non-Volatile Startup File - Start Apps,cES1519.1,The cFE shall create and start cFE Applications according to the entry in the cFE Startup File.,The cFE supports loading and creating new cFE Applications during system startup. +ES: Processor Reset Process Non-Volatile Startup File - Init Libs,cES1519.2,The cFE shall create and initialize Shared Libraries according to the entry in the cFE Startup File.,The cFE supports loading and initializing cFE Shared Libraries during system startup. +ES: Processor Reset Exception and Reset Log Entry,cES1520,"Upon a Processor Reset, the cFE shall make an entry in the Executive Services Exception and Reset Log recording the Processor Reset.",The purpose of the Executive Services Exception and Reset Log is to log all resets and all exceptions that occur. ES: Processor Reset Preservation List,cES1521,"Upon a Processor Reset, the cFE shall preserve the following: - Boot Source @@ -127,87 +178,94 @@ ES: Processor Reset Preservation List,cES1521,"Upon a Processor Reset, the cFE s - Number of entries in System Log - Size of System Log - Number of bytes used in the System Log",The purpose of the Executive Services Exception and Reset Log is to log all resets and all exceptions that occur. -ES: Processor Reset Preserve Critical Data Store,cES1514,"Upon a Processor Reset, the cFE shall preserve the contents of the Critical Data Store.",The purpose of the critical data store is to save data that an Application wants to preserve across a processor restart. -ES: Processor Reset Preserve Exception and Reset Log,cES1512,"Upon a Processor Reset, the cFE shall preserve the Executive Services Exception and Reset Log.",ES needs to retain this information to support diagnosing cause of processor reset as well as preserving information that is required to count the number of resets. -ES: Processor Reset Preserve System Log,cES1511,"Upon a Processor Reset, the cFE shall preserve the Executive Services System Log.",Want to be able to determine what errors are logged by the cFE. This log is not preserved on a Power-On reset. -ES: Processor Reset Preserve Volatile File System,cES1513,"Upon a Processor Reset, the cFE shall preserve the Volatile File system.","During a processor reset, the Volatile File System and it's contents will be preserved." -ES: Processor Reset Process Non-Volatile Startup File,cES1519,If the system startup file is not present in the volatile file system then the cFE shall process all entries in the cFE Startup File located in the non-volatile file system.,Need to have a default system startup file which is used if there is no system startup file in volatile memory. -ES: Processor Reset Process Non-Volatile Startup File - Start Apps,cES1519.1,The cFE shall create and start cFE Applications according to the entry in the cFE Startup File.,The cFE supports loading and creating new cFE Applications during system startup. -ES: Processor Reset Process Non-Volatile Startup File - Init Libs,cES1519.2,The cFE shall create and initialize Shared Libraries according to the entry in the cFE Startup File.,The cFE supports loading and initializing cFE Shared Libraries during system startup. -ES: Processor Reset Process Volatile Startup File,cES1518,"Upon a Processor Reset, the cFE shall process all entries in the cFE Startup File located in the volatile file system.",There is a file that contains all of the cFE Applications and Shared Libraries that are to be loaded and started. The cFE will check to see if this file is in the volatile file system. This file facilitates restarting a processor using patches that were made. -ES: Processor Reset Process Volatile Startup File - Start Apps,cES1518.1,The cFE shall create and start cFE Applications according to the entry in the cFE Startup File.,The cFE supports loading and creating new cFE Applications during system startup. -ES: Processor Reset Process Volatile Startup File - Init Libs,cES1518.2,The cFE shall create and initialize Shared Libraries according to the entry in the cFE Startup File.,The cFE supports loading and initializing cFE Shared Libraries during system startup. ES: Processor Reset Set System Log Mode To Discard,cES1522,"Upon a Processor Reset, the cFE shall set the System Log Mode to discard.",Want to preserve the System Events that may have captured the cause of the processor reset. -ES: Processor Reset Set Up Volatile File System,cES1517,"Upon a Processor Reset, the cFE shall check and mount the volatile file system.",Want to preserve the Volatile file system across a processor reset. -ES: Processor Reset Set Up Volatile File System - Format On Failure,cES1517.1,"If the volatile file system check fails, the cFE shall format the volatile file system and create a system log entry.","If the volatile file system is corrupt, it must be reformatted to allow the cFE to function." -ES: Processor Resets Counter Reset,cES1024,"Upon receipt of a Command, the cFE shall set the Processor Resets counter to zero.",Ground may want to clear this counter so that infrequent Processor Resets don't result in a Power-on Reset. -ES: Register Application,cES1300,"Upon receipt of a Request, the cFE shall register the calling cFE Application with the system.",cFE Applications must register with the cFE in order to allow the cFE to track the Application's resources. This function also allows the system to synchronize the application startup. The cFE Application will wait in this function until the cFE starts up. -ES: Register Child Task,cES1313,"Upon receipt of a Request, the cFE shall register the calling cFE Child Task with the system.","Just like cFE Applications, Child Tasks must be registered to work properly in the cFE. This function call is intended to be called by the newly created cFE Child Task." -ES: Reload Application,cES1008,Upon receipt of a Command the cFE shall Reload the Command specified cFE Application from the Command specified cFE Application file.,"This command enables the ground to replace an Application with only one command. This is required for applications such as a Command Uplink Application, which must be replaced with one command. The specified cFE Application file may be from any valid cFE." -ES: Reload Application - Delete On Non-Parameter Error,cES1008.3,"If the cFE Application Reload fails due to a non-parameter error, then the cFE shall delete the Application, increment the invalid Command counter, and generate an event message.","If the Application is already stopped and there is an error restarting it, then the cFE application will be deleted. Should the old Application be restarted? Need to be able to reset the cFE in the event that there is a critical problem. As a result of the Power On Reset, all code and data are re-initialized and the cFE is returned to a default power-on state. This reset is initiated through a common interface." -ES: Reload Application - Reject On Missing File,cES1008.2,"If the specified cFE Application file does not exist then the cFE shall reject the command, increment the invalid Command counter, and generate an event message.",Can't reload the Application if the new file does not exist. -ES: Reload Application - Reject Undefined,cES1008.1,"If the specified Application is undefined then the cFE shall reject the Command, increment the invalid Command counter and generate an event message.",Can't reload an undefined Application. -ES: Report Application ID,cES1304,"Upon receipt of a Request, the cFE shall provide the cFE Application ID of the calling cFE Application.",A cFE Application needs to determine its own Application ID. -ES: Report Application ID,cES1306,"Upon receipt of a Request, the cFE shall provide the cFE Application ID which corresponds to the specified cFE Application Name.",The Executive Services will assign an Application ID. The Application Name is specified when the cFE Application is created. This Request will provide a way to determine the cFE Application ID when the pre-determined Application Name is passed in. -ES: Report Application Name,cES1307,"Upon receipt of a Request, the cFE shall provide the cFE Application Name which corresponds to the specified cFE Application ID.",The Executive Services will assign an Application ID. This Request will provide a way to determine an Application's name from its Application ID. -ES: Report Last Reset,cES1301,"Upon receipt of a Request, the cFE shall provide the type of last reset performed by the processor.",cFE Applications may perform processing that is specific to each reset type. -ES: Report Last Reset - Types,cES1301.1,The reset types include: Power On Reset Processor Reset.,cFE Applications may perform processing that is specific to each reset type. -ES: Report Processor ID,cES1302,"Upon receipt of a Request, the cFE shall provide the Processor ID on which the Request was made.","Need to determine the Processor ID. This feature is useful in missions with multiple processors, or to help distinguish prototype vs. flight processor features." -ES: Report Spacecraft ID,cES1303,"Upon receipt of a Request, the cFE shall provide the Spacecraft ID on which the Request was made.","Need to determine the Spacecraft ID. This feature is useful in missions with multiple Spacecraft, or Spacecraft with multiple processors." -ES: Report Task and Application Name,cES1305,"Upon receipt of a Request, the cFE shall provide the cFE Task Name and cFE Application Name which corresponds to the specified cFE Task ID.",The command will provide a way to find the cFE Task Name and the parent cFE Application name from any cFE Application or Child task. -ES: Reserve Critical Data Store,cES1315,"Upon receipt of a Request, the cFE shall reserve the Request specified amount of memory in the Critical Data Store for the cFE Application using the Request specified name.",The Critical Data Store will be used by Applications to store critical parameters that will be preserved after an application or processor restart. ES will allocate the memory for the application. A pointer or memory address will be provided to the alloc. -ES: Reserve Critical Data Store - Invalid Data Integrity,cES1315.2,"If a Critical Data Store exists for the Request specified name but the Data Integrity value is invalid, the cFE shall remove the existing Critical Data Store and create a new one using the Request specified name and size.",Assumes that if the CRC is invalid then the CDS can't be trusted. -ES: Reserve Critical Data Store - Size Change,cES1315.1,"If a Critical Data Store exists for the Request specified name but has a different size than what is specified in the Request, the cFE shall remove the existing Critical Data Store and create a new one using the Request specified name and size.",Assumes that if the sizes don't match then something has changed and the CDS can't be trusted. -ES: Restart Application,cES1007,"Upon receipt of a Command, the cFE shall Restart the Command specified Application.","Need to be able to restart an Application. A restart involves deleting it (cleaning up) and then starting it again. This is similar to starting the cFE Application from a file system. When an Application is restarted, the only command parameter required is the application name. All other parameters including the filename are the same as the original cFE Application Create command. The restart is intended for error recovery such as an exception, and should not be used to start a new version of an Application. If a Critical Data Store Area is allocated for the Application, it is preserved, and the Application may re-connect to the Critical Data Store Area when it is running again." -ES: Restart Application,cES1310,Upon receipt of a Request the cFE shall Restart the specified Application.,"Need to be able to restart an Application. A restart involves deleting it (cleaning up) and then starting it again. This is similar to starting the cFE Application from a file system. When an Application is restarted, the only parameter required is the application name. All other parameters including the filename are the same as the original cFE Application Create Request. The restart is intended for error recovery such as an exception, and should not be used to start a new version of an Application. If a Critical Data Store Area is allocated for the Application, it is preserved, and the Application may re-connect to the Critical Data Store Area when it is running again." -ES: Restart Application - Delete On Non-Parameter Error,cES1007.3,"If the cFE Application Restart fails due to a non-parameter error, then the cFE shall delete the Application, increment the invalid Command counter, and generate an event message.","If the Application is already stopped and there is an error restarting it, then the cFE application will be deleted." -ES: Restart Application - Delete On Non-Parameter Error,cES1310.3,"If the cFE Application Restart fails due to a non-parameter error, then the cFE shall record the error in the System Log, and return an error code.","If the Application is already stopped and there is an error restarting it, then the cFE application will be deleted." -ES: Restart Application - Reject On Missing File,cES1007.2,"If the original cFE Application file is not found then the cFE shall reject the Command, increment the invalid Command counter, and generate an event message.","Can't restart the Application if the original file has been removed. In this case, the Application will continue without a restart." -ES: Restart Application - Reject On Missing File,cES1310.2,"If the original cFE Application file is not found then the cFE shall record the error in the System Log, and return an error code.","Can't restart the Application if the original file has been removed. In this case, the Application will continue without a restart." -ES: Restart Application - Reject Undefined,cES1007.1,"If the Command specified Application is undefined then the cFE shall reject the Command, increment the invalid Command counter and generate an event message.",Can't restart an undefined application. -ES: Restart Application- Reject Undefined,cES1310.1,"If the specified Application is undefined then the cFE shall record the error in the System Log, and return an error code.",Can't restart an undefined application. -ES: Set Maximum Processor Resets,cES1025,"Upon receipt of a Command, the cFE shall set the Maximum Processor Resets counter to the Command Specified value.","Based on ST-5 experience, want to be able to increase the maximum number of Processor Resets in order to prevent a Power-on Reset. ST-5 used these features when they were having the multiple bit errors in their recorder memory. They set both numbers to 4." -ES: Start Application,cES1005,"Upon receipt of a Command, the cFE shall create the Command specified Application by defining the Application in the System Resources Definition using information from the Command specified file, and beginning execution of the Application.",A basic feature of the cFE is to be able to dynamically (while the cFE is running) start applications. This requirement allows for an application to be created and started from one of the cFE file systems. -ES: Start Application - Command Contents,cES1005.1,"The Command shall include the following parameters: - -- Application Path/Filename -- Application Entry Point -- Application Name -- Application Priority -- Application Stack Size -- Application Load Address -- Exception Action (restart application or perform processor reset)", -ES: Start Application - Location,cES1005.2,The Command specified cFE Application file shall be in any valid cFE file system including the volatile file system and the non-volatile file system.,"The command itself does not care about where the cFE Application comes from, it is specified In the path." -ES: Start Application - Reject Already Running,cES1005.4,"If the Command specified Application is already defined and executing, then the cFE shall reject the Command, increment the invalid Command counter and generate an event message.",Can't start an application that is already running. -ES: Start Application - Reject Undefined,cES1005.3,"If the Command specified Application is undefined then the cFE shall reject the Command, increment the invalid command counter and generate an event message.",Can't start an undefined application. -ES: System Log,cES1014,The cFE shall maintain an Executive Services System Log which contains a series of ASCII text strings describing significant events or errors.,"Examples of ES System Log information includes: ""Created new cFE Application: StoredCommand.app"" or ""Could Not Create OS Queue"" or ""File not found error: /eebank1/StoredCommand.app"" This requirement states that the cFE needs to maintain this information. There is a separate requirement for the creation of a file to transfer the information to the ground. Note that the information can also be obtained with a raw memory read." -ES: System Log - Calculate Usage,cES1014.2,"The cFE shall calculate the number of bytes used and number of entries in -Executive Services System Log.","Ground operations need indication of how full the System Log is so that they can clear it, if necessary, in order to make room for new entries (or at least write it to a file to preserve it)." -ES: System Log - Clear On Command,cES1015,"Upon receipt of a Command, the cFE shall clear the Executive Services System Log.",Want to be able to clear the Executive Services System Log Buffer so that only the new information is saved. -ES: System Log - Default Filename,cES1016.