AUTOSAR SWS CANDriver

Specification of CAN Driver
AUTOSAR CP R20-11
Document Title Specification of CAN Driver

Document Owner AUTOSAR
Document Responsibility AUTOSAR
Document Identification No 11
Document Status published

Part of AUTOSAR Standard Classic Platform
Part of Standard Release R20-11
Document Change History

Date Release Changed by Change Description
2020-11-30 R20-11 AUTOSAR  Removed Pretended Networking
Release  CanDrv_CONSTR_00512 was
Management added
 Updated ECUC_Can_00471
descripton
 Add new parameter:
CanObjectPayloadLength
 A note was added to
SWS_Can_00403
 SWS_Can_00222 was changed
 Minor corrections / clarifications /
editorial changes;
 Added Reporting of CAN Error
Types chapter. Requirement
SWS_Can_91021 was added.
 CanEnableSecurityEventReporting
container was added
2019-11-28 R19-11 AUTOSAR  Minor corrections / clarifications /

Release editorial changes;
Management  Changed Document Status from
Final to published
2018-10-31 4.4.0 AUTOSAR  MCALMulticoreDistribution
Release (CONC_639) as DRAFT
Management  BusMirroring (CONC_634)
 Header file cleanup
 Replaced ChannelId with
ShortName for multiple main
functions ([SWS_Can_00441] and
[SWS_Can_00442])
 Minor corrections / clarifications /
editorial changes; For details please
refer to the ChangeDocumentation
1 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

AUTOSAR CP R20-11

2017-12-08 4.3.1 AUTOSAR  Added Support to Tx/RxProcessing
Release per Controller
Management  Incompatible return types are
corrected to E_NOT_OK and E_OK
 Can_StateTransitionType is
removed
 Runtime error is added and
Rephrased from "default error" to
"development error"
 SWS_CAN_00504 and
SWS_Can_00416 is modified
2016-11-30 4.3.0 AUTOSAR  Added API’s
Release Can_GetControllerErrorState
Management Can_DeInit,
Can_GetControllerMode, Types
Can_ControllerStateType,
Can_ErrorStateType and new
requirements Can_91002 to
SWS_Can_91018.
 Modified minimum range of
MainFunctionPeriod parameters and
replaced Word “DLC” by “Data
Length”.
 Removed unresolved BSW SRS
references, definition of the
"configuration variants",
Can_StateTransitionType,
WAKEUP related,
Can_ChangeBaudrate API support,
MISRA references, requirements
related to module initialization check
for scheduled functions.
 Small improvements and minor bug-
fixes.

AUTOSAR CP R20-11

2015-07-31 4.2.2 AUTOSAR  CanHwObjectCount parameter
Release multiplicity is changed to 1
Management  Error Classification has changed
 Improved 8.4.2 Enabling/Disabling
wakeup notification
 DET has been renamed from
"Development Error Tracer" to
"Default Error Tracer
fixes
2014-10-31 4.2.1 AUTOSAR  Full CAN FD Support (incl. Trigger
Release Transmit)
Management  Removed
CanIf_CancelTxConfirmation
 Time-out and wake up event
handling
fixes
2014-03-31 4.1.3 AUTOSAR  Added new reqirements
Release SWS_CAN_00497,
Management SWS_CAN_00498,
SWS_CAN_00499, and
SWS_CAN_00496
 Modified reqirements
ECUC_Can_00445,
SWS_CAN_00487,
SWS_CAN_00469,
SWS_CAN_00475, and
SWS_CAN_00479
 Removed reqirements
SWS_CAN_00476, and
SWS_Can_00414

AUTOSAR CP R20-11

2013-10-31 4.1.2 AUTOSAR  Removed the 'Timing' row from the
Release API table(s) of chapter 'Scheduled
Management Functions'
 Modified range of Can_IdType and
CAN_CHANGE_BAUDRATE_SUP
PORT to
CAN_CHANGE_BAUDRATE_API
 Editorial changes
 Removed chapter(s) on change
documentation
2013-03-15 4.1.1 AUTOSAR  Added support for Pretended
Administration Networking
 Add DET error
CAN_E_PARAM_BAUDRATE to
the error classification table
 Corrected the sequence for
EcuM_SetWakeupEvent in section
7.7
 Updated Can_CheckWakeup as
Configurable API
 Added support to have more than
one CanMailbox per HRH in order to
receive back to back messages
 Can_ChangeBaudrate and
Can_CheckBaudrate API are
deprecated and will be replaced by
Can_SetBaudrate API

AUTOSAR CP R20-11

2011-12-22 4.0.3 AUTOSAR  Added SWS_Can_00461 to capture
Administration - Detection of Power ON of
controller due to CAN
communication
 Changed Can_InitController to
Can_ChangeBaudrate
 Added Can_CheckBaudrate
 Added sub container
CanMainFunctionRWPeriods to
CanGeneral
 Changed CanHardwareObject
container
 Updated description of
ECUC_Can_00321
 Changed Can_SetControllerMode in
SWS_Can_00370 to
Can_Mainfunction_Mode
 Added
CanControllerDefaultBaudrate
parameter
 Updated description of
SWS_Can_00279
 Updated description of CAN321
 Added SWS_Can_00445,
SWS_Can_00446 and
SWS_Can_00447 to capture
Possible loss of CAN Wakeup
 Changed “Module Short Name”
(MODULENAME) to “Module
Abbreviation” (MAB)

AUTOSAR CP R20-11

2009-12-18 4.0.1 AUTOSAR  Modified SWS_Can_00111 to
Administration correct the “Version Checking”
information
 Added new requirements
SWS_Can_00435 to
SWS_Can_00440 to introduce
Can_GeneralTypes.h.
SWS_Can_00441 and
SWS_Can_00442 to introduce
multiple poll cycles
SWS_Can_00443 and
SWS_Can_00444 to provide an
optional callback on every reception
of a LPDU
2010-02-02 3.1.4 AUTOSAR  General improvements of
Administration requirements in preparation of CT-
development.
 Can_MainFunction_Mode added to
support asynchronous controller
state change
 Limited number of supported
message objects removed
 Description of CAN controller state
transitions improved
 Debbuging concept added
 Legal disclaimer revised
2008-08-13 3.1.1 AUTOSAR  Legal disclaimer revised
Administration
2008-02-01 3.0.2 AUTOSAR  Table formatting corrected
Administration

AUTOSAR CP R20-11

2007-12-21 3.0.1 AUTOSAR  Tables generated from UML-
Administration models,
 General improvements of
requirements in preparation of CT-
development.
 Functions Can_MainFunction_Write,
Can_MainFunction_Read,
Can_MainFunction_BusOff and
Can_MainFunction_WakeUp
changed to scheduled functions
 Cycle Parameters added for new
scheduled functions
 Wakeup concept added (Chapter
REF _Ref395085489 \r \h ) and
addition of function
Can_Cbk_CheckWakeup
 Document meta information
extended
 Small layout adaptations made

AUTOSAR CP R20-11

2007-01-24 2.1.15 AUTOSAR  File structure reworked (chapter
Administration REF _Ref158085666 \r \h )
 Removed return value
CAN_WAKEUP in function
Can_SetControllerMode
 Replaced by CAN_NOT_OK
 Renamed CanIf_ControllerWakeup
to CanIf_SetWakeupEvent
 Reworked development errors
(chapter REF _Ref182101189 \r \h
)
 Removed implementation specific
description in Can_Write
 Changed timing of cyclic functions to
“fixed cyclic”
 Reworked “Scope” for all
configuration variables (chapter
REF _Ref104709655 \r \h )
 Legal disclaimer revised
 Release notes added
 “Advice for users” revised
 “Revision Information” added
2006-05-16 2.0 AUTOSAR  Document structure adapted to
Administration common Release 2.0 SWS
Template
 clarified development and
production error handling and
function abortion
 multiplexed transmission and TX
cancellation
 version check
 configuration description according
template
 individual main functions for RX TX
and status
2005-05-31 1.0 AUTOSAR  Initial release
Administration
AUTOSAR CP R20-11
Disclaimer
This work (specification and/or software implementation) and the material contained
in it, as released by AUTOSAR, is for the purpose of information only. AUTOSAR
and the companies that have contributed to it shall not be liable for any use of the
work.
The material contained in this work is protected by copyright and other types of
intellectual property rights. The commercial exploitation of the material contained in
thiswork requires a license to such intellectual property rights.
This work may be utilized or reproduced without any modification, in any form or by
any means, for informational purposes only. For any other purpose, no part of the
work may be utilized or reproduced, in any form or by any means, without permission
in writing from the publisher.
The work has been developed for automotive applications only. It has neither been
developed, nor tested for non-automotive applications.
The word AUTOSAR and the AUTOSAR logo are registered trademarks.

AUTOSAR CP R20-11
Table of Content
1 Introduction and functional overview ................................................................... 13

2 Acronyms and abbreviations ............................................................................... 14
2.1 Priority Inversion ........................................................................................... 15
2.2 CAN Hardware Unit ...................................................................................... 17
3 Related documentation ........................................................................................ 18
3.1 Input documents ........................................................................................... 18
3.2 Related standards and norms ...................................................................... 19
3.3 Related specification ..................................................................................... 19
4 Constraints and assumptions............................................................................... 20
4.1 Limitations ..................................................................................................... 20
4.2 Applicability to car domains .......................................................................... 20
5 Dependencies to other modules .......................................................................... 21
5.1 Static Configuration ...................................................................................... 21
5.2 Driver Services.............................................................................................. 21
5.3 System Services ........................................................................................... 21
5.4 Can module Users ........................................................................................ 22
5.5 File structure ................................................................................................. 23
6 Requirements traceability .................................................................................... 24
7 Functional specification ........................................................................................ 31
7.1 Driver scope .................................................................................................. 31
7.2 Driver State Machine .................................................................................... 32
7.3 CAN Controller State Machine ..................................................................... 34
7.3.1 CAN Controller State Description.......................................................... 34
7.3.2 CAN Controller State Transitions .......................................................... 35
7.3.3 State transition caused by function Can_Init......................................... 36
7.3.4 State transition caused by function Can_SetBaudrate ......................... 37
7.3.5 State transition caused by function Can_SetControllerMode ............... 37
7.3.6 State transition caused by Hardware Events ........................................ 40
7.3.7 State transition caused by function Can_DeInit .................................... 41
7.4 Can module/Controller Initialization .............................................................. 41
7.5 L-PDU transmission ...................................................................................... 42
7.5.1 Priority Inversion .................................................................................... 43
7.5.2 Transmit Data Consistency ................................................................... 45
7.6 L-PDU reception ........................................................................................... 46
7.6.1 Receive Data Consistency .................................................................... 46
7.7 Wakeup concept ........................................................................................... 48
7.8 Notification concept ...................................................................................... 48
7.9 Reentrancy issues ........................................................................................ 49
7.10 Error classification ........................................................................................ 49
7.10.1 Development Errors............................................................................... 50
AUTOSAR CP R20-11
7.10.2 Runtime Errors ...................................................................................... 50

7.10.3 Transient Faults ..................................................................................... 51
7.10.4 Production Errors................................................................................... 51
7.10.5 Extended Production Errors .................................................................. 51
7.10.6 Return Value .......................................................................................... 51
7.11 CAN FD Support ........................................................................................... 51
7.12 Reporting of CAN Error Types ...................................................................... 52
8 API specification................................................................................................... 53
8.1 Imported types .............................................................................................. 53
8.2 Type definitions ............................................................................................. 54
8.2.1 Can_ConfigType .................................................................................... 54
8.2.2 Can_PduType ........................................................................................ 54
8.2.3 Can_IdType ........................................................................................... 55
8.2.4 Can_HwHandleType ............................................................................. 55
8.2.5 Can_HwType ......................................................................................... 56
8.2.6 Extension to Std_ReturnType ............................................................... 56
8.2.7 Can_ErrorStateType.............................................................................. 57
8.2.8 Can_ControllerStateType ...................................................................... 57
8.2.9 Can_ErrorType ...................................................................................... 58
8.3 Function definitions ....................................................................................... 59
8.3.1 Services affecting the complete hardware unit ..................................... 59
8.3.1.1 Can_Init .............................................................................................. 59
8.3.1.2 Can_GetVersionInfo .......................................................................... 60
8.3.1.3 Can_DeInit ......................................................................................... 60
8.3.2 Services affecting one single CAN Controller ....................................... 61
8.3.2.1 Can_SetBaudrate .............................................................................. 61
8.3.2.2 Can_SetControllerMode .................................................................... 63
8.3.2.3 Can_DisableControllerInterrupts ....................................................... 64
8.3.2.4 Can_EnableControllerInterrupts ........................................................ 65
8.3.2.5 Can_CheckWakeup ........................................................................... 66
8.3.2.6 Can_GetControllerErrorState ............................................................ 67
8.3.2.7 Can_GetControllerMode .................................................................... 68
8.3.2.8 Can_GetControllerRxErrorCounter ................................................... 69
8.3.2.9 Can_GetControllerTxErrorCounter .................................................... 71
8.3.3 Services affecting a Hardware Handle .................................................. 72
8.3.3.1 Can_Write .......................................................................................... 72
8.4 Call-back notifications ................................................................................... 75
8.4.1 Call-out function..................................................................................... 75
8.4.2 Enabling/Disabling wakeup notification ................................................. 76
8.5 Scheduled functions ..................................................................................... 76
8.5.1.1 Can_MainFunction_Write .................................................................. 76
8.5.1.2 Can_MainFunction_Read .................................................................. 77
8.5.1.3 Can_MainFunction_BusOff ............................................................... 78
8.5.1.4 Can_MainFunction_Wakeup ............................................................. 78
8.5.1.5 Can_MainFunction_Mode.................................................................. 79
8.6 Expected Interfaces ...................................................................................... 79
AUTOSAR CP R20-11
8.6.1 Mandatory Interfaces ............................................................................. 79

8.6.2 Optional Interfaces ................................................................................ 80
8.6.3 Configurable interfaces ......................................................................... 81
9 Sequence diagrams ............................................................................................. 82
9.1 Interaction between Can and CanIf module ................................................. 82
9.2 Wakeup sequence ........................................................................................ 82
10 Configuration specification ............................................................................... 83
10.1 How to read this chapter ............................................................................... 83
10.2 Containers and configuration parameters .................................................... 83
10.2.1 Can ........................................................................................................ 90
10.2.2 CanGeneral ........................................................................................... 90
10.2.3 CanController ........................................................................................ 95
10.2.4 CanControllerBaudrateConfig ............................................................. 100
10.2.5 CanControllerFdBaudrateConfig ......................................................... 102
10.2.6 CanHardwareObject ............................................................................ 104
10.2.7 CanHwFilter ......................................................................................... 109
10.2.8 CanConfigSet ...................................................................................... 110
10.2.9 CanMainFunctionRWPeriods .............................................................. 110
11 Not applicable requirements .......................................................................... 112

AUTOSAR CP R20-11
1 Introduction and functional overview

This specification specifies the functionality, API and the configuration of the
AUTOSAR Basic Software module CAN Driver (called “Can module” in this
document).
The Can module is part of the lowest layer, performs the hardware access and offers
a hardware independent API to the upper layer.
The only upper layer that has access to the Can module is the CanIf module (see
also SRS_SPAL_12092).
The Can module provides services for initiating transmissions and calls the callback
functions of the CanIf module for notifying events, independently from the hardware.
Furthermore, it provides services to control the behavior and state of the CAN
controllers that are belonging to the same CAN Hardware Unit.
Several CAN controllers can be controlled by a single Can module as long as they
belong to the same CAN Hardware Unit.
For a closer description of CAN controller and CAN Hardware Unit see chapter
Acronyms and abbreviations and a diagram in [5].

AUTOSAR CP R20-11
2 Acronyms and abbreviations

Abbreviation / Description:
Acronym:
CAN controller A CAN controller serves exactly one physical channel.
CAN Hardware A CAN Hardware Unit may consists of one or multiple CAN controllers of
Unit the same type and one or multiple CAN RAM areas. The CAN Hardware
Unit is either on-chip, or an external device. The CAN Hardware Unit is
represented by one CAN driver.
CAN L-PDU Data Link Layer Protocol Data Unit. Consists of Identifier, Data Length
and Data (SDU). (see[18])
CAN L-SDU Data Link Layer Service Data Unit. Data that is transported inside the L-
PDU. (see[18])
DLC Data Length Code (part of CAN message describes the SDU length)
Hardware Object A CAN hardware object is defined as a PDU buffer inside the CAN RAM
of the CAN hardware unit / CAN controller. A Hardware Object is defined
as L-PDU buffer inside the CAN RAM of the CAN Hardware Unit.
Hardware The Hardware Receive Handle (HRH) is defined and provided by the
Receive Handle CAN Driver. Each HRH typically represents just one hardware object. The
(HRH) HRH can be used to optimize software filtering.
Hardware The Hardware Transmit Handle (HTH) is defined and provided by the
Transmit Handle CAN Driver. Each HTH typically represents just one or multiple hardware
(HTH) objects that are configured as hardware transmit buffer pool.
Inner Priority Transmission of a high-priority L-PDU is prevented by the presence of a
Inversion pending low-priority L-PDU in the same transmit hardware object.
ISR Interrupt Service Routine
L-PDU Handle The L-PDU handle is defined and placed inside the CanIf module layer.
Typically each handle represents an L-PDU, which is a constant structure
with information for Tx/Rx processing.
MCAL Microcontroller Abstraction Layer
Outer Priority A time gap occurs between two consecutive transmit L-PDUs.
Inversion In this case a lower priority L-PDU from another node can prevent
sending the own higher priority L-PDU. Here the higher priority L-PDU
cannot participate in arbitration during network access because the lower
priority L-PDU already won the arbitration.
Physical Channel A physical channel represents an interface from a CAN controller to the
CAN Network. Different physical channels of the CAN hardware unit may
access different networks.
Priority The Priority of a CAN L-PDU is represented by the CAN Identifier. The
lower the numerical value of the identifier, the higher the priority.
SFR Special Function Register. Hardware register that controls the controller
behavior.
SPAL Standard Peripheral Abstraction Layer

AUTOSAR CP R20-11
2.1 Priority Inversion
“If only a single transmit buffer is used inner priority inversion may occur. Because of
low priority a message stored in the buffer waits until the ”traffic on the bus calms
down”. During the waiting time this message could prevent a message of higher
priority generated by the same microcontroller from being transmitted over the bus.”1
1
Picture and text by CiA (CAN in Automation)
AUTOSAR CP R20-11
“The problem of outer priority inversion may occur in some CAN implementations. Let
us assume that a CAN node wishes to transmit a package of consecutive messages
with high priority, which are stored in different message buffers. If the interframe
space between these messages on the CAN network is longer than the minimum
space defined by the CAN standard, a second node is able to start the transmission
of a lower priority message. The minimum interframe space is determined by the
Intermission field, which consists of 3 recessive bits. A message, pending during the
transmission of another message, is started during the Bus Idle period, at the earliest
in the bit following the Intermission field. The exception is that a node with a waiting
transmission message will interpret a dominant bit at the third bit of Intermission as
Start-of-Frame bit and starts transmission with the first identifier bit without first
transmitting an SOF bit. The internal processing time of a CAN module has to be
short enough to send out consecutive messages with the minimum interframe space
to avoid the outer priority inversion under all the scenarios mentioned.”2
2
Text and image by CiA (CAN in Automation)
AUTOSAR CP R20-11
2.2 CAN Hardware Unit

