AUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.

Similar documents
AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

Software integration challenge multi-core experience from real world projects

The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems

Green Hills Software, Inc.

Multicore for safety-critical embedded systems: challenges andmarch opportunities 15, / 28

Software architecture in ASPICE and Even-André Karlsson

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

Safety and Security for Automotive using Microkernel Technology

New ARMv8-R technology for real-time control in safetyrelated

Hypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public

ISO meets AUTOSAR - First Lessons Learned Dr. Günther Heling

Introducing a new temporal partitioning scheme to AUTOSAR OS

Multicore platform towards automotive safety challenges

Isolation of Cores. Reduce costs of mixed-critical systems by using a divide-and-conquer startegy on core level

Product Information Embedded Operating Systems

Functional Safety on Multicore Microcontrollers for Industrial Applications. Thomas Barth (h-da) Prof. Dr.-Ing. Peter Fromm (h-da)

10 th AUTOSAR Open Conference

oscan Embedded Real-time Operating Systems

SVENSK STANDARD SS-ISO :2005

Mastering The Behavior of Multi-Core Systems to Match Avionics Requirements

Deterministic Futexes Revisited

Software Architecture for Secure ECUs. Rudolf Grave EB TechDay-June 2015

Evidence Company description and future challenges. Paolo Gai, IWES Workshop Pisa, 21 September 2016

Integration of Mixed Criticality Systems on MultiCores: Limitations, Challenges and Way ahead for Avionics

Arccore AB 2017, all rights reserved. Accelerating innovation

A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG

Understanding SW Test Libraries (STL) for safetyrelated integrated circuits and the value of white-box SIL2(3) ASILB(D) YOGITECH faultrobust STL

Using a Certified Hypervisor to Secure V2X communication

AstréeA From Research To Industry

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

Using the MPU with an RTOS to Enhance System Safety and Security

Outline Background Jaluna-1 Presentation Jaluna-2 Presentation Overview Use Cases Architecture Features Copyright Jaluna SA. All rights reserved

Achieving Predictable Multicore Execution of Automotive Applications Using the LET Paradigm

Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018

Deos SafeMCTM. - Flight Software Workshop - Thursday December 7 th, Safety Critical Software Solutions for Mission Critical Systems

Interaction between AUTOSAR and non-autosar Systems on top of a Hypervisor

EE458 - Embedded Systems Exceptions and Interrupts

10 th AUTOSAR Open Conference

ADVANCED OPERATING SYSTEMS USB in a microkernel based operating system

KESO Functional Safety and the Use of Java in Embedded Systems

RTA-OSEK Texas Instruments TMS570 with the TI Compiler

Static analysis of concurrent avionics software

S32K Microcontroller Press Pack

Real-time Support in Operating Systems

Lecture notes Lectures 1 through 5 (up through lecture 5 slide 63) Book Chapters 1-4

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

SUCCESSFULL MULTICORE CERTIFICATION WITH SOFTWARE-PARTITIONING Efficient Implementation for DO-178C, EN 50128, ISO 26262

NET. A Hardware/Software Co-Design Approach for Ethernet Controllers to Support Time-triggered Trac in the Upcoming IEEE TSN Standards

Real-Time Systems Hermann Härtig Real-Time Operating Systems Brief Overview

CSE398: Network Systems Design

Networks and Operating Systems Chapter 11: Introduction to Operating Systems

ID 025C: An Introduction to the OSEK Operating System

Real-Time Systems. Real-Time Operating Systems

POK. An ARINC653-compliant operating system released under the BSD licence. Julien Delange, European Space Agency

A Multi-Core Basic Software as Key Enabler of Application Software Distribution

Overview of Potential Software solutions making multi-core processors predictable for Avionics real-time applications

Context. Giorgio Buttazzo. Scuola Superiore Sant Anna. Embedded systems are becoming more complex every day: more functions. higher performance

Context. Hardware Performance. Increasing complexity. Software Complexity. And the Result is. Embedded systems are becoming more complex every day:

