AURIX™ 2G compiler and tool support for industrial system ......• Measurement results on a TC29x...

Building a safe and secure embedded world

AURIX™ 2G compiler and tool support for industrial system applications

❖ TASKING set of tools - quick overview

▪ Quick overview about the TASKING products. The TASKING portfolio covers a wide range including the tool-chain for AURIX™, performance optimization and finally safety related solutions.

❖ Pin Mapper

▪ Package customization using the pin selection and pin configuration

▪ Simple Demo [Low level drivers code generation]

❖ Compiler Set up in VX-Toolset for TriCore™

▪ Quick overview over the TASKING TriCore™ Eclipse IDE

▪ TASKING TriCore™ Compiler feature

⮚ Optimization settings (Size and Speed optimization)

⮚ Static code analysis (Misra-C and Cert-C)

⮚ Debugging capabilities

⮚ TÜV “Fit for Purpose” Certification

❖ TASKING Embedded Profiler / Safety Checker

▪ Quick overview over the TASKING Embedded Profiler and Safety Checker

▪ Use case: locate stall cycles when multiple cores access the same memory

▪ Small Safety Checker example

Agenda

TASKING: A Full Set of TriCore/AURIX™ Development Tools

Compiler - Optimized to leverage critical features of target processors, and

developed with ASPICE CL2 processes to qualify for safety-critical applications.

Includes Debugger and Linker/Locator.

Embedded Profiler - More than performance measurement, it shows you

the source of the performance bottleneck and how to optimize your code.

LAPACK Performance Libraries - Provides rapid and accurate

solutions to complex mathematical operations - all within a safety-critical environment.

Embedded Debugger - At an accessible price, your team can finally own

enough debuggers so you can verify code functionality without workflow delay.

Safety Checker - You can ensure freedom from interference with static safety

analysis of your code.

Compiler Qualification Kit - Required documentation pertaining to the

TASKING toolset helps streamline your ISO 26262 safety certification process..



❖ Pin Mapper














Agenda

6

● Full support for AURIX™ and

AURIX™ 2G

● Supports all package formats.

● Configure particular device pins

to satisfy a specific set of

peripheral and I/O

requirements.

● Select best fitting device that

supports the peripherals and

I/O features listed in system

requirements

● Different views like the Package

View that provide information

about the pin status

TASKING Pin Mapper

7

● Intuitive Eclipse based GUI.

● Automatic detection of Pin

conflicts.

● Configuration issues can be

resolved by hand or automatically

by the Pin Mapper.

● Automatic generation of pin

initialization code compatible with

iLLD drivers.

● Generate a pin configuration file

to be used with Altium Designer

● Can also generate a pin

configuration file in CSV format.

TASKING Pin Mapper

8

Demo

TASKING Pin Mapper



❖ Pin Mapper














Agenda

10

⮚ Full TriCore™ Integrated Development Environment with full user control over different optimization levels

TASKING VX-Toolset for TriCore™>> Optimization settings (Size and Speed optimization)

11

⮚ Software development guidelines ( Cert-C and Misra-C )

TASKING VX-Toolset for TriCore™ >> Static code analysis (Misra-C and Cert-C)

TASKING VX-Toolset for TriCore™ >> Debugging capabilities

TASKING Embedded Debugger

● Stand-alone streamlined single and multicore

debugging for TriCore™ cores.

● Instruction set simulator for TriCore™ and auxiliary

cores (GTM, HSM,SCR …)

● ECLIPSE-based standalone tool, or integrated as a

plugin into Eclipse Mars env.

● Same features as the Integrated Debugger

● Price allows multiple debuggers, eliminating

bottlenecks waiting for a debugger

13

■ ECLIPSE based OCDS/MCDS hardware debugging.

■ Out-of-the box board support for development boards from Infineon and several 3rd parties.

■ C/C++ and Assembly language support.

■ Debugging of highly optimized code is supported,

□ supporting TASKING VX-toolsets for TriCore™ v4.2r2 and up.

■ C/C++ expression evaluation.

■ Symbolic access to special function registers (SFR).

■ Elaborate run-control with multi-core start/stop synchronization.

■ On-chip breakpoints and watchpoints also known as data breakpoints.

■ Unlimited number of breakpoints in RAM.