The CAN Hardware Unit combines one or several CAN controllers, which may be
located on-chip or as external standalone devices of the same type, with common or
separate Hardware Objects.
Following figure shows a CAN Hardware Unit consisting of two CAN controllers
connected to two Physical Channels:
CAN Controller A
Tx A CAN
CAN
Transceiver Physical Channel A
Rx A A Bus A
Message Object
Mailbox A
CAN Controller B
CAN
Tx B
Transceiver CAN Physical Channel B
Rx B B Bus B
Message Object
Mailbox B
CAN Hardware Unit CAN Controllers with Mailboxes

AUTOSAR CP R20-11
3 Related documentation
3.1 Input documents

[1] Layered Software Architecture
AUTOSAR_EXP_LayeredSoftwareArchitecture.pdf
[2] General Requirements on Basic Software Modules

AUTOSAR_SRS_BSWGeneral.pdf
[3] General Requirements on SPAL

AUTOSAR_SRS_SPALGeneral.pdf
[4] Requirements on CAN

AUTOSAR_SRS_CAN.pdf
[5] Specification of CAN Interface

AUTOSAR_SWS_CANInterface.pdf
[6] Specification of Default Error Tracer

AUTOSAR_SWS_DefaultErrorTracer.pdf
[7] Specification of ECU State Manager

AUTOSAR_SWS_ECUStateManager.pdf
[8] Specification of MCU Driver

AUTOSAR_SWS_MCUDriver.pdf
[9] Specification of Operating System

AUTOSAR_SWS_OS.pdf
[10] Specification of ECU Configuration

AUTOSAR_TPS_ECUConfiguration.pdf
[11] Specification of SPI Handler/Driver

AUTOSAR_SWS_SPIHandlerDriver.doc.pdf
[12] Specification of Memory Mapping

AUTOSAR_SWS_MemoryMapping.pdf
[13] Specification of BSW Scheduler

AUTOSAR_SWS_BSW_Scheduler.pdf
[14] Basic Software Module Description Template

AUTOSAR_TPS_BSWModuleDescriptionTemplate.pdf

AUTOSAR CP R20-11
[15] List of Basis Software Modules

AUTOSAR_TR_BSWModuleList.pdf
[16] General Specification of Basic Software Modules

AUTOSAR_SWS_BSWGeneral.pdf
3.2 Related standards and norms

[17] ISO11898 – Road vehicles - Controller area network (CAN)
[18] ISO/IEC 7498-1 – OSI Basic Reference Model
[19] CiA601-2 Node and system design Part 2: CAN controller interface
specification
3.3 Related specification
AUTOSAR provides a General Specification on Basic Software modules [16] (SWS

BSW General), which is also valid for CAN Driver.
Thus, the specification SWS BSW General shall be considered as additional and
required specification for CAN Driver.

AUTOSAR CP R20-11
4 Constraints and assumptions
4.1 Limitations
A CAN controller always corresponds to one physical channel. It is allowed to
connect physical channels on bus side. Regardless the CanIf module will treat the
concerned CAN controllers separately.
A few CAN hardware units support the possibility to combine several CAN controllers
by using the CAN RAM, to extend the number of message objects for one CAN
controller. These combined CAN controller are handled as one controller by the Can
module.
The Can module does not support CAN remote frames.
[SWS_Can_00237] ⌈ The Can module shall not transmit messages triggered by

remote transmission requests.⌋ (SRS_Can_01147)
[SWS_Can_00236] ⌈ The Can module shall initialize the CAN HW to ignore any
remote transmission requests.⌋ (SRS_Can_01147)
4.2 Applicability to car domains

The Can module can be used for any application, where the CAN protocol is used.

AUTOSAR CP R20-11
5 Dependencies to other modules
5.1 Static Configuration

The configuration elements described in chapter 10 can be referenced by other BSW
modules for their configuration.
5.2 Driver Services

[SWS_Can_00238] ⌈ If the CAN controller is on-chip, the Can module shall not use
any service of other drivers.⌋ (SRS_BSW_00005)
[SWS_Can_00239] ⌈ The function Can_Init shall initialize all on-chip hardware

resources that are used by the CAN controller. The only exception to this is the digital
I/O pin configuration (of pins used by CAN), which is done by the port driver.⌋
(SRS_BSW_00377)
[SWS_Can_00240] ⌈ The Mcu module (SPAL see [8]) shall configure register
settings that are ‘shared’ with other modules.⌋ ()
Implementation hint: The Mcu module shall be initialized before initializing the Can
module.
[SWS_Can_00242] ⌈ If an off-chip CAN controller is used3, the Can module shall use
services of other MCAL drivers (e.g. SPI).⌋ (SRS_BSW_00005)
Implementation hint: If the Can module uses services of other MCAL drivers (e.g.
SPI), it must be ensured that these drivers are up and running before initializing the
Can module.
The sequence of initialization of different drivers is partly specified in [7].
[SWS_Can_00244] ⌈ The Can module shall use the synchronous APIs of the
underlying MCAL drivers and shall not provide callback functions that can be called
by the MCAL drivers.⌋ ()
Thus the type of connection between µC and CAN Hardware Unit has only impact on
implementation and not on the API.
5.3 System Services

[SWS_Can_00280] ⌈ In special hardware cases, the Can module shall poll for events
of the hardware.⌋ ()
3
In this case the CAN driver is not any more part of the µC abstraction layer but put part of the ECU
abstraction layer. Therefore it is (theoretically) allowed to use any µC abstraction layer driver it needs.
AUTOSAR CP R20-11
[SWS_Can_00281] ⌈ The Can module shall use the OsCounter provided by the
system service for timeout detection in case the hardware does not react in the
expected time (hardware malfunction) to prevent endless loops.⌋ ()
Implementation hint: The blocking time of the Can module function that is waiting for
hardware reaction shall be shorter than the CAN main function (i.e.
Can_MainFunction_Read) trigger period, because the CAN main functions can’t be
used for that purpose.
5.4 Can module Users

[SWS_Can_00058] ⌈ The Can module interacts among other modules (eg. Default
Error Tracer (DET), Ecu State Manager (ECUM)) with the CanIf module in a direct
way. This document never specifies the actual origin of a request or the actual
destination of a notification. The driver only sees the CanIf module as origin and
destination.⌋ (SRS_SPAL_12092)

AUTOSAR CP R20-11
5.5 File structure

[SWS_Can_00436] ⌈ Can_GeneralTypes.h shall contain all types and constants that
are shared among the AUTOSAR CAN modules Can, CanIf and CanTrcv.⌋ ()

AUTOSAR CP R20-11
6 Requirements traceability
Requirement Description Satisfied by

RS_Ids_00810 Basic SW security events SWS_Can_91022, SWS_Can_91023,
SWS_Can_91024
SRS_BSW_00005 Modules of the ÂµC Abstraction SWS_Can_00238, SWS_Can_00242
Layer (MCAL) may not have hard
coded horizontal interfaces
SRS_BSW_00007 All Basic SW Modules written in C SWS_Can_00079
language shall conform to the
MISRA C 2012 Standard.
SRS_BSW_00101 The Basic Software Module shall be SWS_Can_00250
able to initialize variables and
hardware in a separate initialization
function
SRS_BSW_00159 All modules of the AUTOSAR Basic SWS_Can_00022
Software shall support a tool based
configuration
SRS_BSW_00162 The AUTOSAR Basic Software shall SWS_Can_00999
provide a hardware abstraction layer
SRS_BSW_00164 The Implementation of interrupt SWS_Can_00033
service routines shall be done by the
Operating System, complex drivers
or modules
SRS_BSW_00167 All AUTOSAR Basic Software SWS_Can_00024
Modules shall provide configuration
rules and constraints to enable
plausibility checks
SRS_BSW_00168 SW components shall be tested by a SWS_Can_00999
function defined in a common API in
the Basis-SW
SRS_BSW_00170 The AUTOSAR SW Components SWS_Can_00999
shall provide information about their
dependency from faults, signal
qualities, driver demands
SRS_BSW_00306 AUTOSAR Basic Software Modules SWS_Can_00079
shall be compiler and platform
independent
SRS_BSW_00307 Global variables naming convention SWS_Can_00999
SRS_BSW_00308 AUTOSAR Basic Software Modules SWS_Can_00079
shall not define global data in their
header files, but in the C file
Modules shall indicate all global data
with read-only purposes by explicitly
assigning the const keyword
SRS_BSW_00312 Shared code shall be reentrant SWS_Can_00214, SWS_Can_00231,
AUTOSAR CP R20-11
SWS_Can_00232, SWS_Can_00233
SRS_BSW_00323 All AUTOSAR Basic Software SWS_Can_00026, SWS_Can_00513,
Modules shall check passed API SWS_Can_00514, SWS_Can_00518,
parameters for validity SWS_Can_00519, SWS_Can_91006,
SWS_Can_91007, SWS_Can_91017,
SWS_Can_91018
SRS_BSW_00325 The runtime of interrupt service SWS_Can_00999
routines and functions that are
running in interrupt context shall be
kept short
SRS_BSW_00330 It shall be allowed to use macros SWS_Can_00079
instead of functions where source
code is used and runtime is critical
SRS_BSW_00331 All Basic Software Modules shall SWS_Can_00039, SWS_Can_00104
strictly separate error and status
information
SRS_BSW_00336 Basic SW module shall be able to SWS_Can_00999, SWS_Can_91002
shutdown
SRS_BSW_00337 Classification of development errors SWS_Can_00026, SWS_Can_00104
SRS_BSW_00342 It shall be possible to create an SWS_Can_00999
AUTOSAR ECU out of modules
provided as source code and
modules provided as object code,
even mixed
SRS_BSW_00344 BSW Modules shall support link-time SWS_Can_00021
configuration
SRS_BSW_00347 A Naming seperation of different SWS_Can_00077
instances of BSW drivers shall be in
place
SRS_BSW_00353 All integer type definitions of target SWS_Can_00999
and compiler specific scope shall be
placed and organized in a single
type header
SRS_BSW_00357 For success/failure of an API call a SWS_Can_00506
standard return type shall be defined
SRS_BSW_00358 The return type of init() functions SWS_Can_00223
implemented by AUTOSAR Basic
Software Modules shall be void
Modules callback functions shall
avoid return types other than void if
possible
SRS_BSW_00361 All mappings of not standardized SWS_Can_00999
keywords of compiler specific scope
shall be placed and organized in a
compiler specific type and keyword
header
SRS_BSW_00369 All AUTOSAR Basic Software SWS_Can_00089, SWS_Can_00506,

AUTOSAR CP R20-11
Modules shall not return specific SWS_Can_91011, SWS_Can_91012

development error codes via the API
SRS_BSW_00373 The main processing function of SWS_Can_00031
each AUTOSAR Basic Software
Module shall be named according
the defined convention
SRS_BSW_00375 Basic Software Modules shall report SWS_Can_00271, SWS_Can_00364
wake-up reasons
SRS_BSW_00377 A Basic Software Module can return SWS_Can_00239
a module specific types
SRS_BSW_00378 AUTOSAR shall provide a boolean SWS_Can_00999
type
SRS_BSW_00383 The Basic Software Module SWS_Can_00999
specifications shall specify which
other configuration files from other
modules they use at least in the
description
SRS_BSW_00385 List possible error notifications SWS_Can_00104
SRS_BSW_00386 The BSW shall specify the SWS_Can_00089
configuration for detecting an error
SRS_BSW_00395 The Basic Software Module SWS_Can_00999
specifications shall list all
configuration parameter
dependencies
SRS_BSW_00397 The configuration parameters in pre- SWS_Can_00999
compile time are fixed before
compilation starts
SRS_BSW_00398 The link-time configuration is SWS_Can_00999
achieved on object code basis in the
stage after compiling and before
linking
SRS_BSW_00399 Parameter-sets shall be located in a SWS_Can_00999
separate segment and shall be
loaded after the code
SRS_BSW_00400 Parameter shall be selected from SWS_Can_00999
multiple sets of parameters after
code has been loaded and started
SRS_BSW_00404 BSW Modules shall support post- SWS_Can_00021
build configuration
SRS_BSW_00405 BSW Modules shall support multiple SWS_Can_00021
configuration sets
SRS_BSW_00406 A static status variable denoting if a SWS_Can_00103, SWS_Can_00512,
BSW module is initialized shall be SWS_Can_00517, SWS_Can_91005,
initialized with value 0 before any SWS_Can_91016
APIs of the BSW module is called
SRS_BSW_00409 All production code error ID symbols SWS_Can_00999
are defined by the Dem module and
shall be retrieved by the other BSW
AUTOSAR CP R20-11
modules from Dem configuration

SRS_BSW_00413 An index-based accessing of the SWS_Can_00999
instances of BSW modules shall be
done
SRS_BSW_00414 Init functions shall have a pointer to SWS_Can_00223
a configuration structure as single
parameter
SRS_BSW_00415 Interfaces which are provided SWS_Can_00999
exclusively for one module shall be
separated into a dedicated header
file
SRS_BSW_00416 The sequence of modules to be SWS_Can_91005, SWS_Can_91016
initialized shall be configurable
SRS_BSW_00417 Software which is not part of the SW- SWS_Can_00999
C shall report error events only after
the DEM is fully operational.
SRS_BSW_00422 Pre-de-bouncing of error status SWS_Can_00999
information is done within the DEM
SRS_BSW_00423 BSW modules with AUTOSAR SWS_Can_00999
interfaces shall be describable with
the means of the SW-C Template
SRS_BSW_00424 BSW module main processing SWS_Can_00999
functions shall not be allowed to
enter a wait state
SRS_BSW_00425 The BSW module description SWS_Can_00999
template shall provide means to
model the defined trigger conditions
of schedulable objects
SRS_BSW_00426 BSW Modules shall ensure data SWS_Can_00999
consistency of data which is shared
between BSW modules
SRS_BSW_00427 ISR functions shall be defined and SWS_Can_00999
documented in the BSW module
description template
SRS_BSW_00428 A BSW module shall state if its main SWS_Can_00110
processing function(s) has to be
executed in a specific order or
sequence
SRS_BSW_00429 Access to OS is restricted SWS_Can_00999
SRS_BSW_00432 Modules should have separate main SWS_Can_00031, SWS_Can_00108,
processing functions for read/receive SWS_Can_00112
and write/transmit data path
SRS_BSW_00433 Main processing functions are only SWS_Can_00999
allowed to be called from task bodies
provided by the BSW Scheduler
SRS_BSW_00438 Configuration data shall be defined SWS_Can_00291
in a structure

AUTOSAR CP R20-11
SRS_BSW_00439 Enable BSW modules to handle SWS_Can_00999

interrupts
SRS_BSW_00440 The callback function invocation by SWS_Can_00999
the BSW module shall follow the
signature provided by RTE to invoke
servers via Rte_Call API
SRS_BSW_00447 Standardizing Include file structure of SWS_Can_00999
BSW Modules Implementing Autosar
Service
SRS_BSW_00449 BSW Service APIs used by Autosar SWS_Can_00506, SWS_Can_00999
Application Software shall return a
Std_ReturnType
SRS_BSW_00453 BSW Modules shall be harmonized SWS_Can_00999
SRS_Can_01005 The CAN Interface shall perform a SWS_Can_00218
check for correct DLC of received
PDUs
SRS_Can_01041 The CAN Driver shall implement an SWS_Can_00245, SWS_Can_00246
interface for initialization
SRS_Can_01042 The CAN Driver shall support SWS_Can_00062
dynamic selection of configuration
sets
SRS_Can_01043 The CAN Driver shall provide a SWS_Can_00049, SWS_Can_00050
service to enable/disable interrupts
of the CAN Controller.
SRS_Can_01045 The CAN Driver shall offer a SWS_Can_00279, SWS_Can_00396
reception indication service.
SRS_Can_01049 The CAN Driver shall provide a SWS_Can_00212, SWS_Can_00213,
dynamic transmission request SWS_Can_00214
service
SRS_Can_01051 The CAN Driver shall provide a SWS_Can_00016
transmission confirmation service
service to change the CAN controller
mode.
SRS_Can_01054 The CAN Driver shall provide a SWS_Can_00235, SWS_Can_00271,
notification for controller wake-up SWS_Can_00364
events
notification for bus-off state
SRS_Can_01059 The CAN Driver shall guarantee data SWS_Can_00011, SWS_Can_00012
consistency of received L-PDUs
SRS_Can_01060 The CAN driver shall not recover SWS_Can_00272, SWS_Can_00273,
from bus-off automatically SWS_Can_00274
SRS_Can_01062 Each event for each CAN Controller SWS_Can_00007
shall be configurable to be detected
by polling or by an interrupt
SRS_Can_01122 The CAN driver shall support the SWS_Can_00048
AUTOSAR CP R20-11
situation where a wakeup by bus

occurs during the same time the
transition to standby/sleep is in
progress
SRS_Can_01125 The CAN stack shall ensure not to SWS_Can_00999
lose messages in receive direction
SRS_Can_01126 The CAN stack shall be able to SWS_Can_00999
produce 100% bus load
SRS_Can_01130 Receive Status Interface of CAN SWS_Can_00506
Interface
SRS_Can_01132 The CAN driver shall be able to SWS_Can_00099
detect notification events message
object specific by CAN-Interrupt and
polling
SRS_Can_01134 The CAN Driver shall support SWS_Can_00277, SWS_Can_00401,
multiplexed transmission SWS_Can_00402, SWS_Can_00403
SRS_Can_01135 It shall be possible to configure one SWS_Can_00100
or several TX Hardware Objects
SRS_Can_01139 The CAN Interface and Driver shall SWS_Can_00062
offer a CAN Controller specific
interface for initialization
SRS_Can_01147 The CAN Driver shall not support SWS_Can_00236, SWS_Can_00237
remote frames
SRS_Can_01160 Padding of bytes due to discrete SWS_Can_00502
CAN FD DLC
SRS_Can_01162 The CAN Interface shall support SWS_Can_00501
classic CAN and CAN FD frames
SRS_Can_01166 The CAN Driver shall implement an SWS_Can_91002, SWS_Can_91009,
interface for de-initialization SWS_Can_91010
SRS_CAN_01167 - SWS_Can_91008
function to return the current CAN
controller Rx and Tx error counters
SRS_SPAL_00157 All drivers and handlers of the SWS_Can_00026, SWS_Can_00031,
AUTOSAR Basic Software shall SWS_Can_00108, SWS_Can_00112
implement notification mechanisms
of drivers and handlers
SRS_SPAL_12056 All driver modules shall allow the SWS_Can_00235
static configuration of notification
mechanism
SRS_SPAL_12057 All driver modules shall implement SWS_Can_00245, SWS_Can_00246
an interface for initialization
SRS_SPAL_12063 All driver modules shall only support SWS_Can_00059, SWS_Can_00060
raw value mode
SRS_SPAL_12064 All driver modules shall raise an SWS_Can_00999
error if the change of the operation
mode leads to degradation of
AUTOSAR CP R20-11
running operations
SRS_SPAL_12067 All driver modules shall set their SWS_Can_00257
wake-up conditions depending on
the selected operation mode
SRS_SPAL_12068 The modules of the MCAL shall be SWS_Can_00999
initialized in a defined sequence
SRS_SPAL_12069 All drivers of the SPAL that wake up SWS_Can_00271, SWS_Can_00364
from a wake-up interrupt shall report
the wake-up reason
SRS_SPAL_12075 All drivers with random streaming SWS_Can_00011
capabilities shall use application
buffers
SRS_SPAL_12077 All drivers shall provide a non SWS_Can_00372
blocking implementation
SRS_SPAL_12092 The driver's API shall be accessed SWS_Can_00058
by its handler or manager
SRS_SPAL_12125 All driver modules shall only initialize SWS_Can_00053
the configured resources
SRS_SPAL_12129 The ISRs shall be responsible for SWS_Can_00033
resetting the interrupt flags and
calling the according notification
function
SRS_SPAL_12163 All driver modules shall implement SWS_Can_00999
an interface for de-initialization
SRS_SPAL_12169 All driver modules that provide SWS_Can_00017
different operation modes shall
provide a service for mode selection
SRS_SPAL_12263 The implementation of all driver SWS_Can_00021
modules shall allow the configuration
of specific module parameter types
at link time
SRS_SPAL_12265 Configuration data shall be kept SWS_Can_00021
constant
SRS_SPAL_12448 All driver modules shall have a SWS_Can_00089, SWS_Can_00091
specific behavior after a
development error detection
SRS_SPAL_12462 The register initialization settings SWS_Can_00999
shall be published
SRS_SPAL_12463 The register initialization settings SWS_Can_00024
shall be combined and forwarded

