Standardized Runtime platforms and component integration AutoSAR and ARINC653

Similar documents
AUTOSAR Software Architecture

AUTOSAR Runtime Environment and Virtual Function Bus

ARINC 653. An Avionics Standard for Safe, Partitioned Systems

System Software and TinyAUTOSAR

BMW Car IT GmbH. AUTOSAR - First Experiences and the Migration Strategy of the BMW Group

AutoSAR Overview. FESA Workshop at KTH Prof. Jakob Axelsson Volvo Cars and Mälardalen University

An introduction to AUTOSAR

Seminar Automotive Open Systems Architecture

From Signal Routing to complete AUTOSAR compliant CAN design with PREEvision (II)

Safety and Security Features in AUTOSAR

Safety and security related features in AUTOSAR

ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0

Configuration management in AUTOSAR

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

AUTOSAR Configuration Process - How to handle 1000s of parameters

Notes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote.

User-friendly Configuration of AUTOSAR ECUs with Specialized Software Tools

Hardware-independent Software Development

Standardized software components will help in mastering the. software should be developed for FlexRay were presented at

Software Components for Reliable Automotive Systems

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG , Moscow

AUTOSAR Handbook KPIT Technologies Ltd. CAN. Customizable HIS-MISRA. Configuration OSEK. Mode. Training ISO Management VCI

isolar Integrated Solution for AUTOSAR

The evolving ARINC 653 standard and it s application to IMA

Do AUTOSAR and functional safety rule each other out?

Real-time Operating Systems. VO Embedded Systems Engineering Armin Wasicek

Vehicular On-board Security: EVITA Project

Evaluation Environment for AUTOSAR Autocode in Motor Control Units

Embedded OS. Product Information

Technical Data Sheet SCADE R17 Solutions for ARINC 661 Compliant Systems Design Environment for Aircraft Manufacturers, CDS and UA Suppliers

2.1 What are distributed systems? What are systems? Different kind of systems How to distribute systems? 2.2 Communication concepts

Safe Automotive software architecture (SAFE) WP3 Deliverable D3.6.b: Safety Code Generator Specification

Architectures and Platforms

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions

Automotive Software Engineering

A distributed approach to File Management in IMA2G

Linux A multi-purpose executive support for civil avionics applications?

ARINC-653 Inter-partition Communications and the Ravenscar Profile

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Universal Flash Storage: Mobilize Your Data

Product Information Services for Embedded Software

Embedded/Real-Time Software Development with PathMATE and IBM Rational Systems Developer

Protocols and Architecture. Protocol Architecture.

Plug and Play Solution for AUTOSAR Software Components

ARINC Specification 653 Based Real-Time Software Engineering

Chapter 11 I/O Management and Disk Scheduling

Embedded Component Based Programming with DAVE 3

Tackling the Complexity of Timing-relevant Deployment Decisions in Multicore-based Embedded Automotive Software Systems Rolf Schneider, AUDI AG

Principles of a Vehicle Infotainment Platform

Experience with the integration of distribution middleware into partitioned systems

AFDX/ARINC 664 Concept, Design, Implementation and Beyond

Trends in Embedded Software Engineering

How to design and implement firmware for embedded systems

Mentor Embedded Automotive Solutions

POSIX. RTOSes Part I. POSIX Versions. POSIX Versions (2)

STM32JAVA. Embedded Java Solutions for STM32

A Data Centric Approach for Modular Assurance. Workshop on Real-time, Embedded and Enterprise-Scale Time-Critical Systems 23 March 2011

Freescale Semiconductor, I

AUTOSAR Seminar WS2008/ Assignment: Simulation of Automotive Systems in the Context of AUTOSAR

Mixed-Criticality Systems Based on Time- Triggered Ethernet with Multiple Ring Topologies. University of Siegen Mohammed Abuteir, Roman Obermaisser

Freescale Leadership in Driving Standards. Customer Relationships. Long-term Global Presence. Broadest Automotive MCU Product Portfolio

Intecs S.p.A. AUTOSAR Conformance Testing: an overview

MCA Standards For Closely Distributed Multicore

Java and the Internet of Things

Philosophy of GIMnet

Conference on. Model-Based Validation of In-Vehicle Networks

Chapter 13 Embedded Operating Systems

Development of AUTOSAR Software Components within Model-Based Design

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

Open Source Implementation of Hierarchical Scheduling for Integrated Modular Avionics

Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication

What Is the Java TM 2 Platform, Enterprise Edition?

