Timing Analysis for Verification of Network Architectures. Timing Analysis



Similar documents
From Signal Routing to complete AUTOSAR compliant CAN design with PREEvision (II)

User-friendly Configuration of AUTOSAR ECUs with Specialized Software Tools

FlexRay A Communications Network for Automotive Control Systems

Development of AUTOSAR Software Components within Model-Based Design

Plug and Play Solution for AUTOSAR Software Components

Beschleunigen Sie die Entwicklung Ihrer Embedded Software mit Dienstleistungen von Vector

In networking ECUs in heavy-duty vehicles, it is the J1939 protocol that. plays a key role. J1939 networks are based on the CAN bus (high-speed

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

Using big data in automotive engineering?

Do AUTOSAR and functional safety rule each other out?

EBERSPÄCHER ELECTRONICS automotive bus systems. solutions for network analysis

AutoSAR Overview. FESA Workshop at KTH Prof. Jakob Axelsson Volvo Cars and Mälardalen University

EHOOKS Prototyping is Rapid Again

Collaboration Workshop. Dr. Ralf Münzenberger, Managing Director Professional Services Uwe Brodtmann, CEO

Virtual Integration and Consistent Testing of Advanced Driver Assistance Functions

Validating Diagnostics in Early Development Stages

Standardized software components will help in mastering the. software should be developed for FlexRay were presented at

Embedded OS. Product Information

Vorlesung Kommunikationsnetze Fieldbus Systems

Introduction to RACE FUELS Hans-Christian von der Wense Munich, Germany

isolar Integrated Solution for AUTOSAR

Configuration management in AUTOSAR

A Mock RFI for a SD-WAN

174: Scheduling Systems. Emil Michta University of Zielona Gora, Zielona Gora, Poland 1 TIMING ANALYSIS IN NETWORKED MEASUREMENT CONTROL SYSTEMS

Herstellerinitiative Software (OEM Initiative Software)

Predictable response times in event-driven real-time systems

Customer Specific Wireless Network Solutions Based on Standard IEEE

Laboratory Course Industrial Automation. Experiment Nr. 6. Introduction to the FlexRay bus system. Brief User Guide CANoe

Research of PROFIBUS PA s integration in PROFINET IO

AUTOMATION OF THE DATA MANAGEMENT PROCESS WITHIN THE FIELD OPERATIONAL TEST EUROFOT

Model Based E/E Architecture Development at Daimler

Efficient and Faster PLC Software Development Process for Automotive industry. Demetrio Cortese IVECO Embedded Software Design

Using Fuzzy Logic Control to Provide Intelligent Traffic Management Service for High-Speed Networks ABSTRACT:

Software Stacks for Mixed-critical Applications: Consolidating IEEE AVB and Time-triggered Ethernet in Next-generation Automotive Electronics

Real-Time Systems Hermann Härtig Real-Time Communication (following Kopetz, Liu, Schönberg, Löser)

1394 Bus Analyzers. Usage Analysis, Key Features and Cost Savings. Background. Usage Segmentation

AUTOSAR Software Architecture

Safety compliance. Energy management. System architecture advisory services. Diagnostics. Network topologies. Physical and functional partitioning

The Economics of Cisco s nlight Multilayer Control Plane Architecture

Clearing the Way for VoIP

Managing Variability in Software Architectures 1 Felix Bachmann*

Challenge of Ethernet Use in the Automobile

An Automated Model Based Design Flow for the Design of Robust FlexRay Networks

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

Chip simulation of automotive ECUs

White Paper Utilizing Leveling Techniques in DDR3 SDRAM Memory Interfaces

Multiagent Control of Traffic Signals Vision Document 2.0. Vision Document. For Multiagent Control of Traffic Signals. Version 2.0

Simple and error-free startup of the communication cluster. as well as high system stability over long service life are

EB TechPaper. Test drive with the tablet. automotive.elektrobit.com

An Automated Data Structure Migration Concept - From CAN to Ethernet/IP in Automotive Embedded Systems (CANoverIP)

Managing the Product Configuration throughout the Lifecycle

AUTOSAR Configuration Process - How to handle 1000s of parameters

CONDIS. IT Service Management and CMDB

LIN (Local Interconnect Network):