AUTOSAR CP R20-11
7 Functional specification
On L-PDU transmission, the Can module writes the L-PDU in an appropriate buffer
inside the CAN controller hardware.
See chapter 7.5 for closer description of L-PDU transmission.
On L-PDU reception, the Can module calls the RX indication callback function with
ID, Data Length and pointer to L-SDU as parameter.
See chapter 7.6 for closer description of L-PDU reception.
The Can module provides an interface that serves as periodical processing function,
and which must be called by the Basic Software Scheduler module periodically.
Furthermore, the Can module provides services to control the state of the CAN
controllers. Bus-off and Wake-up events are notified by means of callback functions.
The Can module is a Basic Software Module that accesses hardware resources.
Therefore, it is designed to fulfill the requirements for Basic Software Modules
specified in AUTOSAR_SRS_SPAL (see [3]).
[SWS_Can_00033] ⌈ The Can module shall implement the interrupt service routines
for all CAN Hardware Unit interrupts that are needed. ⌋ (SRS_BSW_00164,
SRS_SPAL_12129)
[SWS_Can_00419] ⌈ The Can module shall disable all unused interrupts in the CAN
controller.⌋ ()
[SWS_Can_00420] ⌈ The Can module shall reset the interrupt flag at the end of the
ISR (if not done automatically by hardware). ⌋ ()
Implementation hint: The Can module shall not set the configuration (i.e. priority) of
the vector table entry.
[SWS_Can_00079] ⌈ The Can module shall fulfill all design and implementation
guidelines described in [2].⌋ (SRS_BSW_00007, SRS_BSW_00306,
SRS_BSW_00308, SRS_BSW_00309, SRS_BSW_00330)
7.1 Driver scope

One Can module provides access to one CAN Hardware Unit that may consist of
several CAN controllers.
[SWS_Can_00077] ⌈ For CAN Hardware Units of different type, different Can

modules shall be implemented. ⌋ (SRS_BSW_00347)
[SWS_Can_00284] ⌈ In case several CAN Hardware Units (of same or different

vendor) are implemented in one ECU the function names, and global variables of the

AUTOSAR CP R20-11
Can modules shall be implemented such that no two functions with the same name
are generated.⌋ ()
The naming convention is as follows:
<Can module name>_<vendorID>_<Vendor specific API name><driver
abbreviation>()
SRS_BSW_00347 specifies the naming convention.
[SWS_Can_00385] ⌈ The naming conventions shall be used only in that case, if

multiple different CAN controller types on one ECU have to be supported. ⌋ ()
[SWS_Can_00386] ⌈ If only one controller type is used, the original naming

conventions without any <driver abbreviation> extensions are sufficient.⌋ ()
See [5] for description how several Can modules are handled by the CanIf module.
7.2 Driver State Machine

The Can module has a very simple state machine, with the two states CAN_UNINIT
and CAN_READY. Figure 7.1 shows the state machine.
[SWS_Can_00103] ⌈ After power-up/reset, the Can module shall be in the state

CAN_UNINIT. ⌋ (SRS_BSW_00406)

AUTOSAR CP R20-11
CAN_UNINIT
Initial
Can_Init() Can_DeInit()
CAN_READY
Figure 7-1
[SWS_Can_00246] ⌈ The function Can_Init shall change the module state to
CAN_READY, after initializing all controllers inside the HW Unit.⌋
(SRS_SPAL_12057, SRS_Can_01041)
[SWS_Can_00245] ⌈ The function Can_Init shall initialize all CAN controllers

according to their configuration.⌋ (SRS_SPAL_12057, SRS_Can_01041)
Each CAN controller must then be started separately by calling the function
Can_SetControllerMode(CAN_CS_STARTED).
Implementation hint:
Hardware register settings that have impact on all CAN controllers inside the HW
Unit can only be set in the function Can_Init.
Implementation hint:
The ECU State Manager module shall call Can_Init at most once during runtime.
[SWS_Can_91009] ⌈ The function Can_DeInit shall change the module state to

CAN_UNINIT before de-initializing all controllers inside the HW unit⌋
(SRS_Can_01166)
Refer to [SWS_Can_91010].
AUTOSAR CP R20-11
7.3 CAN Controller State Machine

Each CAN controller has complex state machines implemented in hardware. For
simplification, the number of states is reduced to the following four basic states in this
description: UNINIT, STOPPED, STARTED and SLEEP.
Any CAN hardware access is encapsulated by functions of the Can module, but the
Can module does not memorize the state changes.
The Can module offers the services Can_Init, Can_SetBaudrate and
Can_SetControllerMode. These services perform the necessary register settings that
cause the required change of the hardware CAN controller state.
There are two possibilities for triggering state changes by external events:
 Bus-off event
 HW wakeup event
These events are indicated either by an interrupt or by a status bit that is polled in the
Can_MainFunction_BusOff or Can_MainFunction_Wakeup.
The Can module does the register settings that are necessary to fulfill the required
behavior (i.e. no hardware recovery in case of bus off).
Then it notifies the CanIf module with the corresponding callback function. The
software state is then changed inside this callback function.
In case development errors are enabled and there is a not allowed transition
requested by the upper layer, the Can module shall rise the development error
CAN_E_TRANSITION.
The Can module does not check the actual state before it performs Can_Write or
raises callbacks.
7.3.1 CAN Controller State Description
This chapter describes the required hardware behavior for the different controller
states.
CAN controller state UNINIT
The CAN controller is not initialized. All registers belonging to the CAN module are in
reset state, CAN interrupts are disabled. The CAN Controller is not participating on
the CAN bus.
CAN controller state STOPPED
In this state the CAN Controller is initialized but does not participate on the bus. In
addition, error frames and acknowledges must not be sent.
(Example: For many controllers entering an ‘initialization’-mode causes the controller
to be stopped.)

AUTOSAR CP R20-11
CAN controller state STARTED
The controller is in a normal operation mode with complete functionality, which

means it participates in the network. For many controllers leaving the ‘initialization’-
mode causes the controller to be started.
CAN controller state SLEEP
The hardware settings only differ from state STOPPED for CAN hardware that
support a sleep mode (wake-up over CAN bus directly supported by CAN hardware).
[SWS_Can_00257] ⌈ When the CAN hardware supports sleep mode and is triggered
to transition into SLEEP state, the Can module shall set the controller to the SLEEP
state from which the hardware can be woken over CAN Bus.⌋ (SRS_SPAL_12067)
[SWS_Can_00258] ⌈ When the CAN hardware does not support sleep mode and is
triggered to transition into SLEEP state, the Can module shall emulate a logical
SLEEP state from which it returns only, when it is triggered by software to transition
into STOPPED state.⌋ ()
[SWS_Can_00404] ⌈ The CAN hardware shall remain in state STOPPED, while the
logical SLEEP state is active.⌋ ()
7.3.2 CAN Controller State Transitions
A state transition is triggered by software with the function Can_SetControllerMode

with the required transition as parameter. A successful state transition triggered by
software is notified by the callback function (CanIf_ControllerModeIndication). The
monitoring whether the requested state is achieved is part of an upper layer module
and is not part of the Can module.
Some transitions are triggered by events on the bus (hardware). These transitions
cause a notification by means of a callback function (CanIf_ControllerBusOff,
EcuM_CheckWakeup).
The behavior for invalid transitions in production code is undefined. Figure 7-2 shows
all valid state transitions.

AUTOSAR CP R20-11
PowerOff
PowerON reset
UNINIT
Can_DeInit()
Can_DeInit()
STOPPED SLEEP
STARTED
Figure 7-2
7.3.3 State transition caused by function Can_Init
 UNINIT  STOPPED (for all controllers in HW unit)

 software triggered by the function call Can_Init
 does configuration for all CAN controllers inside HW Unit
All control registers are set according to the static configuration.
[SWS_Can_00259] ⌈ The function Can_Init shall set all CAN controllers in the state
STOPPED.⌋ ()

AUTOSAR CP R20-11
When the function Can_Init is entered and the Can module is not in state
CAN_UNINIT or the CAN controllers are not in state UNINIT, it shall raise the error
CAN_E_TRANSITION (Compare to SWS_Can_00174 and SWS_Can_00408).
7.3.4 State transition caused by function Can_SetBaudrate
- STOPPED -> STOPPED; SLEEP -> SLEEP; STARTED -> STARTED

- software triggered by the function call Can_SetBaudrate
- changes the CAN controller configuration
CAN controller registers are set according to the static configurations.
[SWS_Can_00256] ⌈ If the call of Can_SetBaudrate() would cause a re-initialization

of the CAN Controller and the CAN Controller is not in state STOPPED, it shall return
E_NOT_OK.⌋ ()
[SWS_Can_00260] ⌈ If re-initialization is necessary the function Can_SetBaudrate

shall maintain the CAN controller in the state STOPPED.⌋ ()
[SWS_Can_00422] ⌈ If re-initialization is necessary the function Can_SetBaudrate

shall ensure that any settings that will cause the CAN controller to participate in the
network are not set.⌋ ()
7.3.5 State transition caused by function Can_SetControllerMode
The software can trigger a CAN controller state transition with the function
Can_SetControllerMode. Depending on the CAN hardware, a change of a register
setting to transition to a new CAN controller state may take over only after a delay.
The Can module notifies the upper layer (CanIf_ControllerModeIndication) after a
successful state transition about the new state. The monitoring whether the
requested state is achieved is part of an upper layer module and is not part of the
Can module.
[SWS_Can_00370] ⌈ The function Can_Mainfunction_Mode shall poll a flag of the

CAN status register until the flag signals that the change takes effect and notify the
upper layer with function CanIf_ControllerModeIndication about a successful state
transition referring to the corresponding CAN controller with the abstract CanIf
ControllerId.⌋ ()
[SWS_Can_00398] ⌈ The function Can_SetControllerMode shall use the system

service GetCounterValue for timeout monitoring to avoid blocking functions.⌋ ()

AUTOSAR CP R20-11
[SWS_Can_00372] ⌈ In case the flag signals that the change takes no effect and the
maximum time CanTimeoutDuration is elapsed, the function
Can_SetControllerMode shall be left and the function Can_Mainfunction_Mode shall
continue to poll the flag.⌋ (SRS_SPAL_12077)
[SWS_Can_00373] ⌈ The function Can_Mainfunction_Mode shall call the function
CanIf_ControllerModeIndication to notify the upper layer about a successful state
transition of the corresponding CAN controller referred by abstract CanIf ControllerId,
in case the state transition was triggered by function Can_SetControllerMode.⌋ ()
State transition caused by function Can_SetControllerMode

(CAN_CS_STARTED)
 STOPPED  STARTED
 software triggered
[SWS_Can_00261] ⌈ The function Can_SetControllerMode(CAN_CS_STARTED)

shall set the hardware registers in a way that makes the CAN controller participating
on the network.⌋ ()
[SWS_Can_00262] ⌈ The function Can_SetControllerMode(CAN_CS_STARTED)

shall wait for limited time until the CAN controller is fully operational. Compare to
SWS_Can_00398.⌋ ()
Transmit requests that are initiated before the CAN controller is operational get lost.
The only indicator for operability is the reception of TX confirmations or RX
indications. The sending entities might get a confirmation timeout and need to be
able to cope with that.
[SWS_Can_00409] ⌈ When the function Can_SetControllerMode

(CAN_CS_STARTED) is entered and the CAN controller is not in state STOPPED it
shall detect a invalid state transition (Compare to SWS_Can_00200).⌋ ()
State transition caused by function Can_SetControllerMode

(CAN_CS_STOPPED)
 STARTED  STOPPED
 SLEEP  STOPPED
[SWS_Can_00263] ⌈ The function Can_SetControllerMode(CAN_CS_STOPPED)

shall set the bits inside the CAN hardware such that the CAN controller stops
participating on the network.⌋ ()

AUTOSAR CP R20-11

shall wait for a limited time until the CAN controller is really switched off. Compare to
SWS_Can_00398.⌋ ()
[SWS_Can_00267] ⌈ If the CAN HW does not support a sleep mode, the transition
from SLEEP to STOPPED shall return from the logical sleep mode, but have no
effect to the CAN controller state (as the controller is already in stopped state).⌋ ()

shall wait for a limited time until the CAN controller is in STOPPED state. Compare to
SWS_Can_00398.⌋ ()

shall cancel pending messages. ⌋ ()
State transition caused by function Can_SetControllerMode(CAN_CS_SLEEP)
 STOPPED  SLEEP
[SWS_Can_00265] ⌈ The function Can_SetControllerMode(CAN_CS_SLEEP) shall

set the controller into sleep mode.⌋ ()
[SWS_Can_00266] ⌈ If the CAN HW does support a sleep mode, the function

Can_SetControllerMode(CAN_CS_SLEEP) shall wait for a limited time until the CAN
controller is in SLEEP state and it is assured that the CAN hardware is wake able.
Compare to SWS_Can_00398.⌋ ()
[SWS_Can_00290] ⌈ If the CAN HW does not support a sleep mode, the function
Can_SetControllerMode(CAN_CS_SLEEP) shall set the CAN controller to the logical
sleep mode.⌋ ()
[SWS_Can_00405] ⌈ This logical sleep mode shall left only, if function

Can_SetControllerMode(CAN_CS_STOPPED) is called.⌋ ()
[SWS_Can_00411] ⌈ When the function Can_SetControllerMode(CAN_CS_SLEEP)

is entered and the CAN controller is neither in state STOPPED nor in state SLEEP, it
shall detect a invalid state transition (Compare to SWS_Can_00200).⌋ ()

AUTOSAR CP R20-11
7.3.6 State transition caused by Hardware Events
State transition caused by Hardware Wakeup (triggered by wake-up event from

CAN bus)
 SLEEP  STOPPED
 triggered by incoming L-PDUs
 The ECU Statemanager module is notified with the function
EcuM_CheckWakeup
This state transition will only occur when sleep mode is supported by hardware.
[SWS_Can_00270] ⌈ On hardware wakeup (triggered by a wake-up event from CAN

bus), the CAN controller shall transition into the state STOPPED.⌋ ()
[SWS_Can_00271] ⌈ On hardware wakeup (triggered by a wake-up event from CAN

bus), the Can module shall call the function EcuM_CheckWakeup either in interrupt
context or in the context of Can_MainFunction_Wakeup.⌋ (SRS_BSW_00375,
SRS_SPAL_12069, SRS_Can_01054)
[SWS_Can_00269] ⌈ The Can module shall not further process the L-PDU that
caused a wake-up.⌋ ()
[SWS_Can_00048] ⌈ In case of a CAN bus wake-up during sleep transition, the

function Can_SetControllerMode(CAN_CS_STOPPED) shall return E_NOT_OK.⌋
(SRS_Can_01122)
State transition caused by Bus-Off (triggered by state change of CAN

controller)
[SWS_Can_00020] ⌈
 STARTED  STOPPED
 triggered by hardware if the CAN controller reaches bus-off state
 The CanIf module is notified with the function CanIf_ControllerBusOff after
STOPPED state is reached referring to the corresponding CAN controller with
the abstract CanIf ControllerId.⌋ (SRS_Can_01055)
[SWS_Can_00272] ⌈ After bus-off detection, the CAN controller shall transition to the
state STOPPED and the Can module shall ensure that the CAN controller doesn’t
participate on the network anymore. ⌋ (SRS_Can_01060)
[SWS_Can_00273] ⌈ After bus-off detection, the Can module shall cancel still
pending messages. ⌋ (SRS_Can_01060)

AUTOSAR CP R20-11
[SWS_Can_00274] ⌈ The Can module shall disable or suppress automatic bus-off

recovery.⌋ (SRS_Can_01060)
7.3.7 State transition caused by function Can_DeInit
- STOPPED -> UNINIT; SLEEP -> UNINIT (for all controllers in HW unit)
- software triggered by the function call Can_DeInit
- prepares all CAN controllers inside HW Unit to be re-configured
[SWS_Can_91010] ⌈ The function Can_DeInit shall set all CAN controllers in the
state UNINIT⌋ (SRS_Can_01166, SRS_Can_01053)
When the function Can_DeInit is entered and the Can module is not in state
CAN_READY or any of the CAN controllers is in state STARTED, it shall raise the
error CAN_E_TRANSITION (Refer to [SWS_Can_91011] and [SWS_Can_91012]).
7.4 Can module/Controller Initialization

