A Timing Verification Methodology for AUTOSAR Series Development
A Timing Verification Methodology for AUTOSAR Series Development
A Timing Verification Methodology for AUTOSAR Series Development
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong><br />
<strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Dr. Marek Jersak, Symtavision GmbH<br />
Dr. Stefan Voget, Continental Engineering Services GmbH<br />
Dr. Ulrich Freund, ETAS GmbH<br />
Joachim Stroop, dSPACE GmbH<br />
Markus Kühl, aquintos GmbH
Outline<br />
� Motivation<br />
� <strong>Timing</strong> <strong>Verification</strong> Techniques and the V-Model<br />
� <strong>AUTOSAR</strong> <strong>Timing</strong> Model<br />
� <strong>AUTOSAR</strong> Flow & Tools<br />
� <strong>AUTOSAR</strong> <strong>Timing</strong> <strong>Methodology</strong><br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
2
S1<br />
S2<br />
S3<br />
S4<br />
Questions answered by <strong>Timing</strong> Analysis<br />
R1 ts= 1ms<br />
et= 50µs<br />
R6 ts= 5ms<br />
et= 180µs<br />
R2 ts= 1ms<br />
et= 180µs<br />
R8 ts= 5ms<br />
et= 140us<br />
R9 ts= 5ms<br />
et= 360µs<br />
R4 ts= 5ms<br />
et= 130µs<br />
R3 ts= 1ms<br />
et= 110µs<br />
R5 ts= 5ms<br />
et= 870µs<br />
Sensors Actuators<br />
Software Components Event Chains:<br />
SW-C1 = {R1, R2, R3, R4, R5} EC1 = S1�R1�R2�R3�A1<br />
SW-C2 = {R6, R7}<br />
EC2 = S2�R1�R2�R3�R7�A2<br />
SW-C3 = {R8, R9}<br />
EC3 = S2�R1�R8�R4�R5�R7�A2<br />
One Software Architecture<br />
R7 ts= 2.5ms<br />
et= 75µs<br />
A1<br />
A2<br />
A3<br />
ECU Configuration 1 � Deadline miss + Overload<br />
ECU Configuration 2 � Deadline OK<br />
+ Per<strong>for</strong>mance Reserves + Safety Proof<br />
<strong>AUTOSAR</strong> lets you specify SW architecture & ECU configuration !<br />
<strong>Timing</strong> Analysis lets you distinguish good from bad designs !<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
3
<strong>Timing</strong> <strong>Verification</strong> Techniques and Flows<br />
SW Archi<br />
<strong>Timing</strong> Constraints<br />
ECU Config<br />
<strong>Timing</strong> Constraints<br />
Integration<br />
Comparisons<br />
<strong>Timing</strong> Constraints<br />
ECU<br />
model-based<br />
techniques<br />
Trace<br />
Scheduling Analysis<br />
<strong>Timing</strong> Model<br />
measurement-based<br />
techniques<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
4
<strong>Timing</strong> <strong>Verification</strong> Early and Late<br />
SW Archi<br />
Budgets<br />
Estimates<br />
ECU Config<br />
Integration<br />
Prototype<br />
Scheduling Analysis<br />
<strong>Timing</strong> Model<br />
Trace<br />
SW Archi<br />
Scheduling Analysis<br />
<strong>Timing</strong> Model<br />
ECU Config<br />
Integration<br />
Trace<br />
A-D Sample<br />
Scheduling Analysis<br />
<strong>Timing</strong> Model<br />
Trace<br />
Scheduling Analysis<br />
<strong>Timing</strong> Model<br />
Target ECU<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
5
<strong>Timing</strong> Model in <strong>AUTOSAR</strong><br />
� <strong>AUTOSAR</strong> 3.2<br />
� System: SW architecture<br />
� OS config: tasks, schedule table, offsets, ...<br />
� RTE config: runnable mapping, position in task, ...<br />
� SW Module Description: runnable / task execution times<br />
� <strong>AUTOSAR</strong> 4.0 <strong>Timing</strong> Extension<br />
� timing constraints, requirements, and budgets<br />
� event chains (<strong>for</strong> end-to-end constraints)<br />
� event triggerings (<strong>for</strong> capturing dynamic behavior)<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
6
<strong>Timing</strong> Event Chains<br />
� signal path through application<br />
� defined by stimulus and end event<br />