Performance Comparison of RTOS

In-Vehicle Networking

Digital Advisory Services Professional Service Description Network Assessment

CME: A Middleware Architecture for Network-Aware Adaptive Applications

KURA M2M/IoT Gateway. reducing the distance between embedded and enterprise technologies. Tiziano Modotti, October 28 th, 2014

NXP s Solution to ecall Brussels, October 19 th, 2010

Presented by: Jens Svensson, Volvo 3P. Volvo Group

Manjrasoft Market Oriented Cloud Computing Platform

Bluetooth 4.0 Solutions for Apple ios Devices. Bluegiga Technologies

ELEC 5260/6260/6266 Embedded Computing Systems

irods and Metadata survey Version 0.1 Date March Abhijeet Kodgire 25th

Methods and Tools For Embedded Distributed System Scheduling and Schedulability Analysis

Local Interconnect Network Training. Local Interconnect Network Training. Overview

AUTOSAR Safety Solutions for Multicore ECUs and ADAS Systems. Robert Leibinger 5 th June 2015

Project Development Plan

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

Programación de Sistemas Empotrados y Móviles (PSEM)

Von der Hardware zur Software in FPGAs mit Embedded Prozessoren. Alexander Hahn Senior Field Application Engineer Lattice Semiconductor

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

How do Users and Processes interact with the Operating System? Services for Processes. OS Structure with Services. Services for the OS Itself

Advanced Electronic Platform Technologies Supporting Development of Complicated Vehicle Control Software

A Lightweight Framework for Testing Safety-critical Component-based Systems on Embedded Targets

Distributed Realtime Systems Framework for Sustainable Industry 4.0 applications

A Case Study of Application Development and Production Code Generation for a Telematics ECU with Full Unified Diagnostics Services

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

I can make just such ones if I had tools, and I could make tools if I had tools. -Eli Whitney

CGI-based applications for distributed embedded systems for monitoring temperature and humidity

Transcription:

Standardized Runtime platforms and component integration AutoSAR and ARINC653 Ákos Horváth András Balogh Dept. of Measurement and Information Systems Budapest University of Technology and Economics Department of Measurement and Information Systems

Abstract The goals of standardization can be to help with independence of single suppliers (commoditization), compatibility, interoperability, safety, repeatability, or quality. 2

AutoSAR o Overview o High-level design flow o s o Runtime Environment Agenda ARINC 653 3

History AUTomotive Open System ARchitecture Started in 2002 BMW, Bosch, Daimler, Conti, VW, + Siemens Industrial standardization group o Current standard version: 4.0 (end 2009) o Currently we use 3.1 (end 2008) Members: OEMs, Tool vendors, Semiconductor manufacturers Europedominated Scope o Modeling and implementation of automotive systems o Distributed o Real-time operating system o String interaction with HW and environment Out of scope o GUI, Java, internet connectivity, File systems, Entertainement systems, USB conncetivity etc. 4

Key Concepts of AutoSAR A standard runtime architecture o component-oriented o layered o extensible New functionalities New components (component implementations) o all major interfaces standardized o Standardized Run Time Environment (RTE) A standard modeling and model interchange approach o follows the principles of model-driven design o supports the interchange of designs o supports the collaborative development Between different developers, Teams, And even companies Conformance test framework o assuring the conformance to the standard o Still evolving new in version 4.0 5

High-level design flow 6

High-level design process High-level SW modeling Model (VFB) High-level software modeling Definition of components component ports port interfaces data types logical Result VFB-level software model

High-level design process High-level SW modeling Detailed Design Internal Behavior Model (VFB) Detailed component design Specification of component internal behavior functional breakdown implementation/use of ports Non-AutoSAR specification of detailed behavior any tool can be used UML Simulink etc. Result AutoSAR component internal behavior model Non-AR: behavioral models/design

