Assessment of High-Integrity Embedded Automotive Control Systems using Hardware in the Loop Simulation.

Sensor-based driver assistance systems often have a safety-related role in modern automotive designs. In this paper we argue that the current generation of “Hardware in the Loop” (HIL) simulators have limitations which restrict the extent to which testing of such systems can be carried out, with the consequence that it is more difficult to make informed decisions regarding the impact of new technologies and control methods on vehicle safety and performance prior to system deployment. In order to begin to address this problem, this paper presents a novel, low-cost and flexible HIL simulator. An overview of the simulator is provided, followed by detailed descriptions of the models that are employed. The effectiveness of the simulator is then illustrated using a case study, in which we examine the performance and safety integrity of eight different designs of a representative distributed embedded control system (a throttle- and brake-by-wire system with adaptive cruise control capability). It is concluded that the proposed HIL simulator provides a highly effective and low-cost test environment for assessing and comparing new automotive control system implementations

Automatically Configuring Time-Triggered Schedulers for Use with Resource-Constrained, Single-Processor Embedded Systems.

This paper describes a novel two-stage search technique which is intended to support the configuration of time-triggered schedulers for use with resource-constrained embedded systems which employ a single processor. Our overall goal is to identify a scheduler implementation which will ensure that: (i) all task constraints are met; (ii) CPU power consumption is “as low as possible”; (iii) a fully co-operative scheduler architecture is employed whenever possible. Our search process is not exhaustive, and might be described as “best characteristics first” approach. We proceed iteratively, stopping the search when we have identified the first workable solution. We assume that - because we have begun the search with “best characteristics” - any schedule identified will represent a good (but not necessarily completely optimal) solution. We show that the proposed configuration algorithm is highly effective. We also demonstrate that the algorithm has much lower complexity than alternative “branch and bound” search schemes. We conclude by making some suggestions for future work in this area

Towards a generic "single-path programming" solution with reduced power consumption.

As embedded designs become more widespread and complex they tend to use more modern processors. Such processors will often include features (such as pipelines, caches, and branch predictors) which help to improve performance. While such performance improvements are welcome, they come at the price of predictability. More specifically, the use of advanced processor hardware makes it difficult to predict the worst-case execution time (WCET) of tasks. As part of an effort to address these problems, Puschner and Burns (Proc. 7th IEEE International Workshop on Object-Oriented Real- Time Dependable Systems, Jan. 2002) proposed the “single path programming paradigm”. As its name implies program code written according to this paradigm has only one execution path: this helps to ensure a constant execution time. Yet there are two problems with the techniques described by Puschner and Burns: (i) they are applicable only to hardware which supports “conditional move” or similar instructions;(ii) their balancing approach increases power consumption. In the present paper, we begin to address both of these problems with a set of novel code-balancing techniques. The effectiveness of these new techniques is explored by means of an empirical study

Automating the processes of selecting an appropriate scheduling algorithm and configuring the scheduler implementation for time-triggered embedded systems

Predictable system behaviour is a necessary (but not sufficient) condition when creating safety-critical and safety-related embedded systems. At the heart of such systems there is usually a form of scheduler: the use of time-triggered schedulers is of particular concern in this paper. It has been demonstrated in previous studies that the problem of determining the task parameters for such a scheduler is NP-hard. We have previously described an algorithm (“TTSA1”) which is intended to address this problem. This paper describes an extended version of this algorithm (“TTSA2”) which employs task segmentation to increase schedulability. We show that the TTSA2 algorithm is highly efficient when compared with alternative “branch and bound” search schemes

Supporting the migration between ‘event triggered’ and ‘time triggered’ software architectures: A small pattern collection intended for use by the developers of reliable embedded systems

Many complex embedded systems (in areas such as aerospace and defence, for example) have a long service life, typically measured in decades. During this life, planned product maintenance and upgrades will inevitably require software changes. Changes to available hardware platforms are also very common over the lifetime of such systems: this too will force some degree of software change. In addition, software for future versions of systems and new products will very rarely be created from scratch: instead, existing software will be adapted to match new requirements (such as a higher “Safety Integrity Level”). In this report, we introduce a small collection of patterns which is intended to support the migration of existing software designs to a “time triggered” architecture, in order to make the system behaviour more predictable and therefore support test and verification activities. The overall goal is to support improvements in system reliability (and – where appropriate – reduce certification effort). In the next section, we explain (briefly) the meaning of the phrase “design pattern”. We then summarise the features of the two software architectures (“event triggered” and “time triggered”) which lie at the heart of this pattern collection

Improving the performance of time-triggered embedded systems by means of a scheduler agent.

Knowledge of task execution time is a key requirement when determining the most appropriate scheduler algorithm (and scheduler parameters) for use with embedded systems. Unfortunately, determining task execution times (ETs) can be a challenging process. This paper introduces a novel system architecture which is based on two components (i) the main processor (MP) platform, containing the time-triggered (cooperative) scheduler and task code, and (ii) a second processor, executing a “scheduler agent” (SA). In the experiments described in this paper, the MP contains an instrumented scheduler and, during a “tuning” phase, the SA measures – on line – the ET of each task as it runs. The measured values are then used to fine tune the task schedule in an attempt to ensure that (i) all task constraints - such as deadline and jitter - are met (ii) power consumption is reduced. After the tuning phase is completed the SA continues to monitor the MP and can take appropriate action in case of errors. In the paper, the effectiveness of the proposed architecture is demonstrated empirically by applying it to a set of tasks that represent a typical embedded control system