Hardware in the Loop (HIL) Testing VU 2.0, , WS 2008/09

Systems Engineering: Development of Mechatronics and Software Need to be Integrated Closely

Application of Software Watchdog as a Dependability Software Service for Automotive Safety Relevant Systems

Quick Introduction to CANalyzer Version Application Note AN-AND-1-110

Outsourcing Manufacturing: A 20/20 view

Software Production. Industrialized integration and validation of TargetLink models for series production

Safe Automotive software architecture (SAFE)

IFS-8000 V2.0 INFORMATION FUSION SYSTEM

Project description. Power Electronics for Reliable and Energy efficient Renewable Energy Systems

Model-based Testing of Automotive Systems

The OSI model has seven layers. The principles that were applied to arrive at the seven layers can be briefly summarized as follows:

OSI Layers in Automotive Networks

Innovate and Grow: SAP and Teradata

EBERSPÄCHER ELECTRONICS automotive bus systems

With Bosch Software Innovations ConnectedManufacturing Solutions.

Model Based System Engineering (MBSE) For Accelerating Software Development Cycle

TRANSPORT SERVICE. RFID Vehicle Outbound Logistics Management Case Study

Opportunities and Challenges in Software Engineering for the Next Generation Automotive

AUTOSAR Safety Solutions for Multicore ECUs and ADAS Systems. Robert Leibinger 5 th June 2015

In-Vehicle Networking

Public trainings, In-house seminars, webinars Personal qualification on ISO 26262

REFERENCE. Project P&O Ports Antwerpen. ms Neumann Elektronik GmbH. Systemhersteller und Systemintegrator für Informations- und Sicherheitstechnik

Question: 3 When using Application Intelligence, Server Time may be defined as.

Evaluation of Supply Chain Management Systems Regarding Discrete Manufacturing Applications

Comparison of FlexRay and CAN-bus for Real-Time Communication

Influence of Load Balancing on Quality of Real Time Data Transmission*

The Benefits of PLM-based CAPA Software

ACHIEVING FUNCTIONAL SAFETY OF AUDI DYNAMIC STEERING USING A STRUCTURED DEVELOPMENT PROCESS

PART III. OPS-based wide area networks

High Availability Failover Optimization Tuning HA Timers PAN-OS 6.0.0

Smart Testing of Smart Charging

How To Provide Qos Based Routing In The Internet

Achieving Nanosecond Latency Between Applications with IPC Shared Memory Messaging

Linear Motion and Assembly Technologies Pneumatics Service. Industrial Ethernet: The key advantages of SERCOS III

Research on Video Traffic Control Technology Based on SDN. Ziyan Lin

AUTOSAR Seminar WS2008/ Assignment: Simulation of Automotive Systems in the Context of AUTOSAR

What You Will Learn About. Computers Are Your Future. Chapter 8. Networks: Communicating and Sharing Resources. Network Fundamentals

Possible Applications

APPLICATION OF ADVANCED SEARCH- METHODS FOR AUTOMOTIVE DATA-BUS SYSTEM SIGNAL INTEGRITY OPTIMIZATION

Advanced Operating Systems (M) Dr Colin Perkins School of Computing Science University of Glasgow

secure intelligence collection and assessment system Your business technologists. Powering progress

Dr. Ulrich Lauff, Dr. Kai Pinnow, and Dipl.-Ing. Florian Schmid. New Tools and Methods for Validation and Calibration

Transcription:

for Verification of Network Architectures In order to evaluate EE architectures regarding their timing and resource requirements, the knowledge of the required attributes and properties plays an important role. To be able to carry out conclusive evaluations, a standardized data exchange between the tools and a sufficient amount of timing information is necessary. Based on their research and preliminary development of future EE architectures, Daimler and Symtavision enable the OEM to develop a better understanding for the increasing significance of timing-analysis through a new method. 22