High-level SW modeling Detailed Design High-level design process Internal Behavior Model (VFB) ECU resource model High-level HW modeling High-level hardware modeling Specification of ECU resources CPU memories peripherals communication hw system topology ECU instances clusters connections Result ECU resource model for all ECUs System topology model

High-level SW modeling Detailed Design High-level design process Internal Behavior Model (VFB) HW/SW integration component allocation communication mapping configuration scheduling System model ECU resource model High-level HW modeling Hardware-software integration mapping software component allocation component implementation selection data-element to signal mapping inter-ecu communication communication configuration signal to PDU mapping PDU to frame mapping Signal, PDU, Frame triggering Cluster and controller configuration Frame scheduling (LIN, FlexRay) Result System model describing the integrated HW/SW system

High-level SW modeling Detailed Design High-level design process Internal Behavior Model (VFB) HW/SW integration component allocation communication mapping configuration scheduling ECU resource model High-level HW modeling implementation Impl. files Impl. Impl. files files System model implementation Implemeting all components automatically TargetLink Simulink Realtime workbench SCADE etc. manually Result implementation of the components C/C++/

High-level SW modeling Detailed Design High-level design process Model (VFB) HW/SW integration ECU configuration component allocation Internal Configuring all basic software modules communication based Behavior on the system model mapping for each ECU separately configuration Result scheduling ECU configuration model implementation System model ECU resource model ECU configuration High-level HW modeling Configuration model Impl. files Impl. Impl. files files

High-level SW modeling Detailed Design High-level design process Internal Behavior Model (VFB) HW/SW integration component allocation communication mapping configuration scheduling ECU resource model High-level HW modeling implementation Impl. files Impl. Impl. files files System model BSW configuration generation Configuration generation for basic software from the configuration model Result Configuration files (c,h) Generated modules/module fragments ECU configuration BSW config files Configuration model Code generation

High-level SW modeling Detailed Design High-level design process Model (VFB) HW/SW integration Compilation and linking component allocation Internal Building and linking all sources communication application Behavior component implementations mapping basic software modules configuration BSW configuration files scheduling Result Deployable binary file implementation System model ECU resource model ECU configuration High-level HW modeling Configuration model Impl. files Impl. Impl. files files Compiling Linking BSW config files Code generation Binary

Models in the design flow Software Template o s, ports, interfaces o Internal behavior o Implementation (files, resource consumption, run time, etc.) ECU Resource Template o Hardware components, interconnections System Template o System topology, HW/SW mapping o Comm. matrix

Models in the design flow 2 Basic Software Module Template o BSW modules Services Schedulable entities Resource consumption ECU Configuration Parameter Definition Template o Configurable paramters of BSW modules ECU Configuration Description Template o Actual configurations of BSW modules o Based on the ECU Parameter Definition

AutoSAR vs. UML/SysML/... modeling AutoSAR defines models with o Domain Specific Constructs o Precise syntax o Synthesizable constructs Direct model -> transformations Direct model -> detailed model mappings o Different abstraction levels From Virtual Function Bus to configuration Result o Models are primary design and implementation artifacts More precise, consistent modeling should be done

AutoSAR s 18

-oriented design What is a component? o A component is a self contained, reusable entity that encapsulates a specific functionality (and/or data), and communicates with other components via explicitly defined interfaces. AutoSAR uses the term component for application-level components o Elements related to the high-level functionality of the system under design Basic software (middleware) components are called modules. o Standard elements of the AutoSAR architecture

-based approach <<interface>> SenderReceiver1 dataelement1 dataelement2 Encapsulates a specific functionality Different kinds Composite component hierarchical refinement Application SW component generic, high level functionality Sensor/actuator SW-C handling sensor or actuator data ECU HW abstraction higher level device driver and abstraction ComplexDeviceDriver time-critical, low-level driver Calibration parameter SWC collects system calibration parameters Service SWC represents a basic software module from the service layer

-based approach Ports The only interaction points between the component and its environment Are implementing port interfaces sender receiver (message-based unidirectional communication) client-server (remote procedure call) <<interface>> SenderReceiver1 dataelement1 dataelement2

-based approach port notation Receiver port Sender port Server port Client port Service port To Basic Software (BSW) Module services Inverted image

interconnection the Virtual Functional Bus A B C X Virtual Functional Bus Virtual Functional Bus (VFB) Abstract interconnection layer Implementation of data/control transport between components No hardware/network dependency Hides the details of the implementation Allows high-level integration and simulation of components Before hardware architecture is chosen....

