Search Results

Developers of safety-critical real-time systems have to ensure that their systems react within given time bounds. Ideally, the system is designed to provide sufficient computing power and network bandwidth, is cost efficient and provides the necessary safety level. To achieve this goal, three challenges have to be addressed. First, it must be possible to account for timing during early development stages in the architecture exploration phase. Second, during software development, timing behavior and the effects of software changes on timing must be observable. Third, there must be a technology for formally verifying the final timing behavior for industry-size applications. In this article we present a comprehensive methodology for dealing with timing which addresses all three issues based on state-of-the-art commercial tools.

More electronic vehicle functions lead to an exponentially growing degree of software integration in automotive ECUs. We are seeing an increasing number of ECUs with mixed criticality software. ISO26262 describes different safety requirements, including freedom from interference and absence from error propagation for the software. These requirements mandate particular attention for mixed-criticality ECUs. In this paper we investigate the ability to guarantee that these safety requirements will be fulfilled by using established (deadline monitoring) and new error detection mechanisms (execution time monitoring). We also show how these methods can be used to build up safe and efficient schedules for today's and future automotive embedded real time systems with mixed criticality software.

Multi-core systems are promising a cost-effective solution for (1) advanced vehicle features requiring dramatically more software and hence an order of magnitude more processing power, (2) redundancy and mixed-IP, mixed-ASIL isolation required for ISO 26262 functional safety, and (3) integration of previously separate ECUs and evolving embedded software business models requiring separation of different software parts. In this context, designing, optimizing and verifying the mapping and scheduling of software functions onto multiple processing cores becomes key. This paper describes several multi-core task design and scheduling design options, including function-to-task mapping, task-to-core allocation (both static and dynamic), and associated scheduling policies such as rate-monotonic, criticality-aware priority assignment, period transformation, hierarchical partition scheduling, and dynamic global scheduling.

When designing safety-critical automotive systems, verification of timing and performance are key, especially the verification of hard deadlines and other critical timing constraints. Test- or simulation-based approaches suffer from corner-case coverage problems and are becoming less reliable as systems grow in size and complexity. Time-triggered mechanisms (e.g. OSEKtime and FlexRay) were proposed as a way out by providing better timing prediction. However, for reasons of cost, flexibility and reactivity, future cars will mostly likely contain a mix of event-triggered (ET) and time-triggered (TT) components that are combined synchronously and/or asynchronously, thereby further complicating timing. Scheduling analysis has recently matured to allow reliable timing verification and systematic optimization for ET, TT, and mixed systems.