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event a user does not want to have to specify one. -ES: System Log - Discard On Full,cES1014.2.2,If the Executive Services Syste Log is full and the System Log Mode is set to DISCARD then the cFE shall discard all new entries.,Want to provide capability to stop writing to the System Log in order to preserve to Log which may contain important anomalous messages. -ES: System Log - Overwrite On Full,cES1014.2.1,If the Executive Services System Log is full and the System Log Mode is set to OVERWRITE then the cFE shall write all new entries from the top of the log.,Want to provide the capability to continuously record all new System Messages. -ES: System Log - Timestamps,cES1014.1,Each entry in the Executive Services System Log shall be time tagged with the time that the event happened.,Need to be able to determine when the event occurred. -ES: System Log - Write To File,cES1016,"Upon receipt of a Command, the cFE shall copy the information contained in the Executive Services System Log into a Command specified file.",We did not want to count on a file system for storing the ES System errors in the event that there was a problem with the file system or the file system was not mounted yet. We did want to provide an easy ground interface for getting the data to the ground -ES: System Log Mode,cES1028,"Upon receipt of Command, the cFE shall set the System Log Mode to the Command-specified mode, either overwrite or discard.","While in Overwrite Mode the oldest logged System message will be overwritten by the new System message when the System Log Full Flag is set to true. While in Discard Mode the new message will be discarded, preserving the contents of the full log." -ES: System Log Size,cES1706,The cFE shall support a `` byte Executive Services System Log.,TBD seems like a reasonable size based on heritage missions. -ES: Valid Command Counter,cES1002,"Upon receipt of a valid Command, the cFE shall increment a valid Command counter.",The ground needs the capability to verify that the command was received and accepted by the cFE. Details of valid commands are documented in the cFE Application Developer's Guide and the cFE User's Guide. +ES: Maximum Apps,cES1700,The cFE shall support a maximum `` cFE Applications.,TBD has never been exceeded on past missions. Need to bound the number of Applications in order to size the Systems Resources information. +ES: Detect Unmasked Exceptions,cES1702,The cFE shall detect all unmasked CPU exceptions.,Need to be able to detect processor exceptions so that the appropriate action can be taken. +ES: Detect Unmasked Exceptions - Log,cES1702.1,"Upon detection of a CPU exception, the cFE shall add an entry in the Executive Services Exception And Reset Log.",Need to log processor exceptions so that the ground can have visibility into the exception. +ES: Detect Unmasked Exceptions - Restart App,cES1702.2,"If the CPU exception was caused by a cFE Application and the Exception Action indicates that the Application can be started individually, the cFE shall restart the cFE Application that caused the exception.","In most cases, restarting the cFE application will clear up the problem. In some cases, however, applications are tightly coupled with other applications in which case, starting an individual application may have undesirable consequences. The cFE should provide the ability to define if the application should can be restarted or if a processor reset should occur." +ES: Detect Unmasked Exceptions - Platform Response,cES1702.3,If the CPU exception was caused by the Operating System or cFE Core then the cFE shall initiate a `` response.,"An exception in the cFE core or OS will restart the cFE, which results in all cFE Applications being restarted." +ES: Detect FP Exceptions,cES1703,The cFE shall detect all unmasked processor Floating Point Exceptions.,"The low level BSP routines allow the mission to determine what Floating Point exceptions are masked, and what Floating Point exceptions can interrupt the software." +ES: Detect FP Exceptions - Log,cES1703.1,"Upon detection of an unmasked Floating Point exception, the cFE shall add an entry in the Executive Services Exception and Reset Log.",Need to log unmasked Floating Point exceptions so that the ground can have visibility into the exception. +ES: Detect FP Exceptions - Restart App,cES1703.2,"If the Floating Point exception was caused by a cFE Application and the Exception Action indicates that the Application can be started individually, the cFE shall restart the cFE Application that caused the exception.","Want the capability to restart an individual application on a processor reset. Not all Applications should be started individually as they may have some dependencies that result in undesirable behavior. When the Application is started, one of the parameters is whether to restart the app of perform a cFE processor reset." +ES: Detect FP Exceptions - Platform Response,cES1703.3,If the Floating Point exception was caused by the OS or cFE Core then the cFE shall initiate a `` response.,"An exception in the cFE core or OS will restart the cFE, which results in all cFE Applications being restarted." ES: Volatile File System Size,cES1704,The cFE shall support a `` byte volatile file system.,TBD seems like a reasonable size based on heritage missions. -ES: Zero Command Counters,cES1004,"Upon receipt of a Command, the cFE shall set to zero the valid Command counter and invalid Command counter.","This command is a common feature in heritage sub-system software design. In general, command counter (valid and invalid) are reset." -EVS: Add Event Filter,cEVS3019,Upon receipt of Command the cFE shall add the specified Event Filter for the specified cFE Application and Event ID.,Want to provide the ability for filters to be added at runtime. Original implentation did not provide this capability which resulted in modifications to Applications for those events that were not registered (i.e. forgotten). -EVS: Add Event Filter - Application Maximum,cEVS3019.2,If the maximum number of Event IDs have been registered for the specified Application then the cFE shall reject the command and generate an event message.,"In order to scale the cFE, allocations are made for each cFE Application (see cEVS3302)." -EVS: Add Event Filter - Reject Already Filtered ,cEVS3019.1,"If the Event ID is already registered for filtering, the cFE shall reject the command and generate an event message.",Filter is done on a per Event ID basis. -EVS: Clear Local Event Log,cEVS3013,"_(OPTIONAL)_ Upon receipt of Command, the cFE shall clear the Local Event Log.",Need to be able to clear the log if the event logging is operating in discard mode. -EVS: Control Message By Application,cEVS3008,"Upon receipt of Command the cFE shall enable/disable, as specified in the Command, the future generation of Event Messages for the Command-specified Application.",During development and integration it can be useful to turn off an Application's Event Message's without regard of the Event Type. -EVS: Control Message By Application and Event Type,cEVS3007,"Upon receipt of Command the cFE shall enable/disable, as specified in the Command, the future generation of Event Messages for the Command-specified Application and Event Type.",When diagnosing an Application it's useful to enable its informational and diagnostic Event Messages. +ES: Non-Volatile File System Size,cES1705,The cFE shall support a `` byte non-volatile file system.,TBD seems like a reasonable size based on heritage missions. +ES: System Log Size,cES1706,The cFE shall support a `` byte Executive Services System Log.,TBD seems like a reasonable size based on heritage missions. +ES: Exception And Reset Log Size,cES1707,The cFE shall support a `` byte Executive Services Exception And Reset Log.,TBD seems like a reasonable size based on heritage missions. +ES: Critical Data Store Size,cES1708,The cFE shall support a `` byte Critical Data Store.,TBD seems like a reasonable size based on heritage missions. +ES: Maximum Processor Resets,cES1709,"If the cFE Core goes through `` Maximum Processor Resets, the cFE shall initiate a Power-On Reset of the cFE.","After a number of Processor Resets, the cFE will attempt to recover by doing a Power-on Reset." EVS: Control Message By Event Type,cEVS3000,"Upon receipt of Command the cFE shall enable/disable, as specified in the Command, the future generation of Event Messages for the Command-specified Event Type.",Filtering by type allows the system to behave differently for different users. +EVS: Set Event Format Mode,cEVS3001,"Upon receipt of Command, the cFE shall set the SB Event Format Mode to the command specified value, either Long or Short.",Providing a short format accommodates missions with limited telemetry bandwidth. A long format is desirable because it contains the most information. +EVS: NOOP Event,cEVS3002,Upon receipt of Command the cFE shall generate a NO-OP event message.,This command is useful as a general sub-system aliveness test. +EVS: Zero Counters,cEVS3003,"Upon receipt of Command the cFE shall set the following counters to zero in Event Services telemetry: + +- Valid Command Counter +- Invalid Command Counter +- Event Message Sent Counter +- Event Message Truncation Counter +- Unregistered Application Send Counter",This command is a common feature in heritage sub-system software design. +EVS: Write Application Data File,cEVS3004,"Upon receipt of Command, the cFE shall write the following information to the Command specified cFE EVS Application Data file for each registered Application: + +- Application Event Message Sent Counter +- Application Event Service Enable Status +- Application Event Type Enable Statuses (one for each Event Type) +- Application Event IDs (for events to be filtered) +- Application Binary Filter Masks (one per registered Event ID) +- Application Binary Filter Counters (one per registered Event ID)","Visibility of Application information is essential for FSW diagnostics, testing and maintenance." +EVS: Write Application Data File - Default Filename,cEVS3004.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event that a user does not want to specify. +EVS: Valid Command Counter,cEVS3005,"Upon receipt of valid command, the cFE shall increment the valid command counter.",The ground needs the capability to verify that the command was received and accepted by the cFE. Details of valid commands are documented in the cFE User's Guide. +EVS: Invalid Command Counter,cEVS3006,"Upon receipt of an invalid command, the cFE shall in increment the invalid command counter.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE Developer's Guide and the cFE User's Guide. +EVS: Control Message By Application and Event Type,cEVS3007,"Upon receipt of Command the cFE shall enable/disable, as specified in the Command, the future generation of Event Messages for the Command-specified Application and Event Type.",When diagnosing an Application it's useful to enable its informational and diagnostic Event Messages. +EVS: Control Message By Application,cEVS3008,"Upon receipt of Command the cFE shall enable/disable, as specified in the Command, the future generation of Event Messages for the Command-specified Application.",During development and integration it can be useful to turn off an Application's Event Message's without regard of the Event Type. +EVS: Zero Application Message Sent Count,cEVS3009,"Upon receipt of Command, the cFE shall set the Command-specified Application's Event Message Sent Counter to zero.",Allow operators the ability to reset the count of application events. +EVS: Zero App Filter Counter By Event ID,cEVS3010,"Upon receipt of Command, the cFE shall set an Application's Binary Filter Counter to zero for the Command-specified Event ID.",Clearing an Application's Filtered Event Message Counter is a convenient method for resetting the filter on the event. +EVS: Zero App Filter Counters,cEVS3011,"Upon receipt of Command, the cFE shall set all of an Application's Binary Filter Counters to zero.",Having the ability to reset all Application Filtered Event Message Counters is a quick method for resetting all the application's event filters. Note: This command gives operators the ability to reset all exhausted event filters (i.e. send 16 and stop) so that filtered events may be generated once again. +EVS: Set App Filter Mask By Event ID,cEVS3012,Upon receipt of Command the cFE shall set an Application's Binary Filter Mask to the Command-specified Event Filter for the given Application Event ID.,Allow an operator to tune the system for a particular operational environment. +EVS: Clear Local Event Log,cEVS3013,"_(OPTIONAL)_ Upon receipt of Command, the cFE shall clear the Local Event Log.",Need to be able to clear the log if the event logging is operating in discard mode. +EVS: Set Event Logging Mode,cEVS3014,"_(OPTIONAL)_ Upon receipt of Command, the cFE shall set the Event Logging Mode to the Command-specified mode, either overwrite or discard.","While in Overwrite Mode the oldest logged event will be overwritten by the new event when the Event Log Full Flag is set to true. While in Discard Mode the new event will be discarded, preserving the contents of the full log. Need the ability to switch between Event Message logging modes." +EVS: Write Local Event Log To File,cEVS3015,"_(OPTIONAL)_ Upon receipt of Command, the cFE shall write the contents of the Local Event Log to the Command specified file.",Allows for ground view of the log. Local Event Log is not intended for operation playback. The main purpose of the Local Event Log is for ground testing. Ground operators may view the data file for playing back stored events. +EVS: Write Local Event Log To File - Default Filename,cEVS3015.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event that a user does not want to specify one. +EVS: Write Local Event Log Order,cEVS3016,_(OPTIONAL)_ The cFE shall write each Event Message from the earliest logged message to the most recently logged message.,"Ground operators like to see the progression of events in the order that they occurred. In a scenario when a time correction has been made, the earliest logged may not necessarily mean the oldest time stamp. This type of playback may not be desirable for Event Logs of considerable size. It is worthwhile for cFE users to keep Event Logs relatively small." EVS: Control Message Port Routing,cEVS3017,"Upon receipt of Command the cFE shall enable/disable, as specified in the Command, the routing of all future Event Messages to the Command specified Event Message Port.","Event Message Output Ports may not be available or needed; therefore the ability to configure sending to an Event Message Port is useful." +EVS: Housekeeping Message,cEVS3018,"The cFE shall provide the following Event Service data items in telemetry (SB Messages): + +- Valid Command Counter +- Invalid Command Counter +- SB Event Format Mode +- Event Message Sent Counter +- Event Message Truncation Counter +- Unregistered Application Send Counter +- Event Message Output Port Enable Statuses +- _(OPTIONAL)_ Local Event Log Full Flag +- _(OPTIONAL)_ Local Event Log Overflow Counter +- _(OPTIONAL)_ Logging Mode +- For each registered Application: + o Application Event Message Sent Counter + o Application Event Service Enable Status", +EVS: Add Event Filter,cEVS3019,Upon receipt of Command the cFE shall add the specified Event Filter for the specified cFE Application and Event ID.,Want to provide the ability for filters to be added at runtime. Original implentation did not provide this capability which resulted in modifications to Applications for those events that were not registered (i.e. forgotten). +EVS: Add Event Filter - Reject Already Filtered ,cEVS3019.1,"If the Event ID is already registered for filtering, the cFE shall reject the command and generate an event message.",Filter is done on a per Event ID basis. +EVS: Add Event Filter - Application Maximum,cEVS3019.2,If the maximum number of Event IDs have been registered for the specified Application then the cFE shall reject the command and generate an event message.,"In order to scale the cFE, allocations are made for each cFE Application (see cEVS3302)." +EVS: Delete Event Filter,cEVS3020,Upon receipt of Command the cFE shall delete the specified Event Filter for the specified cFE Application and Event ID.,Want to be able to remove event filtering since the cFE limits the number of filters that can be registered for a given cFE Application (see cEVS3302). +EVS: Delete Event Filter - Reject Not Registered,cEVS3020.1,If the Event ID is not registered for filtering then the cFE shall reject the command and generate an event message.,Notify caller that the Filter was not registered. +EVS: Register App,cEVS3100,"Upon receipt of Request, the cFE shall register an Application for event service, enabling the Application Event Service Enable Status and storing the following request specified Application data: Application Event IDs (for events to be filtered) Application Binary Filter Masks (one per registered Event ID).",Supports the cFE's dynamic Application model. +EVS: Register App - Create Filter Counter,cEVS3100.1,"Upon receipt of Request to register an Application for event service, the cFE shall create one Application Binary Filter Counter per registered Event ID.",Supports the cFE's Binary Filtering Algorithm. +EVS: Register App - Create Sent Message Counter,cEVS3100.2,"Upon receipt of Request to register an Application for event service, the cFE shall create an Application Event Message Sent Counter.",Supports the cFE's dynamic Application model. +EVS: Register App - Default Event Enable Status,cEVS3100.3,"Upon receipt of Request to register an Application for event service, the cFE shall use the `` Application Event Type Enable Statuses for each event.","By default each platform should have a standard configuration for each event message type (eg. DEBUGs disable. INFO, ERROR and CRITICAL events DISABLED) that should be applied to all events. Commands are available to modify the settings." +EVS: Unregister App,cEVS3101,"Upon receipt of Request, the cFE shall un-register an Application from using event services, deleting the following Application data: + +- Application Event Message Sent Counter +- Application Event Service Enable Status +- Application Event Type Enable Statuses (one for each Event Type) +- Application Filtered Event IDs +- Application Binary Filter Masks (one per registered Event ID) +- Application Binary Filter Counters (one per registered Event ID)",Supports the cFE's dynamic Application model allowing applications to clean up after themselves. +EVS: Message Types,cEVS3102,The cFE shall support the following Event Message Types: Debug Informational Error Critical.,Supports cFE event services. EVS: Create Message,cEVS3103,"Upon receipt of a Request to send an Event Message, the cFE shall create a Short or Long Event Message, as specified by the SB Event Format Mode, ONLY if the following cFE conditions are met: 1. The requesting Application's Event Service Enable Status is Enabled. 2. The requesting Application's registered message filtering algorithm indicates the message should be sent. 3. The requesting Application's Event Type Enable Status is Enabled for the Event Type of the request-specified Event Message.",Supports cFE event services. -EVS: Create Message - App ID,cEVS3103.6,The requester shall be able to specify the Application ID to be used in the Event Message.,Need to provide APIs a way to specify an Application ID to ensure the context of the Event is correct. +EVS: Create Message - Unregistered App,cEVS3103.1,If the requesting Application has been determined to be unregistered the cFE shall increment the Unregistered Application Send Counter and send an event message.,Provides ground operators the ability to see when unregistered applications are using event services. EVS: Create Message - Data Types,cEVS3103.2,"The cFE shall support the following data types within an applications Request specified Event Data: - Signed Character @@ -221,35 +279,20 @@ EVS: Create Message - Increment Filter Counter - Retain Maximum Value,cEVS3103.3 EVS: Create Message - Long Format,cEVS3103.4,"If the SB Format Mode is set to Long, the cFE shall generate an SB Event Message formatted as specified in the cFE User's Guide containing the Spacecraft Time, Processor ID, Application ID, Event ID, Event Type, and the Request-specified Event Data.","To assist with system test and diagnostics it is important to distinguish otherwise identical messages by their sources. This is especially true in a distributed system with common subsystems. It is the intent of this requirement to allow identical subsystems to be resident in multiple processors within the flight system. In cases like this, the subsystem identifier, and message identifier may be the same; only the processor identifier would make the messages unique. A long format is desirable because it contains the most information. Design Note: It is expected that in the implemented event service, the API only requires the Event ID and Type, and that the underlying utility code fills in the processor ID, and Application ID before the message is sent." EVS: Create Message - Long Format - Truncation,cEVS3103.4.1,"If the Event Data is greater than the `` maximum Event Data, the cFE shall truncate the Event Message with a string-termination character and increment the Message Truncation Counter.","It's important to know if data is lost, but it doesn't need to be maintained on a per-Event ID basis, therefore a single counter is used. A platform-defined length was considered but this prevents application reuse unless a minimum length is specified." EVS: Create Message - Short Format,cEVS3103.5,"If the SB Format Mode is set to Short, the cFE shall generate an SB Event Message formatted as specified in the cFE User's Guide containing the spacecraft time, Processor ID, Application ID, Event ID, and Event Type.",Providing a short format accommodates missions with limited telemetry bandwidth. +EVS: Create Message - App ID,cEVS3103.6,The requester shall be able to specify the Application ID to be used in the Event Message.,Need to provide APIs a way to specify an Application ID to ensure the context of the Event is correct. EVS: Create Message - Time,cEVS3103.7,The requester shall be able to specify the time to be used in the Event Message.,"This routine should be used in situations where an error condition is detected at one time, but the event message is reported at a later time." -EVS: Create Message - Unregistered App,cEVS3103.1,If the requesting Application has been determined to be unregistered the cFE shall increment the Unregistered Application Send Counter and send an event message.,Provides ground operators the ability to see when unregistered applications are using event services. -EVS: Delete Event Filter,cEVS3020,Upon receipt of Command the cFE shall delete the specified Event Filter for the specified cFE Application and Event ID.,Want to be able to remove event filtering since the cFE limits the number of filters that can be registered for a given cFE Application (see cEVS3302). -EVS: Delete Event Filter - Reject Not Registered,cEVS3020.1,If the Event ID is not registered for filtering then the cFE shall reject the command and generate an