ETR09 Navet Color
-
Upload
akshay-potdar -
Category
Documents
-
view
230 -
download
0
Transcript of ETR09 Navet Color
-
8/8/2019 ETR09 Navet Color
1/43
Better technical solutions for real-time systems
Automotive embedded systems: someresearch challenges
Nicolas [email protected]
ETR2009, Paris03/09/2009
-
8/8/2019 ETR09 Navet Color
2/43
2009 RealTime-at-Work / INRIA ETR09 - 2
Electronics is the driving
force of innovation90% of new functions use software
Electronics: 40% of total costsHuge complexity! 70 ECUs, 2000
signals, 6 networks, multi-layered run-timeenvironment (AUTOSAR), multi-sourcesoftware, multi-core CPUs, etc
Strong costs , safety, reliabili ty, time-to-market, reusability, legal
constraints !
-
8/8/2019 ETR09 Navet Color
3/43
-
8/8/2019 ETR09 Navet Color
4/43
2009 RealTime-at-Work / INRIA ETR09 - 4
Key issues in architecture development atVolvo in paper ref[2] (2/2)
How to share architecture/sub-systems betweenseveral brands/models with differentconstraints/objectives?
Sub-optimal solutions for each component /
functionArchitectural decisions often:
are made on experience / gut feeling (poor tool support)
Lacks well-accepted process
-
8/8/2019 ETR09 Navet Color
5/43
2009 RealTime-at-Work / INRIA ETR09 - 5
Where to tackle the problem from atechnical point of view? (see ref[3])
Design : model functional and non-functional featuressoftware components, MDD, etc
Validation / Analysis : dependability, (end-to-end)response time, memory consumption (e.g. buffers),deadlocks, etc
Synthesis : remove unused features, mapping of components to runtime objects (ECU/Tasks), setting runtimeparameters (priorities, offsets, etc)
Runtime mechanisms : OS, protocols, drivers, NM,diagnostics, etc
-
8/8/2019 ETR09 Navet Color
6/43
2009 RealTime-at-Work / INRIA ETR09 - 6
Validation is a key activity!Personal view on the developments
Simulation tools (co-simulation, HIL)
200919971994
Smart monitoring tools
Worst-case deterministic analysis (sub-system)
Probabilistic analysis (sub-system)
Worst-case deterministic analysissystem level
correctness by construct andoptimal synthesis
Probabilistic analysis
system level
Mostly aheadof us!
Talk part 1
Talk part 2
-
8/8/2019 ETR09 Navet Color
7/43
2009 RealTime-at-Work / INRIA ETR09 - 7
Part 1 - probabilistic framework forschedulability analysis: illustration on the
aperiodic traffic on the bus(joint work with PSA Peugeot-Citronsee paper ref[5])
-
8/8/2019 ETR09 Navet Color
8/43
2009 RealTime-at-Work / INRIA ETR09 - 8
Probabilistic analysis is needed
Systems are not designed for the worst-case(provided it is rare enough!)Reliability/Safety are naturally expressed andassessed in terms of probability (e.g. < 10^-9 perhour)Deterministic assumptions are sometimesunrealistic or too pessimistic, e.g.:
Worst-Case Execution Time on modern platforms,Aperiodic activities: ISR, frame reception,
Faults/errors are not deterministic (and bettermodeled probabilistically)
-
8/8/2019 ETR09 Navet Color
9/43
2009 RealTime-at-Work / INRIA ETR09 - 9
Accounting for the aperiodic traffic
Transmission patterns can hardly be characterized:purely aperiodic, mixed periodic/aperiodic, etc
Aperiodic frames do jeopardize RT constraintsFew approaches in the litterature:
deterministic approaches, such as sporadic, generally lead tounusable results (e.g., >1)Average case probabilistic approach not suited todependability-constrained systems
Probabilistic approaches with safety adjustable level, seepaper ref[6] and ref[7]
-
8/8/2019 ETR09 Navet Color
10/43
2009 RealTime-at-Work / INRIA ETR09 - 10
Approach advocated here
1) Measurements / data cleaning
2) Modeling aperiodic traffic arrival process3) Deriving aperiodic Work Arrival Process
(WAF)4) Integrating aperiodic WAF into
schedulability analysis
-
8/8/2019 ETR09 Navet Color
11/43
2009 RealTime-at-Work / INRIA ETR09 - 11
Data trace analysis
x : [0-1500]y : [0-25]
x : [0-1500]
y : [0-2.5]
x : [0-250]y : [0-2]
y: aperiodic interarrival times x: index of interarrivals
ZOOM +
Approximate
because whatis seen on thebus is not theactual arrival
process at ECUlevel! can behandled
-
8/8/2019 ETR09 Navet Color
12/43
2009 RealTime-at-Work / INRIA ETR09 - 12
Question: are interarrival times i.i.d. ?
