Launch manager

The Launch Manager is a component that provides a framework for managing the lifecycle of processes in the S-CORE platform. It allows for launching, monitoring, and controlling processes based on defined configurations and requirements. As such, it is a central part of the lifecycle management in S-CORE and knows about the state of all processes in the system.

It’s foreseen ECU projects will need a custom state management to fulfill ECU-project specific requirements. The S-CORE stack will offer a framework to control application lifecycle, but will not specify the State Manager.

Overview

The functionality of the Launch Manager is defined by configuration data, which spawns a directed acyclic graph (DAG) of Components and so called Run Targets. The Run Targets are virtual nodes in the DAG and represent Run States of the system. The Launch Manager is responsible for starting and stopping the processes in the correct order, based on the dependencies defined in the configuration data.

E.g. the configuration below consists of three Run Targets managing 9 components. If the user selects e.g. the Run Target “debug” the Launch Manager will start the components in the following order defined by the dependencies.

1. flash driver

2. filesystem

3. setup filesystems

4. networking

5. ssh

The Launch Manager (comp_arc_sta__lifecycle__launch_manager) implements the following interfaces,for the selection of Run Target s, starting and stopping of components and monitoring of the processes.

Switching between Run Targets

The Launch Manager allows switching between different Run Targets. When a switch is requested, the Launch Manager evaluates the current state and the target state, determining which components need to be started or stopped based on their dependencies.

When a component is started the Launch Manager will start the corresponding process and monitor its state via Ready Conditions.

Ready Conditions are essential mechanisms that determine when a component has successfully completed its startup phase and is ready to fulfill its intended role in the system. These conditions provide flexibility in defining what constitutes a “ready” state for different types of components. For SCORE applications, components can actively report their readiness through the Lifecycle Interface by signaling specific states or custom conditions. For native applications, the Launch Manager relies on external indicators such as process existence, file creation, network socket availability, or successful process termination. This dual approach ensures that both modern SCORE-aware applications and legacy native applications can participate in the dependency management system, allowing the Launch Manager to orchestrate complex startup sequences where components depend on each other’s readiness rather than just their launch order.

Control Interface

This interface provides control functionality for activating and managing run targets.It allows users to trigger execution of configured Run targets through a standardized activation mechanism.

Static architecture

Control Interface		status: valid security: YES safety: ASIL_B
fulfils: feat_req__com__interfaces implemented by: comp_arc_sta__lifecycle__launch_manager includes: logic_arc_int_op__lifecycle__activate_target
logic_arc_int__lifecycle__controlif		Logical Interface & Feature Interface View

Operations

Activate Run Target		status: valid security: YES safety: ASIL_B
included by: logic_arc_int__lifecycle__controlif
logic_arc_int_op__lifecycle__activate_target		Logical Interface Operation

The Launch Manager shall provide an interface, which allows an external State Manager application to request the Launch Manager to start, stop or restart applications or groups of applications, which allows the implementation of a state management applications to support dynamic state control.

Dynamic architecture

The following use cases are supported by the ControlInterface provided by the Launch Manager.

Activating a Run Target

When a request to activate a run target is received via the ControlInterface, the Launch Manager shall perform the following operations:

1. Validation: Evaluate if the conditions are correct for activating the requested run target: - The run target exists in the configuration - All dependencies for the run target are resolvable - Required resources are available

2. Transition Logic: Determine the transition from the current state to the target state: - If a different run target is active, perform a switch operation (stop current, start requested) - If the same run target is already active, verify its state and potentially restart failed components

3. Execution: Execute the transition in the correct dependency order: - Stop components that are not part of the new run target - Start components that are required for the new run target - Respect dependency relationships during both stop and start operations

4. Response: Return status to the caller: - Success if all components transitioned correctly - Failure with detailed error information if any component failed to transition

This unified approach allows external state managers to request any run target activation without needing to know the current system state, as the Launch Manager handles the transition logic internally.