Software s On high-level, atomic components are black boxes Detailed design looks into these black boxes Main goals o Detail the behavior to get schedulable entities o Specify the semantics of port handling o Specify any service needs o Specify any RAM, nvram needs

Refinement of a component Black box definition of a component Definition of component internal behavior Schedulable entities, connections to the ports Comp.c Comp.h implementation. Specification of source and header files

internal behavior Specification of the internals of an atomic SWC Schedulable elements o Called: runnable entities Connection of ports o Port semantics o Port API options Inter-runnable communication Runnable activation and events

internal behavior runnable entities Smallest code-fragments considered by RTE Subject to scheduling by the OS Abstraction of a schedulable function Communicates o Using the SWC ports o Using inter-runnable communication facilities Is activated by o An RTE event Communication-related event Timing event

Run Time Environment 28

AutoSAR Runtime Architecture Software architecture of a single ECU Layered approach o Application software o Runtime Environment (RTE) Implementation of the VFB o Basic software modules Platform services Device drivers Operating system Standardized

AutoSAR Architecture layered view Application Layer AUTOSAR Runtime Environment (RTE) Services Layer ECU Abstraction Layer Complex Drivers Microcontroller Abstraction Layer Microcontroller

AutoSAR Architecture layered view Application Layer AUTOSAR Runtime Environment (RTE) Microcontroller Abstraction Layer Low-level peripheral drivers Services Layer Memory devices Communication controllers Internal uc peripheral units (ADC, GPIO, PWM) ECU Abstraction Layer Complex Drivers Microcontroller Abstraction Layer Microcontroller

AutoSAR Architecture layered view ECU Application Abstraction Layer Uniformization of device access Memory devices Communication controllers Onboard devices AUTOSAR (watchdog, Runtime etc.) Environment (RTE) ECU specific hardware abstraction I/O abstraction software components Services Layer ECU Abstraction Layer Complex Drivers Microcontroller Abstraction Layer Microcontroller

AutoSAR Architecture layered view Application Layer AUTOSAR Runtime Environment Complex drivers (RTE) Custom, low level hardware manipulation Time critical components Services Layer ECU Abstraction Layer Complex Drivers Microcontroller Abstraction Layer Microcontroller

AutoSAR Architecture layered view Application Layer AUTOSAR Runtime Environment (RTE) Services Layer ECU Abstraction Layer Complex Drivers Microcontroller Services layer Abstraction Layer System services RTOS Diagnostic event handling Microcontroller ECU and COM state management Non-volatile memory Communication controllers Onboard devices (watchdog, etc.) Communication services PDU router, transport protocols, network management, COM, DCM

AutoSAR Architecture layered view Application Layer AUTOSAR Runtime Environment (RTE) Services Layer RTE Provides interconnection between ECU components Abstraction and Layer BSW orchestrates component execution manages communication manages application modes Implements the VFB Microcontroller Abstraction Layer Complex Drivers Microcontroller

AutoSAR Runtime Architecture AUTOSAR Software Application Software AUTOSAR Interface Actuator Software AUTOSAR Interface Sensor Software AUTOSAR Interface AUTOSAR Software... Application Software AUTOSAR Interface Interface AUTOSAR Runtime Environment (RTE) Standard Software API 2 VFB & RTE relevant API 1 RTE relevant API 0 API 3 Private Interfaces inside Basic Software possible Standardized Interface Operating System Standardized Interface Standardized AUTOSAR Interface Services Standardized Interface Standardized Interface Communication Standardized Interface Basic Software AUTOSAR Interface ECU Abstraction Standardized Interface Standardized Interface Microcontroller Abstraction AUTOSAR Interface Complex Device Drivers ECU-Hardware