Periodicframe?
Use of BDS test for non-linear dependencies
-
8/8/2019 ETR09 Navet Color
13/43
2009 RealTime-at-Work / INRIA ETR09 - 13
Distribution fitting for aperiodicinterarrival : 3 candidates here
MLE adjustedparameters
Kolmo. Smi.and 2 tests
to confirmvisual
impression
-
8/8/2019 ETR09 Navet Color
14/43
2009 RealTime-at-Work / INRIA ETR09 - 14
Captured data trace VS random tracegenerated with MLE-fitted Weibull
Real data trace
Simulated data trace
-
8/8/2019 ETR09 Navet Color
15/43
2009 RealTime-at-Work / INRIA ETR09 - 15
Deriving the aperiodic WAF
S(t) : aperiodic WAFX(t) : stochastic process which counts the number of aperiodic frames in time interval t
smallest S(t) such that the probability of X(t) beinglarger than or equal to S(t) is lower than a threshold
Design choice:e.g., 10 -9By simulation, numerical
approximation or analysis(simplest cases such as exp.)
d d d h d l
-
8/8/2019 ETR09 Navet Color
16/43
2009 RealTime-at-Work / INRIA ETR09 - 16
Aperiodic WAF depends on the underlyinginterarrival distribution
Same averageintensity
-
8/8/2019 ETR09 Navet Color
17/43
2009 RealTime-at-Work / INRIA ETR09 - 17
Case-study on a typical body network
Body network benchmark generated using GPL-licensed Netcarbench
Characteristics:125kbps, 16 ECUs, 105 CAN frames with deadlines equal toperiods and 1 to 8 bytes of data.Total periodic load is equal to 35.47%
NETCAR-Analyzer for WCRT computation3% aperiodic traffic
7 byte aperiodic frames = 10 -4
W i i h/
-
8/8/2019 ETR09 Navet Color
18/43
2009 RealTime-at-Work / INRIA ETR09 - 18
Worst-case response times with/outaperiodic traffic (3%)
13 frames with
T=100ms adddelays
-
8/8/2019 ETR09 Navet Color
19/43
2009 RealTime-at-Work / INRIA ETR09 - 19
Conclusion - part 1
Chosen dependability requirements aremet while pessimism kept to minimum:
Practical approachReal data are requiredCan be extended to the non i.i.d. case (not needed
here)What is needed now is a system levelapproach that
Can handle arbitrary activation processesgoes beyond the i.i.d. case (for dependability)
-
8/8/2019 ETR09 Navet Color
20/43
2009 RealTime-at-Work / INRIA ETR09 - 20
Part 2 optimized synthesis, the case of frame scheduling on CAN(see paper ref[8])
O i i i h f i
-
8/8/2019 ETR09 Navet Color
21/43
2009 RealTime-at-Work / INRIA ETR09 - 21
Optimizing the use of resources isbecoming an industrial requirement
Reasons for optimizing (i.e., less hardware) :Complexity of the architectures (protocols, wiring, ECUs,
gateways, etc )Hardware costs / weight, room, fuel consumption, etcNeed for incremental designIndustrial risk and time to master new technologiesPerformances (sometimes):
Ex1: A 60% loaded CAN network may be more efficientthat two 35% networks interconnected by a gatewayEx2: cost of communication in distributed functions
Limits of current technologies (CPU frequency w/o fan),Etc
Scheduling frames with offsets ?!
-
8/8/2019 ETR09 Navet Color
22/43
2009 RealTime-at-Work / INRIA ETR09 - 22
Scheduling frames with offsets ?!
