Virtualization in Automotive Embedded Systems : an Outlook

Similar documents
Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Multicore scheduling in automotive ECUs

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

COS 318: Operating Systems. Virtual Machine Monitors

VtRES Towards Hardware Embedded Virtualization Technology: Architectural Enhancements to an ARM SoC. ESRG Embedded Systems Research Group

Do AUTOSAR and functional safety rule each other out?

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Industrial Application of MultiPARTES

Virtualization for Hard Real-Time Applications Partition where you can Virtualize where you have to

Applying Multi-core and Virtualization to Industrial and Safety-Related Applications

Full and Para Virtualization

Virtualization. Types of Interfaces

Chapter 14 Virtual Machines

Proteus, a hybrid Virtualization Platform for Embedded Systems

Multi-core Programming System Overview

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

EECatalog SPECIAL FEATURE

Satish Mohan. Head Engineering. AMD Developer Conference, Bangalore

WIND RIVER SECURE ANDROID CAPABILITY

Hardware Virtualization for Pre-Silicon Software Development in Automotive Electronics

COS 318: Operating Systems. Virtual Machine Monitors

AUTOSAR Safety Solutions for Multicore ECUs and ADAS Systems. Robert Leibinger 5 th June 2015

HIPEAC Segregation of Subsystems with Different Criticalities on Networked Multi-Core Chips in the DREAMS Architecture

Real- Time Mul,- Core Virtual Machine Scheduling in Xen

Embedded OS. Product Information

Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation

COM 444 Cloud Computing

Product Information Services for Embedded Software

Real-Time Virtualization How Crazy Are We?

Distributed and Cloud Computing

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG , Moscow

ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0

Safety and security related features in AUTOSAR

ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY

Parallels Virtuozzo Containers

Introduction to the NI Real-Time Hypervisor

Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process

December, 7th, 2015, Assises de l Embarqué

AutoSAR Overview. FESA Workshop at KTH Prof. Jakob Axelsson Volvo Cars and Mälardalen University

Principles of a Vehicle Infotainment Platform

Virtual Machine Security

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Virtualization is set to become a key requirement

Mentor Embedded IVI Solutions

Before we can talk about virtualization security, we need to delineate the differences between the

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Beschleunigen Sie die Entwicklung Ihrer Embedded Software mit Dienstleistungen von Vector

Virtualization: Hypervisors for Embedded and Safe Systems. Hanspeter Vogel Triadem Solutions AG

evm Virtualization Platform for Windows

Virtualization and the U2 Databases

The Xen of Virtualization

PCI Express IO Virtualization Overview

Development of AUTOSAR Software Components within Model-Based Design

Open Source Implementation of Hierarchical Scheduling for Integrated Modular Avionics

From Signal Routing to complete AUTOSAR compliant CAN design with PREEvision (II)

WHITE PAPER Mainstreaming Server Virtualization: The Intel Approach

PERFORMANCE ANALYSIS OF KERNEL-BASED VIRTUAL MACHINE

MultiPARTES. Virtualization on Heterogeneous Multicore Platforms. 2012/7/18 Slides by TU Wien, UPV, fentiss, UPM

AN INTEL COMPANY WIND RIVER AUTOMOTIVE SOLUTIONS

ProMoX: A Protocol Stack Monitoring Framework

FlexRay A Communications Network for Automotive Control Systems

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)

Virtualization of Wireless LAN Infrastructures

Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh

Virtualization. Dr. Yingwu Zhu

Flight Processor Virtualization

Vehicular On-board Security: EVITA Project

Chapter 5 Cloud Resource Virtualization

Enabling Technologies for Distributed Computing

Multi-domain Model-driven Development Developing Electrical Propulsion System at Volvo Cars

Cloud Computing #6 - Virtualization

A Data Centric Approach for Modular Assurance. Workshop on Real-time, Embedded and Enterprise-Scale Time-Critical Systems 23 March 2011

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

12. Introduction to Virtual Machines

AN4664 Application note

Java-based Functionality and Data Management in the Automobile. Prototyping at BMW Car IT GmbH. by Alexandre Saad, BMW Car IT GmbH, Munich/Germany

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

AUTOSAR and Linux Single chip solution Implementation of Automotive Multipurpose ECU Prototype system using hypervisor solution