The ECU State Manager module shall initialize the Can module during startup phase
by calling the function Can_Init before using any other functions of the Can module.
[SWS_Can_00250] ⌈ The function Can_Init shall initialize:

static variables, including flags,
Common setting for the complete CAN HW unit
CAN controller specific settings for each CAN controller⌋ (SRS_BSW_00101)
[SWS_Can_00053] ⌈ Can_Init shall not change registers of CAN controller Hardware

resources that are not used. ⌋ (SRS_SPAL_12125)
The Can module shall apply the following rules regarding initialization of controller
registers:
 [SWS_Can_00407] ⌈ If the hardware allows for only one usage of the register,
the Can module implementing that functionality is responsible initializing the
register.
 If the register can affect several hardware modules and if it is an I/O register it
shall be initialized by the PORT driver.
 If the register can affect several hardware modules and if it is not an I/O
register it shall be initialized by the MCU driver.
 One-time writable registers that require initialization directly after reset shall be
initialized by the startup code.
 All other registers shall be initialized by the startup code.⌋ (SRS_SPAL_12461)

AUTOSAR CP R20-11
[SWS_Can_00056] ⌈ Post-Build configuration elements that are marked as ‘multiple’

(‘M’ or ‘x’) in chapter 10 can be selected by passing the pointer ‘Config’ to the init
function of the module. ⌋ ()
[SWS_Can_00062] ⌈ If Can_SetBaudrate determines that the aimed configuration

change requires a re-initialization and the CAN Controller is in STOPPED, the
function Can_SetBaudrate shall re-initialize the CAN controller and the controller
specific settings.⌋ (SRS_Can_01139, SRS_Can_01042)
If re-initialization is necessary, the CAN Controller has to be switched to STOPPED
before Can_SetBaudrate() can be executed and the new baud rate configuration can
be applied.
[SWS_Can_00255] ⌈ The function Can_SetBaudrate shall only affect register areas

that contain specific configuration for a single CAN controller. ⌋ ()
[SWS_Can_00021] ⌈ The desired CAN controller configuration can be selected with

the parameter Config. ⌋ (SRS_BSW_00344, SRS_BSW_00404, SRS_BSW_00405,
SRS_SPAL_12263, SRS_SPAL_12265)
[SWS_Can_00291] ⌈ Config is a pointer into an array of implementation specific data

structure stored in ROM. The different controller configuration sets are located as
data structures in ROM.⌋ (SRS_BSW_00438)
The possible values for Config are provided by the configuration description (see
chapter 10).
The Can module configuration defines the global CAN HW Unit settings and
references to the default CAN controller configuration sets.
7.5 L-PDU transmission

On L-PDU transmission, the Can module converts the L-PDU contents ID and Data
Length to a hardware specific format (if necessary) and triggers the transmission.
[SWS_Can_00059] ⌈ Data mapping by CAN to memory is defined in a way that the

CAN data byte which is sent out first is array element 0, the CAN data byte which is
sent out last is array element 7 or 63 in case of CAN FD.⌋ (SRS_SPAL_12063)
[SWS_Can_00427] ⌈ If the presentation inside the CAN Hardware buffer differs from
AUTOSAR definition, the Can module must provide an adapted SDU-Buffer for the
upper layers.⌋ ()

AUTOSAR CP R20-11
[SWS_Can_00100] ⌈ Several TX hardware objects with unique HTHs may be

configured. The CanIf module provides the HTH as parameter of the TX request. See
Figure 7-3 for a possible configuration.⌋ (SRS_Can_01135)
Message Objects of CAN Hardware
HRH = 0 ID DLC SDU

HRH = 1 ID DLC SDU
unused ID DLC SDU
HRH = 2 ID DLC SDU
HRH = 3 ID DLC SDU
unused ID DLC SDU
HTH = 4 ID DLC SDU
HTH = 5 ID DLC SDU
Figure 7-3: Example of assignment of HTHs and HRHs to the Hardware Objects. The numbering
of HTHs and HRHs are implementation specific. The chosen numbering is only an example.
[SWS_Can_00276] ⌈ The function Can_Write shall store the swPduHandle that is

given inside the parameter PduInfo until the Can module calls the
CanIf_TxConfirmation for this request where the swPduHandle is given as
parameter. ⌋ ()
The feature of SWS_Can_00276 is used to reduce time for searching in the CanIf
module implementation.
[SWS_Can_00016] ⌈ The Can module shall call CanIf_TxConfirmation to indicate a

successful transmission. It shall either called by the TX-interrupt service routine of
the corresponding HW resource or inside the Can_MainFunction_Write in case of
polling mode.⌋ (SRS_Can_01051)
7.5.1 Priority Inversion
Multiplexed transmission can be used to avoid outer/inner priority inversion (see

chapter 2.1).
[SWS_Can_00277] ⌈ The Can module shall allow that the functionality “Multiplexed
Transmission” is statically configurable (ON | OFF) at pre-compile time.⌋
(SRS_Can_01134)

AUTOSAR CP R20-11
[SWS_Can_00401] ⌈ Several transmit hardware objects (defined by

"CanHwObjectCount") shall be assigned by one HTH to represent one transmit
entity to the upper layer.⌋ (SRS_Can_01134)
[SWS_Can_00402] ⌈ The Can module shall support multiplexed transmission

mechanisms for devices where either
 Multiple transmit hardware objects, which are grouped to a transmit entity can be
filled over the same register set, and the microcontroller stores the L-PDU into a
free buffer autonomously,
or
 The Hardware provides registers or functions to identify a free transmit hardware
object within a transmit entity.⌋ (SRS_Can_01134)
[SWS_Can_00403] ⌈ The Can module shall support multiplexed transmission for

devices, which send L-PDUs in order of L-PDU priority.⌋ (SRS_Can_01134)
Note: Ordering of L-PDUs by priority avoids inner priority inversion of the L-PDUs
assigned to a Basic-CAN configured for multiplexed transmission.
Another possibility to avoid inner priority inversion is the configuration of all HTHs to
be Full-CAN if the CAN hardware is able to prioritize upon transmission using the
CAN ID or related priority field.
Note: Software emulation of priority handling should be avoided, because the

overhead would void the advantage of the multiplexed transmission.
Figure 7-4: Example of assignment of HTHs and HRHs to the Hardware Objects with
multiplexed transmission. The numbering of HTHs and HRHs are implementation specific. The
chosen numbering is only an example.

AUTOSAR CP R20-11
7.5.2 Transmit Data Consistency
[SWS_Can_00011] ⌈ The Can module shall directly copy the data from the upper
layer buffers. It is the responsibility of the upper layer to keep the buffer consistent
until return of function call (Can_Write).⌋ (SRS_SPAL_12075, SRS_Can_01059)

AUTOSAR CP R20-11
7.6 L-PDU reception

[SWS_Can_00279] ⌈ On L-PDU reception, the Can module shall call the RX
indication callback function CanIf_RxIndication with ID, Hoh, abstract CanIf
ControllerId in parameter Mailbox, and the Data Length and pointer to the L-SDU
buffer in parameter PduInfoPtr.⌋ (SRS_Can_01045)
[SWS_Can_00423] ⌈ In case of an Extended CAN frame, the Can module shall

convert the ID to a standardized format since the Upper layer (CANIF) does not know
whether the received CAN frame is a Standard CAN frame or Extended CAN frame.
In case of an Extended CAN frame, MSB of a received CAN frame ID needs to be
made as ‘1’ to mark the received CAN frame as Extended.⌋ ()
[SWS_Can_00396] ⌈ The RX-interrupt service routine of the corresponding HW

resource or the function Can_MainFunction_Read in case of polling mode shall call
the callback function CanIf_RxIndication.⌋ (SRS_Can_01045)
[SWS_Can_00060] ⌈ Data mapping by CAN to memory is defined in a way that the

CAN data byte which is received first is array element 0, the CAN data byte which is
received last is array element 7 or 63 in case of CAN FD.
If the presentation inside the CAN Hardware buffer differs from AUTOSAR definition,
the Can module must provide an adapted SDU-Buffer for the upper layers.⌋
(SRS_SPAL_12063)
[SWS_Can_00501] ⌈ CanDrv shall indicate whether the received message is a

conventional CAN frame or a CAN FD frame as described in Can_IdType.⌋ (
SRS_Can_01162)
7.6.1 Receive Data Consistency
To prevent loss of received messages, some controllers support a FIFO built

from a set of hardware objects, while on other controllers it is possible to
configure another hardware object with the same properties that works as a
shadow buffer and steps in when the main object is busy.
[SWS_Can_00489] ⌈ The CAN driver shall support controllers which implement a

hardware FIFO. The size of the FIFO is configured via "CanHwObjectCount".
⌋ ()
[SWS_Can_00490] ⌈ Controllers that do not support a hardware FIFO often provide

the capabilities to implement a shadow buffer mechanism, where additional
hardware objects take over when the primary hardware object is busy. The number
AUTOSAR CP R20-11
of hardware objects is configured via "CanHwObjectCount".⌋ ()
Figure 7-5: Example of assignment of same HRHs to multiple Hardware Objects The chosen
numbering is only an example.
[SWS_Can_00299] ⌈ The Can module shall copy the L-SDU in a shadow buffer after
reception, if the RX buffer cannot be protected (locked) by CAN Hardware against
overwriting by a newly received message.⌋ ()
[SWS_Can_00300] ⌈ The Can module shall copy the L-SDU in a shadow buffer, if
the CAN Hardware is not globally accessible.⌋ ()
The complete RX processing (including copying to destination layer, e.g. COM) is
done in the context of the RX interrupt or in the context of the
Can_MainFunction_Read.
[SWS_Can_00012] ⌈ The Can module shall guarantee that neither the ISRs nor the
function Can_MainFunction_Read can be interrupted by itself. The CAN hardware (or
shadow) buffer is always consistent, because it is written and read in sequence in
exactly one function that is never interrupted by itself.⌋ (SRS_Can_01059)
If the CAN hardware cannot be configured to lock the RX hardware object after
reception (hardware feature), it could happen that the hardware buffer is overwritten
by a newly arrived message. In this case, the CAN controller detects an “overwrite”
event, if supported by hardware.
If the CAN hardware can be configured to lock the RX hardware object after
reception, it could happen that the newly arrived message cannot be stored to the
hardware buffer. In this case, the CAN controller detects an “overrun” event, if
supported by hardware.
[SWS_Can_00395] ⌈ Can module shall raise the runtime error CAN_E_DATALOST

in case of “overwrite” or “overrun” event detection.⌋ ()
AUTOSAR CP R20-11
Implementation Hint:
The system designer shall assure that the runtime for message reception (interrupt
driven or polling) correlates with the fasted possible reception in the system.
7.7 Wakeup concept

The Can module handles wakeups that can be detected by the Can controller itself
and not via the Can transceiver. There are two possible scenarios: wakeup by
interrupt and wakeup by polling.
For wakeup by interrupt, an ISR of the Can module is called when the hardware
detects the wakeup.
[SWS_Can_00364] ⌈ If the ISR for wakeup events is called, it shall call

EcuM_CheckWakeup in turn. The parameter passed to EcuM_CheckWakeup shall
be the ID of the wakeup source referenced by the CanWakeupSourceRef
configuration parameter.⌋ (SRS_BSW_00375, SRS_SPAL_12069, SRS_Can_01054)
The ECU State Manager will then set up the MCU and call the Can module back via
the Can Interface, resulting in a call to Can_CheckWakeup.
When wakeup events are detected by polling, the ECU State Manager will cyclically
call Can_CheckWakeup via the Can Interface as before. In both cases,
Can_CheckWakeup will check if there was a wakeup detected by a Can controller
and return the result. The CAN driver will then inform the ECU State Manager of the
wakeup event via EcuM_SetWakeupEvent.
The wakeup validation to prevent false wakeup events, will be done by the ECU
State Manager and the Can Interface afterwards and without any help from the Can
module.
For a general description of the wakeup mechanisms and wakeup sequence
diagrams refer to Specification of ECU State Manager [7].
7.8 Notification concept

The Can module offers only an event triggered notification interface to the CanIf
module. Each notification is represented by a callback function.
[SWS_Can_00099] ⌈ The hardware events may be detected by an interrupt or by

polling status flags of the hardware objects. The configuration possibilities regarding
polling is hardware dependent (i.e. which events can be polled, which events need to
be polled), and not restricted by this standard. ⌋ (SRS_Can_01132)
[SWS_Can_00007] ⌈ It shall be possible to configure the driver such that no

interrupts at all are used (complete polling). ⌋ (SRS_Can_01062)

AUTOSAR CP R20-11
The configuration of what is and is not polled by the Can module is internal to the
driver, and not visible outside the module. The polling is done inside the CAN main
functions (Can_MainFunction_xxx). Also the polled events are notified by the
appropriate callback function. Then the call context is not the ISR but the CAN main
function. The implementation of all callback functions shall be done as if the call
context was the ISR.
For further details see also description of the CAN main functions
Can_MainFunction_Read, Can_MainFunction_Write, Can_MainFunction_BusOff and
Can_MainFunction_Wakeup.
7.9 Reentrancy issues

A routine must satisfy the following conditions to be reentrant:
 It uses all shared variables in an atomic way, unless each is allocated to a
specific instance of the function.
 It does not call non-reentrant functions.
 It does not use the hardware in a non-atomic way.
Transmit requests are simply forwarded by the CanIf module inside the function
CanIf_Transmit.
The function CanIf_Transmit is re-entrant. Therefore the function Can_Write needs to
be implemented thread-safe (for example by using mutexes):
Further (preemptive) calls will return with CAN_BUSY when the write can’t be
performed re-entrant. (example: write to different hardware TX Handles allowed,
write to same TX Handles not allowed)
In case of CAN_BUSY the CanIf module queues that request. (same behavior as if
all hardware objects are busy).
Can_EnableCanInterrupts and Can_DisableCanInterrupts may be called inside re-
entrant functions. Therefore these functions also need to be reentrant.
All other services don’t need to be implemented as reentrant functions.
The CAN main functions (i.e. Can_MainFunction_Read) shall not be interrupted by
themselves. Therefore these CAN main functions are not reentrant.
7.10 Error classification

Section 7.11 "Error Handling" of the document "General Specification of Basic
Software Modules" describes the error handling of the Basic Software in detail.
Above all, it constitutes a classification scheme consisting of five error types which
may occur in BSW modules.
Based on this foundation, the following section specifies particular errors arranged in
the respective subsections below.

AUTOSAR CP R20-11
[SWS_Can_00104] ⌈ The Can module shall be able to detect the following errors and
exceptions depending on its configuration (default/production)⌋ (SRS_BSW_00337,
SRS_BSW_00385, SRS_BSW_00331)
7.10.1 Development Errors
[SWS_Can_91019]⌈
Type of error Related error code Error value
API Service called with wrong parameter CAN_E_PARAM_POINTER 0x01
API Service called with wrong parameter CAN_E_PARAM_HANDLE 0x02
API Service called with wrong parameter CAN_E_PARAM_DATA_LENGTH 0x03
API Service called with wrong parameter CAN_E_PARAM_CONTROLLER 0x04
API Service used without initialization CAN_E_UNINIT 0x05
Invalid transition for the current mode CAN_E_TRANSITION 0x06
Parameter Baudrate has an invalid value CAN_E_PARAM_BAUDRATE 0x07
Invalid configuration set selection CAN_E_INIT_FAILED 0x09
⌋()
7.10.2 Runtime Errors
[SWS_Can_91020]⌈
Type of error Related error code Error value
Received CAN message is lost CAN_E_DATALOST 0x01
⌋()
[SWS_Can_00026] ⌈ The Can module shall indicate errors that are caused by
erroneous usage of the Can module API. This covers API parameter checks and call
sequence errors. ⌋ (SRS_BSW_00337, SRS_BSW_00323, SRS_SPAL_00157)
[SWS_Can_00091] ⌈ After return of the DET the Can module’s function that raised
the development error shall return immediately.⌋ (SRS_SPAL_12448)
AUTOSAR CP R20-11
[SWS_Can_00089] ⌈ The Can module’s environment shall indicate development

errors only in the return values of a function of the Can module when DET is
switched on and the function provides a return value. The returned value is
E_NOT_OK. ⌋ (SRS_BSW_00369, SRS_BSW_00386, SRS_SPAL_12448)
7.10.3 Transient Faults
There are no transient faults.
7.10.4 Production Errors
There are no productions errors.
7.10.5 Extended Production Errors
There are no extended production errors.
7.10.6 Return Value
CAN_BUSY is reported via return value of the function Can_Write. The CanIf module
reacts according the sequence diagrams specified for the CanIf module.E_NOT_OK
is reported via return value in case of a wakeup during transition to sleep mode.Bus-
off and Wake-up events are forwarded via notification callback functions.
7.11 CAN FD Support

For performance reasons some CAN controllers allow to use a Flexible Data-Rate
feature called CAN FD (see "CAN with Flexible Data-Rate" specification). Indicated
during the arbitration phase it is possible to switch to a higher baud rate during
payload and CRC. This second baud rate has to be configured by extending
CanControllerBaudrateConfig with CanControllerFdBaudrateConfig. If a baud rate is
active which has a CAN FD configuration (see CanControllerFdBaudrateConfig) the
CAN FD feature is enabled for this controller. The specified second baud rate is
needed to support reception of CAN FD frames with bit rate switch (BRS). Whether
the second baudrate is used for transmission or not depends on configuration
parameter CanControllerTxBitRateSwitch (see CanControllerFdBaudrateConfig).
However, there may be cases where conventional CAN 2.0 messages need to be
transmitted in networks supporting CAN-FD messages for example to facilitate CAN
selective wakeup. In these cases it is necessary to support transmitting interleaved
conventional CAN messages with CAN-FD messages. This can be achieved on
frame level by using the two most significant bits of the CanId (see Can_IdType,
SWS_Can_00416) passed during Can_Write to indicate which kind of frame shall be
used.
AUTOSAR CP R20-11
CAN FD also supports an extended payload which allows the transmission of up to

64 bytes. This feature also depends on the CAN FD configuration (see
CanControllerFdBaudrateConfig). Therefore, if the CAN Controller is in CAN FD
mode (valid CanControllerFdBaudrateConfig) and the CAN FD flag is set in CanId
passed to Can_Write(), CanDrv supports the transmission of PDUs with a length up
to 64 bytes. If there is a request to transmit a CAN FD frame and the CAN Controller
is not in CAN FD mode (no CanControllerFdBaudrateConfig) the frame is sent as
conventional CAN frame as long as the PDU length <= 8 bytes.
7.12 Reporting of CAN Error Types