Ensuring Schedulability of Spacecraft Flight Software

Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi

Hercules ARM Cortex -R4 System Architecture. Processor Overview

Adaptive AUTOSAR Extending the Scope of AUTOSAR-based Embedded Software

Taking the Right Turn with Safe and Modular Solutions for the Automotive Industry

Current status and Future of AUTOSAR. Markus Bechter 7 th AUTOSAR Open Conference Oct. 22 nd -23 rd 2014, Detroit

Implementing a High-Integrity Executive using Ravenscar

TCL. ASIL Level. Software. Automotive ISO Tool-Qualification. Safety Manual. Software for Safety-Related Automotive Systems

Operating Systems Overview. Chapter 2

OVERVIEW. Last Week: But if frequency of high priority task increases temporarily, system may encounter overload: Today: Slide 1. Slide 3.

Autonomous Driving From Fail-Safe to Fail-Operational Systems

Distributed IMA with TTEthernet

Chapter 4: Multi-Threaded Programming

AMDC 2017 Liviona Multi-Core in Automotive Powertrain and Next Steps Towards Parallelization

RazorMotion - The next level of development and evaluation is here. Highly automated driving platform for development and evaluation

Programming Embedded Systems

Handling Challenges of Multi-Core Technology in Automotive Software Engineering

Driving the standard for optimized embedded systems

CS A320 Operating Systems for Engineers

COEN-4720 Embedded Systems Design Lecture 9 Real Time Operating Systems (RTOS) Part 1: Processes/Tasks and Threads

10 th AUTOSAR Open Conference

10 th AUTOSAR Open Conference

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

AUTOSAR proofs to be THE automotive software platform for intelligent mobility

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Functional Safety on Multicore Microcontrollers for Industrial Applications

Department of Computer Science Institute for System Architecture, Operating Systems Group REAL-TIME MICHAEL ROITZSCH OVERVIEW

Towards AADL to SystemC mapping for partitioned systems. Etienne Borde Laurent Pautet Marc Gatti

A Predictable RTOS. Mantis Cheng Department of Computer Science University of Victoria

Adaptive AUTOSAR Extending the Scope of AUTOSAR-based Embedded Software

Operating System Design Issues. I/O Management

Blocking Analysis of FIFO, Unordered, and Priority-Ordered Spin Locks

Multicore ARM Processors for Safety Critical Avionics

MULTI SLOTH: An Efficient Multi-Core RTOS using Hardware-Based Scheduling

Implementing Scheduling Algorithms. Real-Time and Embedded Systems (M) Lecture 9

Industrial Embedded Systems - Design for Harsh Environment - Dr. Alexander Walsch

Developing deterministic networking technology for railway applications using TTEthernet software-based end systems

Model-Based Engineering for the Development of ARINC653 Architectures

Automotive Security An Overview of Standardization in AUTOSAR

The Performance of µ-kernel-based Systems

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

Process Description and Control. Chapter 3

Transcription:

AUTOBEST: A microkernel-based system (not only) for automotive applications Marc Bommert, Alexander Züpke, Robert Kaiser vorname.name@hs-rm.de

Outline Motivation AUTOSAR ARINC 653 AUTOBEST Architecture Certification Research Status + Outlook 2

Motivation Safety requirements for shared resources IEC 61508 An E/E/PE* safety-related system will usually implement more than one safety function. If the safety integrity requirements for these safety functions differ, unless there is sufficient independence of implementation between them, the requirements applicable to the highest relevant safety integrity level shall apply to the entire E/E/PE safety-related system. ISO 26262 Freedom of interference * E/E/PE: electrical / electronic / programmable electronic 3

Motivation Mixed-criticality system Partitioning P1 P2 P3 P4 ARINC 653 (Avionics) Spatial Partitioning most critical critical less critical least critical Time Partitioning Does this fit into a car as well? Kernel 4

Motivation Independent partitions Isolation P1 P2 P3 P4 (Limited) interference most critical critical less critical least critical Degraded mode Is this possible on today's ECUs with limited resources? Kernel 5

