The AUTOSAR Timing Model---
Status and Challenges
Dr. Kai Richter
Symtavision GmbH, Germany
2© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Symtavision GmbH – Who we are !
Spin-off from Technical University of Braunschweig, Germany, founded May 2005
Timing and scheduling analysis tool suite SymTA/S
30+ MY research and development of technology
Expertise in system integration
Primary market: Automotive
3© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Symtavision Expertise: Real-Time Systems AnalysisSymtavision Expertise: Real-Time Systems Analysis
Real-time correctness Reliability / Dependability
Optimization Costcomponent selection
dimensioning
scheduling
Flexibility Quality
Phillips NexperiaTM Platform
MIPS bridge
MIP
SPI
bus
MIPS bridge
MIP
SPI
bus
MIPS C-BridgeMIPS C-BridgeAudio I/O
Sony PhilipsDigital I/O
Audio I/O
Sony PhilipsDigital I/OHigh-performance
2D-rendering engine
Adv. imagecompositionProcessor
MPEG-2video decoder
Video inputprocessor
MPEGsystem proc.
High-performance2D-rendering engine
Adv. imagecompositionProcessor
MPEG-2video decoder
Video inputprocessor
MPEGsystem proc.
Universal async.receiver/transmitter
(UART)
Universal serial bus
ISO UART
IEEE 1394 link layer controller
I²C
Exp. bus interfaceunit PCI/XIO
Synchronousserial interface
Universal async.receiver/transmitter
(UART)
Universal serial bus
ISO UART
IEEE 1394 link layer controller
I²C
Exp. bus interfaceunit PCI/XIO
Universal async.receiver/transmitter
(UART)
Universal serial bus
ISO UART
IEEE 1394 link layer controller
I²C
Exp. bus interfaceunit PCI/XIO
Universal async.receiver/transmitter
(UART)
Universal serial bus
ISO UART
IEEE 1394 link layer controller
I²C
Exp. bus interfaceunit PCI/XIO
Synchronousserial interface
Memory-basedscaler
Interrupt ctrl.
Transport streamDMA
General-purposeI/OMemory-based
scaler
Interrupt ctrl.
Transport streamDMA
General-purposeI/O
IC debug
Clocks
CPU debug
Reset
CRCDMA
Interrupt controller
Enhanced JTAG
IC debug
Clocks
CPU debug
Reset
CRCDMA
IC debug
Clocks
CPU debug
Reset
CRCDMA
Interrupt controller
Enhanced JTAG
Fast
PIbu
s
MIPS(PR3940)
CPU
D$
I$
Fast
PIbu
s
MIPS(PR3940)
CPU
D$
I$
MIPS(PR3940)
CPU
D$
I$
TriM
e di a
P I b
us
TriMedia(TM32)CPU
D$
I$
TriM
e di a
P I b
us
TriMedia(TM32)CPU
D$
I$
TriMedia(TM32)CPU
D$
I$
C-bridgeC-bridge
External SDRAM
Memory controller
Mem
.M
gmt.
IFbu
s
TriMediaC-BridgeFast C-Bridge
External SDRAM
Memory controller
Mem
.M
gmt.
IFbu
s
TriMediaC-BridgeFast C-Bridge
4© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Solution: Flexible, Modular SymTA/S Tool Suite
Screenshots by
5© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Overview
AUTOSAR in general & target use cases
Top-down: SW architecture vs. execution platform
A closer look to key technical details
Bottom-up: Integration & timing analysis practice
Implications w.r.t AUTOSAR goals
Conclusion
6© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Overview
AUTOSAR in general & target use cases
Top-down: SW architecture vs. execution platform
A closer look to key technical details
Bottom-up: Integration & timing analysis practice
Implications w.r.t AUTOSAR goals
Conclusion
7© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Key AUTOSAR Concepts
portable software components
virtual function bus (VFB)
ports and connectors
several communication semantics (send/recv, client/server)
crossing module boundaries (function distribution)
crossing company boundaries (supply chain, black box)
configurable/customizable run-time environment
Needs standardized APIs to facilitate implementation!
8© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Key AUTOSAR "Methodology and RTE"
Flexible mapping of software components ...
... enabled by standardized run-time environment (RTE)
9© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
ActuatorSWCSWC-1
BSWRTE
ActuatorActuatorSWCSWC1Sensor Sensor
SWC
BSWRTE
Sensor
SensorSWC
ActuatorSignal Path / Data Flow
Mapping in More Detail:SW Component Structure and Execution Platform
Standardized RTE eases compiling & linking together several SW components from different teams/vendors/...
Vehicle Function
10© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Typical AUTOSAR Use Cases
Function distribution & partitioningone function - several SW components one several ECUsone ECU - several SW-Cs from different functions / vendors
Adding new functionsproduct variants, face lifts, platforms
OptimizationsConfiguration (CAN IDs, signal-to-frame assignment, etc.)Re-mapping of SW componentsNetwork modifications (topology, protocols, gatewaying)
New business modelsSoftware as a productImproved supply-chain "contracting" (liabilities)
11© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Overview
AUTOSAR in general & target use cases
Top-down: SW architecture vs. execution platform
A closer look to key technical details
Bottom-up: Integration & timing analysis practice
Implications w.r.t AUTOSAR goals
Conclusion
12© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Introduction of Timing Effects: Framework
Function development imposes timing constraints
High-level specification based on SW components
AUTOSAR goal: break down the software structure into "manageable" blocks
timing chains and timing chain segments
connected at hand-over points (HOPs)
consider each segment / HOP individually
Goals: divide and conquer "timing analysis" top-down
assignment of responsibilities
locally verifiable, then result composition bottom-up
13© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Sensor SWCSens BSW RTE
BSW BSW RTE Actuator SWCSWC1 RTE
RTEI/O CAN
BSWRTE ActI/O
end-to-end timing chain
HOPs
Timing Chains and Hand-Over Points (HOPs)
INTER-ECU
communication
INTRA-ECU
communication
ActuatorSWCSWC-1
BSWRTE
BSWRTE
Sensor
SensorSWC
ActuatorSignal Path / Data Flow
timing chain segments
ActuatorActuatorSWCSWC1Sensor Sensor
SWC
14© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Introduction of Local Timing Effects
Reasoning about timing requires considering two views: static software components
vs. dynamic execution platform behavioroperating systems and scheduling;SW components vs. runnables and tasks
communication semantics;SW-C structure vs. timing dependencies
middleware / driver structure;standardized protocols vs.
non-standardized implementation & BSW
15© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Overview
AUTOSAR in general & target use cases
Top-down: SW architecture vs. execution platform
A closer look to key technical details
Bottom-up: Integration & timing analysis practice
Implications w.r.t AUTOSAR goals
Conclusion
16© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
SW-Components vs. "Runnables" and Tasks
SW architecture:2 SW components,6 runnables
Implementation: 3 Tasks
Schedule and timing dependencies
ECU 1SW-C2
runnableY
runnableX
runnableZ
BSWRTE
SW-C 1runnableA
runnableB
runnableC
runnableArunnableY runnableBrunnableCrunnableX runnableZ
OS
OS
OS
OS Task 4
OS
SW-C 1runnableA
runnableB
runnableC
SW-C 2
runnableY
runnableX
runnableZ
17© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
timing chain segment
SW-C 1BSW RTE
BSWRTE
Challenge: Associating Schedules with Timing Chain Segments
software component w/ 3 runnables
sequential model
actual implementation
meaning ?
