Search Results

The introduction of FlexRay is often motivated with high bandwidth, fail-safety, and deterministic timing. To no surprise, FlexRay is currently being introduced broadly in the chassis domain with its safety-critical, distributed control functions. However, also FlexRay system exhibit unwanted timing effects such as over- and under-sampling and ECU signal jitter. To fully exploit FlexRay’s potential, these effects must be understood, controlled, and reasonably considered in the supply-chain communication. In this paper, we illustrate the key timing pitfalls that exist with FlexRay. We further demonstrate how timing analysis increases confidence and allows thorough optimizations of FlexRay designs. This helps OEMs and Tier-1 suppliers to protect against timing problems early. Parts of the technology are available, however, new methodological steps are needed.

Due to the increasing integration of safety-critical functionalities into electronic devices, safety-related system design and certification have become a major challenge. Amongst others a suitable reaction of components in case of internal errors must be ensured in order to prevent a function from failing and to guarantee a certain degree of reliability. In this context a wide variety of different fault tolerance mechanisms have been developed in the past, including analytical considerations of error coverage and resulting reliability. However, most of these mechanisms induce a certain timing overhead, which in turn might affect the real-time capabilities of the system in a negative way. More concretely, even if each error is treated adequately such that no logical failure occurs, a timing failure due to missing a deadline cannot be ruled out definitely.

Multi-core systems are promising a cost-effective solution for (1) advanced vehicle features requiring dramatically more software and hence an order of magnitude more processing power, (2) redundancy and mixed-IP, mixed-ASIL isolation required for ISO 26262 functional safety, and (3) integration of previously separate ECUs and evolving embedded software business models requiring separation of different software parts. In this context, designing, optimizing and verifying the mapping and scheduling of software functions onto multiple processing cores becomes key. This paper describes several multi-core task design and scheduling design options, including function-to-task mapping, task-to-core allocation (both static and dynamic), and associated scheduling policies such as rate-monotonic, criticality-aware priority assignment, period transformation, hierarchical partition scheduling, and dynamic global scheduling.

Today, gated networks with several buses are becoming standard in automotive E/E-systems but are evolving differently among the various vehicle manufactures, with different topologies, combinations of bus protocols, and speeds. Making the right architecture decisions requires systematic evaluation of the many alternatives during early design stages. However, there are many trade-offs in terms of performance, cost, extensibility, etc.. In this context, scheduling analysis is a powerful tool. It clarifies performance, end-to-end timing, and dynamic behavior. This enables evaluation of networking alternatives, foresight of bottlenecks, and provides guidance in the design process. In the paper, the application of scheduling analysis in automotive network exploration and optimization will be demonstrated. Specific emphasize will be put on end-to-end timing, migration from CAN to FlexRay, black-box integration and early-stage assumptions, extensibility, and trade-offs.

When designing safety-critical automotive systems, verification of timing and performance are key, especially the verification of hard deadlines and other critical timing constraints. Test- or simulation-based approaches suffer from corner-case coverage problems and are becoming less reliable as systems grow in size and complexity. Time-triggered mechanisms (e.g. OSEKtime and FlexRay) were proposed as a way out by providing better timing prediction. However, for reasons of cost, flexibility and reactivity, future cars will mostly likely contain a mix of event-triggered (ET) and time-triggered (TT) components that are combined synchronously and/or asynchronously, thereby further complicating timing. Scheduling analysis has recently matured to allow reliable timing verification and systematic optimization for ET, TT, and mixed systems.