Time Determinism and Semantics Preservation in the Implementation of Distributed Functions over FlexRay
Future automobiles are required to support an increasing number of complex, distributed functions such as active safety and X-by-wire. Because of safety concerns and the need to deliver correct designs in a short time, system properties should be verified in advance on function models, by simulation or model checking. To ensure that the properties still hold for the final deployed system, the implementation of the models into tasks and communication messages should preserve properties of the model, or in general, its semantics. FlexRay offers the possibility of deterministic communication and can be used to define distributed implementations that are provably equivalent to synchronous reactive models like those created from Simulink. However, the low level communication layers and the FlexRay schedule must be carefully designed to ensure the preservation of communication flows and functional outputs.