Institute for Communication Technologies and Embedded Systems

Efficient Configuration of Safety-Critical Software

In order to achieve a competitive advantage, vehicle manufacturers keep providing an increasing number of features related to driving experience, comfort and safety. Furthermore, ever-stringent environmental laws push towards lower emission technologies. These novel functionalities are mostly implemented in software and as a consequence, size and complexity of applications have been rapidly increasing. Another important aspect of automotive software is safety and upper estimation of its execution time is required according to ISO 26262. Typically, timing requirements are related to task periods (e.g. periodical sensor reading), or sporadic occurrences of events such as a crankshaft angle triggered interrupt.

The AUTOSAR (AUTomotive Open System ARchitecture) standard has been developed to ease the effort of managing software and E/E (Electrical/Electronic) architectures. Classical AUTOSAR applications consist of runnables which are grouped in tasks. Runnables forming a task usually have the same activation event, e.g. all runnables in a task are activated every 10 ms or each time a crankshaft angle reaches a certain value. Regarding communication between runnables, in AUTOSAR only static communication is supported. Runnables access data explicitly, or more frequently implicitly. When implicit communication is used, the run-time environment copies data to a local runnable buffer before runnable execution, and only after runnable termination, the run-time environment writes the local runnable buffer back to the memory location which other runnables can access.

Automotive applications are increasingly implemented on multicore ECUs (Electronic Control Units) as they offer the right balance between performance, cost, weight and space requirements. As a limitation for multi-core systems, AUTOSAR assumes that tasks are not assigned to cores dynamically. In fact, the configuration of an AUTOSAR system can be, due to the complex influence of its different elements on performance, practically impossible without tool support. Therefore, since the transition to multi-core architectures of safety-critical microcontrollers started considerably later than in other industries, tools for optimizing AUTOSAR applications for multi-core ECUs have been only recently developed by various companies and in the scope of different research projects, including the one at the Institute for Communication Technologies and Embedded Systems at the RWTH Aachen University.


Milan Copic