event message.,Notify caller that the Filter was not registered. -EVS: Event Filters Per App,cEVS3302,"The cFE shall support `` Event Message Filters per cFE Application.",Each cFE Application that register with EVS is allocated memory to support this limit. -EVS: Event Log Size,cEVS3301,"_(OPTIONAL)_ The cFE shall define a Local Event Log with a capacity of `` Event Messages.",Each mission's processor card memory capacities will dictate what is reasonable. -EVS: Free App Resources,cEVS3110,Upon receipt of Request the cFE shall free resources allocation for the specified Application.,"Need to be able to remove all resources associated with an application when Deleting, Restarting or Reloading an Application. In addition, this is required as part of a Processor Reset." -EVS: Housekeeping Message,cEVS3018,"The cFE shall provide the following Event Service data items in telemetry (SB Messages): - -- Valid Command Counter -- Invalid Command Counter -- SB Event Format Mode -- Event Message Sent Counter -- Event Message Truncation Counter -- Unregistered Application Send Counter -- Event Message Output Port Enable Statuses -- _(OPTIONAL)_ Local Event Log Full Flag -- _(OPTIONAL)_ Local Event Log Overflow Counter -- _(OPTIONAL)_ Logging Mode -- For each registered Application: - o Application Event Message Sent Counter - o Application Event Service Enable Status", EVS: Increment App Message Sent Counter,cEVS3104,"For each created Event Message, the cFE shall increment the Application Event Message Sent Counter for the request specified Application.",A counter provides a means for keeping track of how many events an application has sent through the event service. Note: The Application Event Message Sent Counter is incremented once regardless of how many enabled ports the message has been sent through. EVS: Increment App Message Sent Counter - Retain Maximum Value,cEVS3104.1,"If the Application Event Message Sent Counter has reached its maximum value of (2^16)-1, the cFE shall retain the maximum value (i.e. do not rollover to zero).",Preventing a counter rollover to zero eliminates the case when a user may think no events have occurred when in fact many events have occurred. EVS: Increment Message Sent Counter,cEVS3105,"For each created Event Message, the cFE shall increment the Event Message Sent Counter.",A counter provides a means for keeping track of how many events have been sent through the event service. Note: The Event Message Sent Counter is a count of ALL messages sent through the Event Service regardless of the Application sending the event. The Event Message Sent Counter is incremented once regardless of how many enabled ports the message has been sent through. EVS: Increment Message Sent Counter - Retain Maximum Value,cEVS3105.1,"If the Event Message Sent Counter has reached its maximum value of (2^16)-1 the cFE shall retain the maximum value (i.e. do not rollover to zero).",Preventing a counter rollover to zero eliminates the case when a user may think no events have occurred when in fact many events have occurred. -EVS: Initialize Format To Long On Power On Reset,cEVS3201,"Upon a Power-on Reset, the cFE shall set SB Event Format Mode to Long.",Each mission must determine what format they need. -EVS: Initialize Full Flag To False On Power On Reset,cEVS3202,"_(OPTIONAL)_ Upon a Power-on Reset, the cFE shall set the Local Event Log Full Flag to false.",Set cFE to default status across Power-on Resets. -EVS: Initialize Logging Mode On Power On Reset,cEVS3203,"_(OPTIONAL)_ Upon a Power-on Reset, the cFE shall set the Event Logging Mode to ``.",Set cFE to default status across Power-on Resets. +EVS: Zero App Filter Counter By Event ID,cEVS3106,"Upon receipt of a request, the cFE shall set an Application's Binary Filter Counter to zero for the Application request-specified Event ID.",Clearing an Application's Binary Filter Counter is a convenient method for resetting the filter on the event. +EVS: Zero App Filter Counters,cEVS3107,"Upon receipt of a request, the cFE shall set all of an Application's Binary Filter Counters to zero for the request-specified Application.",Having the ability to reset all Application Filtered Event Message Counters is a quick method for resetting all the application's event filters. +EVS: Store Message In Event Log,cEVS3108,"_(OPTIONAL)_ For each created Event Message, the cFE shall store the Event Message in the Local Event Log in the Long Event Message Format.",It's useful to save Event Messages when external communications is unavailable. This may occur during system initialization (especially events generated from other cFE components) and during a communications failure. +EVS: Store Message In Event Log - Set Full Flag,cEVS3108.1,"_(OPTIONAL)_ If the Local Event Log becomes full, the cFE shall set the Local Event Log Full Flag to true.",Ground operations needs to know the state of the Local Even Log. +EVS: Store Message In Event Log - Increment Overflow Counter,cEVS3108.2,"_(OPTIONAL)_ If the Local Event Log is full, the cFE shall increment the Local Event Log Overflow counter.",Ground operations needs to know how many Event Messages were discarded or overwritten. +EVS: Store Message In Event Log - Log Full Behavior,cEVS3108.3,"_(OPTIONAL)_ If the Local Event Log is full, the cFE shall either (1) overwrite the oldest Event Message if the Event Logging Mode is overwrite, or (2) discard the Event Message if the Event Logging Mode is discard.",Overwriting the oldest message is useful for nominal operations because a user doesn't need to periodically clear the Log. If an error occurs when there's no communication then the Local Event Log size must be large enough to retain the Event Messages since communications was lost. Discarding the newest Event Message is useful for trouble shooting a problem. For example there may be a problem during processor initialization that occurs when there's no communications with the processor interfacing with the User. In this case the original Event Messages are critical to solving the problem so they should be preserved. Note that the Event Logging Mode can be changed via stored commanding. +EVS: Message Port Routing,cEVS3109,"For each created Event Message, the cFE shall route the Event Message, formatted as an ASCII text string, to each enabled Event Message Output Port.",Debug ports are very useful for FSW development and maintenance. +EVS: Free App Resources,cEVS3110,Upon receipt of Request the cFE shall free resources allocation for the specified Application.,"Need to be able to remove all resources associated with an application when Deleting, Restarting or Reloading an Application. In addition, this is required as part of a Processor Reset." EVS: Initialize Message Port State On Power On Reset,cEVS3200,"Upon a Power-on Reset, the cFE shall set the `` Event Message Output Ports to their `` default state: - Port Number 1: `` @@ -257,65 +300,36 @@ EVS: Initialize Message Port State On Power On Reset,cEVS3200,"Upon a Power-on R - Port Number 3: `` - Port Number 4: `` ",Event Message Ports are customized for each platform. A rationale for all of the Power-on Reset requirements is that the cFE must initialize to a known state. -EVS: Invalid Command Counter,cEVS3006,"Upon receipt of an invalid command, the cFE shall in increment the invalid command counter.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE Developer's Guide and the cFE User's Guide. -EVS: Message Port Routing,cEVS3109,"For each created Event Message, the cFE shall route the Event Message, formatted as an ASCII text string, to each enabled Event Message Output Port.",Debug ports are very useful for FSW development and maintenance. -EVS: Message Types,cEVS3102,The cFE shall support the following Event Message Types: Debug Informational Error Critical.,Supports cFE event services. -EVS: NOOP Event,cEVS3002,Upon receipt of Command the cFE shall generate a NO-OP event message.,This command is useful as a general sub-system aliveness test. +EVS: Initialize Format To Long On Power On Reset,cEVS3201,"Upon a Power-on Reset, the cFE shall set SB Event Format Mode to Long.",Each mission must determine what format they need. +EVS: Initialize Full Flag To False On Power On Reset,cEVS3202,"_(OPTIONAL)_ Upon a Power-on Reset, the cFE shall set the Local Event Log Full Flag to false.",Set cFE to default status across Power-on Resets. +EVS: Initialize Logging Mode On Power On Reset,cEVS3203,"_(OPTIONAL)_ Upon a Power-on Reset, the cFE shall set the Event Logging Mode to ``.",Set cFE to default status across Power-on Resets. EVS: Preserve Event Log Reset Mode On Processor Reset,cEVS3207,"_(OPTIONAL)_ Upon a Processor Reset, the cFE shall preserve or overwrite the contents of the Local Event Log based on the setting of the Event Logging Mode configuration parameter.",Try to retain the contents even across a processor reset because there may be useful diagnostic information. The contents of the Local Event Log will be preserved if the Event Logging Mode is configured to Discard (1). The contents of the Local Event Log may be overwritten (depending on the size and contents of the log prior to the reset) if the Event Logging Mode is configured to Overwrite (0). EVS: Preserve Log Full State On Processor Reset,cEVS3208,"_(OPTIONAL)_ Upon a Processor Reset, the cFE shall preserve the Local Event Log Full state.",Retain the cFE state across Processor Resets. -EVS: Preserve Log Overflow Counter On Processor Reset,cEVS3210,"_(OPTIONAL)_ Upon a Processor Reset, the cFE shall preserve the Local Event Log Overflow Counter.",Retain the cFE state across Processor Resets. -EVS: Register App,cEVS3100,"Upon receipt of Request, the cFE shall register an Application for event service, enabling the Application Event Service Enable Status and storing the following request specified Application data: Application Event IDs (for events to be filtered) Application Binary Filter Masks (one per registered Event ID).",Supports the cFE's dynamic Application model. -EVS: Register App - Create Filter Counter,cEVS3100.1,"Upon receipt of Request to register an Application for event service, the cFE shall create one Application Binary Filter Counter per registered Event ID.",Supports the cFE's Binary Filtering Algorithm. -EVS: Register App - Create Sent Message Counter,cEVS3100.2,"Upon receipt of Request to register an Application for event service, the cFE shall create an Application Event Message Sent Counter.",Supports the cFE's dynamic Application model. -EVS: Register App - Default Event Enable Status,cEVS3100.3,"Upon receipt of Request to register an Application for event service, the cFE shall use the `` Application Event Type Enable Statuses for each event.","By default each platform should have a standard configuration for each event message type (eg. DEBUGs disable. INFO, ERROR and CRITICAL events DISABLED) that should be applied to all events. Commands are available to modify the settings." -EVS: Set App Filter Mask By Event ID,cEVS3012,Upon receipt of Command the cFE shall set an Application's Binary Filter Mask to the Command-specified Event Filter for the given Application Event ID.,Allow an operator to tune the system for a particular operational environment. -EVS: Set Event Format Mode,cEVS3001,"Upon receipt of Command, the cFE shall set the SB Event Format Mode to the command specified value, either Long or Short.",Providing a short format accommodates missions with limited telemetry bandwidth. A long format is desirable because it contains the most information. -EVS: Set Event Logging Mode,cEVS3014,"_(OPTIONAL)_ Upon receipt of Command, the cFE shall set the Event Logging Mode to the Command-specified mode, either overwrite or discard.","While in Overwrite Mode the oldest logged event will be overwritten by the new event when the Event Log Full Flag is set to true. While in Discard Mode the new event will be discarded, preserving the contents of the full log. Need the ability to switch between Event Message logging modes." EVS: Set Logging Mode On Processor Reset,cEVS3209,"_(OPTIONAL)_ Upon a Processor Reset, the cFE shall set the Event Logging Mode to the `` value. -TBD - doesn't match rationale",Retain the cFE state across Processor Resets. -EVS: Store Message In Event Log,cEVS3108,"_(OPTIONAL)_ For each created Event Message, the cFE shall store the Event Message in the Local Event Log in the Long Event Message Format.",It's useful to save Event Messages when external communications is unavailable. This may occur during system initialization (especially events generated from other cFE components) and during a communications failure. -EVS: Store Message In Event Log - Increment Overflow Counter,cEVS3108.2,"_(OPTIONAL)_ If the Local Event Log is full, the cFE shall increment the Local Event Log Overflow counter.",Ground operations needs to know how many Event Messages were discarded or overwritten. -EVS: Store Message In Event Log - Log Full Behavior,cEVS3108.3,"_(OPTIONAL)_ If the Local Event Log is full, the cFE shall either (1) overwrite the oldest Event Message if the Event Logging Mode is overwrite, or (2) discard the Event Message if the Event Logging Mode is discard.",Overwriting the oldest message is useful for nominal operations because a user doesn't need to periodically clear the Log. If an error occurs when there's no communication then the Local Event Log size must be large enough to retain the Event Messages since communications was lost. Discarding the newest Event Message is useful for trouble shooting a problem. For example there may be a problem during processor initialization that occurs when there's no communications with the processor interfacing with the User. In this case the original Event Messages are critical to solving the problem so they should be preserved. Note that the Event Logging Mode can be changed via stored commanding. -EVS: Store Message In Event Log - Set Full Flag,cEVS3108.1,"_(OPTIONAL)_ If the Local Event Log becomes full, the cFE shall set the Local Event Log Full Flag to true.",Ground operations needs to know the state of the Local Even Log. -EVS: Support Message Ports,cEVS3300,"The cFE shall support `` Event Message Ports.",Since the number of Event Message Ports is hardware dependent a mission must be able to specify how many ports it will support. -EVS: Unregister App,cEVS3101,"Upon receipt of Request, the cFE shall un-register an Application from using event services, deleting the following Application data: - -- Application Event Message Sent Counter -- Application Event Service Enable Status -- Application Event Type Enable Statuses (one for each Event Type) -- Application Filtered Event IDs -- Application Binary Filter Masks (one per registered Event ID) -- Application Binary Filter Counters (one per registered Event ID)",Supports the cFE's dynamic Application model allowing applications to clean up after themselves. -EVS: Valid Command Counter,cEVS3005,"Upon receipt of valid command, the cFE shall increment the valid command counter.",The ground needs the capability to verify that the command was received and accepted by the cFE. Details of valid commands are documented in the cFE User's Guide. -EVS: Write Application Data File,cEVS3004,"Upon receipt of Command, the cFE shall write the following information to the Command specified cFE EVS Application Data file for each registered Application: - -- Application Event Message Sent Counter -- Application Event Service Enable Status -- Application Event Type Enable Statuses (one for each Event Type) -- Application Event IDs (for events to be filtered) -- Application Binary Filter Masks (one per registered Event ID) -- Application Binary Filter Counters (one per registered Event ID)","Visibility of Application information is essential for FSW diagnostics, testing and maintenance." -EVS: Write Application Data File - Default Filename,cEVS3004.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event that a user does not want to specify. -EVS: Write Local Event Log Order,cEVS3016,_(OPTIONAL)_ The cFE shall write each Event Message from the earliest logged message to the most recently logged message.,"Ground operators like to see the progression of events in the order that they occurred. In a scenario when a time correction has been made, the earliest logged may not necessarily mean the oldest time stamp. This type of playback may not be desirable for Event Logs of considerable size. It is worthwhile for cFE users to keep Event Logs relatively small." -EVS: Write Local Event Log To File,cEVS3015,"_(OPTIONAL)_ Upon receipt of Command, the cFE shall write the contents of the Local Event Log to the Command specified file.",Allows for ground view of the log. Local Event Log is not intended for operation playback. The main purpose of the Local Event Log is for ground testing. Ground operators may view the data file for playing back stored events. -EVS: Write Local Event Log To File - Default Filename,cEVS3015.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event that a user does not want to specify one. -EVS: Zero App Filter Counter By Event ID,cEVS3010,"Upon receipt of Command, the cFE shall set an Application's Binary Filter Counter to zero for the Command-specified Event ID.",Clearing an Application's Filtered Event Message Counter is a convenient method for resetting the filter on the event. -EVS: Zero App Filter Counter By Event ID,cEVS3106,"Upon receipt of a request, the cFE shall set an Application's Binary Filter Counter to zero for the Application request-specified Event ID.",Clearing an Application's Binary Filter Counter is a convenient method for resetting the filter on the event. -EVS: Zero App Filter Counters,cEVS3011,"Upon receipt of Command, the cFE shall set all of an Application's Binary Filter Counters to zero.",Having the ability to reset all Application Filtered Event Message Counters is a quick method for resetting all the application's event filters. Note: This command gives operators the ability to reset all exhausted event filters (i.e. send 16 and stop) so that filtered events may be generated once again. -EVS: Zero App Filter Counters,cEVS3107,"Upon receipt of a request, the cFE shall set all of an Application's Binary Filter Counters to zero for the request-specified Application.",Having the ability to reset all Application Filtered Event Message Counters is a quick method for resetting all the application's event filters. -EVS: Zero Application Message Sent Count,cEVS3009,"Upon receipt of Command, the cFE shall set the Command-specified Application's Event Message Sent Counter to zero.",Allow operators the ability to reset the count of application events. -EVS: Zero Counters,cEVS3003,"Upon receipt of Command the cFE shall set the following counters to zero in Event Services telemetry: - -- Valid Command Counter -- Invalid Command Counter -- Event Message Sent Counter -- Event Message Truncation Counter -- Unregistered Application Send Counter",This command is a common feature in heritage sub-system software design. +TBD - doesn't match rationale",Retain the cFE state across Processor Resets. +EVS: Preserve Log Overflow Counter On Processor Reset,cEVS3210,"_(OPTIONAL)_ Upon a Processor Reset, the cFE shall preserve the Local Event Log Overflow Counter.",Retain the cFE state across Processor Resets. +EVS: Support Message Ports,cEVS3300,"The cFE shall support `` Event Message Ports.",Since the number of Event Message Ports is hardware dependent a mission must be able to specify how many ports it will support. +EVS: Event Log Size,cEVS3301,"_(OPTIONAL)_ The cFE shall define a Local Event Log with a capacity of `` Event Messages.",Each mission's processor card memory capacities will dictate what is reasonable. +EVS: Event Filters Per App,cEVS3302,"The cFE shall support `` Event Message Filters per cFE Application.",Each cFE Application that register with EVS is allocated memory to support this limit. +SB: NOOP Increment Command Counter,cSB4000,"Upon receipt of a NOOP command, the cFE shall increment the command counter. + +TBD - Doesn't match pattern. NOOP - version event, commands increment counter, invalid increment invalid counter.",Useful for verifying communication between the ground and SB task. +SB: Zero Counters,cSB4001,"Upon receipt of Command the cFE shall set to zero the following counters in housekeeping telemetry: + +- Valid command counter +- Invalid command counter +- No subscriptions counter +- Message send