000
1050
1555
0 10 20 30 40 50 60 70 80 90 100 110
Periods20 ms15 ms
10 ms
0 10 20 30 40 50 60 70 80 90 100
52,50
110
52,50
Periods20 ms15 ms10 ms
Principle: desynchronize transmissions to avoid loadpeaks
Algorithms to decide offsets are based on arithmeticalproperties of the periods and size of the frame
-
8/8/2019 ETR09 Navet Color
23/43
2009 RealTime-at-Work / INRIA ETR09 - 23
System model (1/2)
ECUFrame Transmission request
task
Frame response time
Performance metric: worst-case response time
CANHigher prio. frames frame
-
8/8/2019 ETR09 Navet Color
24/43
2009 RealTime-at-Work / INRIA ETR09 - 24
System model (2/2)The offset of a message stream is the time at which thetransmission request of the first frame is issued
Complexity: best choosing the offsets is exponential in thetask periods approximate solutionsMiddleware task imposes a certain granularityWithout ECU synchronisation, offsets are local to ECUs
-
8/8/2019 ETR09 Navet Color
25/43
2009 RealTime-at-Work / INRIA ETR09 - 25
But task scheduling has to be adapted
ECUFrame Transmission request
task
Frame response time
In addition, avoiding consecutive frame constructions onan ECU allows to reduce latency
CANHigher prio. frames frame
-
8/8/2019 ETR09 Navet Color
26/43
2009 RealTime-at-Work / INRIA ETR09 - 26
Frame181614121086420Time
Simple offsets Algorithm (1/3)
Ideas:assign offsets in the order of the transmissionfrequenciesrelease of the first frame is as far as possible fromadjacent frames
identify least loaded interval Ex: f 1=(T 1=10) , f 2=(T 2=20) , f 3(T3=20)
f 1,1 f 1,2f 2,1 f 3,1
Offsets Algorithm applied on a typical
-
8/8/2019 ETR09 Navet Color
27/43
2009 RealTime-at-Work / INRIA ETR09 - 27
Offsets Algorithm applied on a typicalbody network
21 ms
65 ms
-
8/8/2019 ETR09 Navet Color
28/43
2009 RealTime-at-Work / INRIA ETR09 - 28
Offsets Algorithm industrial needs
Low complexity and efficient as is butfurther improvements possible:
add frame(s) / ECU(s) to an existing designuser defined criteria : optimize last 10 frames, aspecific frame,take priorities on the bus into accountoptimization algorithms: tabu search, hill climbing,genetic algorithms
Efficiency of offsets :
-
8/8/2019 ETR09 Navet Color
29/43
2009 RealTime-at-Work / INRIA ETR09 - 29
Efficiency of offsets :some insight (1/2)
Almost a straight line, suggests that the algorithm is near-optimal
Work =time to
transmitthe CANframessent by
thestations
Efficiency of offsets :
-
8/8/2019 ETR09 Navet Color
30/43
2009 RealTime-at-Work / INRIA ETR09 - 30
Efficiency of offsets :some insight (2/2)
A larger workload waiting for transmission implies larger response times for the low priority frames ..
-
8/8/2019 ETR09 Navet Color
31/43
2009 RealTime-at-Work / INRIA ETR09 - 31
Computing worst-case responsetimes with offsets
Computing frame worst-case
-
8/8/2019 ETR09 Navet Color
32/43
2009 RealTime-at-Work / INRIA ETR09 - 32
p gresponse time with offsets
CAN Controller
buffer TxCAN Bus
AUTOSAR COM
Frame-packing task5ms
9 6 8
1
2
Waiting queue :
-FIFO
-Highest Priority First(HPF - Autosar)
-Carmaker specific
Requirements :
- handle 100+ frames
- very fast execution times
- waiting queue policy at themicrocontroller level
- limited number of transmissionbuffers
WCRT St t f th t
-
8/8/2019 ETR09 Navet Color
33/43
2009 RealTime-at-Work / INRIA ETR09 - 33
WCRT : State of the art
Scientific literature:Complexity is exponential
No schedulability analysis with offsets in thedistributed non-preemptive caseOffsets in the preemptive case : not suited for >10-20 tasksWCRT without offsets: infinite number of Txbuffers and no queue at the microcontroller level
RTaW software: NETCAR-Analyzer
-