[SWS_Can_91022]⌈
If the CanEnableSecurityEventReporting=true and CanDrv detects a CanErrorType
in the range of 0x1-0xB, then CanDrv shall call CanIf_ErrorNotification with the
ControllerId and the CanError as parameters.⌋(RS_Ids_00810)
[SWS_Can_91024]⌈
If no of the predefined Can_ErrorType values matches to the error provided by the
CAN hardware, the CAN driver shall not report the error to the CanIf.
⌋(RS_Ids_00810)
[SWS_Can_91023]⌈
If the CanEnableSecurityEventReporting=true and CanDrv detects a transition to
error state passive, then CanDrv shall call CanIf_ControllerErrorStatePassive with
the ControllerId and the values for the Rx and Tx error counters.
⌋(RS_Ids_00810)

AUTOSAR CP R20-11
8 API specification
The prefix of the function names may be changed in an implementation with several
Can modules as described in [SWS_Can_00284].
8.1 Imported types

In this chapter all types included from the following modules are listed:
[SWS_Can_00222]⌈
Module Header File Imported Type
ComStack_Types.h PduIdType
ComStack_Types ComStack_Types.h PduInfoType
ComStack_Types.h PduLengthType
EcuM EcuM.h EcuM_WakeupSourceType
Icu Icu.h Icu_ChannelType
Os.h StatusType
Os.h TickRefType
Os
Os.h TickType
Rte_Os_Type.h CounterType
Std_Types.h Std_ReturnType
Std
Std_Types.h Std_VersionInfoType
⌋()

AUTOSAR CP R20-11
8.2 Type definitions
8.2.1 Can_ConfigType
[SWS_Can_00413]⌈
Name Can_ConfigType
Kind Structure
This is the type of the external data structure containing the overall initialization data
for the CAN driver and SFR settings affecting all controllers. Furthermore it contains
Description
pointers to controller configuration structures. The contents of the initialization data
structure are CAN hardware specific.
Available
Can.h
via
⌋()
8.2.2 Can_PduType
[SWS_Can_00415]⌈
Name Can_PduType
Kind Structure
swPduHandle
Type PduIdType
Comment --
length
Type uint8
Comment --
Elements
id
Type Can_IdType
Comment --
sdu
Type uint8*
Comment --

AUTOSAR CP R20-11
This type unites PduId (swPduHandle), SduLength (length), SduData (sdu), and Can
Description
Id (id) for any CAN L-SDU.
Available
Can_GeneralTypes.h
via
⌋()
8.2.3 Can_IdType
[SWS_Can_00416]⌈
Name Can_IdType
Kind Type
Derived
uint32
from
Standard32Bit 0..0x400007FF 0..0x400007FF

Range
Extended32Bit 0..0xDFFFFFFF 0..0xDFFFFFFF
Represents the Identifier of an L-PDU. The two most significant bits specify the frame
Description type: 00 CAN message with Standard CAN ID 01 CAN FD frame with Standard CAN
ID 10 CAN message with Extended CAN ID 11 CAN FD frame with Extended CAN ID
Variation --
Available
Can_GeneralTypes.h
via
⌋()
8.2.4 Can_HwHandleType
[SWS_Can_00429]⌈
Name Can_HwHandleType
Kind Type
Basetype Variation
Derived
uint16 --
from
uint8 --
Range Standard 0..0x0FF 0..0x0FF

AUTOSAR CP R20-11
Extended 0..0xFFFF 0..0xFFFF
Represents the hardware object handles of a CAN hardware unit. For CAN hardware
Description
units with more than 255 HW objects use extended range.
Available
Can_GeneralTypes.h
via
⌋()
8.2.5 Can_HwType
[SWS_CAN_00496]⌈
Name Can_HwType
Kind Structure
CanId
Type Can_IdType
Comment Standard/Extended CAN ID of CAN L-PDU
Hoh
Type Can_HwHandleType
Elements
Comment ID of the corresponding Hardware Object Range
ControllerId
Type uint8
ControllerId provided by CanIf clearly identify the corresponding

Comment
controller
This type defines a data structure which clearly provides an Hardware Object Handle
Description including its corresponding CAN Controller and therefore CanDrv as well as the
specific CanId.
Available
Can_GeneralTypes.h
via
⌋()
8.2.6 Extension to Std_ReturnType
[SWS_Can_00039]⌈
CAN_ transmit request could not be processed because no transmit
Range 0x02
BUSY object was available

AUTOSAR CP R20-11
Description Overlayed return value of Std_ReturnType for CAN driver API Can_Write()
Available
Can_GeneralTypes.h
via
⌋(SRS_BSW_00331)
8.2.7 Can_ErrorStateType
[SWS_Can_91003]⌈
Name Can_ErrorStateType
Kind Enumeration
CAN_ERRORSTATE_
-- The CAN controller takes fully part in communication.
ACTIVE
CAN_ERRORSTATE_ The CAN controller takes part in communication, but

Range --
PASSIVE does not send active error frames.
CAN_ERRORSTATE_ The CAN controller does not take part in

--
BUSOFF communication.
Description Error states of a CAN controller.
Available
Can_GeneralTypes.h
via
⌋()
8.2.8 Can_ControllerStateType
[SWS_Can_91013]⌈
Name Can_ControllerStateType
Kind Enumeration
CAN_CS_UNINIT 0x00 CAN controller state UNINIT.
CAN_CS_STARTED 0x01 CAN controller state STARTED.

Range
CAN_CS_STOPPED 0x02 CAN controller state STOPPED.
CAN_CS_SLEEP 0x03 CAN controller state SLEEP.
Description States that are used by the several ControllerMode functions.
Available via Can_GeneralTypes.h

AUTOSAR CP R20-11
⌋()
8.2.9 Can_ErrorType
[SWS_Can_91021]⌈
Name Can_ErrorType
Kind Enumeration
CAN_ERROR_BIT_
0x01 A 0 was transmitted and a 1 was read back
MONITORING1
CAN_ERROR_BIT_
0x02 A 1 was transmitted and a 0 was read back
MONITORING0
The HW reports a CAN bit error but cannot report

distinguish between CAN_ERROR_BIT_
CAN_ERROR_BIT 0x03
MONITORING1 and CAN_ERROR_BIT_
MONITORING0
CAN_ERROR_
0x04 Acknowledgement check failed
CHECK_ACK_FAILED
CAN_ERROR_ACK_
0x05 Acknowledgement delimiter check failed
DELIMITER
CAN_ERROR_
0x06 The sender lost in arbitration.
Range ARBITRATION_LOST
CAN overload detected via an overload frame.

CAN_ERROR_
0x07 Indicates that the receive buffers of a receiver are
OVERLOAD
full.
CAN_ERROR_
CHECK_FORM_ 0x08 Violations of the fixed frame format
FAILED
CAN_ERROR_
CHECK_STUFFING_ 0x09 Stuffing bits not as expected
FAILED
CAN_ERROR_
0xA CRC failed
CHECK_CRC_FAILED
CAN_ERROR_BUS_
0xB Bus lock (Bus is stuck to dominant level)
LOCK
The enumeration represents a superset of CAN Error Types which typical CAN HW is
Description
able to report. That means not all CAN HW will be able to support the complete set.
Available
Can_GeneralTypes.h
via

AUTOSAR CP R20-11
⌋()
8.3 Function definitions

This is a list of functions provided for upper layer modules.
8.3.1 Services affecting the complete hardware unit
8.3.1.1 Can_Init
[SWS_Can_00223]⌈
Service Name Can_Init
void Can_Init (
Syntax const Can_ConfigType* Config
)
Service ID [hex] 0x00
Sync/Async Synchronous
Reentrancy Non Reentrant
Parameters (in) Config Pointer to driver configuration.
Parameters (inout) None
Parameters (out) None
Return value None
Description This function initializes the module.
Available via Can.h
⌋(SRS_BSW_00358, SRS_BSW_00414)
Symbolic names of the available configuration sets are provided by the configuration
description of the Can module. See chapter 10 about configuration description.
[SWS_Can_00174] ⌈ If development error detection for the Can module is enabled:

The function Can_Init shall raise the error CAN_E_TRANSITION if the driver is not in
state CAN_UNINIT.⌋ ()

The function Can_Init shall raise the error CAN_E_TRANSITION if the CAN
controllers are not in state UNINIT.⌋ ()

AUTOSAR CP R20-11
8.3.1.2 Can_GetVersionInfo
[SWS_Can_00224]⌈
Service Name Can_GetVersionInfo
void Can_GetVersionInfo (
Syntax Std_VersionInfoType* versioninfo
)
Reentrancy Reentrant
Parameters (in) None
Parameters (out) versioninfo Pointer to where to store the version information of this module.
Return value None
Description This function returns the version information of this module.
Available via Can.h
⌋()

The function Can_GetVersionInfo shall raise the error CAN_E_PARAM_POINTER if
the parameter versionInfo is a null pointer.⌋ ()
8.3.1.3 Can_DeInit
[SWS_Can_91002]⌈
Service Name Can_DeInit
void Can_DeInit (
Syntax void
)
Parameters (in) None

AUTOSAR CP R20-11
Return value None
Description This function de-initializes the module.
Available via Can.h
⌋(SRS_Can_01166, SRS_BSW_00336)
Note: General behavior and constraints on de-initialization functions are specified by

[SWS_BSW_00152], [SWS_BSW_00072], [SWS_BSW_00232], [SWS_BSW_00233]
Caveat: Caller of the Can_DeInit function has to be sure no CAN controller is in the
state STARTED

The function Can_DeInit shall raise the error CAN_E_TRANSITION if the driver is not
in state CAN_READY.⌋ (SRS_BSW_00369)
The function Can_DeInit shall raise the error CAN_E_TRANSITION if any of the CAN
controllers is in state STARTED.⌋ (SRS_BSW_00369)
8.3.2 Services affecting one single CAN Controller
8.3.2.1 Can_SetBaudrate
[SWS_CAN_00491]⌈
Service Name Can_SetBaudrate
Std_ReturnType Can_SetBaudrate (
uint8 Controller,
Syntax uint16 BaudRateConfigID
)
Service ID
0x0f
[hex]
Reentrancy Reentrant for different Controllers. Non reentrant for the same Controller.
Controller CAN controller, whose baud rate shall be set

Parameters
(in) BaudRateConfig references a baud rate configuration by ID (see CanController
ID BaudRateConfigID)

AUTOSAR CP R20-11
Parameters
None
(inout)
Parameters
None
(out)
E_OK: Service request accepted, setting of (new) baud rate

Return value Std_ReturnType started
E_NOT_OK: Service request not accepted
This service shall set the baud rate configuration of the CAN controller. Depending
Description
on necessary baud rate modifications the controller might have to reset.
Available via Can.h
⌋()
There might be several baud rate configurations available. The function

Can_SetBaudrate can be used to switch between different configurations.
Depending on the old and new baud rate configuration only a subset of
parameters may be changed during runtime and a re-initialization of the CAN
Controller might be avoidable.
If the call of Can_SetBaudrate will cause a re-initialization of the CAN

Controller the CAN controller must be in state STOPPED when this function is
called (see SWS_Can_00256 and SWS_Can_00260).
The CAN controller is in state STOPPED after (re-)initialization (see

SWS_Can_00259).

The function Can_SetBaudrate shall raise the error CAN_E_UNINIT and return
E_NOT_OK if the driver is not yet initialized.⌋ ()

The function Can_SetBaudrate shall raise the error CAN_E_PARAM_BAUDRATE
and return E_NOT_OK if the parameter BaudRateConfigID has an invalid value.⌋ ()
[SWS_Can_00494] ⌈ If development error detection for the Can module is enabled

the function Can_SetBaudrate shall raise the error CAN_E_PARAM_CONTROLLER
and return E_NOT_OK if the parameter Controller is out of range.⌋ ()
[SWS_Can_00500] ⌈ If the requested baud rate change can not performed without a
re-initialization of the CAN Controller E_NO_OK shall be returned.⌋ ()

AUTOSAR CP R20-11
8.3.2.2 Can_SetControllerMode
[SWS_Can_00230]⌈
Service Name Can_SetControllerMode
Std_ReturnType Can_SetControllerMode (
uint8 Controller,
Syntax Can_ControllerStateType Transition
)
Sync/Async Asynchronous
Controller CAN controller for which the status shall be changed

Parameters (in)
Transition Transition value to request new CAN controller state
Parameters
None
(inout)
E_OK: request accepted

Return value Std_ReturnType E_NOT_OK: request not accepted, a development error
occurred
This function performs software triggered state transitions of the CAN controller
Description
State machine.
Available via Can.h
⌋()
[SWS_Can_00017] ⌈ The function Can_SetControllerMode shall perform software

triggered state transitions of the CAN controller State machine. See also
[SRS_SPAL_12169]⌋ (SRS_SPAL_12169, SRS_Can_01053)
[SWS_Can_00384] ⌈ Each time the CAN controller state machine is triggered with
the state transition value CAN_CS_STARTED, the function Can_SetControllerMode
shall re-initialize the CAN controller with the same controller configuration set
previously used by functions Can_SetBaudrate or Can_Init.⌋ ()
Refer to SWS_Can_00048 for the case of a wakeup event from CAN bus occurred
during sleep transition.
[SWS_Can_00294] ⌈ The function Can_SetControllerMode shall disable the wake-up

interrupt, while checking the wake-up status. ⌋ ()

AUTOSAR CP R20-11
[SWS_Can_00196] ⌈ The function Can_SetControllerMode shall enable interrupts

that are needed in the new state. ⌋ ()
[SWS_Can_00425] ⌈ Enabling of CAN interrupts shall not be executed, when CAN

interrupts have been disabled by function Can_DisableControllerInterrupts.⌋ ()
[SWS_Can_00197] ⌈ The function Can_SetControllerMode shall disable interrupts

that are not allowed in the new state. ⌋ ()
[SWS_Can_00426] ⌈ Disabling of CAN interrupts shall not be executed, when CAN

interrupts have been disabled by function Can_DisableControllerInterrupts.⌋ ()
[SWS_Can_00198] ⌈ If development error detection for the Can module is enabled: if

the module is not yet initialized, the function Can_SetControllerMode shall raise
development error CAN_E_UNINIT and return E_NOT_OK.⌋ ()

the parameter Controller is out of range, the function Can_SetControllerMode
shall raise development error CAN_E_PARAM_CONTROLLER and return
E_NOT_OK.⌋ ()

an invalid transition has been requested, the function Can_SetControllerMode shall
raise the error CAN_E_TRANSITION and return E_NOT_OK.⌋ ()
8.3.2.3 Can_DisableControllerInterrupts
[SWS_Can_00231]⌈
Service Name Can_DisableControllerInterrupts
void Can_DisableControllerInterrupts (
Syntax uint8 Controller
)
Parameters (in) Controller CAN controller for which interrupts shall be disabled.
Return value None

AUTOSAR CP R20-11
Description This function disables all interrupts for this CAN controller.
Available via Can.h
⌋(SRS_BSW_00312)
[SWS_Can_00049] ⌈ The function Can_DisableControllerInterrupts shall access the

CAN controller registers to disable all interrupts for that CAN controller only, if
interrupts for that CAN Controller are enabled. ⌋ (SRS_Can_01043)
[SWS_Can_00202] ⌈ When Can_DisableControllerInterrupts has been called several

times, Can_EnableControllerInterrupts must be called as many times before the
interrupts are re-enabled.⌋ ()
Implementation note:
The function Can_DisableControllerInterrupts can increase a counter on every
execution that indicates how many Can_EnableControllerInterrupts need to be called
before the interrupts will be enabled (incremental disable).
[SWS_Can_00204] ⌈ The Can module shall track all individual enabling and disabling
of interrupts in other functions (i.e. Can_SetControllerMode) , so that the correct
interrupt enable state can be restored.⌋ ()
Implementation example:
• in ‘interrupts enabled mode’: For each interrupt state change does not only
modify the interrupt enable bit, but also a software flag.
• in ‘interrupts disabled mode’: only the software flag is modified.
• Can_DisableControllerInterrupts and Can_EnableControllerInterrupts do not
modify the software flags.
• Can_EnableControllerInterrupts reads the software flags to re-enable the
correct interrupts.

The function Can_DisableControllerInterrupts shall raise the error CAN_E_UNINIT if
the driver not yet initialized.⌋ ()

The function Can_DisableControllerInterrupts shall raise the error
CAN_E_PARAM_CONTROLLER if the parameter Controller is out of range.⌋ ()
8.3.2.4 Can_EnableControllerInterrupts
[SWS_Can_00232]⌈
Service Name Can_EnableControllerInterrupts

AUTOSAR CP R20-11
void Can_EnableControllerInterrupts (
)
Parameters (in) Controller CAN controller for which interrupts shall be re-enabled
Return value None
Description This function enables all allowed interrupts.
Available via Can.h
⌋(SRS_BSW_00312)
[SWS_Can_00050] ⌈ The function Can_EnableControllerInterrupts shall enable all

interrupts that must be enabled according the current software status.⌋
(SRS_Can_01043)
SWS_Can_00202 applies to this function.
[SWS_Can_00208] ⌈ The function Can_EnableControllerInterrupts shall perform no

action when Can_DisableControllerInterrupts has not been called before.⌋ ()
See also implementation example for Can_DisableControllerInterrupts.

The function Can_EnableControllerInterrupts shall raise the error CAN_E_UNINIT if
the driver not yet initialized.⌋ ()

The function Can_EnableControllerInterrupts shall raise the error
8.3.2.5 Can_CheckWakeup
[SWS_Can_00360]⌈
Service Name Can_CheckWakeup
Std_ReturnType Can_CheckWakeup (

AUTOSAR CP R20-11
Service ID [hex] 0x0b
Parameters (in) Controller Controller to be checked for a wakeup.
E_OK: API call has been accepted

Return value Std_ReturnType
E_NOT_OK: API call has not been accepted
Description This function checks if a wakeup has occurred for the given controller.
Available via Can.h
⌋()
[SWS_Can_00361] ⌈ The function Can_CheckWakeup shall check if the requested

CAN controller has detected a wakeup. If a wakeup event was successfully detected,
reporting shall be done to EcuM via API EcuM_SetWakeupEvent.⌋ ()
[SWS_Can_00485] ⌈ The function Can_CheckWakeup shall be pre compile time

configurable On/Off by the configuration parameter: CanWakeupFunctionalityAPI ⌋ ()

The function Can_CheckWakeup shall raise the error CAN_E_UNINIT if the driver is
not yet initialized.⌋ ()

The function Can_CheckWakeup shall raise the error
8.3.2.6 Can_GetControllerErrorState
[SWS_Can_91004]⌈
Service Name Can_GetControllerErrorState
Std_ReturnType Can_GetControllerErrorState (
uint8 ControllerId,
Syntax Can_ErrorStateType* ErrorStatePtr
)

AUTOSAR CP R20-11
Reentrancy Non Reentrant for the same ControllerId
Abstracted CanIf ControllerId which is assigned to a CAN

Parameters (in) ControllerId
controller, which is requested for ErrorState.
Parameters
None
(inout)
Parameters Pointer to a memory location, where the error state of the CAN
ErrorStatePtr
(out) controller will be stored.
Std_Return- E_OK: Error state request has been accepted.