Control interface dynamic architecture activate run target		status: valid security: YES safety: ASIL_B
fulfils: feat_req__lifecycle__control_commands, feat_req__lifecycle__request_run_target_start, feat_req__lifecycle__switch_run_targets
feat_arc_dyn__lifecycle__control_if_activate		Feature Sequence Diagram

Requirements

• Control commands (feat_req__lifecycle__control_commands)

• Request run target launch (feat_req__lifecycle__request_run_target_start)

• Switch between run targets (feat_req__lifecycle__switch_run_targets)

Lifecycle Interface

The Launch Manager provides interfaces for communication with launched applications, supporting two distinct application types:

1. SCORE Applications: Implement the full Lifecycle Interface for bidirectional communication with state reporting, liveliness indication, and conditional signaling

2. Native Applications: Controlled exclusively via POSIX signals (SIGTERM, SIGKILL, etc.) without direct API communication

This dual approach enables the Launch Manager to manage both legacy native applications and SCORE-aware applications within the same system.

The Lifecycle Interface serves as the communication channel between applications and the Launch Manager:

For SCORE Applications: - Application state reporting (started, running, stopped) - Conditional signaling for application dependencies

For Native Applications: - Process lifecycle control via POSIX signals - Basic process monitoring (PID-based status checking) - Exit code evaluation for failure detection

Static architecture

Lifecycle Interface		status: valid security: YES safety: ASIL_B
fulfils: feat_req__lifecycle__process_state_comm, feat_req__lifecycle__liveliness_detection used by: comp_arc_sta__lifecycle__launch_manager includes: logic_arc_int_op__lifecycle__run, logic_arc_int_op__lifecycle__terminate includes: logic_arc_int_op__lifecycle__run, logic_arc_int_op__lifecycle__terminate
logic_arc_int__lifecycle__lifecycle_if		Logical Interface & Feature Interface View

run		status: valid security: YES safety: ASIL_B
included by: logic_arc_int__lifecycle__lifecycle_if included by: logic_arc_int__lifecycle__lifecycle_if
logic_arc_int_op__lifecycle__run		Logical Interface Operation

terminate		status: valid security: YES safety: ASIL_B
included by: logic_arc_int__lifecycle__lifecycle_if included by: logic_arc_int__lifecycle__lifecycle_if
logic_arc_int_op__lifecycle__terminate		Logical Interface Operation

The following use cases are supported by the Lifecycle Interface, with different capabilities depending on the application type.

SCORE Application State Communication

SCORE applications implementing the Lifecycle Interface can communicate their internal state to the Launch Manager. The state information includes:

• Started: Application has successfully initialized and is ready to operate

• Running: Application is actively executing its main functionality

• Stopped: Application has terminated or is in the process of shutting down

The Launch Manager uses this state information for:

• Dependency resolution for other applications

• Recovery action decisions

• Status reporting to external state managers via the Control Interface

SCORE Application Conditional Signaling

SCORE applications can signal custom conditions to the Launch Manager via the Alive Interface. This enables:

• Complex dependency management beyond simple process startup

• Coordination between interdependent applications

Custom conditions can be used by other applications as launch dependencies, allowing for sophisticated startup orchestration.

Native Application Control

Native applications that do not implement the Lifecycle Interface are controlled through POSIX signals:

• SIGTERM: Graceful shutdown request

• SIGKILL: Forced termination (after timeout)

• SIGUSR1/SIGUSR2: Application-specific signals (if configured)

The Launch Manager monitors native applications through:

• Process ID (PID) tracking

• Exit code evaluation

• Resource usage monitoring via OS facilities

• Timeout-based failure detection

For native applications, the Launch Manager provides:

• Basic lifecycle control (start/stop)

• Simple dependency management based on process existence

• Configurable startup/shutdown timeouts

• Exit code-based success/failure determination

Dynamic Architecture

Lifecyle Interface		status: valid security: YES safety: ASIL_B
fulfils: feat_req__lifecycle__control_commands, feat_req__lifecycle__request_run_target_start, feat_req__lifecycle__switch_run_targets
feat_arc_dyn__lifecycle__state_machine		Feature Sequence Diagram

Requirements

• Process state (feat_req__lifecycle__process_state_comm)

• Control interface support (feat_req__lifecycle__custom_cond_support)

• Monitoring and recovery: wa... (feat_req__lifecycle__smart_watchdog_config)

• Process monitoring (feat_req__lifecycle__process_monitoring)

• Terminating process (feat_req__lifecycle__process_termination)

• Shutdown signal handling (feat_req__lifecycle__shutdown_signal)