error counter +- Message receive error counter +- Create Pipe error counter +- Subscribe error counter +- Pipe Overflow error counter +- MsdID-to-pipe limit error counter",Providing a clear counter command eliminates the need for operators or onboard scripts to keep track of the last value of the counter. +SB: Statistics Message,cSB4002,"Upon receipt of a Command, the cFE shall send an SB Message containing the SB statistics.","Visibility of the SB statistics is essential for FSW diagnostics, testing, and maintenance." +SB: Save Routing To File,cSB4003,"Upon receipt of a Command, the cFE shall save the SB routing information to the Command specified file.","Visibility of the SB routing information is essential for FSW diagnostics, testing, and maintenance." +SB: Save Routing To File - Default Filename,cSB4003.1,"If a file is not specified, the cFE shall use the `` Filename.",Want to provide a default in the event that a user does not want to specify one. SB: Control Message Route To Pipe,cSB4004,"Upon receipt of a Command, the cFE shall enable or disable routing the command specified message to the command specified pipe.","Supports testing and maintenance. In testing, it may be desirable to enable/disable routing a message to a diagnostic application." -SB: Create Pipe,cSB4301,"Upon receipt of a Request to create a Pipe, the cFE shall create a Pipe with the Request-specified Pipe Depth and the Request-specified name.",Run time creation of Pipes supports the cFE goals of easy Application integration and system reconfiguration. -SB: Delete Pipe,cSB4302,"Upon receipt of a Request to delete a Pipe, the cFE shall Unsubscribe all messages to the Request-specified Pipe, then remove the Pipe from the Routing Information.",An Application must be capable of freeing its own resources. -SB: Free App Resources,cSB4310,Upon receipt of Request the cFE shall free resources allocation for the specified Application.,"Need to be able to remove all resources associated with an application when Deleting, Restarting or Reloading an Application. In addition, this is required as part of a Processor Reset." SB: Housekeeping Message,cSB4005,"The cFE shall send an SB Message containing the following housekeeping telemetry items: - Valid command counter @@ -325,69 +339,65 @@ SB: Housekeeping Message,cSB4005,"The cFE shall send an SB Message containing th - Message receive error counter - Pipe overflow error counter - MsgId-to-pipe limit error counter","SB Telemetry is essential for operations, FSW diagnostics, testing, and maintenance." -SB: Initialize Routing On Power On Reset,cSB4500,Upon a Power-on Reset the cFE shall initialize the Routing Information and clear all error counters.,The cFE must initialize to a known state. -SB: Initialize Routing On Processor Reset,cSB4501,Upon a Processor Reset the cFE shall initialize the Routing Information and clear all error counters,The cFE must initialize to a known state. -SB: Last Message Sender Info,cSB4309,"Upon receipt of a Request, the cFE shall provide sender information for the last message received on an Application's Pipe.","Heritage SB did a 'valid senders check' before delivering a packet to a pipe. Since the cFE supports a dynamic environment and the sender of a packet is somewhat unknown, the cFE must provide a means for the application to do the 'valid sender check'." -SB: Maximum Destinations,cSB4704,"The cFE shall support a maximum of `` Destinations for a Message ID.",Allow a mission to scale the number of destinations per message ID to reduce memory requirements. A maximum is specified to yield an efficient design. The default of 16 is used in the heritage SB. -SB: Maximum Message IDs,cSB4700,"The cFE shall support a maximum of `` Message ID's.",Allow a mission to scale the number of messages it can process to reduce SB memory usage. A maximum is specified to yield an efficient design. 1024 was chosen as the default based on the message count of previous missions. -SB: Maximum Message Size,cSB4701,"The cFE shall support a `` bytes maximum system packet size.",The cFE must have some protection in the event that the packet length field of a sender's packet becomes corrupted or is invalid. -SB: Maximum Pipe Depth,cSB4706,"The cFE shall support a maximum Pipe depth of `` SB Messages.",Allow a mission to scale the Pipe depth to reduce memory requirements. The default of 65535 is a power of 2 which may simplify implementation and based on recent missions 64 SB Messages is more than adequate. -SB: Maximum Pipes,cSB4705,"The cFE shall support a maximum of `` Pipes per processor.",Allow a mission to scale the number of Pipes to reduce memory requirements. The default of 255 allows a single byte to be used for the pipe id. -SB: NOOP Increment Command Counter,cSB4000,"Upon receipt of a NOOP command, the cFE shall increment the command counter. - -TBD - Doesn't match pattern. NOOP - version event, commands increment counter, invalid increment invalid counter.",Useful for verifying communication between the ground and SB task. -SB: Receive Message Infinite Timeout,cSB4308,"Upon receipt of a Request to receive a SB Message from a Pipe with an infinite timeout, the cFE shall suspend execution of the Application until a SB Message is present on the Pipe.",This mode of receiving has been the most commonly used mode on the heritage SB. -SB: Receive Message No Timeout,cSB4306,"Upon receipt of a Request to receive a SB Message from a Pipe without a timeout, the cFE shall remove the next SB Message from the Pipe and provide the message to the Application.",Applications need a mechanism to retrieve the SB Message they have subscribed to receive. A receive Request without a suspension timeout provides a non-blocking method of retrieving SB messages. Receives are performed on a Pipe basis not on a SB Message basis. The heritage SB Pipe-based receives have served us well. A message-based receive would add extra complexity without any real benefit. -SB: Receive Message With Timeout,cSB4307,"Upon receipt of a Request to receive a SB Message from a Pipe with a pending timeout, the cFE shall suspend execution of the Application until a SB Message is present on the Pipe or the timeout has expired.","A receive Request with a suspension timeout provides a blocking method of retrieving SB messages. This is useful for data driven Applications and has been used on all heritage missions with a SB. The timeout is useful for fault recovery for Applications that always expect data to arrive or to allow periodic processing for Applications that are not purely data driven. If a SB Message is queued on the Pipe then the SB Message will be provided to the Application and the Application’s execution will not be suspended. Tasks that process telemetry packets often receive many types of packets from different sources. There should be a mechanism that allows a task to wait for many different types of messages simultaneously. Heritage implementations of SB do this by directing the messages into one queue (or several queues, to implement priority levels). -" -SB: Save Message Map To File,cSB4008,"Upon receipt of a Command, the cFE shall save the message map information to the Command specified a file.","This information provides information pertaining to the internals of the SB (Msg ID, and SB Routing table index) which can be used for diagnostic purposes." -SB: Save Message Map To File - Default Filename,cSB4008.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event that a user does not want to specify one. SB: Save Pipe Info To File,cSB4007,"Upon receipt of a Command, the cFE shall save the Pipe information to the Command specified a file.","This gives detailed information about each pipe such as owner of the pipe, queue depth and send errors which can be used for diagnostics purposes." SB: Save Pipe Info To File - Default Filename,cSB4007.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event that a user does not want to specify one. -SB: Save Routing To File,cSB4003,"Upon receipt of a Command, the cFE shall save the SB routing information to the Command specified file.","Visibility of the SB routing information is essential for FSW diagnostics, testing, and maintenance." -SB: Save Routing To File - Default Filename,cSB4003.1,"If a file is not specified, the cFE shall use the `` Filename.",Want to provide a default in the event that a user does not want to specify one. +SB: Save Message Map To File,cSB4008,"Upon receipt of a Command, the cFE shall save the message map information to the Command specified a file.","This information provides information pertaining to the internals of the SB (Msg ID, and SB Routing table index) which can be used for diagnostic purposes." +SB: Save Message Map To File - Default Filename,cSB4008.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event that a user does not want to specify one. +SB: Zero Copy Message Transfer Mode,cSB4300,The cFE shall provide a zero-copy message transfer mode for intra-processor communication.,"The heritage software bus offered a zero-copy mode, it was used for transferring large packets from one application to another on the same processor. The cost of the zero-copy mode is a more complex application interface." +SB: Create Pipe,cSB4301,"Upon receipt of a Request to create a Pipe, the cFE shall create a Pipe with the Request-specified Pipe Depth and the Request-specified name.",Run time creation of Pipes supports the cFE goals of easy Application integration and system reconfiguration. +SB: Delete Pipe,cSB4302,"Upon receipt of a Request to delete a Pipe, the cFE shall Unsubscribe all messages to the Request-specified Pipe, then remove the Pipe from the Routing Information.",An Application must be capable of freeing its own resources. +SB: Subscribe To Message,cSB4303,"Upon receipt of a Request to Subscribe to an SB message, the cFE shall establish a route using the Request-specified Message ID, the Request-specified Pipe ID, the Request-specified MsgId-to-Pipe limit and the Request-specified QoS.",Run time subscription supports the cFE goals of easy system integration and run time reconfigurations. +SB: Subscribe To Message - Duplicate,cSB4303.1,If the Subscription is a duplicate of a previous subscription then the cFE shall issue an event message.,"Duplicate subscriptions are still a success, however, want to notify the ground." +SB: Unsubscribe To Message,cSB4304,"Upon receipt of a Request to Unsubscribe to an SB Message, the cFE shall remove the route corresponding to the Request-specified Message Id and the Request-specified Pipe Id from the Routing Information.","Allow an Application to dynamically change what Messages it receives. Since the ground can manipulate the state of the routing, it is not considered an error if the Message is not currently being subscribed to when an unsubscribe request is made." SB: Send Message,cSB4305,"Upon receipt of a Request to send an SB Message, the cFE shall route the SB Message to the Pipes of all Applications that have Subscribed to the SB Message.","This form of message passing, supports one-to-one, one-to-many, and many-to-one (all desired by branch members) in a flexible, low overhead manner. It has been common for telemetry packets to be sent to many destinations, such as a real-time telemetry." -SB: Send Message - Exceed Message ID To Pipe Limit,cSB4305.4,"If routing a Message to an Application's Pipe would exceed the MsgId-to-Pipe Limit, the cFE shall abort the send to that pipe, issue an event, and continue sending to the remaining pipes.",The ground needs to know if a message cannot be routed to its destination. The MsgId-to-Pipe Limit is exceeded when the SB attempts to write to a Pipe that contains the maximum number of messages of a particular Message Id. -SB: Send Message - Max Size,cSB4305.6,"If the SB Message is greater than the `` bytes then the cFE shall not send the message, issue and event message and increment the message send error counter.",The cFE should not make any assumptions about why the message was too big and just not send it. SB: Send Message - Message ID To Pipe Limit,cSB4305.1,The cFE shall limit the number of messages of a particular Message ID that can be sent to an Application's Pipe.,"Prevent an errant application from monopolizing a Software Bus Pipe. This feature was part of the heritage software bus and was found to be a useful diagnostic feature. When subscribing to a packet, an Application can specify a limit on the number of Messages for a particular Message ID that can be in the Pipe at one time. The term used for this is MsgId-to-Pipe Limit. " +SB: Send Message - Pipe Overflow,cSB4305.3,"If routing a Message to an Application's Pipe results in a Pipe Overflow, the cFE shall abort the send to that pipe, issue an event, and continue sending to the remaining pipes.",The ground needs to know if a message cannot be routed to its destination. A Pipe Overflow occurs when the SB attempts to write to a Pipe that is completely full of SB messages. The number of messages a Pipe is capable of storing is defined by a platform configuration parameter. +SB: Send Message - Exceed Message ID To Pipe Limit,cSB4305.4,"If routing a Message to an Application's Pipe would exceed the MsgId-to-Pipe Limit, the cFE shall abort the send to that pipe, issue an event, and continue sending to the remaining pipes.",The ground needs to know if a message cannot be routed to its destination. The MsgId-to-Pipe Limit is exceeded when the SB attempts to write to a Pipe that contains the maximum number of messages of a particular Message Id. SB: Send Message - No Subscribers,cSB4305.5,"Upon receipt of a Request to send a Message, if no Application's have Subscribed to the Message, the cFE shall increment the No Subscriber's Counter and send an event that displays the Message ID.","A single counter is enough to notify operators that there are no receivers for a packet that is being sent. The ‘no subscriber’s’ event is completely filtered by default. The ground can unfilter the ‘no subscribers’ event to get more information about the message. It is not considered an error if no Applications have subscribed because of the dynamic environment supported by the cFE. In addition, during initialization of a multi-processor system, this can easily occur. " -SB: Send Message - Pipe Overflow,cSB4305.3,"If routing a Message to an Application's Pipe results in a Pipe Overflow, the cFE shall abort the send to that pipe, issue an event, and continue sending to the remaining pipes.",The ground needs to know if a message cannot be routed to its destination. A Pipe Overflow occurs when the SB attempts to write to a Pipe that is completely full of SB messages. The number of messages a Pipe is capable of storing is defined by a platform configuration parameter. -SB: Statistics Message,cSB4002,"Upon receipt of a Command, the cFE shall send an SB Message containing the SB statistics.","Visibility of the SB statistics is essential for FSW diagnostics, testing, and maintenance." -SB: Subscribe To Message,cSB4303,"Upon receipt of a Request to Subscribe to an SB message, the cFE shall establish a route using the Request-specified Message ID, the Request-specified Pipe ID, the Request-specified MsgId-to-Pipe limit and the Request-specified QoS.",Run time subscription supports the cFE goals of easy system integration and run time reconfigurations. -SB: Subscribe To Message - Duplicate,cSB4303.1,If the Subscription is a duplicate of a previous subscription then the cFE shall issue an event message.,"Duplicate subscriptions are still a success, however, want to notify the ground." -SB: Unsubscribe To Message,cSB4304,"Upon receipt of a Request to Unsubscribe to an SB Message, the cFE shall remove the route corresponding to the Request-specified Message Id and the Request-specified Pipe Id from the Routing Information.","Allow an Application to dynamically change what Messages it receives. Since the ground can manipulate the state of the routing, it is not considered an error if the Message is not currently being subscribed to when an unsubscribe request is made." -SB: Zero Copy Message Transfer Mode,cSB4300,The cFE shall provide a zero-copy message transfer mode for intra-processor communication.,"The heritage software bus offered a zero-copy mode, it was used for transferring large packets from one application to another on the same processor. The cost of the zero-copy mode is a more complex application interface." -SB: Zero Counters,cSB4001,"Upon receipt of Command the cFE shall set to zero the following counters in housekeeping telemetry: - -- Valid command counter -- Invalid command counter -- No subscriptions counter -- Message send error counter -- Message receive error counter -- Create Pipe error counter -- Subscribe error counter -- Pipe Overflow error counter -- MsdID-to-pipe limit error counter",Providing a clear counter command eliminates the need for operators or onboard scripts to keep track of the last value of the counter. -TB: Update With Pending Load - Locked,cTBL6308.1,"If a Table is locked when an update Request is made, an appropriate error code shall be returned to the calling Application and the update shall not occur.",The Application should be made aware that the table is not being updated because it is locked. -TBL: Abort Load,cTBL6012,"Upon receipt of Command the cFE shall abort the loading of the specified Table. -","The ground needs a way to clear the inactive buffer of all loads in the event, for example, that erroneous values were loaded to the table by the ground. Note that once a table is activated, it cannot be aborted (significant for double-buffer tables)." -TBL: Abort Load - Mark Inactive Buffer Uninitialized,cTBL6012.2,"If the Table buffering characteristics for the specified Table indicate that it is a Double-buffered table, then the inactive buffer shall be marked as uninitialized.",Need to make sure that the table image gets re-initialized with the contents of the active buffer prior to a subsequent load after an abort command is sent (see cTBL6000.4) -TBL: Abort Load - No Loads Pending,cTBL6012.3,The Table Registry shall indicate that there are no loads pending for the specified Table.,Status of the table needs to updated to reflect that. -TBL: Abort Load - Release Shared Buffer,cTBL6012.1,"If the Table buffering characteristics for the specified Table indicate that it is a Single-buffered Table, then the allocated shared buffer shall be released.",The shared buffer being used for this table load should be placed back into the pool of available shared buffers. +SB: Send Message - Max Size,cSB4305.6,"If the SB Message is greater than the `` bytes then the cFE shall not send the message, issue and event message and increment the message send error counter.",The cFE should not make any assumptions about why the message was too big and just not send it. +SB: Receive Message No Timeout,cSB4306,"Upon receipt of a Request to receive a SB Message from a Pipe without a timeout, the cFE shall remove the next SB Message from the Pipe and provide the message to the Application.",Applications need a mechanism to retrieve the SB Message they have subscribed to receive. A receive Request without a suspension timeout provides a non-blocking method of retrieving SB messages. Receives are performed on a Pipe basis not on a SB Message basis. The heritage SB Pipe-based receives have served us well. A message-based receive would add extra complexity without any real benefit. +SB: Receive Message With Timeout,cSB4307,"Upon receipt of a Request to receive a SB Message from a Pipe with a pending timeout, the cFE shall suspend execution of the Application until a SB Message is present on the Pipe or the timeout has expired.","A receive Request with a suspension timeout provides a blocking method of retrieving SB messages. This is useful for data driven Applications and has been used on all heritage missions with a SB. The timeout is useful for fault recovery for Applications that always expect data to arrive or to allow periodic processing for Applications that are not purely data driven. If a SB Message is queued on the Pipe then the SB Message will be provided to the Application and the Application’s execution will not be suspended. Tasks that process telemetry packets often receive many types of packets from different sources. There should be a mechanism that allows a task to wait for many different types of messages simultaneously. Heritage implementations of SB do this by directing the messages into one queue (or several queues, to implement priority levels). +" +SB: Receive Message Infinite Timeout,cSB4308,"Upon receipt of a Request to receive a SB Message from a Pipe with an infinite timeout, the cFE shall suspend execution of the Application until a SB Message is present on the Pipe.",This mode of receiving has been the most commonly used mode on the heritage SB. +SB: Last Message Sender Info,cSB4309,"Upon receipt of a Request, the cFE shall provide sender information for the last message received on an Application's Pipe.","Heritage SB did a 'valid senders check' before delivering a packet to a pipe. Since the cFE supports a dynamic environment and the sender of a packet is somewhat unknown, the cFE must provide a means for the application to do the 'valid sender check'." +SB: Free App Resources,cSB4310,Upon receipt of Request the cFE shall free resources allocation for the specified Application.,"Need to be able to remove all resources associated with an application when Deleting, Restarting or Reloading an Application. In addition, this is required as part of a Processor Reset." +SB: Initialize Routing On Power On Reset,cSB4500,Upon a Power-on Reset the cFE shall initialize the Routing Information and clear all error counters.,The cFE must initialize to a known state. +SB: Initialize Routing On Processor Reset,cSB4501,Upon a Processor Reset the cFE shall initialize the Routing Information and clear all error counters,The cFE must initialize to a known state. +SB: Maximum Message IDs,cSB4700,"The cFE shall support a maximum of `` Message ID's.",Allow a mission to scale the number of messages it can process to reduce SB memory usage. A maximum is specified to yield an efficient design. 