Kim J.C.,Hyundai Autron Company |
Richter K.,Symtavision |
Koo M.H.,Hyundai Autron Company |
Hagner M.,Symtavision |
Lee C.H.,Hyundai Motor Company
SAE Technical Papers | Year: 2017
Along with the efforts to cope with the increase of functions which require higher communication bandwidth in vehicle networks using CAN-FD and vehicle Ethernet protocols, we have to deal with the problems of both the increased busload and more stringent response time requirement issues based on the current CAN systems. The widely used CAN busload limit guideline in the early design stage of vehicle network development is primarily intended for further frame extensions. However, when we cannot avoid exceeding the current busload design limit, we need to analyze in more detail the maximum frame response times and message delays, and we need good estimation and measurement techniques. There exist two methods for estimating the response time at the design phase, a mathematical worst-case analysis that provides upper bounds, and a probability based distributed response time simulation. While both provide valuable information at design phase, we cannot easily measure message response times using the established bus tracing techniques because those bus traffic traces only contain the reception times of each message. Determining the response time requires knowing also the point in time this message is generated within the control unit, which is usually not possible. In this paper, we present an approach to approximate these intra-ECU message generation times in order to enable reasonable response time measurements. The approach uses a new frame-burst timing analysis that solely uses the standard bus trace information, in particular the reception times of frames. The improved method reduces the gap of estimation and measurement of timing behavior in a CAN network and enables analyzing the network timing efficiently at all phases of vehicle network developments. Copyright © 2017 SAE International.
Agency: European Commission | Branch: FP7 | Program: CP | Phase: ICT-2007.3.3 | Award Amount: 7.38M | Year: 2008
The INTERESTED project has been built to exactly match the goals defined within the Objective ICT-2007-3.3b Suites of Interoperable design tools for rapid design and prototyping, namely creating a reference open interoperable embedded systems tool-chain, fulfilling the needs of the industry for designing and prototyping embedded systemsThis project regroups a consortium of leading edge European Embedded Systems Tools Vendors, all being high tech innovatives SMEs, as well as European Major Tool Users representing several industries that are both integrating massively embedded systems and contributing to the overall competitiveness of Europe: Aerospace, Automotive, Railway and Transportation and Energy.The method followed in the project is the following:- Major Tool Users will bring their requirements for the Tool-Chain content, structuring, features, interoperability architecture and characteristics;- Cover the full scope of Embedded Systems and SW engineering disciplines, spanning: . System and Application Software Design Modelling, Verification and Code Generation . Networking and RTOS execution platforms, Hardware-Dependent Software verification and Code Generation . Timing Analysis and code execution verification- Validate the use and openness of the INTERESTED tool-chain on Industrial Validators representing key application domains for European leading industries;- Demonstrate openness and interoperability within the INTERESTED Tool-Chain of Commercial Off-The-Shelf (COTS) and Open Source tools to the benefit of the users and tool suppliers communities.In summary, INTERESTED aims at realize the first European-Wide tool reference development environment ever, validated by Major Tool Users through real-life Industrial Validators, ensuring an integrated, lower cost, highly dependable, safe and efficient development process to the benefit of critical EU industries.
Agency: European Commission | Branch: FP7 | Program: CP | Phase: ICT-2007.3.3 | Award Amount: 2.09M | Year: 2007
A large class of embedded systems has safety, availability, reliability, timing and performance requirements. Timing analysis is needed in many steps of the development process; it is a key to rapid designing and prototyping of embedded systems, to reduce system overall cost through efficient resource management (especially: tradeoffs when co-developing hardware and software), to find bottlenecks in the software, and to validate that the system meets its timing requirements. There is a growing awareness of the importance of correct timing for these systems, however, there is still a lack of efficient methods and tools for timing assessment and validation that can be used in European industry. The existing timing analysis technology by far does not exploit the potential inherent in European research results and timing tools. The ALL-TIMES project aims at combining and developing research results and timing tools currently available and thus to strengthen the European lead in the timing analysis area. The ALL-TIMES project will enable interoperability of tools from SMEs and universities, and develop integrated tool chains using open tool frameworks and interfaces. By combining research results and commercial tools, ALL-TIMES will ensure the flow of ideas from basic research to practice. ALL-TIMES will strengthen the competitiveness of several key industries in Europe, not only the automotive and aerospace areas (where partial awareness already exists) but also automation, manufacturing, robotics, medical, communication, and multimedia, and other market areas where timing is of importance.
Agency: European Commission | Branch: FP7 | Program: JTI-CP-ARTEMIS | Phase: SP1-JTI-ARTEMIS-2009-1 | Award Amount: 24.36M | Year: 2010
The proposed RECOMP (Reduced certification cost for trusted multi-core platforms) research project will establish methods, tools and platforms for enabling cost-efficient certification and re-certification of safety-critical systems and mixed-criticality systems, i.e. systems containing safety-critical and non-safety-critical components. RECOMP recognizes the fact that the increasing processing power of embedded systems is mainly provided by increasing the number of processing cores. The increased numbers of cores is commonly regarded as a design challenge in the safety-critical area, as there are no established approaches to achieve certification. At the same time there is an increased need for flexibility in the products in the safety-critical market. This need for flexibility puts new requirements on the customization and the upgradability of both the non-safety and safety-critical critical part. The difficulty with this is the large cost in both effort and money of the re-certification of the modified software, which means that companies cannot fully leverage the advantages of modular software system. RECOMP will provide reference designs and platform architectures together with the required design methods and tools for achieving cost-effective certification and re-certification of mixed-criticality, component based, multi-core systems. The aim of RECOMP is to define a European standard reference technology for mixed-criticality multi-core systems supported by the European tool vendors participating in RECOMP. The RECOMP project will bring clear benefits in terms of cross-domain implementations of mixed-criticality systems in all domains addressed by project participants: automotive systems, aerospace systems, industrial control systems, lifts and transportation systems. RECOMP will thus provide solutions that will allow European industry to increase its market share in the growing market of mixed-criticality systems.