■ Basic trace support in instruction set simulator.

■ Script based testing

■ File system virtualization to easily move data from the target to the host for further analysis.

TASKING VX-Toolset for TriCore™ >> Debugging capabilities

14

TASKING Compiler

Verify Compliance

to MISRA C &

CERT C guidelines

Safety Checker

TASKING

SAFETY

TÜV certified & ASPICE CL2

compliant

Static Code-

Analysis Tools

Compiler Qualifica-

tion Kit

Verify freedom from interference between different ASIL based SW components

TASKING

Services

TASKING VX-Toolset for TriCore™ >> Safety ECO-System

Provide Evidence

For ISO 26262

Compliance

In TASKING, we are not creating tools, we are developing a complete safety ecosystem.

“In this assessment TÜV confirmed

that the toolset is suited for

development of ASIL D software

at TCL3 tool confidence level”

~ TÜV Nord

“Fit for Purpose” Certification

Performance Optimization

15

TASKING VX-Toolset for TriCore™ >> Certification Benefits

FULL FLEXIBILITY

One Qualification kit fit for

all standards. Certificate

covers safety standards:

- ISO 26262 (automotive)

- EN 50128 (railway)

- ISO 25119 (tractors, ...)

LESS QUALIFICATION

EFFORT

There is no need to do tool qualification

as long as the customer comply to our

guidance in the safety manual

CUSTOM USE CASE

SUPPORT

In TASKING we provide our services to

qualify a certain customer specific use

case. Lifting the workload of the

qualification from the shoulders of our

customers.

LESS WORK PRODUCTS

Less work products as

customer does not need to

create the work product

“Software Tool Qualification

Report”. That is a big time-

saver for customers.



❖ Pin Mapper














Agenda

Multicore Applications on TriCore™

Performance

Correctness

Scalability

Safety

Problem Statement: How can I optimize such multicore based Software?

18

■ World‘s first Smart Performance Optimization tool for AURIX™

■ Developed in cooperation with Infineon

■ Non-intrusive analysis will be done on the chip without having to buy special hardware

■ Identifies the exact location and nature of the Performance bottleneck and gives you hints how to fix it

What causes performance issues

■ Stalls

□ For example memory stalls are common on the AURIX™ due the amount and connection of memories and can only be prevented with a good layout

■ Pipeline hazards

□ Data hazards if instructions with a data dependence modify data in different stages of a pipeline

A structural hazard occurs when a part of the processor's hardware is needed by two or more instructions at the same time.

Control hazards or branching hazards when the processor does not know the outcome of the branch

TASKING Embedded Profiler

Analysis is done right on the board

Embedded

Profiler

Binary File

TriCore™

AURIX™

Knowledge

BottlenecksStalls Hazards

On Chip

Performance

Counters

19

Profiler Analysis Type

■ Performance Analysis

This type of analysis traces instructions and performance events. It measures the CPU clock count and it

finds branch misses, cache misses and stalls due to memory access delays or pipeline hazards. You can run

this type of analysis on the whole application or select specific functions.

■ Memory Access Analysis

This type of analysis traces function calls, function returns and data accesses. You can run this type of

analysis on the whole application or select specific functions.

■ Function-level Analysis

This type of analysis traces all function calls and function returns. This is the fastest analysis.


● Finds location and nature performance

bottlenecks, allowing non-expert users to find and

fix problems like an expert

● Displays the problem, shows a detailed list of

errors and gives the user precise suggestions to

solve the problem

● Compare results before and after to see the

optimization effects — including possible unwanted

side effects

● Different profile analysis types


• Multiple cores do access the lmuram memory at the same time. This leads to a high number of stall cycles

• The number of stall cycles can be reduced if the placement of the variables is adapted.

• In the example this is achieved by placing the variables accessed by the cores 1 and 2 in the core local instead of the lmuram memory.

Embedded Profiler Example

• Example code snippet

//variable always located in non cached lmuram

__at(0xb0000000) volatile int var0;

#if !FIXED

// located in non-cached lmuram



#else

// located in private scratchpad

__private1 int var1;

__private2 int var2;

#endif


• Measurement results on a TC29x TriBoard

OriginalStall cycles core 0: 26.074 / 0,09 average stalls per clock cycle

Local Memory Unit accesses: 4.412

Source line: var0 += 1; => 21.951 stall cycles

Fixed

Stall cycles core 0: 17.056 / 0,06 average stalls per clock cycle

Local Memory Unit accesses: 2.394

Source line: var0 += 1; => 12.976 stall cycles


24

▪ Mapping of SW components on your ECU, maybe on different cores, maybe together on one core

▪ As soon as they share memory and interfere with each other you have to insure freedome from interference.