1024 was chosen as the default based on the message count of previous missions. +SB: Maximum Message Size,cSB4701,"The cFE shall support a `` bytes maximum system packet size.",The cFE must have some protection in the event that the packet length field of a sender's packet becomes corrupted or is invalid. +SB: Maximum Destinations,cSB4704,"The cFE shall support a maximum of `` Destinations for a Message ID.",Allow a mission to scale the number of destinations per message ID to reduce memory requirements. A maximum is specified to yield an efficient design. The default of 16 is used in the heritage SB. +SB: Maximum Pipes,cSB4705,"The cFE shall support a maximum of `` Pipes per processor.",Allow a mission to scale the number of Pipes to reduce memory requirements. The default of 255 allows a single byte to be used for the pipe id. +SB: Maximum Pipe Depth,cSB4706,"The cFE shall support a maximum Pipe depth of `` SB Messages.",Allow a mission to scale the Pipe depth to reduce memory requirements. The default of 65535 is a power of 2 which may simplify implementation and based on recent missions 64 SB Messages is more than adequate. +TBL: Load Inactive Table From File,cTBL6000,Upon receipt of Command the cFE shall load an Inactive Table Image with the contents of the Command specified File.,Loading from a file allows for multiple versions of a table to be stored on board and loaded to the active table when appropriate. The file header will identify the Table that the file contents are for. +TBL: Load Inactive Table From File - Partial Load,cTBL6000.1,"If the Command specified file's header indicates that the file contains only a portion of the Table, the cFE shall first load an Inactive Table Image with the contents of the Active Table Image and then load the contents of the Command specified File.","A Partial Table load capability is useful when dealing with large Tables. It helps to ensure that additional parameters are not unintentionally modified, reduces command time required to perform a Table update and is a feature that has been used on previous missions." +TBL: Load Inactive Table From File - Greater Than Max Size,cTBL6000.2,If the number of data bytes contained in the file is greater than the maximum size of the table then the load shall be aborted and an event message shall be generated.,This is a sanity check to make sure that the ground generated table load does not include more data than a table can handle. +TBL: Load Inactive Table From File - Header Size Mismatch,cTBL6000.3,If the number of bytes specified in the file's header is not equal to the number of data bytes contained in the file then the load shall be aborted and an event message be generated.,This is another sanity check to make sure that the number of bytes specified in the file header is equal to the number of data bytes in the file. +TBL: Load Inactive Table From File - Multiple Partial Loads,cTBL6000.4,The Inactive Table Image shall only be loaded with the contents of the Active Table if the Inactive Table Image has not been initialized.,Want to be able to perform successive partial table loads. The first partial load of a table requires that the inactive table image be initialized with the active table image (see cTBL6000.2). Any subsequent loads should be made with the existing contents of the Inactive Buffer. +TBL: Load Inactive Table From File - Dump Only,cTBL6000.5,If the specified table is defined as Dump Only then the command shall be rejected and an event message be generated.,Dump only tables cant be loaded. +TBL: Dump To File,cTBL6001,Upon receipt of Command the cFE shall dump the Command specified Active or Inactive Table contents to a Command specified File.,Dumping the contents of a table to a file simplifies the telemetering of Table contents. The file transfer protocol between the ground and the spacecraft is capable of handling variable sized files. The telemetering of Table contents directly to ground. +TBL: Validate,cTBL6002,Upon receipt of Command the cFE shall determine the validity of the contents of either the Active or Inactive Table Image of the Command specified Table.,"Operations needs to verify the contents of an Inactive Table before committing it. Similarly, operations personnel may need to re-validate or identify the contents of an Active Table." +TBL: Validate - Compute Data Integrity Check Value,cTBL6002.1,The cFE shall compute a Data Integrity Check Value on the contents of either the Active or Inactive Table Image of the Command specified Table and report the result in telemetry.,A Data Integrity Check Value can provide a quick method of validating the proper contents of a Table without performing a Table Dump and Comparison. +TBL: Validate - App Content,cTBL6002.2,The cFE shall Request an Application to validate the contents of either the Active or Inactive Table Image of the Command specified Table and report the result in telemetry.,A Table Validation function provided by the Application can verify that the data content of a Table are reasonable. TBL: Activate,cTBL6003,Upon receipt of Command the cFE shall make an Inactive Table Image of the Command specified Table the Active Table Image.,"A Commit Command is useful by allowing modifications and the verification of those modifications to be accomplished in the background while an Application continues to use its previous Table data. Then, upon Command, the new Table data is made Active." TBL: Activate - Validate,cTBL6003.1,"If a Table Validation Function exists for the specified Table, the Inactive Table Image shall be validated.",Validation functions are there for a reason so want to prevent loading invalid tables. Inactive buffer retains the data so that the ground can dump the contents to see why the validation failed. TBL: Activate - Validate - Failure,cTBL6003.1.1,If the Inactive Table Image fails validation then the Inactive Table Image shall not be loaded into the Active Table Image.,Prevent loading of an invalid table. Note that the Inactive Table still contains the table image so that the ground can dump it. TBL: Activate - Validate - No Validation Function,cTBL6003.1.2,"If a Table Validation Function does not exist for the specified Table, the Table shall be considered valid.",If there is no validation function then assume the table has good data in it (no way to check otherwise). -TBL: Create,cTBL6300,"Upon receipt of Request, the cFE shall create a zero filled Table Image with the Request specified name, size, buffering characteristics (single or double-buffer), dump-only characteristics, criticality and Table Validation Function address.","Supports the cFE's dynamic Application model. Tables will be able to be either single or double-buffered. Double-buffering will allow instantaneous updates from the Application's point of view and will be useful for interrupt service routines, etc. However, double-buffering will consume more memory resources. The Table Validation Function is optionally provided by the Application and is called when a Command to Validate the table is made. Note that a zero filled image will not be created if the Application specifies an address for the dump-only table (see cTBL6300.1)." -TBL: Create - App Supplied Address For Dump Only,cTBL6300.1,The cFE shall allow an Application to specify an address as the one and only buffer for a dump-only Table.,"Heritage code allowed for dump only tables to come from an address instead of a true table. In this case, table services does not allocate any memory for the dump only table. This is referred to an an Application-Defined-Address-Table." -TBL: Dump To File,cTBL6001,Upon receipt of Command the cFE shall dump the Command specified Active or Inactive Table contents to a Command specified File.,Dumping the contents of a table to a file simplifies the telemetering of Table contents. The file transfer protocol between the ground and the spacecraft is capable of handling variable sized files. The telemetering of Table contents directly to ground. -TBL: Free App Resources,cTBL6301,"Upon receipt of Request, the cFE shall free the resources associated the Request specified Application.","When an Application exits prematurely, the cFE requires a mechanism to free resources allocated to that Application." -TBL: Free Resources On Power On Reset,cTBL6500,Upon a Power-on Reset all Table resources shall be freed.,The Table Service cannot assume the contents of any Table is legitimate after a reset. -TBL: Free Resources On Processor Reset,cTBL6501,Upon a Processor Reset all Table resources shall be freed.,The Table Service cannot assume the contents of any Table is legitimate after a reset. -TBL: Free Resources On Processor Reset - Preserve Critical,cTBL6501.1,If the Table is a critical table then the contents of the Table shall be preserved.,Goal of a processor reset is preserve certain data to facilitate recovery. -TBL: Free Table Resources,cTBL6304,"Upon receipt of Request, the cFE shall free resources allocated for the Request specified Table.",Supports the cFE's dynamic Application model. +TBL: Write Table Registry To File,cTBL6005,Upon receipt of Command the cFE shall write the contents of the Table Registry to a file.,"The Table Registry will provide a list of the Tables currently registered, their attributes (double or single-buffered, dump-only, etc), a history of what files were last loaded into the Active Table Images, what time the load occurred and whether the image has been modified via Partial Table Load." +TBL: Write Table Registry To File - Default File Name,cTBL6005.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event that a user does not want to specify one. +TBL: Table Registry Message,cTBL6006,Upon receipt of Command the cFE shall telemeter the contents of the Table Registry associated with a Command specified Table.,"Operations personnel may wish to see the attributes (double or single-buffered, dump-only, etc), a history of what file(s) was/were last loaded into the Active Table Image, what time the load(s) occurred, etc." +TBL: NOOP Event,cTBL6007,Upon receipt of Command the cFE shall generate a NO-OP event message.,This command is useful as a general sub-system aliveness test. +TBL: Zero Counters,cTBL6008,"Upon receipt of Command the cFE shall set the following counters reported in telemetry to zero: + +- Valid Command Counter +- Invalid Command Counter +- Number of Validation Requests +- Number of successful Table Validations +- Number of Unsuccessful Validations +- Number of Completed Validations",This command is a common feature in heritage sub-system software design. +TBL: Valid Command Counter,cTBL6009,"Upon receipt of valid command, the cFE shall increment the valid command counter.",The ground needs the capability to verify that the command was received a accepted by the cFE. Details of valid commands are documented in the cFE User's Guide. +TBL: Invalid Command Counter,cTBL6010,"Upon receipt of an invalid command, the cFE shall in increment the invalid command counter.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE User's Guide. TBL: Housekeeping Message,cTBL6011,"The cFE shall provide the following Table Service data items in telemetry (SB Messages): - Valid Command Counter @@ -402,28 +412,26 @@ TBL: Housekeeping Message,cTBL6011,"The cFE shall provide the following Table Se - Commanded Table Verification Function Result - Number of unused Shared Buffers - Table Name of Last Table Load", +TBL: Abort Load,cTBL6012,"Upon receipt of Command the cFE shall abort the loading of the specified Table. +","The ground needs a way to clear the inactive buffer of all loads in the event, for example, that erroneous values were loaded to the table by the ground. Note that once a table is activated, it cannot be aborted (significant for double-buffer tables)." +TBL: Abort Load - Release Shared Buffer,cTBL6012.1,"If the Table buffering characteristics for the specified Table indicate that it is a Single-buffered Table, then the allocated shared buffer shall be released.",The shared buffer being used for this table load should be placed back into the pool of available shared buffers. +TBL: Abort Load - Mark Inactive Buffer Uninitialized,cTBL6012.2,"If the Table buffering characteristics for the specified Table indicate that it is a Double-buffered table, then the inactive buffer shall be marked as uninitialized.",Need to make sure that the table image gets re-initialized with the contents of the active buffer prior to a subsequent load after an abort command is sent (see cTBL6000.4) +TBL: Abort Load - No Loads Pending,cTBL6012.3,The Table Registry shall indicate that there are no loads pending for the specified Table.,Status of the table needs to updated to reflect that. +TBL: Create,cTBL6300,"Upon receipt of Request, the cFE shall create a zero filled Table Image with the Request specified name, size, buffering characteristics (single or double-buffer), dump-only characteristics, criticality and Table Validation Function address.","Supports the cFE's dynamic Application model. Tables will be able to be either single or double-buffered. Double-buffering will allow instantaneous updates from the Application's point of view and will be useful for interrupt service routines, etc. However, double-buffering will consume more memory resources. The Table Validation Function is optionally provided by the Application and is called when a Command to Validate the table is made. Note that a zero filled image will not be created if the Application specifies an address for the dump-only table (see cTBL6300.1)." +TBL: Create - App Supplied Address For Dump Only,cTBL6300.1,The cFE shall allow an Application to specify an address as the one and only buffer for a dump-only Table.,"Heritage code allowed for dump only tables to come from an address instead of a true table. In this case, table services does not allocate any memory for the dump only table. This is referred to an an Application-Defined-Address-Table." +TBL: Free App Resources,cTBL6301,"Upon receipt of Request, the cFE shall free the resources associated the Request specified Application.","When an Application exits prematurely, the cFE requires a mechanism to free resources allocated to that Application." TBL: Initialize Contents,cTBL6302,"Upon receipt of Request, the cFE shall initialize the contents of the Request specified Table Image with the contents of the Request specified File.",Supports the cFE's dynamic Application model. TBL: Initialize Contents - Greater Than Max Size,cTBL6302.1,"If the Request specified File contains more data than the size of the Request specified Table, the Table Image will not be initialized and an Event Message shall be generated.","If a File contains more data than memory allows, there is a high likelihood that the Application is expecting the data to be in a different format. Additionally, the cFE would not know whether to throw out the last part or the first part of the data." TBL: Initialize Contents - Partial,cTBL6302.2,"If the Request specified File contains less data than the size of the Request specified Table, the first portion of the Table Image will be initialized with the contents of the File and an Event Message shall be generated.",Some tables may allocate more space than is necessary at all times. The Event Message will serve as a warning but not prevent the initialization of the Table. -TBL: Invalid Command Counter,cTBL6010,"Upon receipt of an invalid command, the cFE shall in increment the invalid command counter.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE User's Guide. -TBL: Load Inactive Table From File,cTBL6000,Upon receipt of Command the cFE shall load an Inactive Table Image with the contents of the Command specified File.,Loading from a file allows for multiple versions of a table to be stored on board and loaded to the active table when appropriate. The file header will identify the Table that the file contents are for. -TBL: Load Inactive Table From File - Dump Only,cTBL6000.5,If the specified table is defined as Dump Only then the command shall be rejected and an event message be generated.,Dump only tables cant be loaded. -TBL: Load Inactive Table From File - Greater Than Max Size,cTBL6000.2,If the number of data bytes contained in the file is greater than the maximum size of the table then the load shall be aborted and an event message shall be generated.,This is a sanity check to make sure that the ground generated table load does not include more data than a table can handle. -TBL: Load Inactive Table From File - Header Size Mismatch,cTBL6000.3,If the number of bytes specified in the file's header is not equal to the number of data bytes contained in the file then the load shall be aborted and an event message be generated.,This is another sanity check to make sure that the number of bytes specified in the file header is equal to the number of data bytes in the file. -TBL: Load Inactive Table From File - Multiple Partial Loads,cTBL6000.4,The Inactive Table Image shall only be loaded with the contents of the Active Table if the Inactive Table Image has not been initialized.,Want to be able to perform successive partial table loads. The first partial load of a table requires that the inactive table image be initialized with the active table image (see cTBL6000.2). Any subsequent loads should be made with the existing contents of the Inactive Buffer. -TBL: Load Inactive Table From File - Partial Load,cTBL6000.1,"If the Command specified file's header indicates that the file contains only a portion of the Table, the cFE shall first load an Inactive Table Image with the contents of the Active Table Image and then load the contents of the Command specified File.","A Partial Table load capability is useful when dealing with large Tables. It helps to ensure that additional parameters are not unintentionally modified, reduces command time required to perform a Table update and is a feature that has been used on previous missions." -TBL: Maximum Simultaneous Loads and Dumps,cTBL6701,"The cFE shall support Single-Buffer Table Loads and Application-Defined-Address-Table dumps simultaneously. ","It is desirable to allow for Tables to be modified by ground command while other Tables are be being modified autonomously by on board software (i.e. stored command processor, etc). This limit represents the total supported for the combined number of Single-Buffer and Application-Defined-Address-Table Tables being loaded." -TBL: Maximum Tables,cTBL6700,"The cFE shall support `` Tables.",Each mission's processor card memory capacities will dictate what is reasonable. -TBL: NOOP Event,cTBL6007,Upon receipt of Command the cFE shall generate