Virtualization Technologies (ENCS 691K Chapter 3)

Real-time Performance Control of Elastic Virtualized Network Functions

x86 ISA Modifications to support Virtual Machines

Virtualization for Cloud Computing

Chapter 2 Addendum (More on Virtualization)

Mentor Embedded Automotive Solutions

LinuxCon/CloudOpen 2015

GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS

Virtual Hosting & Virtual Machines

Cloud Computing. Up until now

Secure Containers. Jan Imagination Technologies HGI Dec, 2014 p1

Enterprise-Class Virtualization with Open Source Technologies

Real-time Operating Systems. VO Embedded Systems Engineering Armin Wasicek

Virtualization. Pradipta De

Transcription:

Virtualization in Automotive Embedded Systems : an Outlook Nicolas Navet, RTaW Bertrand Delord, PSA Peugeot Citroën Markus Baumeister, Freescale Talk at RTS Embedded Systems 2010 Paris, 31/03/2010

Outline 1. Automotive E/E Systems: mastering complexity 2. Ecosystems of virtualization technologies 3. Automotive use-cases of virtualization 4. Limits of virtualization 2010 RTaW / PSA / Freescale - 2

Mastering complexity of automotive Electrical and Electronics (E/E) Systems 2010 RTaW / PSA / Freescale - 3

Electronics is the driving force of innovation 90% of new functions use software Electronics: 40% of total costs Huge complexity: 80 ECUs, 2500 signals, 6 networks, multi-layered run-time environment (AUTOSAR), multi-source software, multi-core CPUs, etc Strong costs, safety, reliability, time to market, reusability, legal constraints! 2010 RTaW / PSA / Freescale - 4

Proliferation of ECUs raises problems! 50 Number of ECUs (CAN/MOST/LIN) 45 40 35 30 25 20 15 10 5 0 1986 1988 1990 1992 1994 1996 1998 2000 2002 2004 2006 2008 Year Mercedes-Benz BMW Audi VW Graphics on this page from [3] Lexus LS430 has more than 100 ECUs [9] 2010 RTaW / PSA / Freescale - 5

The case of a generalist car manufacturer - PSA 45 40 35 30 25 20 CAN LAS info-div LIN CAN CAR CAN CONF CAN I/S 15 10 5 0 X4-2000 X4-2003 D2 2004 D2 TG D25 X3 X6-2005 X7-2007 W2 PF3 The number of ECUs has more than doubled in 10 years 2010 RTaW / PSA / Freescale - 6

Possible upcoming architectures in two car generations Fewer ECUs but more powerful Multi-core μ-controller Multi-source software Autosar OS strong protection mechanisms Virtualization? ISO2626-2 dependability standard Backbone : CAN 500Kbit/s with offsets FlexRay : 10 Mbit/s Ethernet? How centralized is unsure because of carry over.. FlexRay as backbone at BWM in a few years [8] 2010 RTaW / PSA / Freescale - 7

Ecosystem of virtualization technologies 2010 RTaW / PSA / Freescale - 8

Virtualization basics Executing software on virtual machines decoupled from the real HW Virtual Machine: software that executes software like a physical machine (System) VM contains an OS HW resources can be shared between VMs : role of hypervisor Strong isolation between VMs : security and fault confinement are the primary motivations Picture from [2] 2010 RTaW / PSA / Freescale - 9

Classification of virtualization schemes [3] Virtualization Emulation Native Hypoth. Machine Real Machine Full Virtua. Paravirtua. eg. JVM eg. Bochs eg. Z/VM eg. Xen, Sysgo, Wind River 2010 RTaW / PSA / Freescale - 10

2010 RTaW / PSA / Freescale - 11 Use-cases of virtualization

Heterogeneous operating system environments (1/2) Re-use of a complete legacy ECU : eg. parking assistance Benefits Time-to-market, Cost reduction Validation done Way to deal with discontinued hardware Legacy applications Legacy OS + Comm. stack Hypervisor hardware 2010 RTaW / PSA / Freescale - 12

Heterogeneous operating system environments (2/2) Using the best execution platform : eg. Body gateway with both an Autosar and an infotainment VM (eg., linux, android) Benefits Performances Availability of manpower / applications Time-to-market Security despite open systems Segregation in vehicle domains Etc VMM Picture from [2] The most obvious and likely use case in a first step 2010 RTaW / PSA / Freescale - 13