Motivation Requirements Different kind of partitions AUTOSAR partitions P1 P2 P3 P4 ARINC 653 partitions POSIX partitions most critical critical less critical least critical Static configuration Partitioning / MPU Partition Scheduling Tasks, Events, Alarms,... Goal: save as much RAM as possible! Kernel 6

AUTOSAR 7

AUTOSAR Automotive Software Stack Component Architecture Vendor neutral Design driven development Tools... Most components are outside the kernel Use existing 3 rd party components where possible Source: http://www.autosar.org 8

AUTOSAR Automotive Software Stack Component Architecture Vendor neutral Design driven development Tools... Most components are outside the kernel Use existing 3 rd party components where possible Source: http://www.autosar.org 9

ARINC 653 10

ARINC 653 Avionics OS Standard Part 1 - Required Services Part 2 - Extended Services Part 3 - Conformity Test Spec. Part 4 - Subset Services Multicore Services? Driven by IMA (Integrated Modular Avionics) SWaP (Size, Weight, and Power) Source: http://www.wikipedia.org 11

AUTOBEST Architecture 12

AUTOBEST Architecture Observation: OSEK and ARINC 653 have a lot of similar design patterns: Tasks Processes 4 Task States Static Initialization Initialization at Startup Priority based FIFO scheduling Synchronization using Priority Ceiling Protocols Application Modes Partition States No conflicting requirements! Use a common microkernel architecture 13

AUTOBEST Architecture Special Features OSEK / AUTOSAR Counters + Alarms Schedule Tables Interrupt Handling Interrupts are partitioned Interrupt handler are mapped to high priority tasks DisableInterrupts() raise priority to partition maximum 14

AUTOBEST Architecture Special Features ARINC 653 Partition Communication Queueing- and Sampling-Ports 64-bit Nanosecond Timeout API Health Monitoring Strict Error handling Partitioning API Start & Shutdown of other partitions Privileged system calls 15

AUTOBEST Architecture Component Architecture AUTOSAR Application ARINC 653 Application AUTOSAR Library ARINC 653 Library Configuration Configuration user mode supervisor mode Architecture Layer Kernel Component Configuration Board Component Processor 16

AUTOBEST Architecture Device Drivers Low-level AUTOSAR components like MCAL need adaption: Put some parts into kernel, others in user space Pragmatic approach: put performance critical drivers (CAN) into kernel put highly complex drivers (EEPROM) in dedicated partitions 17

Certification 18

Certification Documented Software Design Process Focus on Traceability Multiple levels of Requirements High Level Interfaces Component APIs Internal Design Requirement-based Testing Analyses: Coverage, Timing,... Reviews Processes, Requirements, Design, Code, Tests,... 19

Certification AUTOSAR: typically highly configurable SW Integration becomes problematic #ifdefs lead to a large configuration set Did you really test every combination??? AUTOBEST Kernel: (almost) no #ifdefs all features enabled by default Configuration on binary data Binary component re-use! Simplify re-certification and software testing 20

Research 21

Research Topics Engineering challenges Make it safe Make it fast? Low memory consumption Research challenges Techniques to mitigate costs of partitioning Interrupt-Handling Strict Temporal Isolation Bounded Interference on Multicore 22

Implementation 23

Implementation Implementation in C99 with GNU extensions Compiler: GCC Supported Architectures: ARM v7 Cortex-R4: Texas Instruments TMS570 Cortex-A8: BeagleBone Black (for testing) QEMU PowerPC e200 MPC5646c (Bolero3M) QEMU 24

Status + Outlook Current Status / Done (October 2014): Full OSEK API + AUTOSAR extensions Full ARINC 653 Part 1 Supplement 3 support Resource partitioning + MPU support 11,900+ LOC C + asm for kernel and architectures specific code 7,700+ LOC Perl + C# code for tools Work in progress: Multicore Support Infineon AURIX 25

Thank you for your attention! Questions? 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback