On Designing Software Architectures for Next-Generation Multi-Core ECUs 2015-01-0177

Multi-core systems are promising a cost-effective solution for (1) advanced vehicle features requiring dramatically more software and hence an order of magnitude more processing power, (2) redundancy and mixed-IP, mixed-ASIL isolation required for ISO 26262 functional safety, and (3) integration of previously separate ECUs and evolving embedded software business models requiring separation of different software parts. In this context, designing, optimizing and verifying the mapping and scheduling of software functions onto multiple processing cores becomes key. This paper describes several multi-core task design and scheduling design options, including function-to-task mapping, task-to-core allocation (both static and dynamic), and associated scheduling policies such as rate-monotonic, criticality-aware priority assignment, period transformation, hierarchical partition scheduling, and dynamic global scheduling. To support ISO 26262 “freedom-from-interference” requirements, sets of tasks can be grouped into “partitions” which can be protected from each other both spatially and temporally, and different scheduling techniques are demonstrated to be capable of ensuring temporal isolation (e.g., hierarchical partition scheduling, or static task-to-core allocation based on partition). In support of navigating through these numerous design options, advanced timing analysis tools are imperative. Many design options can already be evaluated and verified using commercially available timing analysis tools, while tool support for newer design options such as dynamic global scheduling will continue to be developed in the coming years.