1 Introduction 2 Approach The Authors An E/E architecture should neither be over-dimensioned (too costly) nor underdimensioned (unreliable). In this context, the architectures timing behavior and the systems resource requirements become more and more important as additional evaluation criteria. These challenges are addressed systematically at Daimler. The methodology is described in this article. One possible methodology component is Symtavision s tool SymTA/ S [3] which can be used for the prediction, verification, and optimization of real-time behavior and resource requirements. Based on current problems in the field of time and resource requirements, an approach for the evaluation method in the early E/E architecture stage is illustrated step by step. The required data as well as the tool-chain are presented. Subsequently, a first-hand example is described. In the summary, the authors discuss experiences and introduce next steps. Timing behavior and resource requirements are relevant both for the validation and design of individual components/ busses as well for the system architecture. Figure 1 exemplifies the characteristics of a network architecture that can be validated through timing analysis. The individual characteristics are illustrated in more detail in the following. CAN bus: Currently, CAN-busses are loaded near their bandwidth limits more and more often. The consequences are increasing jitters and higher maximum transmission latencies to the point of message loss. Therefore, it has to be verified that frame deadlines (mostly their periods) are met. The identification of optimization potential is another point that is becoming more and more significant. Flexray: Also, the paradigm shift from CAN dominated communication (event triggered) to a heterogeneous bus topology requires a very profound observation of the timing behavior. Hereby, the correct realization of the requirements in Matthias Traub works as postgraduate in the devision EE architekture & standards, Group Research & Advanced Engineering at Daimler AG in Böblingen Dr. Vera Lauer is team leader advanced EE concepts and technologies, Group Research & Advanced Engineering at Daimler AG in Böblingen Thomas Weber devsion manager EE architecture & standards, Group Research & Advanced Engineering at Daimler AG in Böblingen Dr. Marek Jersak is founder and CEO of Symtavision GmbH in Braunschweig Dr. Kai Richter is founder and CTO of Symtavision GmbH in Braunschweig Prof. Dr.-Ing. Jürgen Becker is head of Institut für Technik der Informationsverarbeitung and also prorector for study and teachings at the University of Karlsruhe Figure 1: Characteristics of a network architecture that can be validated through timing analysis 23

Figure 2: Tool chain for timing analysis during the architecture stages [8] the ECU itself [9] and their consideration for bus design as well as gateway configuration play an important role. Gateways are key architecture components. Their evaluation and verification is very important for a robust communication. With the introduction of Autosar [1], a new routing core is used that has to be verified from the system architecture s point of view. More and more, gateway systems are integrated on an ECU (a micro controller) together with applications. Hereby, the correct execution of the application and routing tasks is to be verified. End to end path: Due to increasingly distributed functions, information on the delays along end-to-end signal paths are required more and more often. Especially in the area of driver assistance systems, it is often the case that information from various ECUs is requested by a central master unit. These data have to be delivered within a certain time (deadline) after the request. These issues can be addressed from two perspectives: the OEM s and the supplier s perspective. The most important questions will be summarized in the following. 2.1 OEM s Perspective From the OEM s perspective, the following central tasks are relevant (listed according to the development stage): E/E architecture: selection of functions and mapping to the ECUs, selection of processors, estimation of communication, and selection of suitable bus systems. Networking: signal-to-frame mapping, configuration of fundamental bus parameters (bus speed, priorities for CAN, slots for FlexRay, etc), configuration of the gateway systems. ECUs: specification of the requirements for application, basic software (BSW), gateways, and communication (COM). Integration: verification of real-time requirements up to the point of functional safety verification on the module and system level. The resulting added value for the OEM: Reliable information on timing behavior and use of resources already in the design stage of E/E architectures. Cost optimization through reliable system operation near their performance limits or with known reserves for future extensions. Proving functional safety through the verification of timing requirements 2.2 Supplier s Perspective From the supplier s perspective, the following points play an important role during the development process: Module level: selection of processor, determination of the task scheme, function distribution onto tasks Function implementation and verification of function execution times Module integration: analyzing of task runtimes, finding and elimination of critical points of operation The resulting added value for the supplier: Support of the OEM in the E/E architecture stage Cost optimization through optimum processor selection Provision of verifiable proof that the OEM s timing requirements are met. 3 Methodology for the Architecture Stage The OEM designs and configures the E/E architectures. Often, some parts are designed in cooperation with suppliers. At Daimler, the description of an E/E architecture is done in a formal notation using a consistent data model specified in Aquintos [4] tool PREEvision [5]. The aspects (function structure, function network, hardware architecture, and topology) of an E/E architecture can be modelled at different levels. On one hand, this approach enables different views on an E/E architecture, on the other hand it ensures a consistent system model. Figure 3: Results for the response time calculation on the CAN-bus, with and without additional timing information 24