The overall mapping process 1. step Overall System specification o Selection of implementations for the components Implicitly includes the selection of internal behavior o Selection of ECUs for the components Allocation o Mapping of data elements/operation parameters to signals For inter-ecu communication o Communication configuration Signal Isignal PDU Frame mapping Cluster and comm. Controller configuration o Result: configured system ECU Extract: a slice of the model representing elements required for a single ECU

The overall mapping process 2. step Single ECU configuration o Input ECU extract internal behavior Communication matrix (of the ECU) o OS Configuration Runnables needs to be mapped to tasks Basic tasks» Finite execution time Extended tasks» Can run forever (blocking calls required) o Events to notification mapping 38

Summary AutoSAR defines o A component-oriented system design approach Domain specific modeling language A high level design process Standard middleware (basic software) stack Standard interfaces Standard configuration descriptors AutoSAR compliant ECU software o Includes several BSW and application components o RTE provides the integration (glue) between these o Configuration and glue code is mostly auto-generated

AutoSAR o Overview o High-level design flow o s o Runtime Environment Agenda ARINC 653 40

ARINC 653 Overview ARINC 653 - Avionics Application Standard Software Interface) is a software specification for space and time partitioning in Safety-critical avionics Real-time operating systems. ARINC 653 is a specification for an application executive used for integrating avionics systems on modern aircraft It is an API of 51 routines (ARINC 653 APEX APplication Executive): time and space (memory) partitioning, health monitoring (error detection and reporting), communications via ports ARINC 653 OS and applications are typically certified per DO-178B; o different partitions can be certified to different DO-178B levels running on the same CPU 41

ARINC 653 Structure Part 1: Definition of Required Services - 1996 o Health management o Time and space partitioning o Suplement 3: corrected XML schema definition based on Boeing 787 issues (2010 Oct 6) Part 2: Extended Services - 2006 o File system, logbook, service access points Part 3: Conformity Test Specification - 2006 Part 4: Embedded profiles for small embedded systems under definition 42

Architecture Complete time and space partitioning o Integration of SW of Multiple Criticalities Portability o Abstract away underlying HW and RTOS Reusability o Resuse components Modularity o Removes HW and SW dependencies 43

ARINC 653 Key s Partitoning and scheduling Communications Health Monitoring 44

Partitions Completely deterministic time scheduling Fix cyclic scheduling Scheduling is a negotation process between o System integrator and App developers Health Monitor check for any temporal violations (jitter, deadlines) 45

Processes Runs inside a partition time jumps when partition is activated do not know about anything else Types o Periodic o Aperiodic Hard deadline o Remedial action if deadline are missed Soft deadline o Records failure and continues Health Monitor defines all actions if a deadline is missed 46

Communications Inter Partition Communication o Port channel- port o One-to-one, or one-to-n o Queuing ports Stored messages variable length FIFO or priority o Sampling ports Overwrites previous messages Fixed length Time stamped (validity time) Streaming like data is not supported 47

Communications Intra Partition Communication o Buffers FIFO o Blackboards Message is overwritten by teh next message (or clear if required) Processes can queue for a message reads lates version data on blackboard o Semaphore counting o Events For notification of condition occurance 48

Health Monitoring Defines the actions when an error occurs o Deadline missed, numeric error, illegal request, power fail, memory violation, etc. Precisely defines roles 1. Process HM error handler process Optional 2. Partition HM Memory and context belongs to Module OS but scheduled in Partition window 3. Module HM Not part of any partition higher priority than any partition Severe error if it is activated Multi role definition o o System integrator Application provider 49

Summary IMA systems are very complex o 10+ applications o 2M lines of code, 50k configuration element ARINC 653 o became the De facto avionics RTOS standard o Fits into the DO-297 concept Strong partitioning Incremental certification o Decreases the cost of change Field proven technology o Airbus 380 o Boeing 787 o Airbus 400m 50

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information