a NO-OP event message.,This command is useful as a general sub-system aliveness test. -TBL: Pending Action Status,cTBL6310,"Upon receipt of Request the cFE shall indicate if the specified table has a validation, update, or dump pending.","Applications must periodically check to see if they need to perform updates, validations or dumps." +TBL: Provide ID,cTBL6303,"Upon receipt of Request, the cFE shall provide the calling Application with a unique identifier of an existing Table Image.",Some Applications will not want to create a Table but obtain a handle to one that is created by another Application. +TBL: Free Table Resources,cTBL6304,"Upon receipt of Request, the cFE shall free resources allocated for the Request specified Table.",Supports the cFE's dynamic Application model. TBL: Provide Data Address,cTBL6305,"Upon receipt of Request, the cFE shall provide the calling Application with the address of the Request specified Table data.",The Table Service 'owns' all Tables and Applications must ask for the current address of the data because the Table Service may move the Table as updates are made. TBL: Provide Data Address - Lock Contents,cTBL6305.1,"Upon providing a calling Application with the address of a Table's data, the cFE shall lock the contents of the Table to prevent modification.","The Table Service must wait for an Application to be done with the contents of the Table before considering modifying its contents. This ensures data integrity while the Application accesses the Table contents. More than one Application can access a Table. Therefore, a reference count will be necessary to ensure that all access is complete before a Table can be modified. " TBL: Provide Data Address - Modified Notification,cTBL6305.2,"If a Table has been modified since the last Table address request, the cFE shall notify the calling Application that the Table has been modified.",An Application may need to know when the contents of a Table have been updated. -TBL: Provide Data Addresses,cTBL6311,"Upon receipt of Request, the cFE shall provide the calling Application with the addresses of the data for the tables requested if more than one table is needed.",Applications may need to work with more than one table at a time. -TBL: Provide Data Addresses - Lock Contents,cTBL6311.1,"Upon providing a calling Application with the addresses of a Tables' data, the cFE shall lock the contents of the Tables to prevent modification.",The Table Service must wait for an Application to be done with the contents of the Table before considering modifying its contents. This ensures data integrity while the Application accesses the Table contents. -TBL: Provide Data Addresses - Modified Notification,cTBL6311.2,"If at least one Table has been modified since the last Table addresses request, the cFE shall notify the calling Application that a Table has been modified.","An Application may need to know when the contents of a Tables has been updated; the Application just won't know which one." -TBL: Provide ID,cTBL6303,"Upon receipt of Request, the cFE shall provide the calling Application with a unique identifier of an existing Table Image.",Some Applications will not want to create a Table but obtain a handle to one that is created by another Application. +TBL: Unlock,cTBL6306,"Upon receipt of Request, the cFE shall unlock the contents of the Request specified Table.","The Table Service must wait for an Application to be done with the contents of the Table before considering modifying its contents. This ensures data integrity while the Application accesses the Table contents. More than one Application can access a Table. Therefore, a reference count will be necessary to ensure that all access is complete before a Table can be modified." +TBL: Update With Pending Load,cTBL6308,"Upon receipt of Request, the cFE shall update the request specified Table if a load is pending and it is unlocked.",This gives control to the Application as to when the table update occurs. +TB: Update With Pending Load - Locked,cTBL6308.1,"If a Table is locked when an update Request is made, an appropriate error code shall be returned to the calling Application and the update shall not occur.",The Application should be made aware that the table is not being updated because it is locked. TBL: Provide Table Info,cTBL6309,"Upon receipt of Request, the cFE shall provide the following information to the calling Application for the specified Table: - Size of the table @@ -435,53 +443,55 @@ TBL: Provide Table Info,cTBL6309,"Upon receipt of Request, the cFE shall provide - Flag indicating if the Table is dump only - Flag indicating if the Table has a dedicated buffer - Flag indicating if the table is maintained in the Critical Data Store",Applications such as Checksum need to obtain info such as size of the table. The API is a more generic solution. -TBL: Table Registry Message,cTBL6006,Upon receipt of Command the cFE shall telemeter the contents of the Table Registry associated with a Command specified Table.,"Operations personnel may wish to see the attributes (double or single-buffered, dump-only, etc), a history of what file(s) was/were last loaded into the Active Table Image, what time the load(s) occurred, etc." -TBL: Unlock,cTBL6306,"Upon receipt of Request, the cFE shall unlock the contents of the Request specified Table.","The Table Service must wait for an Application to be done with the contents of the Table before considering modifying its contents. This ensures data integrity while the Application accesses the Table contents. More than one Application can access a Table. Therefore, a reference count will be necessary to ensure that all access is complete before a Table can be modified." +TBL: Pending Action Status,cTBL6310,"Upon receipt of Request the cFE shall indicate if the specified table has a validation, update, or dump pending.","Applications must periodically check to see if they need to perform updates, validations or dumps." +TBL: Provide Data Addresses,cTBL6311,"Upon receipt of Request, the cFE shall provide the calling Application with the addresses of the data for the tables requested if more than one table is needed.",Applications may need to work with more than one table at a time. +TBL: Provide Data Addresses - Lock Contents,cTBL6311.1,"Upon providing a calling Application with the addresses of a Tables' data, the cFE shall lock the contents of the Tables to prevent modification.",The Table Service must wait for an Application to be done with the contents of the Table before considering modifying its contents. This ensures data integrity while the Application accesses the Table contents. +TBL: Provide Data Addresses - Modified Notification,cTBL6311.2,"If at least one Table has been modified since the last Table addresses request, the cFE shall notify the calling Application that a Table has been modified.","An Application may need to know when the contents of a Tables has been updated; the Application just won't know which one." TBL: Unlocks,cTBL6312,"Upon receipt of Request, the cFE shall unlock the contents of the Request specified Tables.",Applications may need to work with more than one table at a time. -TBL: Update With Pending Load,cTBL6308,"Upon receipt of Request, the cFE shall update the request specified Table if a load is pending and it is unlocked.",This gives control to the Application as to when the table update occurs. -TBL: Valid Command Counter,cTBL6009,"Upon receipt of valid command, the cFE shall increment the valid command counter.",The ground needs the capability to verify that the command was received a accepted by the cFE. Details of valid commands are documented in the cFE User's Guide. -TBL: Validate,cTBL6002,Upon receipt of Command the cFE shall determine the validity of the contents of either the Active or Inactive Table Image of the Command specified Table.,"Operations needs to verify the contents of an Inactive Table before committing it. Similarly, operations personnel may need to re-validate or identify the contents of an Active Table." -TBL: Validate - App Content,cTBL6002.2,The cFE shall Request an Application to validate the contents of either the Active or Inactive Table Image of the Command specified Table and report the result in telemetry.,A Table Validation function provided by the Application can verify that the data content of a Table are reasonable. -TBL: Validate - Compute Data Integrity Check Value,cTBL6002.1,The cFE shall compute a Data Integrity Check Value on the contents of either the Active or Inactive Table Image of the Command specified Table and report the result in telemetry.,A Data Integrity Check Value can provide a quick method of validating the proper contents of a Table without performing a Table Dump and Comparison. -TBL: Write Table Registry To File,cTBL6005,Upon receipt of Command the cFE shall write the contents of the Table Registry to a file.,"The Table Registry will provide a list of the Tables currently registered, their attributes (double or single-buffered, dump-only, etc), a history of what files were last loaded into the Active Table Images, what time the load occurred and whether the image has been modified via Partial Table Load." -TBL: Write Table Registry To File - Default File Name,cTBL6005.1,"If a file is not specified, the cFE shall use the `` filename.",Want to provide a default in the event that a user does not want to specify one. -TBL: Zero Counters,cTBL6008,"Upon receipt of Command the cFE shall set the following counters reported in telemetry to zero: - -- Valid Command Counter -- Invalid Command Counter -- Number of Validation Requests -- Number of successful Table Validations -- Number of Unsuccessful Validations -- Number of Completed Validations",This command is a common feature in heritage sub-system software design. -TIME: Add To Spacecraft Time,cTIME2013,Upon receipt of Command the cFE shall adjust the spacecraft time by adding the Command specified value (seconds and subseconds) to spacecraft time.,"The client’s local clock might be running a little behind the tone, therefore, an adjustment needs to be made to the time client’s time calculation." -TIME: Add Values,cTIME2309,"Upon receipt of a Request to add two time values, the cFE shall provide the result to the requester using the format specified in the cFE Application Developer's Guide.",Need to provide a common time addition function available to applications. -TIME: Adjust STCF,cTIME2008,Upon receipt of Command the cFE shall make a one time delta adjustment to the STCF by the Command-specified value.,"It is common to set the clock as a delta adjustment from the current time value. The commanded value is signed so a positive or negative adjustment may be made. Note, there's no need for a command to apply a 'large' adjustment over a command-spec." -TIME: CDS Elements,cTIME2700,"During normal operation, the cFE shall preserve the following time elements in the `` Critical Data Store: +TBL: Free Resources On Power On Reset,cTBL6500,Upon a Power-on Reset all Table resources shall be freed.,The Table Service cannot assume the contents of any Table is legitimate after a reset. +TBL: Free Resources On Processor Reset,cTBL6501,Upon a Processor Reset all Table resources shall be freed.,The Table Service cannot assume the contents of any Table is legitimate after a reset. +TBL: Free Resources On Processor Reset - Preserve Critical,cTBL6501.1,If the Table is a critical table then the contents of the Table shall be preserved.,Goal of a processor reset is preserve certain data to facilitate recovery. +TBL: Maximum Tables,cTBL6700,"The cFE shall support `` Tables.",Each mission's processor card memory capacities will dictate what is reasonable. +TBL: Maximum Simultaneous Loads and Dumps,cTBL6701,"The cFE shall support Single-Buffer Table Loads and Application-Defined-Address-Table dumps simultaneously. ","It is desirable to allow for Tables to be modified by ground command while other Tables are be being modified autonomously by on board software (i.e. stored command processor, etc). This limit represents the total supported for the combined number of Single-Buffer and Application-Defined-Address-Table Tables being loaded." +TIME: Housekeeping Message,cTIME2000,"Upon receipt of Command the cFE shall generate a Software Bus message that includes the following items: -- Time Status Data +- Time Status +- MET - STCF - Leap Seconds -- MET",Time is a critical system resource and every effort should be made to preserve it. Preserving time allows applications to 'fly through' resets. -TIME: Compare Values,cTIME2311,"Upon receipt of a Request to compare two time values, the cFE shall provide the result to the requester using the format specified in the cFE Application Developer's Guide.",Need to provide a common time comparison function available to applications. +- STCF continuous adjustment value.",It is common for sub-systems to report housekeeping status upon receipt of a housekeeping request command. +TIME: NOOP Event,cTIME2001,Upon receipt of Command the cFE shall generate a NO-OP event message. (Time Server and Time Client),This command is useful as a general sub-system aliveness test. +TIME: Zero Counters,cTIME2002,Upon receipt of Command the cFE shall set to zero all counters reported in Time Services telemetry. (Time Server and Time Client),This command is a common feature in heritage sub-system software design. +TIME: Valid Command Counter,cTIME2003,"Upon receipt of valid command, the cFE shall increment the valid command counter.",The ground needs the capability to verify that the command was received and accepted by the cFE. Details of valid commands are documented in the cFE User's Guide. +TIME: Invalid Command Counter,cTIME2004,"Upon receipt of an invalid command, the cFE shall in increment the invalid command counter.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE User's Guide. +TIME: Set Leap Seconds,cTIME2005,Upon receipt of Command the cFE shall set the number of Leap Seconds to the Command-specified value.,The decision to introduce a leap second in UTC is the responsibility of the International Earth Rotation Service (IERS). The count of Leap Seconds has been incremented about every 500 days since 1972. It is therefore likely that a mission will need to update. +TIME: Set STCF,cTIME2006,Upon receipt of Command the cFE shall set the STCF to the Command specified value.,"The cFE must be provided with the appropriate correlation factor, that when combined with the current MET and Leap Seconds values, will result in current time. Historically this command has been referred to as 'jam loading' time." TIME: Compute STCF,cTIME2007,Upon receipt of Command the cFE shall compute a new value for STCF using the Command-specified value as current time.,"This command provides a useful alternative to setting the STCF explicitly, as the command does not require knowledge of the current MET value. If the default time format is TAI then the new value for STCF is the Command-specified time value less MET." -TIME: Convert Micro-Seconds To Sub-Seconds,cTIME2313,"Upon receipt of a Request to convert a number of micro-seconds to sub-seconds, the cFE shall provide the result to the requester.",Need to provide the inverse of the previous function. -TIME: Convert Sub-Seconds To Micro-Seconds,cTIME2312,"Upon receipt of a Request to convert a cFE sub-seconds value to micro-seconds, the cFE shall provide the result to the requester.",Converting elapsed time from sub-seconds to micro-seconds is a commonly used conversion utility. +TIME: Adjust STCF,cTIME2008,Upon receipt of Command the cFE shall make a one time delta adjustment to the STCF by the Command-specified value.,"It is common to set the clock as a delta adjustment from the current time value. The commanded value is signed so a positive or negative adjustment may be made. Note, there's no need for a command to apply a 'large' adjustment over a command-spec." TIME: Delta Adjust STCF,cTIME2009,Upon receipt of Command the cFE shall make a continuous 1Hz delta adjustment to the STCF by the Command-specified value.,"Upon receipt of a Command to make a 'continuous' adjustment to the STCF, the cFE shall adjust the STCF each second by the Command-specified value. The commanded value is signed so a positive or negative adjustment may be made." +TIME: Switch Source,cTIME2010,`` Upon receipt of Command the cFE shall switch to the Command-specified hardware clock source.,This command is extremely hardware configuration dependent. The number and nature of alternate clocks will vary by system. Many system designs provide primary and redundant clock sources (tone signals) and require autonomous clock switching based on failure. TIME: Diagnostic Message,cTIME2011,Upon receipt of Command the cFE shall generate a Software Bus message that includes time diagnostic information.,"When testing or debugging the time application, more details about time services are required." TIME: Flywheel State,cTIME2012,Upon receipt of Command the cFE Time Services shall enter the Flywheel state.,Useful for testing. This provides an easy way to cause the server or client to enter flywheeling mode so that local time calculations can be verified. Also useful for testing the server/client time relations. TIME: Flywheel State - Ignore Updates,cTIME2012.1,The cFE shall ignore Time Updates while in Flywheel state.,"Again, this is used mainly for testing purposes. Want to ignore time updates and update time using the local hardware clock." -TIME: Housekeeping Message,cTIME2000,"Upon receipt of Command the cFE shall generate a Software Bus message that includes the following items: - -- Time Status -- MET -- STCF -- Leap Seconds -- STCF continuous adjustment value.",It is common for sub-systems to report housekeeping status upon receipt of a housekeeping request command. -TIME: Invalid Command Counter,cTIME2004,"Upon receipt of an invalid command, the cFE shall in increment the invalid command counter.