Agency: European Commission | Branch: H2020 | Program: RIA | Phase: ICT-01-2014 | Award Amount: 5.70M | Year: 2015
SAFURE targets the design of cyber-physical systems by implementing a methodology that ensures safety and security by construction. This methodology is enabled by a framework developed to extend system capabilities so as to control the concurrent effects of security threats on the system behaviour. The current approach for security on safety-critical embedded systems is generally to keep subsystems separated, but this approach is now being challenged by technological evolution towards openness, increased communications and use of multi-core architectures. The objectives of SAFURE are to (1) implement a holistic approach to safety and security of embedded dependable systems, preventing and detecting potential attacks; (2) to empower designers and developers with analysis methods, development tools and execution capabilities that jointly consider security and safety; (3) to set the ground for the development of SAFURE-compliant mixed-critical embedded products. The results of SAFURE will be (1) a framework with the capability to detect, prevent and protect from security threats on safety, able to monitor from application level down to the hardware level potential attacks to system integrity from time, energy, temperature and data threats; (2) a methodology that supports the joint design of safety and security of embedded systems, assisting the designer and developers with tools and modelling languages extensions; (3) proof-of concept through 3 industrial use cases in automotive and telecommunications; (4) recommendations for extensions of standards to integrate security on safety-critical systems; (5) specifications to design and develop SAFURE-compliant products. The impact of SAFURE will help European suppliers of safety-critical embedded products to develop more cost and energy-aware solutions. To ensure this impact, a community will be created around the project. SAFURE comprises 7 industrial manufacturers, 4 leading universities and research centres and 1 SME.
Schmidt K.,Audi AG |
Schulze A.,Volkswagen AG |
SAE Technical Papers | Year: 2016
New technologies such as multi-core and Ethernet provide vastly improved computing and communications capabilities. This sets the foundation for the implementation of new digital megatrends in almost all areas: driver assistance, vehicle dynamics, electrification, safety, connectivity, autonomous driving. The new challenge: We must share these computing and communication capacities among all vehicle functions and their software. For this step, we need a good resource planning to minimize the probability of late resource bottlenecks (e.g. overload, lack of real-time capability, quality loss). In this article, we summarize the status quo in the field of resource management and provide an outlook on the challenges ahead. Copyright © 2016 SAE International.
Ficek C.,Symtavision |
Sebastian M.,Symtavision |
Feiertag N.,Symtavision |
Richter K.,Symtavision |
And 2 more authors.
SAE Technical Papers | Year: 2013
More electronic vehicle functions lead to an exponentially growing degree of software integration in automotive ECUs. We are seeing an increasing number of ECUs with mixed criticality software. ISO26262 describes different safety requirements, including freedom from interference and absence from error propagation for the software. These requirements mandate particular attention for mixed-criticality ECUs. In this paper we investigate the ability to guarantee that these safety requirements will be fulfilled by using established (deadline monitoring) and new error detection mechanisms (execution time monitoring). We also show how these methods can be used to build up safe and efficient schedules for today's and future automotive embedded real time systems with mixed criticality software. Copyright © 2013 SAE International.
Thiele D.,TU Braunschweig |
Ernst R.,TU Braunschweig |
IEEE Vehicular Networking Conference, VNC | Year: 2016
Ethernet is considered as a future communication standard for distributed embedded systems in the automotive and industrial domains. A key challenge is the deterministic low-latency transport of Ethernet frames, as many safety-critical real-time applications in these domains have tight timing requirements. Time-sensitive networking (TSN) is an upcoming set of Ethernet standards, which (among other things) address these requirements by specifying new quality of service mechanisms in the form of different traffic shapers. In this paper, we consider TSN's time-aware and peristaltic shapers and evaluate whether these shapers are able to fulfill these strict timing requirements. We present a formal timing analysis, which is a key requirement for the adoption of Ethernet in safety-critical real-time systems, to derive worst-case latency bounds for each shaper. We use a realistic automotive Ethernet setup to compare these shapers to each other and against Ethernet following IEEE 802.1Q. © 2015 IEEE.
Feiertag N.,Symtavision |
Richter K.,Symtavision |
SAE Technical Papers | Year: 2012
The sound decomposition of system level timing requirements, including end-to-end deadlines, into local timing requirements and latency budgets is a key automotive design challenge. In this paper, we analyze the technical and organizational influences on the end-to-end deadline decomposition. We will identify and assess typical design options. From this, we provide two key contributions: First, we provide guidelines for the decomposition and the application of design rules. Secondly, we analyze the specific requirements and specialties of different use cases. The findings of this paper enable optimizations and traceability of timing requirements through the entire Electrics/Electronics (E/E) design cycle. This is a prerequisite for reliable, cost-efficient automotive system design. Copyright © 2012 SAE International.