8/8/2019 ETR09 Navet Color
34/43
2009 RealTime-at-Work / INRIA ETR09 - 34
Performance evaluation :Experimental SetupWCRT of the frames wrt random offsets
and lower boundWCRT reduction ratio for chassis and body
networksLoad increase : add new ECUs / add more
traffic
Experimental Setup
-
8/8/2019 ETR09 Navet Color
35/43
2009 RealTime-at-Work / INRIA ETR09 - 35
Experimental Setup
Body and chassis networksNetwork #ECUs #Messages Bandwidth Frame periods
Body 15-20
70 125Kbit/s 50ms-2sChassis 5
-15
60 500Kbit /
s10
ms-1
s
Set of frames generated with NETCARBENCH
With / without load concentration: one ECU generates 30% of the load
Offsets in practice : large response
-
8/8/2019 ETR09 Navet Color
36/43
2009 RealTime-at-Work / INRIA ETR09 - 36
p g ptime improvements (1/2)
21
17
32
65 ms
WCRT Reduction Ratio
-
8/8/2019 ETR09 Navet Color
37/43
2009 RealTime-at-Work / INRIA ETR09 - 37
WCRT Reduction Ratio
Body Networks Chassis Networks
Results are even better with loaded stations
Offsets allow higher network loads
-
8/8/2019 ETR09 Navet Color
38/43
2009 RealTime-at-Work / INRIA ETR09 - 38
Offsets allow higher network loads
Typically: WCRT at 60% with offsets WCRTat 30% without offsets
Partial offset usage
-
8/8/2019 ETR09 Navet Color
39/43
2009 RealTime-at-Work / INRIA ETR09 - 39
Partial offset usage
34
17
42
65 ms
Conclusions on offsets
-
8/8/2019 ETR09 Navet Color
40/43
2009 RealTime-at-Work / INRIA ETR09 - 40
Conclusions on offsets
Offsets provide an cost-effective short-termsolution to postpone multiple CANs and FlexRay
Tradeoff between Event and Time Triggered
Further large improvements are possible bysynchronizing the ECUs
ET CAN CAN with offsets TT-CAN
+ Complexity+ Determinism
-
8/8/2019 ETR09 Navet Color
41/43
2009 RealTime-at-Work / INRIA ETR09 - 41
References
References (1/2)
-
8/8/2019 ETR09 Navet Color
42/43
2009 RealTime-at-Work / INRIA ETR09 - 42
References (1/2)Automotive Embedded Systems - General
[1] N. Navet, F. Simonot-Lion, editors, The Automotive Embedded Systems Handbook, IndustrialInformation Technology series, CRC Press / Taylor and Francis, ISBN 978-0849380266,December 2008.
[2] P. Wallin, Axelsson, A Case Study of Issues Related to Automotive E/E System ArchitectureDevelopment, IEEE International Conference and Workshop on the Engineering of Computer Based Systems, 2008.
[3] H. Hansson, M. Nolin, T. Nolte, Beating the Automotive Code Complexity Challenge:Components, Models and Tools, National Workshop on High-Confidence AutomotiveCyber-Physical Systems, 2008.
Dependability / probabilistic framew ork
[4] N. Navet, H. Perrault, Mcanismes de protection dans AUTOSAR OS, RTS EmbeddedSystems 2009 (RTS09), Paris, April 2009.
[5] D. Khan, N. Navet, B. Bavoux, J. Migge, Aperiodic Traffic in Response Time Analyses withAdjustable Safety Level, IEEE ETFA2009, Mallorca, Spain, September 2009.
[6] N. Navet, Y-Q. Song, F. Simonot, Worst-Case Deadline Failure Probability in Real-TimeApplications Distributed over CAN (Controller Area Network), Journal of SystemsArchitecture, Elsevier Science, vol. 46, n7, 2000.
[7] A. Burns, G. Bernat, I. Broster, A probabilistic framework for schedulability analysi, ThirdInternational Conference on Embedded Software (EMSOFT 2003), 2003.
Scheduling frame with offsets on CAN[8] M. Grenier, L. Havet, N. Navet, Pushing the limits of CAN - Scheduling frames with offsets
provides a major performance boost, Proc. of the 4th European Congress EmbeddedReal Time Software (ERTS 2008), Toulouse, France, 2008.
-
8/8/2019 ETR09 Navet Color
43/43
2009 RealTime-at-Work / INRIA ETR09 - 43
Questions / feedback ?
Please get in touch at:
[email protected]://www.realtimeatwork.com