Return value
Type E_NOT_OK: Error state request has not been accepted.
Description This service obtains the error state of the CAN controller.
Available via Can.h
⌋()

the module is not yet initialized, the function Can_GetControllerErrorState shall raise
development error CAN_E_UNINIT and return E_NOT_OK.⌋ (SRS_BSW_00406,
SRS_BSW_00416)

the parameter ControllerId is out of range, the function Can_GetControllerErrorState
shall raise development error CAN_E_PARAM_CONTROLLER and return
E_NOT_OK.⌋ (SRS_BSW_00323)

the parameter ErrorStatePtr is a null pointer, the function
Can_GetControllerErrorState shall raise development error
CAN_E_PARAM_POINTER and return E_NOT_OK.⌋ (SRS_BSW_00323)
[SWS_Can_91008] ⌈ When the API Can_GetControllerErrorState() is called with

Controller Id as input parameter then Can driver shall read the error state register of
Can Controller and shall return the error status to upper layer.⌋ (SRS_CAN_01167)
8.3.2.7 Can_GetControllerMode
[SWS_Can_91014]⌈
Service Name Can_GetControllerMode
Std_ReturnType Can_GetControllerMode (
Syntax uint8 Controller,

AUTOSAR CP R20-11
Can_ControllerStateType* ControllerModePtr
)
Parameters (in) Controller CAN controller for which the status shall be requested.
Parameters
None
(inout)
Parameters ControllerMode Pointer to a memory location, where the current mode of the
(out) Ptr CAN controller will be stored.
E_OK: Controller mode request has been accepted.

Std_Return-
Return value E_NOT_OK: Controller mode request has not been
Type
accepted.
Description This service reports about the current status of the requested CAN controller.
Available via Can.h
⌋()
[SWS_Can_91015] ⌈ The service Can_GetControllerMode shall return the mode of

the requested CAN controller. ⌋

The function Can_GetControllerMode shall raise the error CAN_E_UNINIT and
return
E_NOT_OK if the driver is not yet initialized.⌋ (
SRS_BSW_00406,SRS_BSW_00416)
[SWS_Can_91017] ⌈ If parameter Controller of Can_GetControllerMode() has an

invalid value, the CanDrv shall report development error code
CAN_E_PARAM_CONTROLLER to the Det_ReportError service of the DET. ⌋
(SRS_BSW_00323)
[SWS_Can_91018] ⌈ If parameter ControllerModePtr of Can_GetControllerMode()

has an null pointer, the CanDrv shall report development error code
CAN_E_PARAM_POINTER to the Det_ReportError service of the DET. ⌋
(SRS_BSW_00323)
8.3.2.8 Can_GetControllerRxErrorCounter
[SWS_Can_00511]⌈
AUTOSAR CP R20-11
Service
Can_GetControllerRxErrorCounter
Name
Std_ReturnType Can_GetControllerRxErrorCounter (
uint8 ControllerId,
Syntax uint8* RxErrorCounterPtr
)
Service ID
0x30
[hex]
Parameters CAN controller, whose current Rx error counter shall be

ControllerId
(in) acquired.
Parameters
None
(inout)
Parameters RxErrorCounter Pointer to a memory location, where the current Rx error

(out) Ptr counter of the CAN controller will be stored.
E_OK: Rx error counter available.

Return value Std_ReturnType E_NOT_OK: Wrong ControllerId, or Rx error counter not
available.
Returns the Rx error counter for a CAN controller. This value might not be available
for all CAN controllers, in which case E_NOT_OK would be returned.
Please note that the value of the counter might not be correct at the moment the API
Description
returns it, because the Rx counter is handled asynchronously in hardware.
Applications should not trust this value for any assumption about the current bus
state.
Available via Can.h
⌋()

the module is not yet initialized, the function Can_GetControllerRxErrorCounter shall
raise development error CAN_E_UNINIT and return E_NOT_OK. ⌋
(SRS_BSW_00406)

the parameter ControllerId is out of range, the function
Can_GetControllerRxErrorCounter shall raise development error
CAN_E_PARAM_CONTROLLER and return E_NOT_OK. ⌋ (SRS_BSW_00323)

the parameter RxErrorCounterPtr is a null pointer, the function

AUTOSAR CP R20-11
Can_GetControllerRxErrorCounter shall raise development error

CAN_E_PARAM_POINTER and return E_NOT_OK. ⌋ (SRS_BSW_00323)
[SWS_Can_00515] ⌈ When the API Can_GetControllerRxErrorCounter is called with

Controller Id as input parameter then Can driver shall read the Rx error counter
register of Can Controller and shall return the Rx error count to upper layer.⌋
(SRS_Can_01170)
8.3.2.9 Can_GetControllerTxErrorCounter
[SWS_Can_00516]⌈
Service
Can_GetControllerTxErrorCounter
Name
Std_ReturnType Can_GetControllerTxErrorCounter (
uint8 ControllerId,
Syntax
uint8* TxErrorCounterPtr
)
Service ID
0x31
[hex]
Parameters CAN controller, whose current Tx error counter shall be

ControllerId
(in) acquired.
Parameters
None
(inout)
Parameters TxErrorCounter Pointer to a memory location, where the current Tx error counter
(out) Ptr of the CAN controller will be stored.
E_OK: Tx error counter available.

Return value Std_ReturnType E_NOT_OK: Wrong ControllerId, or Tx error counter not
available.
Returns the Tx error counter for a CAN controller. This value might not be available
for all CAN controllers, in which case E_NOT_OK would be returned.
Please note that the value of the counter might not be correct at the moment the API
Description
returns it, because the Tx counter is handled asynchronously in hardware.
Applications should not trust this value for any assumption about the current bus
state.
Available via Can.h
⌋()

AUTOSAR CP R20-11

the module is not yet initialized, the function Can_GetControllerTxErrorCounter shall
raise development error CAN_E_UNINIT and return E_NOT_OK. ⌋
(SRS_BSW_00406)

the parameter ControllerId is out of range, the function
Can_GetControllerTxErrorCounter shall raise development error
CAN_E_PARAM_CONTROLLER and return E_NOT_OK. ⌋ (SRS_BSW_00323)

the parameter TxErrorCounterPtr is a null pointer, the function
Can_GetControllerTxErrorCounter shall raise development error
CAN_E_PARAM_POINTER and return E_NOT_OK. ⌋ (SRS_BSW_00323)
[SWS_Can_00520] ⌈ When the API Can_GetControllerTxErrorCounter is called with

Controller Id as input parameter then Can driver shall read the Tx error counter
register of Can Controller and shall return the Tx error count to upper layer. ⌋
(SRS_Can_01170)
8.3.3 Services affecting a Hardware Handle
8.3.3.1 Can_Write
[SWS_Can_00233]⌈
Service Name Can_Write
Std_ReturnType Can_Write (
Can_HwHandleType Hth,
Syntax const Can_PduType* PduInfo
)
Service ID
0x06
[hex]
Reentrancy Reentrant (thread-safe)
information which HW-transmit handle shall be used for transmit.

Hth Implicitly this is also the information about the controller to use because
Parameters
the Hth numbers are unique inside one hardware unit.
(in)
PduInfo Pointer to SDU user memory, Data Length and Identifier.
Parameters
None
(inout)

AUTOSAR CP R20-11
Parameters
None
(out)
E_OK: Write command has been accepted

Std_-
E_NOT_OK: development error occurred
Return value Return-
CAN_BUSY: No TX hardware buffer available or pre-emptive call of
Type
Can_Write that can't be implemented re-entrant (see Can_ReturnType)
Description This function is called by CanIf to pass a CAN message to CanDrv for transmission.
Available via Can.h
⌋(SRS_BSW_00312)
The function Can_Write first checks if the hardware transmit object that is identified
by the HTH is free and if another Can_Write is ongoing for the same HTH.
[SWS_Can_00212] ⌈ The function Can_Write shall perform following actions if the

hardware transmit object is free:
 The mutex for that HTH is set to ‘signaled’
 The ID, Data Length and SDU are put in a format appropriate for the hardware
(if necessary) and copied in the appropriate hardware registers/buffers.
 All necessary control operations to initiate the transmit are done
 The mutex for that HTH is released
 The function returns with E_OK⌋ (SRS_Can_01049)
[SWS_Can_00213] ⌈ The function Can_Write shall perform no actions if the

hardware transmit object is busy with another transmit request for an L-PDU:
1. The transmission of the other L-PDU shall not be cancelled and the function
Can_Write is left without any actions.
2. The function Can_Write shall return CAN_BUSY.⌋ (SRS_Can_01049).
[SWS_Can_00214] ⌈ The function Can_Write shall return CAN_BUSY if a

preemptive call of Can_Write has been issued, that could not be handled reentrant
(i.e. a call with the same HTH).⌋ (SRS_BSW_00312, SRS_Can_01049)
[SWS_Can_00275] ⌈ The function Can_Write shall be non-blocking.⌋ ()

The function Can_Write shall raise the error CAN_E_UNINIT and shall return
E_NOT_OK if the driver is not yet initialized.⌋ ()

The function Can_Write shall raise the error CAN_E_PARAM_HANDLE and shall
return E_NOT_OK if the parameter Hth is not a configured Hardware Transmit
Handle.⌋ ()
AUTOSAR CP R20-11
[SWS_Can_00218] ⌈ The function Can_Write shall return E_NOT_OK and if

development error detection for the CAN module is enabled shall raise the error
CAN_E_PARAM_DATA_LENGTH:
 If the length is more than 64 byte.
 If the length is more than 8 byte and the CAN controller is not in CAN FD
mode (no CanControllerFdBaudrateConfig).
 If the length is more than 8 byte and the CAN controller is in CAN FD mode
(valid CanControllerFdBaudrateConfig), but the CAN FD flag in
Can_PduType->id is not set (refer Can_IdType).⌋ ( SRS_Can_01005)
[SWS_Can_00219] ⌈ If development error detection for CanDrv is enabled:

Can_Write() shall raise CAN_E_PARAM_POINTER and shall return E_NOT_OK if the
parameter PduInfo is a null pointer.⌋ ()
[SWS_Can_00503] ⌈ Can_Write() shall accept a null pointer as SDU

(Can_PduType.Can_SduPtrType = NULL) if the trigger transmit API is enabled
for this hardware object (CanTriggerTransmitEnable = TRUE).⌋ ()
[SWS_Can_00504] ⌈ If the trigger transmit API is enabled for the hardware object,
Can_Write() shall interpret a null pointer as SDU (Can_PduType.Can_SduPtrType =
NULL) as request for using the trigger transmit interface. If so and the hardware
object is free, Can_Write() shall call CanIf_TriggerTransmit() with the maximum size
of the message buffer to acquire the PDU’s data.⌋ ()
Note: Using the message buffer size allows for late changes of the PDU size, e.g. if a
container PDU receives another contained PDU between the call to Can_Write() and
the call of CanIf_TriggerTransmit().
[SWS_Can_00505] ⌈ If development error detection for CanDrv is enabled:

Can_Write() shall raise CAN_E_PARAM_POINTER and shall return E_NOT_OK if the
trigger transmit API is disabled for this hardware object (CanTriggerTransmitEnable =
FALSE) and the SDU pointer inside PduInfo is a null pointer.⌋ ()
[SWS_Can_00506] ⌈ Can_Write() shall return E_NOT_OK if the trigger transmit API
(CanIf_TriggerTransmit()) returns E_NOT_OK.⌋ (SRS_BSW_00449,
SRS_BSW_00357, SRS_BSW_00369, SRS_Can_01130)
[SWS_Can_00486] ⌈ The CAN Frame has to be sent according to the two most
significant bits of Can_PduType->id. The CAN FD frame bit is only evaluated if
CAN Controller is in CAN FD mode (valid CanControllerFdBaudrateConfig).⌋ ()
[SWS_Can_00502] ⌈ If PduInfo->SduLength does not match possible DLC values

CanDrv shall use the next higher valid DLC for transmission with initialization of
unused bytes to the value of the corresponding CanFdPaddingValue (see
ECUC_Can_00485).⌋ ( SRS_Can_01160)

AUTOSAR CP R20-11
8.4 Call-back notifications

This chapter lists all functions provided by the Can module to lower layer modules.
The lower layer module of Can module is the SPI module. The SPI module, which is
part of the MCAL, may used to exchange data between the microcontroller and an
external CAN controller.
The Can module does not provide callback functions. Only synchronous MCAL API
may used to access external CAN controllers.
8.4.1 Call-out function
The AUTOSAR CAN module supports optional L-PDU callouts on every reception of a
L-PDU.
[SWS_Can_00443]⌈
Service Name <LPDU_CalloutName>
boolean <LPDU_CalloutName> (
uint8 Hrh,
Can_IdType CanId,
Syntax uint8 CanDataLegth,
const uint8* CanSduPtr
)
Sync/Async Asynchronous
Hrh --
CanId --
Parameters (in)
CanDataLegth --
CanSduPtr --
Return value boolean --
Description --
Available via Can_Externals.h
⌋()
where <LPDU_CalloutName> has to be substituted with the concrete L-PDU callout
name which is configurable, see ECUC_Can_00434.
AUTOSAR CP R20-11
[SWS_Can_00444] ⌈ If the L-PDU callout returns false, the L-PDU shall not be
processed any further. ⌋ ()
8.4.2 Enabling/Disabling wakeup notification
[SWS_Can_00445] ⌈ Can driver shall use the following APIs provided by Icu driver,
to enable and disable the wakeup event notification:
 Icu_EnableNotification
 Icu_DisableNotification⌋ ()
[SWS_Can_00446] ⌈ Icu_EnableNotification shall be called when “external” Can

controllers have been transitioned to SLEEP state.⌋ ()
[SWS_Can_00447] ⌈ Icu_DisableNotification shall be called when “external” Can

controllers have been transitioned to STOPPED state.⌋ ()
8.5 Scheduled functions

These functions are directly called by Basic Software Scheduler. The following
functions shall have no return value and no parameter. All functions shall be non-
reentrant.
[SWS_Can_00110] ⌈ There is no requirement regarding the execution order of the

CAN main processing functions.⌋ (SRS_BSW_00428)
8.5.1.1 Can_MainFunction_Write
[SWS_Can_00225]⌈
Service Name Can_MainFunction_Write
void Can_MainFunction_Write (
Syntax void
)
Service ID
0x01
[hex]
This function performs the polling of TX confirmation when CAN_TX_

Description
PROCESSING is set to POLLING.
Available via SchM_Can.h
⌋()
AUTOSAR CP R20-11
[SWS_Can_00031] ⌈ The function Can_MainFunction_Write shall perform the polling

of TX confirmation when CanTxProcessing
is set to POLLING or MIXED. In case of MIXED processing only the hardware
objects for which CanHardwareObjectUsesPolling is set to TRUE shall be polled.⌋
(SRS_BSW_00432, SRS_BSW_00373, SRS_SPAL_00157)
[SWS_Can_00178] ⌈ The Can module may implement the function

Can_MainFunction_Write as empty define in case no polling at all is used.⌋ ()
[SWS_Can_00441] ⌈ If more than one main function period is configured by

CanMainFunctionRWPeriods (see ECUC_Can_00437), the name of the
Can_MainFunction_Write() functions shall be
 Can_MainFunction_Write_<CanMainFunctionRWPeriods.ShortName>()
for each CanMainFunctionRWPeriods that is referenced by at least one TRANSMIT
CanHardwareObject (see ECUC_Can_00438). ⌋ ()
8.5.1.2 Can_MainFunction_Read
[SWS_Can_00226]⌈
Service Name Can_MainFunction_Read
void Can_MainFunction_Read (
Syntax void
)
Service ID
0x08
[hex]
This function performs the polling of RX indications when CAN_RX_PROCESSING

Description
is set to POLLING.
⌋()
[SWS_Can_00108] ⌈ The function Can_MainFunction_Read shall perform the polling

of RX indications when CanRxProcessing is set to POLLING or MIXED. In case of
MIXED processing only the hardware objects for which
CanHardwareObjectUsesPolling is set to TRUE shall be polled.⌋ (SRS_BSW_00432,
SRS_SPAL_00157)

Can_MainFunction_Read as empty define in case no polling at all is used.⌋ ()

AUTOSAR CP R20-11
[SWS_Can_00442] ⌈ If more than one main function period is configured by

CanMainFunctionRWPeriods (see ECUC_Can_00437), the name of the
Can_MainFunction_Read() functions shall be
 Can_MainFunction_Read_<CanMainFunctionRWPeriods.ShortName>()
for each CanMainFunctionRWPeriods that is referenced by at least one RECEIVE
CanHardwareObject (see ECUC_Can_00438). ⌋ ()
8.5.1.3 Can_MainFunction_BusOff
[SWS_Can_00227]⌈
Service Name Can_MainFunction_BusOff
void Can_MainFunction_BusOff (
Syntax void
)
Service ID
0x09
[hex]
This function performs the polling of bus-off events that are configured statically as
Description
'to be polled'.
⌋()
[SWS_Can_00109] ⌈ The function Can_MainFunction_BusOff shall perform the

polling of bus-off events that are configured statically as ‘to be polled’.⌋ ()
(SRS_BSW_00432, SRS_SPAL_00157)

Can_MainFunction_BusOff as empty define in case no polling at all is used.⌋ ()
8.5.1.4 Can_MainFunction_Wakeup
[SWS_Can_00228]⌈
Service Name Can_MainFunction_Wakeup
void Can_MainFunction_Wakeup (
Syntax void
)
Service ID
0x0a
[hex]
This function performs the polling of wake-up events that are configured statically
Description
as 'to be polled'.