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE User's Guide. -TIME: MET Resolution,cTIME2703,The cFE shall define a MET with a `` resolution.,"The resolution (clock ticks per second) is hardware dependent. Since no other cFE component places any constraints on the resolution this requirement is not bounded with a minimum. However, both the maximum number of MET seconds and the resolution of sub-seconds are both restricted to a value that can be stored as an unsigned 32 bit integer." -TIME: NOOP Event,cTIME2001,Upon receipt of Command the cFE shall generate a NO-OP event message. (Time Server and Time Client),This command is useful as a general sub-system aliveness test. +TIME: Add To Spacecraft Time,cTIME2013,Upon receipt of Command the cFE shall adjust the spacecraft time by adding the Command specified value (seconds and subseconds) to spacecraft time.,"The client’s local clock might be running a little behind the tone, therefore, an adjustment needs to be made to the time client’s time calculation." +TIME: Subtract From Spacecraft Time,cTIME2014,Upon receipt of Command the cFE shall adjust the spacecraft time by subtracting the Command specified value (seconds and subseconds) from spacecraft time.,"The client’s local clock might be running a little ahead the tone, therefore, an adjustment needs to be made to the time client’s time calculation." +TIME: Provide TAI,cTIME2300,"Upon receipt of a Request for the current time computed as TAI, the cFE shall provide the TAI to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the TAI available to applications. +TIME: Provide UTC,cTIME2301,"Upon receipt of a Request for the current time computed as UTC, the cFE shall provide the UTC to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the UTC available to applications. +TIME: Provide Default,cTIME2302,"Upon receipt of a Request for the current time computed in the default format, the cFE shall provide the current time computed in the default selection of UTC or TAI to the requester using the format specified in the cFE Application Developer's Guide.",One of the mission defined selections is the choice of whether TAI or UTC will be the default time format. And most callers do not care which time format is the current default. This function avoids having to modify each individual caller when the default is requested. +TIME: Provide MET,cTIME2303,"Upon receipt of a Request for the current MET, the cFE shall provide the MET to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the MET available to applications. +TIME: Provide MET Seconds,cTIME2304,"Upon receipt of a Request for the current MET seconds, the cFE shall provide the MET seconds to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the MET seconds available to applications. This capability simplifies application logic. +TIME: Provide MET Sub-Seconds,cTIME2305,"Upon receipt of a Request for the current MET sub-seconds, the cFE shall provide the MET sub-seconds to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the MET sub-seconds available to applications. This capability simplifies application logic. +TIME: Provide STCF,cTIME2306,"Upon receipt of a Request for the current STCF, the cFE shall provide the STCF to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the STCF available to applications. +TIME: Provide Leap Seconds,cTIME2307,"Upon receipt of a Request for the current Leap Seconds, the cFE shall provide the Leap Seconds to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the Leap Seconds available to applications. +TIME: Provide Clock State,cTIME2308,"Upon receipt of a Request for the current Clock State, the cFE shall provide the Clock State to the requester using the format specified in the cFE Application Developer's Guide.","Need to make the Clock State available to applications. Due to lack of a demonstrable use case, the requirement to provide clock state data as part of 'get time' functions has been deleted." +TIME: Add Values,cTIME2309,"Upon receipt of a Request to add two time values, the cFE shall provide the result to the requester using the format specified in the cFE Application Developer's Guide.",Need to provide a common time addition function available to applications. +TIME: Subtract Values,cTIME2310,"Upon receipt of a Request to subtract two time values, the cFE shall provide the result to the requester using the format specified in the cFE Application Developer's Guide.",Need to provide a common time subtraction function available to applications. +TIME: Compare Values,cTIME2311,"Upon receipt of a Request to compare two time values, the cFE shall provide the result to the requester using the format specified in the cFE Application Developer's Guide.",Need to provide a common time comparison function available to applications. +TIME: Convert Sub-Seconds To Micro-Seconds,cTIME2312,"Upon receipt of a Request to convert a cFE sub-seconds value to micro-seconds, the cFE shall provide the result to the requester.",Converting elapsed time from sub-seconds to micro-seconds is a commonly used conversion utility. +TIME: Convert Micro-Seconds To Sub-Seconds,cTIME2313,"Upon receipt of a Request to convert a number of micro-seconds to sub-seconds, the cFE shall provide the result to the requester.",Need to provide the inverse of the previous function. +TIME: Provide Readable Format,cTIME2314,Upon receipt of a Request the cFE shall return the provided system time in the following format: `yyyy-ddd-hh:mm:ss.xxxxx\0`,Provides time in a readable string format. TIME: Power On Reset Default Values,cTIME2500,"Upon a Power-on Reset the cFE shall set the following time elements to their `` default values: - Time Status Data @@ -494,22 +504,12 @@ TIME: Processor Reset CDS Values,cTIME2501,"Upon a Processor Reset the cFE shall - Leap Seconds","Time is a critical system resource and every effort should be made to preserve it. Following a processor reset, the presumption is that the MET h/w register is unaffected and that previously 'good' values for STCF and Leap Seconds can still be used to correct." TIME: Processor Reset Verify CDS,cTIME2502,Upon a Processor Reset the cFE shall verify the Critical Data Store used to store time values.,"Verification of potentially damaged stored data is a standard practice. Note that because time can be any value, verification potentially involves using a pattern." TIME: Processor Reset Verify CDS - Initialize On Failure,cTIME2502.1,"If the critical data store is not valid, all of the time elements shall be initialized in the same fashion as following a power-on reset.",If the CDS can't be trusted then need to initialize to default values. -TIME: Provide Clock State,cTIME2308,"Upon receipt of a Request for the current Clock State, the cFE shall provide the Clock State to the requester using the format specified in the cFE Application Developer's Guide.","Need to make the Clock State available to applications. Due to lack of a demonstrable use case, the requirement to provide clock state data as part of 'get time' functions has been deleted." -TIME: Provide Default,cTIME2302,"Upon receipt of a Request for the current time computed in the default format, the cFE shall provide the current time computed in the default selection of UTC or TAI to the requester using the format specified in the cFE Application Developer's Guide.",One of the mission defined selections is the choice of whether TAI or UTC will be the default time format. And most callers do not care which time format is the current default. This function avoids having to modify each individual caller when the default is requested. -TIME: Provide Leap Seconds,cTIME2307,"Upon receipt of a Request for the current Leap Seconds, the cFE shall provide the Leap Seconds to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the Leap Seconds available to applications. -TIME: Provide MET,cTIME2303,"Upon receipt of a Request for the current MET, the cFE shall provide the MET to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the MET available to applications. -TIME: Provide MET Seconds,cTIME2304,"Upon receipt of a Request for the current MET seconds, the cFE shall provide the MET seconds to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the MET seconds available to applications. This capability simplifies application logic. -TIME: Provide MET Sub-Seconds,cTIME2305,"Upon receipt of a Request for the current MET sub-seconds, the cFE shall provide the MET sub-seconds to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the MET sub-seconds available to applications. This capability simplifies application logic. -TIME: Provide Readable Format,cTIME2314,Upon receipt of a Request the cFE shall return the provided system time in the following format: `yyyy-ddd-hh:mm:ss.xxxxx\0`,Provides time in a readable string format. -TIME: Provide STCF,cTIME2306,"Upon receipt of a Request for the current STCF, the cFE shall provide the STCF to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the STCF available to applications. -TIME: Provide TAI,cTIME2300,"Upon receipt of a Request for the current time computed as TAI, the cFE shall provide the TAI to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the TAI available to applications. -TIME: Provide UTC,cTIME2301,"Upon receipt of a Request for the current time computed as UTC, the cFE shall provide the UTC to the requester using the format specified in the cFE Application Developer's Guide.",Need to make the UTC available to applications. -TIME: Set Leap Seconds,cTIME2005,Upon receipt of Command the cFE shall set the number of Leap Seconds to the Command-specified value.,The decision to introduce a leap second in UTC is the responsibility of the International Earth Rotation Service (IERS). The count of Leap Seconds has been incremented about every 500 days since 1972. It is therefore likely that a mission will need to update. -TIME: Set STCF,cTIME2006,Upon receipt of Command the cFE shall set the STCF to the Command specified value.,"The cFE must be provided with the appropriate correlation factor, that when combined with the current MET and Leap Seconds values, will result in current time. Historically this command has been referred to as 'jam loading' time." -TIME: Subtract From Spacecraft Time,cTIME2014,Upon receipt of Command the cFE shall adjust the spacecraft time by subtracting the Command specified value (seconds and subseconds) from spacecraft time.,"The client’s local clock might be running a little ahead the tone, therefore, an adjustment needs to be made to the time client’s time calculation." -TIME: Subtract Values,cTIME2310,"Upon receipt of a Request to subtract two time values, the cFE shall provide the result to the requester using the format specified in the cFE Application Developer's Guide.",Need to provide a common time subtraction function available to applications. -TIME: Switch Source,cTIME2010,`` Upon receipt of Command the cFE shall switch to the Command-specified hardware clock source.,This command is extremely hardware configuration dependent. The number and nature of alternate clocks will vary by system. Many system designs provide primary and redundant clock sources (tone signals) and require autonomous clock switching based on failure. +TIME: CDS Elements,cTIME2700,"During normal operation, the cFE shall preserve the following time elements in the `` Critical Data Store: + +- Time Status Data +- STCF +- Leap Seconds +- MET",Time is a critical system resource and every effort should be made to preserve it. Preserving time allows applications to 'fly through' resets. TIME: Time At Tone Window,cTIME2701,The cFE Time Services Server shall send a time at the tone Software Bus message within a `` period of time preceding or following the tone.,"The primary purpose of a time server is to distribute time updates to time clients. Although the time tone is generally a 1PPS signal, there is no cFE restriction on the frequency of the tone. Also, there is no cFE restriction on whether the ""time at the tone"" message precedes or follows the tone." TIME: Update MET,cTIME2702,The cFE Time Services Server shall update its MET using the timer hardware interface defined in the cFE Application Developer's Guide.,Every mission needs an MET and using a cFE-defined software interface to the timer hardware driver makes the Time Services portable. -TIME: Valid Command Counter,cTIME2003,"Upon receipt of valid command, the cFE shall increment the valid command counter.",The ground needs the capability to verify that the command was received and accepted by the cFE. Details of valid commands are documented in the cFE User's Guide. -TIME: Zero Counters,cTIME2002,Upon receipt of Command the cFE shall set to zero all counters reported in Time Services telemetry. (Time Server and Time Client),This command is a common feature in heritage sub-system software design. +TIME: MET Resolution,cTIME2703,The cFE shall define a MET with a `` resolution.,"The resolution (clock ticks per second) is hardware dependent. Since no other cFE component places any constraints on the resolution this requirement is not bounded with a minimum. However, both the maximum number of MET seconds and the resolution of sub-seconds are both restricted to a value that can be stored as an unsigned 32 bit integer." From 6c787b1fb5ce4b74214fdaecb02e00857276538f Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Tue, 11 Feb 2020 16:56:55 -0500 Subject: [PATCH 3/3] Fix #509, ES Requirements Scrub --- docs/cFE_FunctionalRequirements.csv | 56 +++++++++++++++-------------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/docs/cFE_FunctionalRequirements.csv b/docs/cFE_FunctionalRequirements.csv index 8f51f28e7..8928a9b6a 100644 --- a/docs/cFE_FunctionalRequirements.csv +++ b/docs/cFE_FunctionalRequirements.csv @@ -1,5 +1,5 @@ Summary,Custom field (Requirement ID),Description,Custom field (Requirement Rationale) -ES: Housekeeping Message,cES1000,"Upon receipt of a Command, the cFE shall generate a Software Bus message that includes the following items: +ES: Housekeeping Message,cES1000,"The cFE shall provide the following Executive Services items in a housekeeping message: - Number of Registered Applications - Number of Registered Child Tasks @@ -14,7 +14,7 @@ ES: Housekeeping Message,cES1000,"Upon receipt of a Command, the cFE shall gener - Maximum Number of Processor Resets before a Power On Reset - Boot Source - ES Valid Command Counter -- ES Invalid Command Counter",It is common for sub-systems to report housekeeping status upon receipt of a housekeeping request command. +- ES Invalid Command Counter",Periodically report housekeeping telemetry for system awareness and management. ES: NOOP Event,cES1001,"Upon receipt of a Command, the cFE shall generate a NO-OP event message.",This command is useful as a general sub-system aliveness test. ES: Valid Command Counter,cES1002,"Upon receipt of a valid Command, the cFE shall increment a valid Command counter.",The ground needs the capability to verify that the command was received and accepted by the cFE. Details of valid commands are documented in the cFE Application Developer's Guide and the cFE User's Guide. ES: Invalid Command Counter,cES1003,"Upon receipt of an invalid Command, the cFE shall increment the invalid Command counter and generate an event message.",The ground needs an indicator if a command is rejected by the cFE. Details of what makes a command invalid are documented in the cFE Application Developer's Guide and the cFE User's Guide. @@ -36,14 +36,14 @@ ES: Delete Application,cES1006,"Upon receipt of a Command, the cFE shall delete ES: Delete Application - Reject Undefined,cES1006.1,"If the specified Application is undefined then the cFE shall reject the Command, increment the invalid command counter and generate an event message.",Can't delete an undefined application. ES: Restart Application,cES1007,"Upon receipt of a Command, the cFE shall Restart the Command specified Application.","Need to be able to restart an Application. A restart involves deleting it (cleaning up) and then starting it again. This is similar to starting the cFE Application from a file system. When an Application is restarted, the only command parameter required is the application name. All other parameters including the filename are the same as the original cFE Application Create command. The restart is intended for error recovery such as an exception, and should not be used to start a new version of an Application. If a Critical Data Store Area is allocated for the Application, it is preserved, and the Application may re-connect to the Critical Data Store Area when it is running again." ES: Restart Application - Reject Undefined,cES1007.1,"If the Command specified Application is undefined then the cFE shall reject the Command, increment the invalid Command counter and generate an event message.",Can't restart an undefined application. -ES: Restart Application - Reject On Missing File,cES1007.2,"If the original cFE Application file is not found then the cFE shall reject the Command, increment the invalid Command counter, and generate an event message.","Can't restart the Application if the original file has been removed. In this case, the Application will continue without a restart." +ES: Restart Application - Reject On Missing File,cES1007.2,"If the original cFE Application file is not found then the cFE shall reject the Command, increment the invalid Command counter, and generate an event message.","Can't restart the Application if the original file has been removed. The command is aborted during the attempt to load, after the application has been deleted." ES: Restart Application - Delete On Non-Parameter Error,cES1007.3,"If the cFE Application Restart fails due to a non-parameter error, then the cFE shall delete the Application, increment the invalid Command counter, and generate an event message.","If the Application is already stopped and there is an error restarting it, then the cFE application will be deleted." ES: Reload Application,cES1008,Upon receipt of a Command the cFE shall Reload the Command specified cFE Application from the Command specified cFE Application file.,"This command enables the ground to replace an Application with only one command. This is required for applications such as a Command Uplink Application, which must be replaced with one command. The specified cFE Application file may be from any valid cFE." ES: Reload Application - Reject Undefined,cES1008.1,"If the specified Application is undefined then the cFE shall reject the Command, increment the invalid Command counter and generate an event message.",Can't reload an undefined Application. ES: Reload Application - Reject On Missing File,cES1008.2,"If the specified cFE Application file does not exist then the cFE shall reject the command, increment the invalid Command counter, and generate an event message.",Can't reload the Application if the new file does not exist. ES: Reload Application - Delete On Non-Parameter Error,cES1008.3,"If the cFE Application Reload fails due to a non-parameter error, then the cFE shall delete the Application, increment the invalid Command counter, and generate an event message.","If the Application is already stopped and there is an error restarting it, then the cFE application will be deleted. Should the old Application be restarted? Need to be able to reset the cFE in the event that there is a critical problem. As a result of the Power On Reset, all code and data are re-initialized and the cFE is returned to a default power-on state. This reset is initiated through a common interface." ES: Power On Reset,cES1009,"Upon receipt of a Command, the cFE shall perform a Power On Reset of the Core Flight Executive.","On a flight processor or other embedded processor this command results in rebooting the processor board through the Boot Software. On a desktop system this command will result in the restarting of the cFE, but not the operating system. Note: If the cFE implementation includes more than one cFE core images, it is the responsibility of the Boot Software to select which cFE image is booted." -ES: Processor Reset,cES1010,"Upon receipt of a Command, the cFE shall perform a Processor Reset of the Core Flight Executive.","Need to be able to restart the cFE in the event that there is a problem with the Real Time OS or cFE Core software. Note that restarting the cFE will result in a restart of all of the cFE applications. In addition, a restart of the cFE will initialize the (TBD - missing text from pre 2011)." +ES: Processor Reset,cES1010,"Upon receipt of a Command, the cFE shall perform a Processor Reset of the Core Flight Executive.",Need to be able to restart the cFE in the event that there is a problem with the Real Time OS or cFE Core software. Note that restarting the cFE will result in a restart of all of the cFE applications. ES: Application Status Message,cES1011,"Upon receipt of a Command, the cFE shall generate a message that contains a summary of the Command specified Application's properties and state as defined in the Systems Resources Definition including: - cFE Application Name @@ -56,8 +56,6 @@ ES: Application Status Message,cES1011,"Upon receipt of a Command, the cFE shall - cFE Application Child Task Count","In order to support remote Application management then the Application's properties and current state need to be externally observable. Because the ground interface is with Applications rather than Tasks, Task information should be included as well." ES: Application Status Record To File,cES1012,"Upon receipt of a Command, the cFE shall generate a Command specified file that contains all properties and states of all cFE Applications that are defined in the Systems Resources Definition.",May want information about all applications and tasks defined in the Systems Resources Definition in order to diagnose a problem. ES: Application Status Record To File - Default Filename,cES1012.1,"If a file is not specified, the cFE shall use the `` filename.",Want to specify a default if the user does not want to specify a new filename. -ES: Pass String To Shell,cES1013,"Upon receipt of a Command, the cFE shall submit to the operating system shell, the string supplied as a parameter.","Having access to the operating system shell has proved invaluable during FSW development on missions such as JWST and Triana. Although it is available on-orbit, it is not intended to be used during normal operations." -ES: Pass String To Shell - Message Response,cES1013.1,"Upon execution of the operating system Command, the cFE shall generate one or more messages containing the ascii output generated by the operating system command.","This message will provide the ""output"" from the shell command to allow the implementation of a shell like interface to the cFE." ES: System Log,cES1014,The cFE shall maintain an Executive Services System Log which contains a series of ASCII text strings