SW-C 1runnableA
runnableB
runnableC
OS
OS
OS
OSTask 4
OS
OS
OS
OS
OSTask 4
OS
what about runnable Bend of runnable C
start of runnable A
B B
18© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Software component view captures "logical" dependencies (data flow)
Implementation timing dependencies can be very different!!!time-driven and event-driven activationsend/recv and client/server communication (remote procedure call)over- / undersampling
SWC 2SWC 1 SWC 3
BSWRTE
SWC 1
CAN
M2N7
BSWRTE
SWC 2M2N7
BSWRTE
SWC 3M2N7
TTTT
TT
Software Component Structure vs. Timing Dependencies
time-driven task
remote procedure call
event-driven task
cyclic CAN frames
immediate CAN frames(event-driven)
19© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Software component view captures "logical" dependencies (data flow)
Timing dependencies can be very different!!!time-driven and event-driven activationsend/recv and client/server communication (remote procedure call)over- / undersampling
SWC 2SWC 1 SWC 3
Software Component Structure vs. Timing Dependencies
SWC 2SWC 1 SWC 3
client server
oversampling
undersamplingsender/receiverinternal state
20© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Sender-Receiver vs. Client-Server I
INTRA-ECU communication: both SW-Cs on one ECUmerely an issue of software structureglobal register vs. local variable (with get Method)
INTER-ECU communication: SW-Cs on different ECUshas large influence on bus / ECU timing
sender-receiver client-server
cyclic frame
cyclic req. frame
periodicsender
periodicclient
asynchronous(event driven)
server task
asynchronousdata frame
Screenshots by
21© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
sender-receiver w/ cyclic tasks and frames
client-server solution w/ asynchronous servers and frames
Sender-Receiver vs. Client-Server II
bus message timingECU 2 timing
Screenshots by
22© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
CAN HW
CANBSW
RTESIG SIG
MO
INT
SEND
SIG
Queue
Frame generation timing (cyclic and/or event+driven)
Buffering strategy(FIFO, priority ordered, hybrid)
Use of message objects(hardware buffers)
MO MO
SWC 2
SWC 3
SIG signal register
SEND/ COM layer tasksRECV or interrupts
INT driver interrupt
MO message object(HW buffer)
Protocols vs. Non-Standardized BSW
COM timing chain segmentB
SW BSW RTE
RTE CAN
SWC 1
SWC 3
SIG SIG
MO
INT
RECV
23© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Shared FIFO Buffer undermines the CAN protocol's priority scheme
high
low
prio
rity
Shared priority-ordered buffer
Priority Queue vs. FIFO in CAN Networks
high-priority frames must wait for low-priority frames
low-priority frames benefit from FIFO
3 messages share a FIFO
Screenshots by
buffering strategy (inside ECU) has huge influence on network timing
blocking due to non-preemptiveness
24© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Challenge: Associating Schedules with Timing Chain Segments
SIG
SIG
MO
INT
SEN
D
SIG
complex mutual
dependencies
complex mutual
dependencies
SIGSIG
MO
INT
REC
V
CANBSW BSW RTERTE
? ???
25© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Summary: Local Timing Effects
Complex timing
is not directly reflected in the software architecture is induced by the execution platform!
runnables and tasks
timing dependencies andcommunication semantics
non-standardized drivers and middleware (BSW)
etc...
OS
OS
OS
OSTask 4
OS
SWC 2SWC 1 SWC 3
client serveroversampling
undersamplingsender/receiverinternal state
CAN HW
CANBSW
RTESIG SIG
MO
INT
SEND
SIG
Queue
MO MO
26© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Overview
AUTOSAR in general & target use cases
Top-down: SW architecture vs. execution platform
A closer look to key technical details
Bottom-up: Integration & timing analysis practice
Implications w.r.t AUTOSAR goals
Conclusion
27© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Bottom-up: Timing effects during integration
Key Message: Local Changes can have Global Effects !!!
COM/BSWconcepts
networktiming
driver interruptsend-to-end
timing
task scheduling
RTOSconfig
networkconfig
28© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Example: Task Timing Changed, e.g. Function Added
constraints still valid ?
Screenshots by
new
29© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Example: New Frame on Network
buffer overflow
scheduledistotrion
direct dependencies
indirect dependencies
Screenshots bynew
30© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Example:COM Layer Queuing Changed (FIFO -> priority)
direct dependencies
indirect dependencies
end-to-end timing still valid?
Screenshots by
31© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Use Case: System Integration (white box)
Question: How can this be analyzed & controlled ?Screenshots by
COM/BSWconcepts
networktiming
driver interruptsend-to-end
timing
task scheduling
RTOSconfig
networkconfig
two individual subsystems integrated using shared bus
32© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Use Case: System Integration (black box)
Even worse: Only partial information availableHow to analyze this at all?