AUTOSAR CP R20-11
⌋()
[SWS_Can_00112] ⌈ The function Can_MainFunction_Wakeup shall perform the

polling of wake-up events that are configured statically as ‘to be polled’.⌋

Can_MainFunction_Wakeup as empty define in case no polling at all is used.⌋ ()
8.5.1.5 Can_MainFunction_Mode
[SWS_Can_00368]⌈
Service Name Can_MainFunction_Mode
void Can_MainFunction_Mode (
Syntax void
)
Service ID [hex] 0x0c
Description This function performs the polling of CAN controller mode transitions.
⌋()
[SWS_Can_00369] ⌈ The function Can_MainFunction_Mode shall implement the

polling of CAN status register flags to detect transition of CAN Controller state.
Compare to chapter 7.3.2.⌋ ()
8.6 Expected Interfaces

In this chapter all interfaces required from other modules are listed.
8.6.1 Mandatory Interfaces
This chapter defines all interfaces which are required to fulfill the core functionality of
the module. All callback functions that are called by the Can module are implemented
in the CanIf module. These callback functions are not configurable.
[SWS_Can_00234]⌈
Header
API Function Description
File
CanIf_Controller- CanIf_ This service indicates a Controller BusOff event referring to the
AUTOSAR CP R20-11
BusOff Can.h corresponding CAN Controller with the abstract CanIf ControllerId.
CanIf_Controller- CanIf_ This service indicates a controller state transition referring to the
ModeIndication Can.h corresponding CAN controller with the abstract CanIf ControllerId.
CanIf_ This service indicates a successful reception of a received CAN Rx

CanIf_RxIndication
Can.h L-PDU to the CanIf after passing all filters and validation checks.
CanIf_Tx- CanIf_ This service confirms a previously successfully processed

Confirmation Can.h transmission of a CAN TxPDU.
Det_Report- Service to report runtime errors. If a callout has been configured

Det.h
RuntimeError then this callout shall be called.
This service reads the current count value of a counter (returning

GetCounterValue Os.h either the hardware timer ticks if counter is driven by hardware or
the software ticks when user drives counter).
⌋(SRS_Can_01055)
8.6.2 Optional Interfaces
This chapter defines all interfaces that are required to fulfill an optional functionality of
the module.
[SWS_Can_00235]⌈
API Function Header File Description
CanIf_- The function derives the ErrorCounterTreshold from RxErrorCounter/

Controller- CanIf_ TxErrorCounter values and reports it to the IdsM as security event
ErrorState- Can.h CANIF_SEV_ERRORSTATE_PASSIVE to the IdsM. It also prepares
Passive the context data for the respective security event.
The function shall derive the bus error source rx or tx from the
parameter CanError and report the bus error as security event
CanIf_Error- CanIf_
CANIF_SEV_TX_ERROR_DETECTED or CANIF_SEV_RX_
Notification Can.h
ERROR_DETECTED. It also prepares the context data for the
respective security event.
Within this API, the upper layer module (called module) shall check
whether the available data fits into the buffer size reported by PduInfo
CanIf_Trigger- Ptr->SduLength. If it fits, it shall copy its data into the buffer provided
CanIf.h
Transmit by PduInfoPtr->SduDataPtr and update the length of the actual
copied data in PduInfoPtr->SduLength. If not, it returns E_NOT_OK
without changing PduInfoPtr.
Det_Report-
Det.h Service to report development errors.
Error
This callout is called by the EcuM to poll a wakeup source. It shall

EcuM_Check- EcuM_
also be called by the ISR of a wakeup source to set up the PLL and
Wakeup Externals.h
check other wakeup sources that may be connected to the same

AUTOSAR CP R20-11
interrupt.
EcuM_Set-
EcuM.h Sets the wakeup event.
WakeupEvent
Icu_Disable-
Icu.h This function disables the notification of a channel.
Notification
Icu_Enable-
Icu.h This function enables the notification on the given channel.
Notification
⌋(SRS_SPAL_12056, SRS_Can_01054)
8.6.3 Configurable interfaces
There is no configurable target for the Can module. The Can module always reports
to CanIf module.

AUTOSAR CP R20-11
9 Sequence diagrams
9.1 Interaction between Can and CanIf module

For sequence diagrams see the CanIf module Specification [5].
There are described the sequences for Transmission, Reception and Error Handling.
9.2 Wakeup sequence

For Wakeup sequence diagrams refer to Specification of ECU State Manager [7].

AUTOSAR CP R20-11
10 Configuration specification
This chapter defines configuration parameters and their clustering into containers. In
order to support the specification Chapter 10.1 describes fundamentals. It also
specifies a template (table) you shall use for the parameter specification. We intend
to leave Chapter 10.1 in the specification to guarantee comprehension.
Chapter 10.2 specifies the structure (containers) and the parameters of the Can
module.
Chapter 10.3 specifies published information of the Can module.
10.1 How to read this chapter

For details refer to the chapter 10.1 “Introduction to configuration specification” in
SWS_BSWGeneral
10.2 Containers and configuration parameters

The following chapters summarize all configuration parameters. The detailed
meanings of the parameters describe Chapters 7 and Chapter 8.
The described parameters are input for the Can module configurator.
[SWS_Can_00022] ⌈ The code configuration of the Can module is CAN controller

specific. If the CAN controller is sited on-chip, the code generation tool for the Can
module is µController specific. If the CAN controller is an external device, the
generation tool must not be µController specific.⌋ (SRS_BSW_00159)
[SWS_Can_00024] ⌈ The valid values that can be configured are hardware

dependent. Therefore the rules and constraints can’t be given in the standard. The
configuration tool is responsible to do a static configuration checking, also regarding
dependencies between modules (i.e. Port driver, MCU driver etc.)⌋
[SWS_Can_00507] ⌈ The Can Driver module shall reject configurations with partition
mappings which are not supported by the implementation. ⌋ ()

AUTOSAR CP R20-11
Can: EcucModuleDef
upperMultiplicity = *
lowerMultiplicity = 0
+container
CanConfigSet: EcucParamConfContainerDef
+container +subContainer
+subContainer
CanGeneral: CanHardwareObject:
EcucParamConfContainerDef CanController: CanControllerRef:
+destination +reference EcucParamConfContainerDef
EcucParamConfContainerDef EcucReferenceDef
upperMultiplicity = 1 upperMultiplicity = *
lowerMultiplicity = 1 upperMultiplicity = *
+subContainer
CanControllerBaudrateConfig:
EcucParamConfContainerDef
Figure 10-1: Can Module Configuration Layout

AUTOSAR CP R20-11
Can: EcucModuleDef CanConfigSet: EcucParamConfContainerDef

+container
+subContainer
CanControllerId: CanController:
EcucIntegerParamDef EcucParamConfContainerDef
+parameter CanWakeupSourceRef: EcuMWakeupSource:
upperMultiplicity = 1 +reference EcucReferenceDef +destination EcucParamConfContainerDef
lowerMultiplicity = 1 lowerMultiplicity = 1 lowerMultiplicity = 0 lowerMultiplicity = 1
symbolicNameValue = true
upperMultiplicity = 1 upperMultiplicity = 32
min = 0
requiresSymbolicNameValue = true
max = 255
CanControllerActivation: +parameter McuClockReferencePoint:

EcucBooleanParamDef +reference CanCpuClockRef: +destination EcucParamConfContainerDef
EcucReferenceDef
CanControllerBaseAddress:
+subContainer EcucParamConfContainerDef
EcucIntegerParamDef +parameter
min = 0
max = 4294967295
+destination
CanWakeupSupport: +parameter
EcucBooleanParamDef CanControllerDefaultBaudrate:
+reference
EcucReferenceDef
CanWakeupFunctionalityAPI:
+parameter
EcucBooleanParamDef MIXED:
+literal EcucEnumerationLiteralDef
defaultValue = false
+parameter CanTxProcessing:
EcucEnumerationParamDef +literal
+literal
CanRxProcessing:
+parameter INTERRUPT:
EcucEnumerationParamDef
+literal
CanBusoffProcessing: +literal
+parameter
+literal
POLLING:
CanWakeupProcessing: +literal
+parameter
+literal
CanControllerEcucPartitionRef: EcucPartition:
+reference +destination
EcucReferenceDef EcucParamConfContainerDef
lowerMultiplicity = 0 lowerMultiplicity = 0
Figure 10-2: Can Controller Configuration Layout

AUTOSAR CP R20-11
CanControllerBaudRate:
EcucParamConfContainerDef
+parameter EcucFloatParamDef
min = 0
max = 2000
CanControllerPropSeg:
+parameter EcucIntegerParamDef
min = 0
max = 255
CanControllerSeg1:
min = 0
max = 255
CanControllerSeg2:
min = 0
max = 255
CanControllerSyncJumpWidth:
min = 0
max = 255
CanControllerBaudRateConfigID:
EcucIntegerParamDef
+parameter
min = 0
max = 65535
defaultValue = 0
CanControllerFdBaudrateConfig:
+subContainer EcucParamConfContainerDef
upperMultiplicity = 1
Figure 10-3: Can Controller Baud Rate Configuration Layout

AUTOSAR CP R20-11
Can: EcucModuleDef
+container
CanDevErrorDetect: +parameter CanGeneral: CanIndex: EcucIntegerParamDef

+parameter
EcucBooleanParamDef EcucParamConfContainerDef
min = 0
defaultValue = false upperMultiplicity = 1 max = 255
CanMultiplexedTransmission: +parameter
EcucBooleanParamDef +parameter CanVersionInfoApi:
EcucBooleanParamDef
CanTimeoutDuration:
EcucFloatParamDef +parameter CanMainFunctionRWPeriods: CanMainFunctionPeriod:
EcucParamConfContainerDef EcucFloatParamDef
min = 0.000001 +parameter
max = 65.535 +subContainer lowerMultiplicity = 0 min = 0
upperMultiplicity = * max = INF
CanMainFunctionWakeupPeriod:
EcucFloatParamDef
+parameter
lowerMultiplicity = 0 CanOsCounterRef: OsCounter:
upperMultiplicity = 1 +reference EcucReferenceDef +destination EcucParamConfContainerDef
min = 0
max = INF lowerMultiplicity = 0 lowerMultiplicity = 0
CanMainFunctionModePeriod:
EcucFloatParamDef +parameter CanLPduReceiveCalloutFunction:
+parameter EcucFunctionNameDef
min = 0
max = INF upperMultiplicity = 1
CanMainFunctionBusoffPeriod:
EcucFloatParamDef CanEcucPartitionRef: EcucPartition:
+parameter +reference EcucReferenceDef +destination
lowerMultiplicity = 0 EcucParamConfContainerDef
upperMultiplicity = 1 lowerMultiplicity = 0 lowerMultiplicity = 0
min = 0 upperMultiplicity = * upperMultiplicity = *
max = INF
+parameter CanEnableSecurityEventReporting:
CanSetBaudrateApi:
EcucBooleanParamDef
EcucBooleanParamDef
+parameter
defaultValue = False
Figure 10-4: Can General Configuration Layout

AUTOSAR CP R20-11
CanControllerFdBaudrateConfig: CanControllerFdBaudRate:
EcucParamConfContainerDef EcucFloatParamDef
+parameter
lowerMultiplicity = 0 min = 0
upperMultiplicity = 1 max = 16000
CanControllerTxBitRateSwitch:
+parameter
EcucBooleanParamDef
defaultValue = true
CanControllerPropSeg:
min = 0
max = 255
CanControllerSeg1:
min = 0
max = 255
CanControllerSeg2:
min = 0
max = 255
CanControllerSyncJumpWidth:
min = 0
max = 255
CanControllerSspOffset:
EcucIntegerParamDef
+parameter
min = 0
max = 255
Figure 10-5: CanControllerFdBaudrateConfig

AUTOSAR CP R20-11
TRANSMIT: RECEIVE:
BASIC: FULL:
EcucEnumerationLiteralDef EcucEnumerationLiteralDef
+literal +literal +literal +literal

CanFdPaddingValue: CanObjectId:
EcucIntegerParamDef EcucIntegerParamDef
CanHandleType: min = 0 upperMultiplicity = 1 CanObjectType:

EcucEnumerationParamDef max = 255 lowerMultiplicity = 1 EcucEnumerationParamDef
defaultValue = 0 symbolicNameValue = true
lowerMultiplicity = 0 min = 0
+parameter max = 65535 +parameter
+parameter +parameter
CanHardwareObject: EcucParamConfContainerDef
+reference +parameter
+reference +subContainer CanIdType: EcucEnumerationParamDef

CanControllerRef:
CanMainFunctionRWPeriodRef: EcucReferenceDef
CanHwFilter:
EcucReferenceDef EcucParamConfContainerDef
lowerMultiplicity = 0 lowerMultiplicity = 0 +literal
+destination STANDARD:
EcucEnumerationLiteralDef
+destination
CanController:
EcucParamConfContainerDef +literal
CanMainFunctionRWPeriods:
EcucParamConfContainerDef upperMultiplicity = *
EXTENDED:
lowerMultiplicity = 0 EcucEnumerationLiteralDef
+parameter +parameter +literal

+parameter
CanHwFilterMask: CanHwFilterCode: MIXED:

CanHardwareObjectUsesPolling:
EcucIntegerParamDef EcucIntegerParamDef EcucEnumerationLiteralDef
EcucBooleanParamDef
min = 0 min = 0
max = 4294967295 max = 4294967295 +parameter
CanTriggerTransmitEnable:
+parameter EcucBooleanParamDef
+parameter
CanObjectPayloadLength: EcucEnumerationParamDef lowerMultiplicity = 0
CanHwObjectCount: upperMultiplicity = 1
lowerMultiplicity = 0 EcucIntegerParamDef defaultValue = false
min = 1
max = 65535
defaultValue = 1
+literal
+literal
CAN_OBJECT_PL_8:
CAN_OBJECT_PL_64:
+literal +literal
CAN_OBJECT_PL_12: CAN_OBJECT_PL_48:
+literal +literal
+literal +literal
Figure 10-6: Can Hardware Object Configuration Layout

AUTOSAR CP R20-11
10.2.1 Can
SWS Item ECUC_Can_00489 :

Module Name Can
Module Description This container holds the configuration of a single CAN Driver.
Post-Build Variant Support true
Supported Config Variants VARIANT-POST-BUILD, VARIANT-PRE-COMPILE
Included Containers
Container Name Multiplicity Scope / Dependency
This container contains the configuration parameters and sub
CanConfigSet 1
containers of the AUTOSAR Can module.
This container contains the parameters related each CAN
CanGeneral 1
Driver Unit.
10.2.2 CanGeneral

Container Name CanGeneral
Parent Container Can
Description This container contains the parameters related each CAN Driver Unit.
Configuration Parameters

Name CanDevErrorDetect
Parent Container CanGeneral
Description Switches the development error detection and notification on or off.
 true: detection and notification is enabled.

 false: detection and notification is disabled.
Multiplicity 1
Type EcucBooleanParamDef
Default value false
Post-Build Variant Value false
Value Configuration Class Pre-compile time X All Variants
Link time --
Post-build time --
Scope / Dependency scope: local

Name CanEnableSecurityEventReporting
Description Switches the reporting of security events to the IdsM:
- true: reporting is enabled.
- false: reporting is disabled.
Tags:
atp.Status=draft
Multiplicity 1
AUTOSAR CP R20-11
Default value false
Link time --
Post-build time --
Scope / Dependency scope: ECU

Name CanIndex
Description Specifies the InstanceId of this module instance. If only one instance is
present it shall have the Id 0.
Multiplicity 1
Type EcucIntegerParamDef
Range 0 .. 255
Default value --
Link time --
Post-build time --

Name CanLPduReceiveCalloutFunction
Description This parameter defines the existence and the name of a callout function
that is called after a successful
reception of a received CAN Rx L-PDU. If this parameter is omitted no
callout shall take place.
Multiplicity 0..1
Type EcucFunctionNameDef
Default value --
maxLength --
minLength --
regularExpression --
Post-Build Variant
false
Multiplicity
Multiplicity ConfigurationPre-compile time X All Variants
Class Link time --
Post-build time --
Link time --
Post-build time --

Name CanMainFunctionBusoffPeriod
Description This parameter describes the period for cyclic call to
Can_MainFunction_Busoff. Unit is seconds.
Multiplicity 0..1
AUTOSAR CP R20-11
Type EcucFloatParamDef
Range ]0 .. INF[
Default value --
Post-Build Variant
false
Multiplicity
Class Link time --
Post-build time --
Link time --
Post-build time --
Scope / Dependency

Name CanMainFunctionModePeriod
Can_MainFunction_Mode. Unit is seconds.
Multiplicity 1
Range ]0 .. INF[
Default value --
Link time --
Post-build time --
Scope / Dependency

Name CanMainFunctionWakeupPeriod
Can_MainFunction_Wakeup. Unit is seconds.
Multiplicity 0..1
Range ]0 .. INF[
Default value --
Post-Build Variant
false
Multiplicity
Class Link time --
Post-build time --
Link time --
Post-build time --
Scope / Dependency

Name CanMultiplexedTransmission

AUTOSAR CP R20-11
Description Specifies if multiplexed transmission shall be supported.ON or OFF

Multiplicity 1
Default value --
Link time --
Post-build time --
dependency: CAN Hardware Unit supports multiplexed transmission

Name CanSetBaudrateApi
Description The support of the Can_SetBaudrate API is optional.
If this parameter is set to true the Can_SetBaudrate API shall be
supported. Otherwise the API is not supported.
Multiplicity 0..1
Default value false
Post-Build Variant
false
Multiplicity
Class Link time --
Post-build time --
Link time --
Post-build time --

Name CanTimeoutDuration
Description Specifies the maximum time for blocking function until a timeout is
detected. Unit is seconds.
Multiplicity 1
Range [1E-6 .. 65.535]
Default value --
Link time --
Post-build time --

Name CanVersionInfoApi
Description Switches the Can_GetVersionInfo() API ON or OFF.
Multiplicity 1

AUTOSAR CP R20-11
Default value false

Link time --
Post-build time --

Name CanEcucPartitionRef
Description Maps the CAN driver to zero or multiple ECUC partitions to make the
modules API available in this partition. The CAN driver will operate as an
independent instance in each of the partitions.
Multiplicity 0..*
Type Reference to [ EcucPartition ]
Post-Build Variant
true
Multiplicity
Post-Build Variant Value true
Class Link time --
Post-build time --
Link time --
Post-build time --

Name CanOsCounterRef
Description This parameter contains a reference to the OsCounter, which is used by
the CAN driver.
Multiplicity 0..1
Type Reference to [ OsCounter ]
Post-Build Variant
false
Multiplicity
Class Link time --
Post-build time --
Link time --
Post-build time --

Name CanSupportTTCANRef
Description The parameter refers to CanIfSupportTTCAN parameter in the CAN
Interface Module configuration.
The CanIfSupportTTCAN parameter defines whether TTCAN is supported.
Multiplicity 1
Type Reference to [ CanIfPrivateCfg ]
AUTOSAR CP R20-11

Link time --
Post-build time --
Included Containers
This container contains the parameter for configuring the
CanMainFunctionRWPeriods 0..* period for cyclic call to Can_MainFunction_Read or
Can_MainFunction_Write depending on the referring item.
[SWS_Can_CONSTR_00508] ⌈ The module will operate as an independent instance

in each of the partitions, means the called API will only target the partition it is called
in. ⌋ ()
10.2.3 CanController

Container Name CanController
Parent Container CanConfigSet
This container contains the configuration parameters of the CAN
Description
controller(s).