• Support for launching proce... (feat_req__lifecycle__launch_support)

• Process dependency handling (feat_req__lifecycle__process_ordering)

• Launching processes in para... (feat_req__lifecycle__parallel_launch_support)

• Conditional launching (feat_req__lifecycle__waitfor_support)

• Forward process information (feat_req__lifecycle__process_input_output)

• Handling process args (feat_req__lifecycle__process_launch_args)

• Process user, group IDs sup... (feat_req__lifecycle__uid_gid_support)

• Condition timeout (feat_req__lifecycle__total_wait_time_support)

• Conditional launch polling ... (feat_req__lifecycle__polling_interval)

• Process priority support (feat_req__lifecycle__launch_priority_support)

• CWD support (feat_req__lifecycle__cwd_support)

• Launching terminal (feat_req__lifecycle__terminal_support)

• Standard handle redirection (feat_req__lifecycle__std_handle_redir)

• Non-root support (feat_req__lifecycle__secpol_non_root)

• Configurable amount of retries (feat_req__lifecycle__retries_configurable)

• File descriptor inheritance... (feat_req__lifecycle__fd_inheritance)

• Security policy support (feat_req__lifecycle__support_secpol_type)

• Supplementary group support (feat_req__lifecycle__supplementary_groups)

• Scheduling support (feat_req__lifecycle__scheduling_policy)

• CPU runmask support (feat_req__lifecycle__runmask_support)

• ASLR support (feat_req__lifecycle__aslr_support)

• Resource limit support (feat_req__lifecycle__process_rlimit_support)

• Process detach from parent ... (feat_req__lifecycle__detach_parent_process)

• Process adoption (feat_req__lifecycle__running_processes)

• Dropping process responsibi... (feat_req__lifecycle__drop_supervsion)

• Multiple instance of execut... (feat_req__lifecycle__multi_start_support)

• Pre-start validation (feat_req__lifecycle__validate_conditions)

• post-start validation (feat_req__lifecycle__validation_conditions)

• Invalid dependency (feat_req__lifecycle__consistent_dependencies)

• Dangling dependency (feat_req__lifecycle__stop_process_dependents)

• Coordination stop dependency (feat_req__lifecycle__stop_order_spec)

• OCI Compliant (feat_req__lifecycle__oci_compliant)

Alive Interface

The Alive Interface provides a basic watchdog functionality interface that delivers essential monitoring capabilities for system health and responsiveness tracking. It implements core watchdog operations including heartbeat signals to ensure reliable operation and automatic recovery from unresponsive states.

SCORE Application Liveliness Reporting

SCORE applications can periodically signal their liveliness to the Launch Manager through the Alive Interface. This mechanism allows the Launch Manager to:

• Detect application failures or hangs

• Trigger recovery actions when liveliness is lost

• Maintain accurate process health status

The liveliness mechanism includes:

• Configurable heartbeat intervals per application

• Timeout detection and failure handling

Static architecture

Alive API		status: valid security: YES safety: ASIL_B
fulfils: feat_req__com__interfaces implemented by: comp_arc_sta__lifecycle__launch_manager used by: comp_arc_sta__lifecycle__healthmonitor includes: logic_arc_int_op__lifecycle__min_time, logic_arc_int_op__lifecycle__report_health
logic_arc_int__lifecycle__alive_if		Logical Interface & Feature Interface View

Operations

report_health_status		status: valid security: YES safety: ASIL_B
included by: logic_arc_int__lifecycle__alive_if
logic_arc_int_op__lifecycle__report_health		Logical Interface Operation

Dynamic architecture

Alive Monitoring		status: valid security: YES safety: ASIL_B
fulfils: feat_req__lifecycle__monitoring_processes, feat_req__lifecycle__polling_interval, feat_req__lifecycle__failure_detect
feat_arc_dyn__lifecycle__alive_monitoring		Feature Sequence Diagram

Requirements

• Monitoring and recovery: ad... (feat_req__lifecycle__monitoring_processes)

• Conditional launch polling ... (feat_req__lifecycle__polling_interval)

• Process launch monitoring (feat_req__lifecycle__failure_detect)

• Process liveliness detection (feat_req__lifecycle__liveliness_detection)