Conferences and supporting programme
Optimized - Cost Effective Implementation of Widely-Used Safety Mechanisms in Heterogeneous Software Architectures
Functional safety is a key player in the development of Advanced Driver Assistance Systems (ADAS). Currently, the ADAS software architecture is mainly developed based on either multi-core targets or multi-chip processors, where both of them can be considered as a heterogeneous software architecture. Following the ISO-26262 recommendations in such complex software architectures has become a major challenge facing the developers of safety critical applications. This paper will introduce an optimized – cost effective implementation of common used safety mechanisms such as Flow Control Monitoring, Memory Protection and Stack Protection with a case study on a tri-core platform. Heterogeneous Software Architectures require special attention in order to utilize the available software capabilities to implement the safety mechanisms normally defined in the Technical Safety Concept (TSC). The scope of this paper is to secure the development of mentioned safety mechanisms in a multi-core platform whose functions originally do not require multi-tasking on all cores (e.g. a simple schedule is maybe enough) and hence a multi-core OS is not required. In the proposed solution, only an ASIL single-core OS is used on one core, while the other two cores do not need an OS, which saves the high cost of an ASIL multi-core OS. The first widely used safety mechanism is the Flow Control Monitoring. Its main purpose is to ensure the correct execution of the program sequence. It is typically achieved using multiple instances of ASIL watchdog module for each core in order to implement aliveness supervision and logical supervision; this is actually an expensive solution. In this paper, the proposal is to use only one ASIL watchdog module on the first core (the one having an OS) and handle the flow control monitoring on the other two cores by utilizing the existing watchdog module of the first core. This is achieved through reporting to the watchdog module on the first core over the Inter-Processor Communication (IPC). The proposed algorithm will be illustrated in the “Case Study” section. This solution can be generalized to cover the flow control monitoring in a multi-chips system relying on inter-chip communication instead of IPC. Another commonly used safety mechanism is the Memory Protection which is used to protect critical memory partition from unauthorized accesses. It is typically realized by an OS supporting software partitioning for mixed ASIL software architecture. This solution requires an OS on all cores and may degrade the performance due to the overhead of Inter-OS Communication (IOC). In this paper, the proposal is to develop a SEooC MPU driver to be used on all cores and simply switches ON/OFF the MPU device according to the safety level context change. This is valid mainly when having two safety levels (e.g., QM and ASIL-x) which is a common case in mixed ASIL software architectures.
--- Date: 01.03.2018 Time: 10:30 AM - 11:00 AM Location: Conference Counter NCC Ost