Name CanBusoffProcessing
Parent Container CanController
Description Enables / disables API Can_MainFunction_BusOff() for handling busoff events in
polling mode.
Multiplicity 1
Type EcucEnumerationParamDef
Range INTERRUPT Interrupt Mode of operation.
POLLING Polling Mode of operation.
Post-Build Variant
false
Value
Value Pre-compile time X All Variants
Configuration Link time --
Class Post-build time --
Scope / scope: local
Dependency

Name CanControllerActivation
Description Defines if a CAN controller is used in the configuration.
Multiplicity 1
Default value --
AUTOSAR CP R20-11

Link time --
Post-build time --

Name CanControllerBaseAddress
Description Specifies the CAN controller base address.
Multiplicity 1
Range 0 .. 4294967295
Default value --
Link time --
Post-build time --

Name CanControllerId
Description This parameter provides the controller ID which is unique in a given CAN
Driver. The value for this parameter starts with 0 and continue without any
gaps.
Multiplicity 1
Type EcucIntegerParamDef (Symbolic Name generated for this parameter)
Range 0 .. 255
Default value --
Link time --
Post-build time --

Name CanRxProcessing
Description Enables / disables API Can_MainFunction_Read() for handling PDU reception
events in polling mode.
Multiplicity 1
MIXED Mixed Mode of operation
Post-Build Variant
false
Value
Dependency

AUTOSAR CP R20-11

Name CanTxProcessing
Description Enables / disables API Can_MainFunction_Write() for handling PDU transmission
events in polling mode.
Multiplicity 1
MIXED Mixed Mode of operation
Post-Build Variant
false
Value
Dependency

Name CanWakeupFunctionalityAPI
Description Adds / removes the service Can_CheckWakeup() from the code.
True: Can_CheckWakeup can be used.
False: Can_CheckWakeup cannot be used.
Multiplicity 1
Default value false
Link time --
Post-build time --
dependency: H/W should support the wakeup functionality to enable this
parameter.

Name CanWakeupProcessing
Description Enables / disables API Can_MainFunction_Wakeup() for handling wakeup events
in polling mode.
Multiplicity 1
Post-Build Variant
false
Value
Dependency

AUTOSAR CP R20-11
Name CanWakeupSupport
Description CAN driver support for wakeup over CAN Bus.
Multiplicity 1
Default value --
Link time --
Post-build time --
Scope / Dependency

Name CanControllerDefaultBaudrate
Description Reference to baudrate configuration container configured for the Can
Controller.
Multiplicity 1
Type Reference to [ CanControllerBaudrateConfig ]
Value Configuration Class Pre-compile time X VARIANT-PRE-COMPILE
Link time --
Post-build time X VARIANT-POST-BUILD

Name CanControllerEcucPartitionRef
Description Maps the CAN controller to zero or one ECUC partitions. The ECUC
partition referenced is a subset of the ECUC partitions where the CAN
driver is mapped to.
Multiplicity 0..1
Type Reference to [ EcucPartition ]
Post-Build Variant
true
Multiplicity
Class Link time --
Post-build time --
Link time --
Post-build time --

Name CanCpuClockRef
Description Reference to the CPU clock configuration, which is set in the MCU driver
configuration
Multiplicity 1
Type Reference to [ McuClockReferencePoint ]

AUTOSAR CP R20-11

Link time --
Post-build time --

Name CanWakeupSourceRef
Description This parameter contains a reference to the Wakeup Source for this
controller as defined in the ECU State Manager.
Implementation Type: reference to EcuM_WakeupSourceType
Multiplicity 0..1
Type Symbolic name reference to [ EcuMWakeupSource ]
Post-Build Variant
false
Multiplicity
Class Link time --
Post-build time --
Link time --
Post-build time --
Included Containers
CanControllerBaudrateConfi This container contains bit timing related configuration
1..*
g parameters of the CAN controller(s).
CanTTController is specified in the SWS TTCAN and contains
the configuration parameters of the TTCAN controller(s) (which
are needed in addition to the configuration parameters of the
CanTTController 0..1 CAN controller(s)).
This container is only included and valid if TTCAN is supported
by the controller, enabled (see CanSupportTTCANRef,
ECUC_Can_00430), and used.
[SWS_Can_CONSTR_00509] ⌈ The ECUC partitions referenced by

CanControllerEcucPartitionRef shall be a subset of the ECUC partitions referenced
by CanEcucPartitionRef. ⌋ ()
[SWS_Can_CONSTR_00510] ⌈ CanController and CanTrcvChannel of one

communication channel shall all reference the same ECUC partition. ⌋ ()
[SWS_Can_CONSTR_00511] ⌈ If CanEcucPartitionRef references one or more

ECUC partitions, CanControllerEcucPartitionRef shall have a multiplicity of one and
reference one of these ECUC partitions as well. ⌋ ()

AUTOSAR CP R20-11
10.2.4 CanControllerBaudrateConfig

Container Name CanControllerBaudrateConfig
This container contains bit timing related configuration parameters of the
Description
CAN controller(s).

Name CanControllerBaudRate
Parent Container CanControllerBaudrateConfig
Description Specifies the baudrate of the controller in kbps.
Multiplicity 1
Range [0 .. 2000]
Default value --
Link time --

Name CanControllerBaudRateConfigID
Description This ID is used by SetBaudrate API and uniquely identifies a specific baud
rate configuration within a controller configuration.
Multiplicity 1
Range 0 .. 65535
Default value 0
Link time --
dependency: CanSetBaudrateApi

Name CanControllerPropSeg
Description Specifies propagation delay in time quantas.
Multiplicity 1
Range 0 .. 255
Default value --
Link time --
AUTOSAR CP R20-11

Name CanControllerSeg1
Description Specifies phase segment 1 in time quantas.
Multiplicity 1
Range 0 .. 255
Default value --
Link time --

Multiplicity 1
Range 0 .. 255
Default value --
Link time --

Name CanControllerSyncJumpWidth
Description Specifies the synchronization jump width for the controller in time quantas.
Multiplicity 1
Range 0 .. 255
Default value --
Link time --
Included Containers
This optional container contains bit timing related
CanControllerFdBaudrateConfi configuration parameters of the CAN controller(s) for
0..1
g payload and CRC of a CAN FD frame. If this container
exists the controller supports CAN FD frames.

AUTOSAR CP R20-11
10.2.5 CanControllerFdBaudrateConfig

Container Name CanControllerFdBaudrateConfig
This optional container contains bit timing related configuration parameters
Description of the CAN controller(s) for payload and CRC of a CAN FD frame. If this
container exists the controller supports CAN FD frames.

Name CanControllerFdBaudRate
Parent Container CanControllerFdBaudrateConfig
Description Specifies the data segment baud rate of the controller in kbps.
Multiplicity 1
Range [0 .. 16000]
Default value --
Link time --

Name CanControllerPropSeg
Description Specifies propagation delay in time quantas.
Multiplicity 1
Range 0 .. 255
Default value --
Link time --

Multiplicity 1
Range 0 .. 255
Default value --
Link time --

AUTOSAR CP R20-11

Multiplicity 1
Range 0 .. 255
Default value --
Link time --

Name CanControllerSspOffset
Description Specifies the Transmitter Delay Compensation Offset in minimum time
quanta (see [17]). Transmitter Delay Compensation Offset is used to adjust
the position of the Secondary Sample Point (SSP), relative to the
beginning of the received bit. If this parameter is configured, the
Transmitter Delay Compensation is done by measurement of the CAN
controller. If not specified, Transmitter Delay Compensation is disabled.
Note:
MTQ == Minimum Time Quanta in seconds == 1/(frequency of the CAN
controller clock)
Secondary Sample Point Offset in seconds = CanControllerSspOffset *
MTQ
Example:
CAN controller clock frequency = 20MHz => MTQ = 1/20 * 10^(-6) s = 0,05
us = 50ns
Baud rate = 1MBit/s => BitTime = 1/(1 * 10^6) s/Bit = 1 * 10^(-6) = 1us/Bit
SSP = 75% => SSP in seconds = 0,75 * 1us = 750 ns
CanControllerSspOffset in MTQ = 750ns / 50ns = 15
Note: Please consider the minimum range (0..63) stated in [17] and the
range definition (0..127) used as per [19].
Multiplicity 0..1
Range 0 .. 255
Default value --
Post-Build Variant
true
Multiplicity
Multiplicity ConfigurationPre-compile time X VARIANT-PRE-COMPILE
Class Link time --
Link time --

AUTOSAR CP R20-11
Name CanControllerSyncJumpWidth
Description Specifies the synchronization jump width for the controller in time quantas.
Multiplicity 1
Range 0 .. 255
Default value --
Link time --

Name CanControllerTxBitRateSwitch
Description Specifies if the bit rate switching shall be used for transmissions.
If FALSE: CAN FD frames shall be sent without bit rate switching.
Multiplicity 1
Default value true
Link time --
No Included Containers
10.2.6 CanHardwareObject

Container Name CanHardwareObject
Parent Container CanConfigSet
This container contains the configuration (parameters) of CAN Hardware
Description
Objects.

Name CanFdPaddingValue
Parent Container CanHardwareObject
Description Specifies the value which is used to pad unspecified data in CAN FD
frames > 8 bytes for transmission. This is necessary due to the discrete
possible values of the DLC if > 8 bytes.
If the length of a PDU which was requested to be sent does not match the
allowed DLC values, the remaining bytes up to the next possible value
shall be padded with this value.
Multiplicity 0..1

AUTOSAR CP R20-11
Range 0 .. 255
Default value 0
Post-Build Variant
true
Multiplicity
Class Link time --
Link time --

Name CanHandleType
Description Specifies the type (Full-CAN or Basic-CAN) of a hardware object.
Multiplicity 1
Range BASIC For several L-PDUs are hadled by the
hardware object
FULL For only one L-PDU (identifier) is handled
by the hardware object
Post-Build Variant
true
Value
Value Pre-compile time X VARIANT-PRE-COMPILE
Class Post-build time X VARIANT-POST-BUILD
Scope / scope: ECU
Dependency dependency: This configuration element is used as information for the CAN
Interface only. The relevant CAN driver configuration is done with the filter mask
and identifier.

Name CanHardwareObjectUsesPolling
Description Enables polling of this hardware object.
Multiplicity 0..1
Default value false
Scope / Dependency dependency: This parameter shall exist if
CanRxProcessing/CanTxProcessing is set to Mixed.

Name CanHwObjectCount
Description Number of hardware objects used to implement one HOH. In case of a
HRH this parameter defines the number of elements in the hardware FIFO
or the number of shadow buffers, in case of a HTH it defines the number of
hardware objects used for multiplexed transmission or for a hardware FIFO
used by a FullCAN HTH.
Multiplicity 1
AUTOSAR CP R20-11
Range 1 .. 65535
Default value 1
Post-Build Variant
true
Multiplicity
Class Link time --
Link time --

Name CanIdType
Description Specifies whether the IdValue is of type
 standard identifier
 extended identifier
 mixed mode
ImplementationType: Can_IdType
Multiplicity 1
Range EXTENDED All the CANIDs are of type extended only
(29 bit).
MIXED The type of CANIDs can be both
Standard or Extended.
STANDARD All the CANIDs are of type standard only
(11bit).
Post-Build Variant
true
Value
Scope / scope: ECU
Dependency

Name CanObjectId
Description Holds the handle ID of HRH or HTH. The value of this parameter is unique
in a given CAN Driver, and it should start with 0 and continue without any
gaps.
The HRH and HTH Ids share a common ID range.
Example: HRH0-0, HRH1-1, HTH0-2, HTH1-3

Multiplicity 1
Type EcucIntegerParamDef (Symbolic Name generated for this parameter)
Range 0 .. 65535
Default value --
AUTOSAR CP R20-11

Link time --
Post-build time --

Name CanObjectPayloadLength
Description Specifies the maximum L-PDU payload length in bytes the hardware object can
store.
If the parameter is not provided, Can driver configuration generators have to
assume the maximum
length of the underlying CAN derivate, e.g. 8 bytes for CAN, 64 bytes for CAN-FD.
Multiplicity 0..1
Range CAN_OBJECT_PL_12 Payload length of 12 Bytes
CAN_OBJECT_PL_16 Payload length of 16 Bytes
Post-Build Variant
true
Value
Scope / scope: ECU
Dependency

Name CanObjectType
Description Specifies if the HardwareObject is used as Transmit or as Receive object
Multiplicity 1
Range RECEIVE Receive HOH
TRANSMIT Transmit HOH
Post-Build Variant
true
Value
Scope / scope: ECU
Dependency

Name CanTriggerTransmitEnable
Description This parameter defines if or if not Can supports the trigger-transmit API for
this handle.
Multiplicity 0..1
AUTOSAR CP R20-11
Default value false
Link time --
Post-build time --

Name CanControllerRef
Description Reference to CAN Controller to which the HOH is associated to.
Multiplicity 1
Type Reference to [ CanController ]
Link time --

Name CanMainFunctionRWPeriodRef
Description Reference to CanMainFunctionPeriod
Multiplicity 0..1
Type Reference to [ CanMainFunctionRWPeriods ]
Post-Build Variant
true
Multiplicity
Class Link time --
Link time --
Included Containers
This container is only valid for HRHs and contains the
CanHwFilter 0..*
configuration (parameters) of one hardware filter.
CanTTHardwareObjectTrigger is specified in the SWS
TTCAN and contains the configuration (parameters) of
TTCAN triggers for Hardware Objects, which are additional to
CanTTHardwareObjectTrigge
0..* the configuration (parameters) of CAN Hardware Objects.
r
This container is only included and valid if TTCAN is
supported by the controller and, enabled (see
CanSupportTTCANRef, ECUC_Can_00430), and used.
[SWS_Can_CONSTR_00512] ⌈ If the optional parameter CanObjectPayloadLength

is configured, the length shall be set that every PDU received or sent via that HOH

AUTOSAR CP R20-11
"fits" into it. Therefore, if set, CanObjectPayloadLength shall be equal or greater than
the maximum PduLength of all affected Pdus of the EcuCPduCollection ⌋ ()
Note: For A_HOH that has CanObjectPayloadLength configured and any PDU it
sends/receives, A_PDU_Of_A_HOH the condition
Can/CanConfigSet/A_HOH/CanObjectPayloadLength >=
EcuC/EcuCPduCollection/A_PDU_Of_A_HOH/PduLength must hold.
10.2.7 CanHwFilter

Container Name CanHwFilter
This container is only valid for HRHs and contains the configuration
Description
(parameters) of one hardware filter.

Name CanHwFilterCode
Parent Container CanHwFilter
Description Specifies (together with the filter mask) the identifiers range that passes
the hardware filter.
Multiplicity 1
Range 0 .. 4294967295
Default value --
Link time --
Scope / Dependency

Name CanHwFilterMask
Parent Container CanHwFilter
Description Describes a mask for hardware-based filtering of CAN identifiers. The CAN
identifiers of incoming messages are masked with the appropriate
CanFilterMaskValue. Bits holding a 0 mean don't care, i.e. do not compare
the message's identifier in the respective bit position.
The mask shall be build by filling with leading 0. In case of CanIdType
EXTENDED or MIXED a 29 bit mask shall be build. In case of CanIdType
STANDARD a 11 bit mask shall be build
Multiplicity 1
Range 0 .. 4294967295
Default value --
Link time --

AUTOSAR CP R20-11
Scope / Dependency dependency: The filter mask settings must be known by the CanIf
configuration for optimization of the SW filters.
10.2.8 CanConfigSet

Container Name CanConfigSet
Parent Container Can
This container contains the configuration parameters and sub containers of
Description
the AUTOSAR Can module.
Included Containers
This container contains the configuration parameters of the
CanController 1..*
CAN controller(s).
This container contains the configuration (parameters) of CAN
CanHardwareObject 1..*
Hardware Objects.
10.2.9 CanMainFunctionRWPeriods

Container Name CanMainFunctionRWPeriods
This container contains the parameter for configuring the period for cyclic
Description call to Can_MainFunction_Read or Can_MainFunction_Write depending
on the referring item.

Name CanMainFunctionPeriod
Parent Container CanMainFunctionRWPeriods
Can_MainFunction_Read or Can_MainFunction_Write depending on the
referring item. Unit is seconds. Different poll-cycles will be configurable if
more than one CanMainFunctionPeriod is configured. In this case multiple
Can_MainFunction_Read() or Can_MainFunction_Write() will be provided
by the CAN Driver module.
Multiplicity 1
Range ]0 .. INF[
Default value --
Link time --
Post-build time --
AUTOSAR CP R20-11

AUTOSAR CP R20-11
11 Not applicable requirements

[SWS_Can_00999] ⌈ These requirements are not applicable to this specification. ⌋
(SRS_BSW_00170, SRS_BSW_00383, SRS_BSW_00395, SRS_BSW_00397,
SRS_BSW_00398, SRS_BSW_00399, SRS_BSW_00400, SRS_BSW_00168,
SRS_BSW_00359, SRS_BSW_00440, SRS_SPAL_12163, SRS_SPAL_12462,
SRS_SPAL_12068, SRS_SPAL_12064, SRS_Can_01125, SRS_Can_01126)

AUTOSAR SWS CANDriver

Uploaded by

Copyright:

Available Formats

AUTOSAR SWS CANDriver

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AUTOSAR SWS CANDriver

Uploaded by

Copyright:

Available Formats

Specification of CAN Driver

Document Title Specification of CAN Driver

Document Status published

Document Change History

2019-11-28 R19-11 AUTOSAR  Minor corrections / clarifications /

1 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

Document Change History

2 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

Document Change History

3 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

Document Change History

4 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

Document Change History

5 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

Document Change History

6 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

Document Change History

7 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

Document Change History

9 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

1 Introduction and functional overview ................................................................... 13

7.10.2 Runtime Errors ...................................................................................... 50

8.6.1 Mandatory Interfaces ............................................................................. 79

12 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

1 Introduction and functional overview

13 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

2 Acronyms and abbreviations

14 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

2.1 Priority Inversion

2.2 CAN Hardware Unit

CAN Hardware Unit CAN Controllers with Mailboxes

17 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

3.1 Input documents

[2] General Requirements on Basic Software Modules

[3] General Requirements on SPAL

[4] Requirements on CAN

[5] Specification of CAN Interface

[6] Specification of Default Error Tracer

[7] Specification of ECU State Manager

[8] Specification of MCU Driver

[9] Specification of Operating System

[10] Specification of ECU Configuration

[11] Specification of SPI Handler/Driver

[12] Specification of Memory Mapping

[13] Specification of BSW Scheduler

[14] Basic Software Module Description Template

18 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

[15] List of Basis Software Modules

[16] General Specification of Basic Software Modules

3.2 Related standards and norms

[18] ISO/IEC 7498-1 – OSI Basic Reference Model

3.3 Related specification

AUTOSAR provides a General Specification on Basic Software modules [16] (SWS

19 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

4 Constraints and assumptions

[SWS_Can_00237] ⌈ The Can module shall not transmit messages triggered by

4.2 Applicability to car domains

20 of 112 Document ID 11: AUTOSAR_SWS_CANDriver

5 Dependencies to other modules