Virtualization for security-critical sub-systems Benefits: Critical code can run on bare hardware Sufficiently small for formal methods Brick-wall partitioning for open systems (OTA update) Critical code Hypervisor hardware 2010 RTaW / PSA / Freescale - 14

Short term benefits: Virtualization for safety-critical sub-systems Memory, CPU, IO protection mechanisms Redundant execution with diversity reduces common faults, possible to go one step farther with OS and com. stack diversity Monitoring / watchdog on the same multi-core chip (ideally with some HW diversity at the core level) Medium term goal: Virtual lockstep execution without dedicated HW Not the same scope of protection as Autosar OS Autosar OS : OS application, OS task, ISR Virtualization : VM (usually with an OS) 2010 RTaW / PSA / Freescale - 15

AUTOSAR OS protection mechanism - a recap (see [7]) Issues : resource confiscation (CPU, memory, drivers), non authorized access / calls, faultpropagation 5 types of mechanisms Memory protection Temporal protection OS service protection HW resource protection trusted / non-trusted code 4 scalability classes As of Autosar R4, there are multi core extensions enabling CPU core partitioning 2010 RTaW / PSA / Freescale - 16

2010 RTaW / PSA / Freescale - 17 Limits of virtualization

Real-time performances Virtualization implies a hierarchical two-level scheduling that is inherently less predictable and more complex to handle Actually, three level scheduling since runnables are scheduled within OS tasks! Picture from [2] Static core allocation (to VMs) is probably the way to go.. 2010 RTaW / PSA / Freescale - 18

Technical issues Memory: VMM footprint: < 64KB Possibly several OSs! CPU: Limited hardware support in embedded CPU [6] Preemption, L2 cache flush, locked cache Resource sharing is tricky: ISR, IOs, com. controllers Real-time performances (eg. LIN) peripheral virtualization is complex (eg. CAN) VMM must be kept small to be secure (more than guest OSs) and ideally bug free otherwise responsibility sharing is impossible 2010 RTaW / PSA / Freescale - 19

Conclusion Virtualization is a mature technology, industrial risk is limited Automotive can benefit from both aerospace / military and consumer electronic experiences: Products, certification, deployment tools, etc The overlap between virtualization and Autosar OS seems small There are meaningful use-cases but real-time behavior of the virtualized systems should be (formally) verified. 2010 RTaW / PSA / Freescale - 20

2010 RTaW / PSA / Freescale - 21 References

References [1] N. Navet, F. Simonot-Lion, editors, The Automotive Embedded Systems Handbook, Industrial Information Technology series, CRC Press / Taylor and Francis, ISBN 978-0849380266, December 2008. [2] R. Kaiser, D. Zöbel, Quantitative Analysis and Systematic Parametrization of a Two-Level Real-Time Scheduler, paper and slides at IEEE ETFA 2009. [3] T. Nolte, Hierarchical Scheduling of Complex Embedded Real-Time Systems, slides presented at the Summer School on Real-Time Systems (ETR 09), Paris, 2009. [4] G. Heiser, The role of virtualization in embedded systems, Proceedings of the 1st workshop on Isolation and integration in embedded systems, 2008. [5] D. Baldin, T. Kerstan, Proteus, a Hybrid Virtualization Platform for Embedded Systems, IFIP Advances in Information and Communication Technology, 978-3-642-04283-6, 2009. [6] F. Behmann, Virtualization for embedded Power Architecture CPUs, Electronic Products, September 2009. [7] N. Navet, A. Monot, B. Bavoux, F. Simonot-Lion, Multi-source and multicore automotive ECUs - OS protection mechanisms and scheduling, to appear in IEEE ISIE, 2010. [8] A. Schedl, Goals and Architecture of FlexRay at BMW, slides presented at the Vector FlexRay Symposium, March 2007. [9] R. Schreffler, Japanese OEMs, Suppliers, Strive to Curb ECU Proliferation, Wardsauto.com, March 6, 2006. 2010 RTaW / PSA / Freescale - 22

Questions / feedback? Please get in touch at : nicolas.navet@realtimeatwork.com bertrand.delord@mpsa.com B17517@freescale.com 2010 RTaW / PSA / Freescale - 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information