-
Notifications
You must be signed in to change notification settings - Fork 0
AUTOSAR Communication Matrix
← back to AUTOSAR
Which Functional Cluster (FC) talks to which, derived from the prose in
docs/autosar/services/*.md and cross-checked against the actual .art port
declarations in system/services/*/package.art.
The matrix distinguishes the AUTOSAR communication patterns, which map directly
onto the two .art port idioms:
| Kind |
.art idiom |
Semantics | Use for |
|---|---|---|---|
| cast |
interface senderReceiver + sender/receiver ports |
fire-and-forget notification pushed to a consumer; no reply; N subscribers | events, streams, status broadcasts, health/mode escalations, "frame ready" |
| call |
interface clientServer + server/client ports |
request→reply service call; the caller blocks for a value | queries ("get status"), commands that confirm, sign/verify, snapshot ops |
Rule of thumb: a producer that informs many consumers casts; a consumer that
needs an answer from one provider calls. A status stream is a cast; a
GetStatus is a call. They often coexist on one FC (e.g. fw provides BOTH
FwStatusStream (cast) and FwCtlIf.GetFirewallStatus (call)).
Legend: ✅ wired in .art today · ⬜ documented, NOT yet wired (gap) · 🔵 intentional non-port (hand-encoded firehose / gRPC edge / in-process).
| Producer → Consumer | What | Kind | Message / Interface | Status |
|---|---|---|---|---|
| com → crypto | fetch server cert + sign TLS handshake (key never leaves crypto) | call |
CryptoOneShotIf (GetCert/Sign) |
⬜ |
| com → per | proxy ListSchemas / Snapshot to GUI/rtdb | call |
PerManagerIf (gRPC PerView) |
🔵 gRPC edge |
| com ← per | per client API | call | PerClientIf |
✅ to_per
|
| com ← sm | enable/disable network bindings on machine-state change | cast | SmStateStream |
✅ from_sm
|
| com ↔ supervisor | discovery / event proxy to GUI | call+cast |
SupervisorControlIf / SupervisorEventIf
|
✅ to_sup/from_sup
|
| log[trace] → com | trace records → gRPC TraceStream for remote viewers |
cast | TraceRecordStream |
✅ TraceForwarder |
| log[logging] → com | log records → gRPC LogStream
|
cast | LogRecordStream |
✅ LogForwarder |
| log → tdb/observer | logcat / tracecat over TIPC | cast |
LogRecordStream / TraceRecordStream
|
✅ |
| ucm → crypto | verify software-cluster signature before install | call |
CryptoProviderIf (VERIFIER ctx) |
⬜ |
| ucm → sm | request "Update Mode" / reboot | call |
StateMgmtCtl (RequestMode) |
✅ to_sm
|
| ucm ← sm | observe machine state | cast | SmStateStream |
✅ from_sm
|
| ucm → per | check UpdateStrategy / migrate on update | call | PerManagerIf |
✅ to_per(client) |
| dm → ucm | TransferData (0x36) / Activate (0x31) | call |
UpdateCtl (or new DmToUcmIf) |
⬜ (dm FC absent) |
| dm → sm | request "Update" Function-Group state | call | StateMgmtCtl |
⬜ (dm FC absent) |
| apps → dm | DiagnosticEvent (failure) | cast | DiagnosticEvent |
⬜ (dm FC absent) |
| idsm → log[trace] | every Detection → SECURITY TraceRecord | cast |
TraceRecord (TraceKind.SECURITY) |
🔵 hand-encoded firehose |
| idsm → phm | critical detection → health event | cast | IdsmHealthEvent |
⬜ (phm FC absent) |
| idsm → sm | critical detection → mode input | cast | IdsmModeInput |
⬜ |
| osi → idsm | ResourceStatus broadcast (Cat I resource rule) | cast |
OsiStatusStream (ResourceStatus) |
⬜ idsm subscriber |
| fw → idsm | nft egress-drop counters (Cat B) | cast |
FwStatusStream (or counter) |
🔵 in-process nft_egress_drops()
|
| ucm → idsm | per-binary SHA256 digests at install (Cat H) | cast | IdsmDigestUpdate |
⬜ |
| crypto → idsm | code-signature verify (Cat H) | call |
CryptoOneShotIf (Verify/GetCert) |
⬜ |
| shwa → com | AccelTelemetry → GUI hardware panel | cast | AccelTelemetry |
✅ broadcast (com bridges gRPC) |
| shwa ← per | ShwaConfig (power_mode) from etcd | cast | ConfigUpdated |
✅ to_per
|
| shwa → phm/sm | thermal/power excursion → health/mode event | cast | ShwaExcursionEvent |
⬜ (future hook) |
| rds producer → consumer | "frame N ready" notification (bulk over iceoryx) | cast | RdsFrameReady |
🔵 TIPC cast + iceoryx pull |
| rds → monitor | GetStatus → {roudi_up, n_streams} | call | RdsCtl_If |
✅ |
| any reporting node → supervisor | HeartbeatReport (alive supervision) | cast |
HeartbeatReport (NodeReportIf) |
✅ HeartbeatPublisher |
| supervisor → sm/phm | HealthBeacon / SupervisionEvent firehose | cast |
HealthBeacon/SupervisionEvent
|
🔵 firehose |
| phm → sm | escalate OK→WARNING→DEGRADED→FAILED → drop system mode | cast | PhmHealthStatus |
✅ (services/phm → SM FgGate, live) |
| sm → supervisor (EM) | desired Function-Group state push (SM decides, EM executes) | call | (planned SM→EM API) | ⬜ planned |
| {sup,ucm,phm,exec,ctl} → sm | lifecycle triggers (SystemBoot/StartupComplete/…) | cast |
LifecycleIn (via SmGate) |
✅ lifecycle
|
The ⬜ rows whose both FCs exist today (so a port can be added now), with the placeholder message to add (empty body, fillable later — the per-link empty-message convention):
| Link | Add to | Port (kind) | Placeholder message |
|---|---|---|---|
| com → crypto | com |
client to_crypto requires CryptoOneShotIf |
(crypto's, imported) |
| ucm → crypto | ucm |
client to_crypto requires CryptoProviderIf |
(crypto's, imported) |
| crypto → idsm | idsm |
client to_crypto requires CryptoOneShotIf |
(crypto's, imported) |
| osi → idsm | idsm |
receiver from_osi requires OsiStatusStream |
(osi's ResourceStatus, imported) |
| ucm → idsm | idsm |
receiver from_ucm requires IdsmDigestUpdate |
message IdsmDigestUpdate {} |
| idsm → sm | idsm |
sender to_sm provides IdsmModeInput |
message IdsmModeInput {} |
| shwa → sm | shwa |
sender excursion provides ShwaExcursionEvent |
message ShwaExcursionEvent {} |
phm → sm (and idsm/shwa → phm) require the PHM FC to exist first — that is
S2 (the FunctionGroup statem + the PHM health port land together). The dm rows
wait on a dm FC (out of scope here).
🔵 rows are deliberately NOT ports: the trace/log firehose is hand-encoded for
zero-copy fan-out, the per/com PerView is the gRPC DMZ edge, fw↔idsm counters
are read in-process, rds bulk is the iceoryx plane. Adding .art ports there
would misrepresent the transport.