� can be constrained (min, max, nominal)<br />
� can be segmented (sub chains)<br />
S1<br />
S2<br />
S3<br />
S4<br />
R1 ts= 1ms<br />
et= 50µs<br />
R6 ts= 5ms<br />
et= 180µs<br />
R2 ts= 1ms<br />
et= 180µs<br />
R8 ts= 5ms<br />
et= 140us<br />
R9 ts= 5ms<br />
et= 360µs<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
R4 ts= 5ms<br />
et= 130µs<br />
R3 ts= 1ms<br />
et= 110µs<br />
R5 ts= 5ms<br />
et= 870µs<br />
R7 ts= 2.5ms<br />
et= 75µs<br />
Stimulus Response<br />
Segments<br />
A1<br />
A2<br />
A3<br />
7
Event Triggering Constraints<br />
� capture dynamic timing behavior of event occurrences<br />
� external signals (sensors, buttons, etc.)<br />
� interrupts<br />
� etc.<br />
� 5 basic models:<br />
� periodic<br />
� sporadic<br />
� burst<br />
� concrete<br />
� arbitrary<br />
� each with model-specific parameters, e.g. period, jitter, min/max<br />
interarrival, offset, occurrence, etc.<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
8
ECU <strong>Timing</strong> Design<br />
SW<br />
architecture<br />
CPU<br />
selection<br />
Execution time<br />
budget optimization<br />
Load Analysis<br />
n y<br />
OK?<br />
Schedule concept<br />
optimization<br />
execution times (from prototype trace)<br />
execution time budgets, estimates<br />
(from planing and negotiation)<br />
Virtual<br />
Schedule<br />
n y<br />
OK?<br />
ECU configuration<br />
optimization<br />
Event Chain<br />
<strong>Verification</strong><br />
n y<br />
OK?<br />
ECU Configuration<br />
OK<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
9
ECU Tooling Example: SystemDesk & SymTA/S<br />
SystemDesk<br />
ECU Configuration<br />
OK<br />
SW<br />
architecture<br />
proceed with<br />
RTE generation ...<br />
SymTA/S<br />
Load Analysis<br />
Virtual<br />
Schedule<br />
execution times<br />
Event Chain<br />
<strong>Verification</strong><br />
Budgets<br />
Estimates<br />
Prototype Traces<br />
timing report:<br />
• load<br />
• schedule<br />
• event chains<br />
comparison of configuration alternatives:<br />
optimization of RTE (runnable-mapping)<br />
and OS (task offsets)<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
10
E/E and Network Tooling Example: PREEvision & SymTA/S<br />
taken from: In search of the best migration strategy from CAN to FlexRay. FlexRay Product Day 2009. DAIMLER, aquintos, Symtavision<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
11
General Tool Integration Aspects<br />
� <strong>AUTOSAR</strong> XML: standardized file-based configuration exchange<br />
� ARTOP: optional Eclipse plug-in of base methods <strong>for</strong> <strong>AUTOSAR</strong> tools<br />
Tool 2 Tool 1<br />
Tool 3<br />
Tool 4<br />
Tool 5<br />
Eclipse Eclipse<br />
Eclipse<br />
.XML<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
12
<strong>AUTOSAR</strong> <strong>Timing</strong> <strong>Methodology</strong><br />
SW Archi<br />
Budgets<br />
Estimates<br />
ECU Config<br />
Integration<br />
Prototype<br />
Scheduling Analysis<br />
<strong>Timing</strong> Design<br />
Trace<br />
SW Archi<br />
Scheduling Analysis<br />
ECU Config<br />
<strong>Timing</strong> Model<br />
Integration<br />
Trace<br />
A-D Sample<br />
Scheduling Analysis<br />
Trace<br />
Scheduling Analysis<br />
<strong>Timing</strong> Model <strong>Timing</strong> Model<br />
<strong>Timing</strong> Model<br />
Continuous<br />
<strong>Timing</strong> Analysis<br />
<strong>Timing</strong> Model<br />
<strong>Timing</strong> <strong>Verification</strong><br />
Target ECU<br />
A <strong>Timing</strong> <strong>Verification</strong> <strong>Methodology</strong> <strong>for</strong> <strong>AUTOSAR</strong> <strong>Series</strong> <strong>Development</strong><br />
Dr. Kai Richter, Symtavision GmbH, Germany<br />
13
Change language