Screenshots by
33© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Timing Analysis in Practice Today
Local analysis of individual componentsgood systematic approaches availablebut mostly simplified "environment models" later integration problems
Testing of (sub-) systems after integrationwhole environment availablebut: unknown critical interactions prohibits corner case coveragedecreasing reliability
COM/BSWconcepts
networktiming
driver interruptsend-to-end
timing
task scheduling
RTOSconfig
networkconfig
34© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
OEM
Supplier
Design Test
System Test
Requirements Test
Function Test
Module Test / Analysis
Analysis
System Design
Module Design
Implementation
Established V-Model Design Process
coverage?
composition?
35© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Many local decisions have global effect,and are mutually dependent
Technical Issue: System-level modelingof complex timing interaction
Business Issue: Contracting & data availability along complex supply chains
Current practice needs improvements
Key challenge for the AUTOSAR Timing Model!
Summary: Bottom-Up System Integration
COM/BSWconcepts
networktiming
driver interruptsend-to-end
timing
task scheduling
RTOSconfig
networkconfig
?
36© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Overview
AUTOSAR in general & target use cases
Top-down: SW architecture vs. execution platform
A closer look to key technical details
Bottom-up: Integration & timing analysis practice
Implications w.r.t AUTOSAR goals
Conclusion
37© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Review: AUTOSAR Goals
AUTOSAR shall be a vehicle for:Integration of SW-Cs from different SW suppliersIntegration of ECUs from different tier-1 suppliersPlatform design
re-use, extensibility, platform variantsportability and configurability at all levels
Approach:Standardized software architectureModular and flexible function integration
38© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Challenge: Timing Dependencies
SW architecture does not reflect timing dependencies
Timing is mapping dependent (execution platform)not as compositional/modular as the software architecurecomplexa fundamental technical issue
Timing currently not thoroughly addressed by AUTOSARcounters platform independent software & portability
SW-C 1
runnableArunnableB
runnableC
SW-C 2
runnableYrunnableX
runnableZ
CAN HW
CANBSW
RTESIG SIG
MO
INT
SEND
SIG
Queue
MO MO
ActuatorSWCSWC-1
BSWRTE
BSWRTE
Sensor
SensorSWC
ActuatorSignal Path / Data Flow
vs.
OS
OS
OS O
STask 4
OS
39© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Controlling timing dependencies requires reasonable specification models that are supported by analysis (tools)
Appropriate timing model technologyAppropriate design "culture" business processes
What is needed ?
"There is no point in modeling something that cannot be analyzed !!!" (during some timing team meeting)
40© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
captures the complex dynamic timing dependencies, and the environment
considers the used mechanisms (OS, protocols, BSW,...)enables de- / composition & local timing analysisallows black-box integration and IP protectionapplicable at different levels of detail
How Could a Successful Timing Model Look Like?
black box / IP prot.
local analysis
global dependencies andcommon mechanisms
decomposition
IP protection reasonableinterfaces
OS
OS
OS
OSTask 4
OS
41© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Software Suppliers can do: Timing Characterization
runnableArunnableY
runnableBrunnableCrunnableX
runnableZ
SW-C 1runnableA
runnableB
runnableC
SW-C 2
runnableY
runnableX
runnableZ
runnableA runnableY
runnableBrunnableCrunnableX
runnableZ
+ information about communication (volume & access type)
+ information about activationevents, interrupts, timers...
execution timeCPU, periherals,coprocessors, memory archit.
42© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
runnableArunnableY
runnableBrunnableCrunnableX
runnableZ
A
B C
N
A
black boxes
ECU Suppliers can do: Timing Analysis on ECUs
black boxes
Screenshots by
interface captures dynamic I/O behavior (jitter, min/max delays)
OS, scheduling,drivers, BSW,
interrupts, timers
43© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
constraint not met
black boxECUs
black box ECUs
OEM can do: Control Timing on Bus/Network
Screenshots by
interface captures dynamic component interactions
network config, protocols,gateways, etc.
44© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
OEM
Supplier
Design Test & Analysis
System Test
Requirements Test
Function Test
Module Test
Analysis
System Design
Module Design
Implementation
Design Process Tomorrow ?
RequirementVerification
PerformanceEstimation Architecture
Optimization
Refinement
Inte
grat
ion
Integration Verification
BottleneckDetection
Flexibility Analysis
45© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Cultural Issues
Many approaches to timing modeling existNone has been chosen yet for AUTOSARWhy ???
Timing challenges require re-thinking of roles !!!
46© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Suppliers Role
Traditional role of Suppliersfunction implementationexecution platform development..
New to suppliersresponsible for ECU-network interactionsvery detailed requirements / constraintstraceable verification, clear responsibility / liabilitydisclosure of information relevant for timingmore competition due to comparability
47© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
OEMs Role
Traditional role of OEMs in E/E designfunction design (Matlab, etc..)prototypingtaking suppliers liable for correct functioning
New to OEMsnetwork timing effects out of supplier responsibilitytiming is a technical problem requiring a technical solution(no management solution)consideration of SW architecture and execution platformsdealing with systematic timing and QoS contracts
OEM needs to reason about integration much earlierQuality can not be added at the end of "cooking" (like salt) !
48© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Matlab/Simulink Simulation
Prototype
Integration& Test @ OEM
ECU design @ Supplier
+
Function Design &Simulation @ OEM
Prototype& Test @ OEM
RP tool chain
??Critical Supply Chain Communication
Supplier-OEM Communication Scenario
49© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Facing timing as a technical challenge, OEMs canunderstanding network timing more systematicdimensioning, configuration, optimizationfocusing on the interaction of ECUs with the networkmore systematic timing constraints for suppliers (timingchains and HOPs) increasing integration reliability / reduced riskbetter understanding of COM-layer effects systematicimplementation constraints for suppliers (OEMs defines a "standard BSW core") guaranteed compliance of supplied ECUs with OEMs network
New OEM Responsibilities and Possibilities
50© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Research Bodies Role
Traditionallydevelop solution approaches for technical problemsare used to industry requesting their helpdevelop foundations for EDA tools
AUTOSAR:an entire community with an obvious problem ...... long time not asking for direct assistance
Why is that?
51© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Industry-Research Mismatch ???
SW-C 1
runnableArunnableBrunnableC
SW-C 2
runnableYrunnableX
runnableZ
CAN HW
CANBSW
RTESIG SIG
MO
INT
SEND
SIG
Queue
MO MO
ActuatorSWCSWC-1
BSWRTE
BSWRTE
Sensor
SensorSWC
Actuator
Signal Path / Data FlowO
S
OS
OS O
STask 4
OS
complex systems,manifold dependencies
revolutionary problems
Automotive Industry
52© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Industry-Research Mismatch ???
SW-C 1
runnableArunnableBrunnableC
SW-C 2
runnableYrunnableX
runnableZ
CAN HW
CANBSW
RTESIG SIG
MO
INT
SEND
SIG
Queue
MO MO
ActuatorSWCSWC-1
BSWRTE
BSWRTE
Sensor
SensorSWC
Actuator
Signal Path / Data FlowO
S
OS
OS O
STask 4
OS
complex systems,manifold dependencies
revolutionary problems revolutionary solutions
clear semantics, well-defined interactions
Automotive Industry Research Community
53© Dr. Kai Richter, Symtavision GmbHThe AUTOSAR Timing Model - Status and Challenges ARTIST2 Workshop, 23.3.06 Innsbruck
Conclusion
Timing is "quite new" to automotive industry (esp. OEMs)SW architecture view not sufficient to capture timingMust take into account the execution platform systematically, is complexNeeds formal models -> EDA Tools -> confident usersAllows engineers to reason about alternativesNeed to come:
SW engineering view enhancementsbetter (more systematic) platform mechanisms / basic softwaremore flexible design rulesrevised “way of thinking” (especially for OEMs)