This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Software Architecture Methods and Mechanisms for Timing Error and Failure Detection According to ISO 26262: Deadline vs. Execution Time Monitoring
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 08, 2013 by SAE International in United States
Annotation ability available
More electronic vehicle functions lead to an exponentially growing degree of software integration in automotive ECUs. We are seeing an increasing number of ECUs with mixed criticality software. ISO26262 describes different safety requirements, including freedom from interference and absence from error propagation for the software. These requirements mandate particular attention for mixed-criticality ECUs. In this paper we investigate the ability to guarantee that these safety requirements will be fulfilled by using established (deadline monitoring) and new error detection mechanisms (execution time monitoring). We also show how these methods can be used to build up safe and efficient schedules for today's and future automotive embedded real time systems with mixed criticality software.
CitationFicek, C., Sebastian, M., Feiertag, N., Richter, K. et al., "Software Architecture Methods and Mechanisms for Timing Error and Failure Detection According to ISO 26262: Deadline vs. Execution Time Monitoring," SAE Technical Paper 2013-01-0174, 2013, https://doi.org/10.4271/2013-01-0174.
- ISO 26262 Road vehicles - Functional safety - Part 1-10, URL http://www.iso.org
- OSEK/VDX Group. Operating System Specification 2.2.3. OSEK/VDX Group, Feb. 2005. http://www.osekvdx.org/.
- www.autosar.org, Official website of the AUTOSAR partnership
- Bertrand, Dominique, Faucou, Sébastien, Trinquet, Yvon: “An analysis of the AUTOSAR OS timing protection mechanism”, In Proceedings of the 14th IEEE international conference on Emerging technologies /& factory automation (ETFA'09). IEEE Press, Piscataway, NJ, USA, 2009
- Liu, C. L., Layland, J. W.:,“Scheduling algorithms for multiprogramming in a hard-real-time environment”, Journal of the ACM, 20(1):46-61, 1973
- Sha, L., Rajkumar, R., Sathaye, S.S.: “Generalized rate-monotonic scheduling theory: a framework for developing real-time systems,” Proceedings of the IEEE, vol.82, no.1, pp.68-82, Jan 1994
- Vestal, Steve: “Preemptive Scheduling of Multi-criticality Systems with Varying Degrees of Execution Time Assurance”, In Proceedings of the 28th IEEE International Real-Time Systems Symposium (RTSS '07), 2007
- Sha, L., Lehoczky, J. P., Rajkumar, R.: “Solutions for Some Practical Problems in Prioritized Preemptive Scheduling”, IEEE Real-Time Systems Symposium, 1986.
- De Niz, D., Lakshmanan, K., Rajkumar, R.: “On the Scheduling of Mixed-Criticality Real-Time Task Sets”, Real-Time Systems Symposium, 2009, RTSS 2009. 30th IEEE, vol., no., pp.291-300, 1-4 Dec. 2009
- Ficek, C., Feiertag, N., Richter, K., Jersak, M.: “Applying the AUTOSAR timing protection to build safe and efficient ISO 26262 mixed-criticality systems”, Embedded Real-Time Software Congress (ERTS). Toulouse, France, January 2012.
- Ficek, C., Richter, K., and Feiertag, N., “Schedule Design to Guarantee Freedom of Interference in Mixed Criticality Systems,” SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 5(1):46-54, 2012, doi: 10.4271/2012-01-0036.
- Schmidt, K., Buhlmann, M., Ficek, C., Richter, K.: “Design Patterns for Highly Integrated ECUs with Various ASIL Level”, ATZ elektronik worldwide Edition, 2012-01.
- Douglass, B.: Real-Time Agility: “The Harmony/ESW Method for Real-Time and Embedded Systems Development”, Addison-Wesley Professional, 1 Edition, 2009
- SymTA/S by Symtavision GmbH, www.symtavision.com
- Infineon AURIX product specification, http://www.infineon.com/cms/en/product/promopages/32-bit-microcontroller-for-automotive/index.html