florian wandling oct 23rd 2014 7th autosar open conference · 2018-01-18 · realizing multi-core...
TRANSCRIPT
Realizing Multi-core environments
for AUTOSAR based ADAS
Florian Wandling Oct 23rd 2014
7th AUTOSAR Open Conference
Realizing Multi-core environments for AUTOSAR based ADAS
Agenda
© Elektrobit (EB), 2012 / Confidential 2
• Evolution of ECU Network Architectures
• Freedom from Interference as Safety Key for ADAS
• Software Architectures for Domain Controller
• Software Integration
• No Safety without Security
• Summary
Evolution of ECU network architectures
Current ECU Architecture
© Elektrobit (EB) 2014 3
Gateway
Body ADAS Head Unit Chassis Power Train
CAN CAN FlexRay … …
Evolution of ECU network architectures
Domain Controller Architecture – Future Concept
© Elektrobit (EB) 2014 4
Gateway Ethernet Ethernet Ethernet Ethernet Ethernet
Body ADAS Head Unit Chassis Power Train
Evolution of ECU network architectures
Current vs. Future Architectures: Main Differences
© Elektrobit (EB) 2014 5
Current Architecture
• More Computing Power / Performance
• Coexistence of different functions in one ECU
Single ADAS Systems
Traffic Jam Assistant
Parking Assistant
Brake Assistant
…
…
…
Future Domain Controller
ADAS Domain Controller
Lane Departure Warning System
0
1
2
3
4
5
6
7
8
9
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Pe
rfo
rman
ce
CPU released in Year
Evolution of ECU network architectures
The Evolution of Desktop-CPU Performance…
© Elektrobit (EB), 2014 / Confidential 6 Source: Data from c‘t 7/2014
Automotive CPUs today?
… shows us the potential of Multi-Core vs. Single-Core Systems
Realizing Multi-core environments for AUTOSAR based ADAS
Agenda
© Elektrobit (EB), 2012 / Confidential 7
• Evolution of ECU Network Architectures
• Freedom from Interference as Safety Key for ADAS
• Software Architectures for Domain Controller
• Software Integration
• No Safety without Security
• Summary
Freedom from Interference as Safety Key for ADAS
Freedom of Interference…
© Elektrobit (EB) 2014 8
Domain Controller Current Architecture
… is fundamental for a safe coexistence of functions
Network Communication Shared Runtime Environment
Independent Hardware Shared Microcontroller/ Memory
Independent Software Shared Basic Software / Operating System
Freedom of Interference (ISO26262)
Freedom from Interference as Safety Key for ADAS
Achieving Freedom from Interference
© Elektrobit (EB), 2014 9
Memory • Unintended writing to memory of
another partition • Register/Configuration corruption
Communication • Loss of communication • Insertions of messages
CPU time • Blocking of partitions • Wrong allocation of processor
execution time
Multi-Core Safety OS
Alive Supervision, Control-Flow-, Deadline Monitoring,
End to End communication protection
required SW modules
Multi-Core Safety OS
Freedom from Interference as Safety Key for ADAS
Certified Functional Safety Products
© Elektrobit (EB), 2013 10
Certified safety products are available on the automotive market.
Realizing Multi-core environments for AUTOSAR based ADAS
Agenda
© Elektrobit (EB), 2012 / Confidential 11
• Evolution of ECU Network Architectures
• Freedom from Interference as Safety Key for ADAS
• Software Architectures for Domain Controller
• Software Integration
• No Safety without Security
• Summary
© Elektrobit (EB), 2014
Multi-Core and Functional Safety
The “old” approach:
• Use a standard single core AUTOSAR system on each core.
• Use Complex Device Drivers (CDDs) to connect to the other cores
Software Architectures for Domain Controller
12
Software Architectures for Domain Controller
Independent Core Architecture (Example)
© Elektrobit (EB), 2014 13
MCU
Core1
RTE
Core0
BSW OS
Application 1
CDD
RTE
OS
Application 2
TimE TimE
Software Architectures for Domain Controller
Multi-Core Safety Architecture
© Elektrobit (EB), 2014 15
MCU
Core0 Core1
Safety OS Multi-Core
BSW
App 2a App 1b App 2b App 1a
RTE
Software Architectures for Domain Controller
A safe AUTOSAR Multi-Core operating system
© Elektrobit (EB), 2014
Advantages
• Extends existing partitioning schemes from single-core
• Same mechanisms for error detection available
• Easy migration from single-core to multi-core
• One configuration project
… already solved by EB with EB tresos Safety OS Multi-Core Open points … • How to avoid blocking
API calls to other core • Multi-Core error handling
Realizing Multi-core environments for AUTOSAR based ADAS
Agenda
© Elektrobit (EB), 2012 / Confidential 17
• Evolution of ECU Network Architectures
• Freedom from Interference as Safety Key for ADAS
• Software Architectures for Domain Controller
• Software Integration
• No Safety without Security
• Summary
Software Integration
Software Integration for Domain Controller
© Elektrobit (EB) 2014 | Confidential 18
Different software solutions from different suppliers need to be integrated on one ECU without interfering with each other opens…
… new field of Software Integration:
• Tier 1 suppliers Focus on the inner workings of their software
• Carmakers
Focus on the complete solution on network level
• Software Companies
‒ Cross Domain and Cross T1 knowledge
‒ Independent Software experts (no T1 competitor)
Software Integration
Mastering Software Integration Challenges
Requirements
Domains
ECUs
Suppliers
Functions
Specifications
Tools Data
management
Services
Processes
Realizing Multi-core environments for AUTOSAR based ADAS
Agenda
© Elektrobit (EB), 2012 / Confidential 21
• Evolution of ECU Network Architectures
• Freedom from Interference as Safety Key for ADAS
• Software Architectures for Domain Controller
• Software Integration
• No Safety without Security
• Summary
No Safety without Security
„There is no Safety without Security and vice versa“
© Elektrobit (EB), 2014 / Confidential 22
José Manuel Durão Barroso, President of the European Commission, in a speech about nuclear energy in 2012
+
SECURITY PROTECTS SAFETY
Summary
Summary
• Trend towards fewer ECUs with more functions bundled on one ECU per car domain driven by higher-capacity hardware
• Multi-Core solutions needed
• The complexity of car software is increasing and opens new concepts for software integration
• Car2Car and Car2X connectivity make automotive security to a key priority for the industry
© Elektrobit (EB), 2014 23
[email protected] automotive.elektrobit.com
Thank you Contact us!