19 research outputs found
Controlling Concurrent Change - A Multiview Approach Toward Updatable Vehicle Automation Systems
The development of SAE Level 3+ vehicles [{SAE}, 2014] poses new challenges not only for the functional development, but also for design and development processes. Such systems consist of a growing number of interconnected functional, as well as hardware and software components, making safety design increasingly difficult. In order to cope with emergent behavior at the vehicle level, thorough systems engineering becomes a key requirement, which enables traceability between different design viewpoints. Ensuring traceability is a key factor towards an efficient validation and verification of such systems. Formal models can in turn assist in keeping track of how the different viewpoints relate to each other and how the interplay of components affects the overall system behavior. Based on experience from the project Controlling Concurrent Change, this paper presents an approach towards model-based integration and verification of a cause effect chain for a component-based vehicle automation system. It reasons on a cross-layer model of the resulting system, which covers necessary aspects of a design in individual architectural views, e.g. safety and timing. In the synthesis stage of integration, our approach is capable of inserting enforcement mechanisms into the design to ensure adherence to the model. We present a use case description for an environment perception system, starting with a functional architecture, which is the basis for componentization of the cause effect chain. By tying the vehicle architecture to the cross-layer integration model, we are able to map the reasoning done during verification to vehicle behavior
Response-Time Analysis for Task Chains in Communicating Threads
When modelling software components for timing
analysis, we typically encounter functional chains of tasks that
lead to precedence relations. As these task chains represent a
functionally-dependent sequence of operations, in real-time systems,
there is usually a requirement for their end-to-end latency.
When mapped to software components, functional chains often
result in communicating threads. Since threads are scheduled
rather than tasks, specific task chain properties arise that can be
exploited for response-time analysis. As a core contribution, this
paper presents an extension of the busy-window analysis suitable
for such task chains in static-priority preemptive systems. We
evaluated the extended busy-window analysis in a compositional
performance analysis using synthetic test cases and a realistic
automotive use case showing far tighter response-time bounds
than current approaches
Response-Time Analysis for Task Chains with Complex Precedence and Blocking Relations
For the development of complex software systems, we often resort to component-based approaches that separate the different concerns, enhance verifiability and reusability, and for which microkernel-based implementations are a good fit to enforce these concepts. Composing such a system of several interacting software components will, however, lead to complex precedence and blocking relations, which must be taken into account when performing latency analysis. When modelling these systems by classical task graphs, some of these effects are obfuscated and tend to render such an analysis either overly pessimistic or even optimistic.
We therefore firstly present a novel task (meta-)model that is more expressive and accurate w.r.t. these (functional) precedence and mutual blocking relations. Secondly, we apply the busy-window approach and formulate a modular response-time analysis on task-chain level suitable but not restricted to static-priority scheduled systems. We show that the conjunction of both concepts allows the calculation of reasonably tight latency bounds for scenarios not adequately covered by related work
Self-Aware Scheduling for Mixed-Criticality Component-Based Systems
A basic mixed-criticality requirement in real-time systems is temporal isolation, which ensures that applications receive a guaranteed (CPU) service and impose a bounded interference on other applications. Providing operating system support for temporal isolation is often inefficient, in terms of utilisation and achieved latencies, or complex and hard to implement or model correctly. Correct models are, however, a prerequisite when response times are bounded by formal analyses. We provide a novel approach to this challenge by applying self-aware computing methodologies that involve run-time monitoring to detect (and correct) model deviations of a budget-based scheduler
An extensible autonomous reconfiguration framework for complex component-based embedded systems
We present a framework based on constraint satisfaction
that adds self-integration capabilities to componentbased
embedded systems by identifying correct compositions of
the desired components and their dependencies. This not only
allows autonomous integration of additional functionality but
can also be extended to ensure that the new configuration does
not violate any extra-functional requirements, such as safety
or security, imposed by the application domain
A communication framework for distributed access control in microkernel-based systems
Microkernel-based architectures have gained an increasing
interest and relevance for embedded systems. These can
not only provide real-time guarantees but also offer strong security
properties which become increasingly significant in certain
application domains such as automotive systems. Nevertheless,
the functionality of those complex systems often needs to be distributed
across a network of control units for various reasons (e.g.
physical location, scalability, separation). Although microkernels
have been commercially established, distributed systems like these
have not been a major focus. This is basically originated by the
fact that – in the microkernel world – policy, device drivers
and protocol stacks are userspace concerns and rather left to
be solved by the particular application domain. Following the
principle of least privilege, we therefore developed a distributed
access-control framework for all network-based communication
in microkernel-based systems that can be generically deployed.
Our design not only enforces security properties such as integrity
but is also scalable without adding too much overhead in terms
of run time or code
Demonstrating Controlled Change for Autonomous Space Vehicles
Recent research discusses concepts of infield changes to overcome the drawbacks of conventional lab-based system design processes. In this paper, we evaluate the concept of controlled change by applying it to a demonstration of a potential future space exploration scenario with mobile robots. The robots are capable of executing several image computations for exploration, object detection and pose estimation, which can be allocated to both FPGA-and processor resources of a System-on-Chip. The demonstrator addresses three scenarios which cover application-, environment-, and platform change. The system adapts itself to any of the named changes. This capability can increase the autonomy of future space missions. Exemplary, the demonstrator executes adaption of applications during operation to fulfill the mission goals, adaption of reliability under changing environment conditions, and adaption to sensor failure
Hardware and Software Task Scheduling for ARM-FPGA Platforms
ARM-FPGA coupled platforms allow accelerating the computation of specific algorithms by executing them in the FPGA fabric. Several computation steps of our case study for a stereo vision application have been accelerated by hardware implementations. Dynamic Partial Reconfiguration places these hardware tasks in the programmable logic at appropriate times. For an efficient scheduling, it needs to be decided when and where to execute a task. Although there already exist hardware/software scheduling strategies and algorithms, none exploit all possible optimization techniques: re-use, prefetching, parallelization, and pipelining of hardware tasks. The scheduling algorithm proposed in this paper takes this into account and optimizes for the objectives latency/throughput and power/energy
Data-Age Analysis and Optimisation for Cause-Effect Chains in Automotive Control Systems
Automotive control systems typically have latency
requirements for certain cause-effect chains. When implementing
and integrating these systems, these latency requirements must
be guaranteed e.g. by applying a worst-case analysis that takes all
indeterminism and limited predictability of the timing behaviour
into account. In this paper, we address the latency analysis
for multi-rate distributed cause-effect chains considering staticpriority
preemptive scheduling of offset-synchronised periodic
tasks. We particularly focus on data age as one representative of
the two most common latency semantics. Our main contribution
is an Mixed Integer Linear Program-based optimisation to select
design parameters (priorities, task-to-processor mapping, offsets)
that minimise the data age. In our experimental evaluation, we
apply our method to two real-world automotive use cases
Towards model-based integration of component-based automotive software systems
The increasing complexity of automotive software
systems and the desire for more frequent software and even
feature updates require new approaches to the design, integration
and testing of these systems. Ideally, those approaches enable an
in-field updatability of automotive software systems that provides
the same degree of safety guarantees as the traditionally labbased
deployment. In this paper, we present a layered modelling
approach that formalises the integration procedure of automotive
software systems using graph-based models and formal analyses