During the design stage of E/E architectures, the following issues have to be analyzed (among others): integration of new functions on existing ECUs, minimizing the number of ECUs, optimal mapping of functions, selection of bus systems, optimization of topologies through the use of new technologies (e.g. FlexRay replacing CAN). In this context, the E/E architect needs a first estimation regarding the resource requirements and timing behavior. To clarify these matters, metrics (e.g. the average bus load), simulation or analysis methods which take the system dynamics into account can be applied. Metrics enable early and fast signal evaluations, but cannot provide sufficient information on the system s behavior in the multitude of possible operating situations. Through simulation, temporal distributions and occurrence frequencies can be determined. However, In order to simulate, firstly an executable system model is needed, and secondly, a sufficiently representative set of test patterns is required so that the simulation results are reasonable. Both the system model and the test patterns are usually not available in the concept stage of E/E architectures. Analytical methods [10] are far more productive. They are able to efficiently and reliably determine the upper bound of e.g. execution times or the maximum resource requirements based on models. These models can already be created in early design stages. In particular, it is possible to compare various assumptions. That way, effects become visible especially in the areas with uncertainties, so that risk, respectively optimization potentials, can be identified early. Due to the efficient implementation of these analyses, they can be used to optimize architectures quickly and systematically. Analytical methods also enable calculating distributions. However, for the evaluation and the comparison of E/ E architectures, especially the upper bounds play a significant role for design decisions. Due to the stated reasons, the analytical method is used for the evaluation. Symtavision s tool SymTA/S was used to gain first analysis experiences. 3.1 Tool Chain At Mercedes-Benz, the E/E concept tool is integrated in the tool-chain used for E/E development [6] and is among others used to model network architectures. The initial network information is based on data from current series vehicles, Figure 2 (middle path). With this framework, the E/E architect integrates new innovations (see upper path in Figure 2) for future vehicle series into the model and creates various architecture variants. To verify the timing behaviour and the compliance with timing constraints for the architecture variants, the data is exported from the E/E concept tool and is imported into the timing analysis tool. The formats mentioned in section 3.2 are used for the data exchange. In order to extend the analysis with additional timing information [7] (e.g. offsets [11], jitter, etc.) and to improve the quality of the results, further data from existing vehicle architectures is extracted (see lower path bypass in Figure 2) and used for the analysis. The analyses can be evaluated through generated reports. Alternatively, the results of the tool can be evaluated systematically, e.g. with Excel. 3.2 Data Exchange Various exchange formats are available for the data exchange between the used tools. At Mercedes-Benz, currently DBC is used for CAN and LDF is used for LIN. The data exchange between PREEvision and SymTA/S in the architecture stage is currently carried out via Fibex. Future communication architectures will be described completely in Autosar 3.0. Tool communication will be carried out through this format, too. Other tools can be easily integrated into the process through standardized interfaces. 4 Practical Examples In the following, two examples will illustrate the practical use. The first example focuses on the refinement of the network model through additional timing information. The second example describes evaluating the timing behavior of two networking alternatives through an endto-end signal path. 4.1 Timing Behavior of the CAN Bus Currently, CAN busses are loaded near their bandwidth limits more and more often, so that a simple bus load evaluation during the design stage is not sufficient anymore. The analysis model requires additional timing information in order to accurately calculate the timing behavior. For the following example, a body-can with 125 kbit/s is used. The calculation results are improved significantly especially in the upper ID area due to the additional information, Figure 3. In particular, the consideration of ECU offset tables (simultaneous sending of messages is reduced) contributes to this. 4.2 End to End Path Analysis Due to the increased use of driver assistance systems, it becomes more and more important to determine end-to-end execution times. Therefore, the second example shows the calculation of such an end-to-end signal path for two network architecture variants. For the two variants, the following paths apply: Variant 1: ECU1-CAN1-Gateway-CAN2- ECU2 Variant 2: ECU1-FlexRay-Gateway- CAN2-ECU2. The modelling of the variants is carried out in the architecture tool. The interface described in chapter 2.2 provides its data to the timing analysis tool. After the modelling, respectively the import of additional timing information, both variants can be analyzed. The end-to-end path latency to be evaluated for variant 1 is shown in Figure 4 (ECU1-CAN-Gateway-CAN-ECU2). The maximum execution + communication time (latency) is 3.9 ms. Both CAN buses contribute the major part of the latency due to bus arbitration. In this example, the relevant message (Frame6) on CAN1 can be delayed by one lower-priority message and up to two higher-priority messages. On CAN2, there are four higher-priority messages. This worst case is very well traceable through the Gantt charts generated by SymTA/S. In variant 2, CAN1 is replaced by FlexRay. The communication goes from FlexRay to CAN2, this means, from the faster to the slower medium. At the gateway, there is a transition from a synchronous to an asynchronous bus. In this case, simply speaking, the gateway is able to write the received frame directly into the sender-side register. Only the arbitration on CAN2 causes a higher delay, Figure 5. 25