describing significant events or errors.,"Examples of ES System Log information includes: ""Created new cFE Application: StoredCommand.app"" or ""Could Not Create OS Queue"" or ""File not found error: /eebank1/StoredCommand.app"" This requirement states that the cFE needs to maintain this information. There is a separate requirement for the creation of a file to transfer the information to the ground. Note that the information can also be obtained with a raw memory read." ES: System Log - Timestamps,cES1014.1,Each entry in the Executive Services System Log shall be time tagged with the time that the event happened.,Need to be able to determine when the event occurred. ES: System Log - Calculate Usage,cES1014.2,"The cFE shall calculate the number of bytes used and number of entries in @@ -88,14 +86,13 @@ ES: Critical Data Store Write To File,cES1026,"Upon receipt of a Command, the cF 1. Critical Data Store Name 2. Size -3. Data Integrity Value",This provides a registry of the Critical Data Store. +3. Memory Handle +4. Table Flag",This provides a registry of the Critical Data Store. ES: Critical Data Store Delete,cES1027,"Upon receipt of a Command, the cFE shall delete the Command Specified Critical Data Store.","As part of an Application clean-up, want to clean-up the allocated resources." ES: System Log Mode,cES1028,"Upon receipt of Command, the cFE shall set the System Log Mode to the Command-specified mode, either overwrite or discard.","While in Overwrite Mode the oldest logged System message will be overwritten by the new System message when the System Log Full Flag is set to true. While in Discard Mode the new message will be discarded, preserving the contents of the full log." ES: Register Application,cES1300,"Upon receipt of a Request, the cFE shall register the calling cFE Application with the system.",cFE Applications must register with the cFE in order to allow the cFE to track the Application's resources. This function also allows the system to synchronize the application startup. The cFE Application will wait in this function until the cFE starts up. ES: Report Last Reset,cES1301,"Upon receipt of a Request, the cFE shall provide the type of last reset performed by the processor.",cFE Applications may perform processing that is specific to each reset type. ES: Report Last Reset - Types,cES1301.1,The reset types include: Power On Reset Processor Reset.,cFE Applications may perform processing that is specific to each reset type. -ES: Report Processor ID,cES1302,"Upon receipt of a Request, the cFE shall provide the Processor ID on which the Request was made.","Need to determine the Processor ID. This feature is useful in missions with multiple processors, or to help distinguish prototype vs. flight processor features." -ES: Report Spacecraft ID,cES1303,"Upon receipt of a Request, the cFE shall provide the Spacecraft ID on which the Request was made.","Need to determine the Spacecraft ID. This feature is useful in missions with multiple Spacecraft, or Spacecraft with multiple processors." ES: Report Application ID,cES1304,"Upon receipt of a Request, the cFE shall provide the cFE Application ID of the calling cFE Application.",A cFE Application needs to determine its own Application ID. ES: Report Task and Application Name,cES1305,"Upon receipt of a Request, the cFE shall provide the cFE Task Name and cFE Application Name which corresponds to the specified cFE Task ID.",The command will provide a way to find the cFE Task Name and the parent cFE Application name from any cFE Application or Child task. ES: Report Application ID,cES1306,"Upon receipt of a Request, the cFE shall provide the cFE Application ID which corresponds to the specified cFE Application Name.",The Executive Services will assign an Application ID. The Application Name is specified when the cFE Application is created. This Request will provide a way to determine the cFE Application ID when the pre-determined Application Name is passed in. @@ -118,14 +115,14 @@ ES: Reserve Critical Data Store,cES1315,"Upon receipt of a Request, the cFE shal ES: Reserve Critical Data Store - Size Change,cES1315.1,"If a Critical Data Store exists for the Request specified name but has a different size than what is specified in the Request, the cFE shall remove the existing Critical Data Store and create a new one using the Request specified name and size.",Assumes that if the sizes don't match then something has changed and the CDS can't be trusted. ES: Reserve Critical Data Store - Invalid Data Integrity,cES1315.2,"If a Critical Data Store exists for the Request specified name but the Data Integrity value is invalid, the cFE shall remove the existing Critical Data Store and create a new one using the Request specified name and size.",Assumes that if the CRC is invalid then the CDS can't be trusted. ES: Copy From Critical Data Store,cES1316,"Upon receipt of a Request, the cFE shall copy the contents from the Request specified Critical Data Store to the Request specified address.",Provides the capability to restore the local data with the contents of the critical data store. -ES: Copy From Critical Data Store - Invalid Data Integrity,cES1316.1,If the Data Integrity Value is invalid then the data shall not be copied from the Critical Data Store.,Critical Data Store should be verified before restoring. Assumes that if the calculated CRC does not match the stored CRC than the CDS cannot be trusted. +ES: Copy From Critical Data Store - Invalid Data Integrity,cES1316.1,"If the Data Integrity Value is invalid, the cFE shall return an error.","Critical Data Store is verified as part of restoring, with the result indicated in the return code. Allows the API user to handle the error as appropriate per use." ES: Copy From Critical Data Store - Non-Existent,cES1316.2,If the Request Specified Critical Data Store does not exist then the data shall not be copied.,Can't copy data if the reference is wrong. ES: Power On Reset,cES1317,"Upon receipt of a Request, the cFE shall perform a Power On Reset of the Core Flight Executive.","Need to be able to reset the cFE in the event that there is a critical problem. The direct call is provided in the case where the normal task message passing is not working. As a result of the Power On Reset, all code and data are re-initialized and the cFE is returned to it’s default power-on state." ES: Processor Reset,cES1318,"Upon receipt of a Request, the cFE shall perform a Processor Reset of the Core Flight Executive.",Need to be able to restart the cFE in the event that there is a problem with the cFE core. The direct call is provided in the case where the normal task message passing is not working. ES: Exit Application,cES1319,"Upon receipt of a Request, the cFE shall exit the calling cFE Application and delete the Applications' resources.",Need to have a cFE program exit. This request can be used for both critical errors and a planned shutdown of a cFE application. ES: Prepare Memory Pool,cES1320,"Upon receipt of a Request, the cFE shall prepare a Memory Pool for run time memory allocation/de-allocation.","The Memory Allocation interface allows the cFE Application to supply a Pool of memory, which can be used for efficient memory allocation and de-allocation." ES: Prepare Memory Pool - Too Small,cES1320.1,"If the specified size is less than the minimum block size, the cFE shall record the error in the System Log, and return an error code.","If the size of the Pool is not valid, then an error must be returned." -ES: Allocate Memory,cES1321,Upon receipt of a Request the cFE shall allocate a block of memory of the specified size from the specified Memory Pool.,The Memory Allocation interface allows the cFE Application to allocate a block of memory from a previously created memory pool. +ES: Allocate Memory,cES1321,"Upon receipt of a Request the cFE shall allocate a block of memory of the specified size from the specified Memory Pool, protected with a semaphore while processing.",The Memory Allocation interface allows the cFE Application to allocate a block of memory from a previously created memory pool. ES: Allocate Memory - Invalid ID,cES1321.2,"If the specified Memory Pool identifier is invalid then the cFE shall record the error in the System Log, and return an error code.","If the handle or Memory Pool ID is not valid, then an error must be returned." ES: Allocate Memory - Too Large,cES1321.3,"If the specified size is too large for the specified Memory Pool, the cFE shall record the error in the System Log, and return an error code.",Cannot allocate a memory block bigger than the pool. ES: De-allocate Memory,cES1322,Upon receipt of a Request the cFE shall de-allocate the specified block of memory from the specified Memory Pool.,The Memory Allocation interface allows the cFE Application to de-allocate a block of memory from a previously created memory pool. @@ -138,6 +135,21 @@ ES: Calculate Data Integrity Value,cES1323,"Upon receipt of a Request, the cFE s ES: Copy To Critical Data Store,cES1328,"Upon receipt of a Request, the cFE shall copy the data starting at the Request specified address to the Request specified Critical Data Store.",Applications need to periodically copy the local data into the CDS so that it can be preserved. Note that the CDS is not required to exist on-card (local address space). This provides the capability for a mission to use off-card bulk storage. ES: Copy To Critical Data Store - Calculate Data Integrity Value,cES1328.1,The cFE shall calculate a Data Integrity Value for the Request specified Critical Data Store and store it.,"Every time data is written to the CDS, a CRC must be recalculated in order to have a reference for any CDS validation. Note that Applications are responsible for determining whether the contents of a CDS Block are still logically valid." ES: Copy To Critical Data Store - Invalid Critical Data Store,cES1328.2,If the Request Specified Critical Data Store does not exist then the data shall not be copied.,Can't copy data if the reference is wrong. +ES: Allocate Memory No Semaphore,cES1329,"Upon receipt of a Request the cFE shall allocate a block of memory of the specified size from the specified Memory Pool, without semaphore protection while processing.",The Memory Allocation interface allows the cFE Application to allocate a block of memory from a previously created memory pool. +ES: Get Memory Pool Statistics,cES1330,Upon receipt of a Request the cFE shall provide the requested memory pool statistics.,Supports memory pool management. +ES: Get Memory Buffer Information,cES1331,Upon receipt of a Request the cFE shall provide the requested memory buffer information.,Supports memory buffer management. +ES: Reload Application,cES1332,Upon receipt of a Request the cFE shall reload the requested application.,"Supports application management. The application is deleted first, and any load failures (missing file, startup error, etc) will result in the application not reloading." +ES: Run Loop,cES1333,Upon receipt of a Request the cFE shall process application execution status requests and increment the execution counter.,"Supports application management, and indication of main application loop aliveness." +ES: Wait For System State,cES1334,Upon receipt of a Request the cFE shall pend the application until the requested state is reached with a timeout.,"Allows an application to wait for a minimum system state, with timeout to avoid hanging up a critical application." +ES: Wait for Startup Sync,cES1335,Upon receipt of a Request the cFE shall pend and application until the system operational state is reached.,"Allows an application to wait for the operational system state, with timeout to avoid hanging up a critical application." +ES: Get Application Information,cES1336,Upon receipt of a Request the cFE shall provide information for the requested application.,Allows query of application information for reporting or management. +ES: Increment Task Counter,cES1337,Upon receipt of a Request the cFE shall increment the execution counter for the calling application.,Provides a mechanism to increment the execution counter without run status processing as done in ES Run Loop. +ES: Register Generic Counter,cES1338,Upon receipt of a Request the cFE shall register a generic counter for use.,Generic counter management. +ES: Delete Generic Counter,cES1339,Upon receipt of a Request the cFE shall delete the requested generic counter.,Generic counter management. +ES: Increment Generic Counter,cES1340,Upon receipt of a Request the cFE shall increment the requested generic counter.,Generic counter management. +ES: Set Generic Counter,cES1341,Upon receipt of a Request the cFE shall set the requested counter to the requested value.,Generic counter management. +ES: Get Generic Counter,cES1342,Upon receipt of a Request the cFE shall provide the counter value for the requested generic counter.,Generic counter management. +ES: Get Generic Counter ID By Name,cES1343,Upon receipt of a Request the cFE shall provide the generic counter ID for the requested generic counter name.,Generic counter management. ES: Power On Reset Identify Sub-Type,cES1500,"Upon a Power-on Reset, the cFE shall identify the Power On reset sub-type.",Each mission may want to further distinguish between Processor reset types in order to tailor their system's behavior. For example a mission may want to take different behavior for a watchdog time out and the execution of the processor's reset instructions. ES: Power On Reset Clear System Log,cES1501,"Upon a Power-On Reset, the cFE shall clear the Executive Services System Log.",Want to be able to determine what errors are logged by the cFE. This log is not preserved on a Power-On reset. ES: Power On Reset Clear Exception and Reset Log,cES1502,"Upon a Power-On Reset, the cFE shall clear the Executive Services Exception and Reset Log.",Want to be able to get a snapshot of some critical parameters prior to a reset as well as log the resets that have occurred. @@ -178,21 +190,13 @@ ES: Processor Reset Preservation List,cES1521,"Upon a Processor Reset, the cFE s - Number of entries in System Log - Size of System Log - Number of bytes used in the System Log",The purpose of the Executive Services Exception and Reset Log is to log all resets and all exceptions that occur. -ES: Processor Reset Set System Log Mode To Discard,cES1522,"Upon a Processor Reset, the cFE shall set the System Log Mode to discard.",Want to preserve the System Events that may have captured the cause of the processor reset. -ES: Maximum Apps,cES1700,The cFE shall support a maximum `` cFE Applications.,TBD has never been exceeded on past missions. Need to bound the number of Applications in order to size the Systems Resources information. -ES: Detect Unmasked Exceptions,cES1702,The cFE shall detect all unmasked CPU exceptions.,Need to be able to detect processor exceptions so that the appropriate action can be taken. -ES: Detect Unmasked Exceptions - Log,cES1702.1,"Upon detection of a CPU exception, the cFE shall add an entry in the Executive Services Exception And Reset Log.",Need to log processor exceptions so that the ground can have visibility into the exception. -ES: Detect Unmasked Exceptions - Restart App,cES1702.2,"If the CPU exception was caused by a cFE Application and the Exception Action indicates that the Application can be started individually, the cFE shall restart the cFE Application that caused the exception.","In most cases, restarting the cFE application will clear up the problem. In some cases, however, applications are tightly coupled with other applications in which case, starting an individual application may have undesirable consequences. The cFE should provide the ability to define if the application should can be restarted or if a processor reset should occur." -ES: Detect Unmasked Exceptions - Platform Response,cES1702.3,If the CPU exception was caused by the Operating System or cFE Core then the cFE shall initiate a `` response.,"An exception in the cFE core or OS will restart the cFE, which results in all cFE Applications being restarted." -ES: Detect FP Exceptions,cES1703,The cFE shall detect all unmasked processor Floating Point Exceptions.,"The low level BSP routines allow the mission to determine what Floating Point exceptions are masked, and what Floating Point exceptions can interrupt the software." -ES: Detect FP Exceptions - Log,cES1703.1,"Upon detection of an unmasked Floating Point exception, the cFE shall add an entry in the Executive Services Exception and Reset Log.",Need to log unmasked Floating Point exceptions so that the ground can have visibility into the exception. -ES: Detect FP Exceptions - Restart App,cES1703.2,"If the Floating Point exception was caused by a cFE Application and the Exception Action indicates that the Application can be started individually, the cFE shall restart the cFE Application that caused the exception.","Want the capability to restart an individual application on a processor reset. Not all Applications should be started individually as they may have some dependencies that result in undesirable behavior. When the Application is started, one of the parameters is whether to restart the app of perform a cFE processor reset." -ES: Detect FP Exceptions - Platform Response,cES1703.3,If the Floating Point exception was caused by the OS or cFE Core then the cFE shall initiate a `` response.,"An exception in the cFE core or OS will restart the cFE, which results in all cFE Applications being restarted." -ES: Volatile File System Size,cES1704,The cFE shall support a `` byte volatile file system.,TBD seems like a reasonable size based on heritage missions. -ES: Non-Volatile File System Size,cES1705,The cFE shall support a `` byte non-volatile file system.,TBD seems like a reasonable size based on heritage missions. -ES: System Log Size,cES1706,The cFE shall support a `` byte Executive Services System Log.,TBD seems like a reasonable size based on heritage missions. -ES: Exception And Reset Log Size,cES1707,The cFE shall support a `` byte Executive Services Exception And Reset Log.,TBD seems like a reasonable size based on heritage missions. -ES: Critical Data Store Size,cES1708,The cFE shall support a `` byte Critical Data Store.,TBD seems like a reasonable size based on heritage missions. +ES: Processor Reset Set System Log Mode,cES1522,"Upon a Processor Reset, the cFE shall set the System Log Mode to `` default mode.","Typically want to preserve the System Events that may have captured the cause of the processor reset, but system can be configured as desired." +ES: Power On Reset Set System Log Mode,cES1523,"Upon a Power-On Reset, the cFE shall set the System Log Mode to `` default mode.","Typically want to overwrite the System Events during normal operations to store the most recent events, but system can be configured as desired." +FS: Read File Header,cES1600,Upon receipt of a Request the cFE shall provide the file header contents of the requested file.,File management support. +FS: Initialize File Header,cES1601,Upon receipt of a Request the cFE shall initialize the header of the requested file.,File management support. +FS: Write File Header,cES1602,Upon receipt of a Request the cFE shall write the requested header information to the requested file.,File management support. +FS: Set File Timestamp,cES1603,Upon receipt of a Request the cFE shall set the requested timestamp on the requested file.,File management support. +FS: Extract Filename From Path,cES1604,Upon receipt of a Request the cFE shall provide the file name portion of the requested full path.,File management support. ES: Maximum Processor Resets,cES1709,"If the cFE Core goes through `` Maximum Processor Resets, the cFE shall initiate a Power-On Reset of the cFE.","After a number of Processor Resets, the cFE will attempt to recover by doing a Power-on Reset." EVS: Control Message By Event Type,cEVS3000,"Upon receipt of Command the cFE shall enable/disable, as specified in the Command, the future generation of Event Messages for the Command-specified Event Type.",Filtering by type allows the system to behave differently for different users. EVS: Set Event Format Mode,cEVS3001,"Upon receipt of Command, the cFE shall set the SB Event Format Mode to the command specified value, either Long or Short.",Providing a short format accommodates missions with limited telemetry bandwidth. A long format is desirable because it contains the most information.