Requirements mapping for multi-core architecture

Core #1 Core #3Core #2

ADAS

SW-C

Autosar

SW-C

RTE

Safety OS & BSW

Micro #1 Micro #1

ADAS

Linux/

QNX/

AUTOSAR

---

Autosar

SW-C

RTE

Safety OS &

BSWcom


Autosar

SW-C

RTE

Safety OS

& BSW

ADAS

Linux/

QNX/

AUTOSAR

--- com

0


ADAS

Linux/

QNX/

AUTOSAR

Autosar SW-C

RTE

BSW

Hypervisor

Full AUTOSAR

Microcontroller Partitioning

Core Partitioning

Hypervisor

Safety

Software

Regular

Software

Regular

Software

Safety

Software

SafetyRegul

arSafety

Regula

r

Safe

ty

Regular Regular

Safety-Requirements Non-Safety-Requirements

Software Components

ECU Software

25

▪ The Memory Protection Unit issues an interrupt when an illegal memory access occurs

▪ If an RTOS is used, it will terminate or restart the partition, or enter a fail-safe mode (These checks will lower performance and could be additional error sources)

Memory Interference Solutions Solution #1 Memory protection unit - MPU

Core #1

Application #1

- Task 1

ASIL A

Application #2

- Task 2

ASIL A

Core #2

Application #3

- Task 3

ASIL B

Core #3

Application #4

- Task 4

ASIL D

RAM

TASK 1

-Stack

-Application Data

TASK 2

-Stack

-Application Data

TASK 3

-Stack

-Application Data

TASK 4

-Stack

-Application Data

ASIL A

ASIL A

ASIL B

ASIL D

MPU

26

Memory Interference Solutions Solution #2 TASKING Safety Checker

Core #1

Application #1

- Task 1

ASIL A

Application #2

- Task 2

ASIL A

Core #2

Application #3

- Task 3

ASIL B

Core #3

Application #4

- Task 4

ASIL D

RAM

TASK 1

-Stack

-Application Data

TASK 2

-Stack

-Application Data

TASK 3

-Stack

-Application Data

TASK 4

-Stack

-Application Data

ASIL

A

ASIL

A

ASIL B

ASIL D

Task1.c

Task2.c

Task3.c

Task4.c

TASKING

Safety Checker

Partitioning.saf- Access rights

- Safety classes

Access

Violations

VD-Archives

27

Example code

struct {

int x;

} my_struct;

int * f1(void)

{

return &my_struct.x;

}

int * f2(void)

{

return f1();

}

int y;

void f3(void)

{

y = *f2();

}

ASIL A

ASIL BASIL C

file_1.c file_2.c file_3.c

■ ASIL C write ASIL A, ASIL C exec/write/read ASIL B, ASIL B read/exec ASIL A

28

▪ Diagnostic report content snippets

* Call/Data Graph

==================

*--f3 [class ASIL_C] @file3.c:4 :

:.. Reads from static variable "my_struct" [class ASIL_A] // ACCESS VIOLATION!

:.. Writes to static variable "y" [class ASIL_C]

:.. Calls function "f2" [class ASIL_B]

Safety Checker generated

29

Pros and Cons for each approach

Memory Protection unit (MPU) TASKING Safety Checker

Configuration Effort Big small

Requires Hardware Yes, the MPU No hardware required

Error detection in early stage of development No Yes

Automated Testing No Yes

Code Coverage Low High

Time to Market High risk Low risk

Though, Safety Checker cannot fully replace a MPU. The rational behind it is to discover the safety violations in

earlier stage of the development and then less number of memory violations should be expected when turning

on the MPU in a later integration stage.

AURIX™ 2G compiler and tool support for industrial system ......• Measurement results on a TC29x...

Documents

Transcript of AURIX™ 2G compiler and tool support for industrial system ......• Measurement results on a TC29x...