Figure 4: Exemplary end-to-end path for variant 1(ECU1-CAN1-Gateway- CAN2-ECU2) Figure 5: Exemplary end-to-end path for variant 2 (ECU1-FlexRay-Gateway- CAN2-ECU2) Now, the maximum runtime is 3.4 ms (compare variant 1: 3.9 ms). A prerequisite is that the task on ECU1 is synchronized with the FlexRay schedule. Such and additional timing issues are relevant in the architecture concept phase and can be evaluated and appraised the way it is described in this article. 5 Summary In order to evaluate E/E architectures regarding their timing and resource requirements, it is indispensable to understand which attributes and properties are necessary. For the evaluation during the design stage, a sufficient amount of timing information is required. Furthermore, mapping rules are necessary in order to completely describe the communication behaviour. To be able to efficiently supply information on timing during the design stage, an integrated tool and information chain is required. The interpretation of the generated results provides an important contribution to an improved understanding of the system architecture. Occuring overestimations have to be identified and considered. In the future, time and resource requirements will become more and more important as design criteria during all development stages of an E/E architecture. The approach described in this article is a significant contribution to the understanding of timing behavior. In addition, it makes it possible to identify optimization potentials for existing E/E architectures. 6 Outlook Through the use of new technologies (e. g. Multicore, IP based communication), other concepts for future network architectures are possible. To evaluate them soundly, time and resource analyses provide an important contribution. Autosar will enable the description of timing requirements and behavior on the system level from version 4.0 onwards. The TIMMO project [2] addresses further topics in this context. Future activities will focus on: Interface extension using Autosar 3.0 Elimination of gaps in order to enable a fully integrated use of the methodology, e.g. for tool coupling and the integration into the E/E development process Realization of a comprehensive Gateway model Research on how the cooperation between OEM and supplier regarding timing can be improved. References [1] Autosar Partnership: www.autosar.org Jondral [2] TIMMO Project: www.timmo.org Jondral [3] Symtavision GmbH: www.symtavision.com [4] Aquintos GmbH: www.aquintos.com [5] Dr. Ringler T., Dr. Simons M., Beck R.: Ein Ansatz für den werkzeuggestützten Entwurf von Elektrik-/ Elektronik-Architekturen. In ATZ (2007), N 10, p. 232-232 Jondral [6] Prof. Becker J. et al.: Standards for Electric/Electronic Components and Architectures. Convergence Conference in Detroit (USA), October 2008 Jondral [7] Traub M., Dr. Lauer V., Prof. Becker J.: Verfahren zur Bewertung von Gateway-Systemen und Vernetzungsarchitekturen in den verschiedenen Phasen des Entwicklungsprozesses. Elektronik im Kraftfahrzeug Conference in Dresden (Germany), June 2009. [8] Traub M. et al.: Using timing analysis for evaluating communication behavior and network topologies in an early phase of automotive electric/electronic architectures. SAE Conference in Detroit (USA), April 2009 Jondral [9] Dr. Richter K.: Potentiale von FlexRay optimal nutzen,part 1. In Elektronik Automotive (2008), Nr. 09 2008, p. 42-45 Jondral [10] Liu C. et al.: Scheduling algorithms for multiprogramming in hard real-time environment. In Journal of ACM (1973), N 20(1), p. 46-61 Jondral [11] Tindell K.: Adding time-offsets to Schedulability analysis. In Technical Report YCS (1994), N 221 Jondral 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information