V1.0 | 2016-11-25

Quo Vadis Embedded OS?

2

Motivation Introduction

ECUs gain more and more functionality due to increasing computing power of automotive microcontrollers and new vehicle features.

3

Operating Systems Characteristics Introduction

RTOS for deep embedded systems

Hard Real Time

Very good interrupt latency

Very good Jitter behavior

Very small footprint

Statically configured

AUTOSAR / OSEK

Support for peripherals is vendor specific

Very Fast startup time

Monolithic

Compliance to

Automotive SPICE

ISO26262

RTOS for embedded systems

Hard Real Time

Good interrupt latency

Good jitter behavior

Small/Medium Footprint

Dynamic executable handling

POSIX compliance

Support for peripherals is vendor specific

Fast startup time

Typically microkernel approach

Some Microkernels compliant to ISO26262

General Purpose OS

Soft Real-Time

Bad Jitter behaviour

Bad interrupt latency

Large Footprint

Dynamic executable handling

POSIX compliance

Broad support for Peripherals

Slow startup time

Large Communities

Libraries

Apps

Programming languages

4

Drivers for increasing functionality of ECUs Introduction

ADAS: Camera/Radar/LIDAR

Image processing and machine learning

Image Processing / Sensor Fusion

Connectivity

Car-2-X (LTE, WiFi, GPS, etc.)

Multimedia (USB, SD-Card, NFC, etc.)

“App-Store” for automotive applications

Currently not in the direct focus

Vision: Dynamic Software Platform

2D/3D accel. support

Video Codecs, Streaming support, multi-media library, etc…

Infotainment

Hardware

Increasing Performance

Multicore

GPUs,…

5

Use Cases Introduction

Consolidation

MCU Core 1

(MSR 1) Core 2

(MSR 2)

IPC IPC MEM

Lean Hypervisor

MCU Core 1 (GPOS)

Core 1 or 2 (MSR)

IPC IPC MEM

Full Hypervisor

High Level functionality +

ASR Classic connectivity

ECU MCU 1 (GPOS)

MCU 2 (MSR)

IPC IPC SPI/ETH

Multiprocessor

MCU Process 1

(nat. POSIX)

IPC MEM

GPOS/Embedded RTOS

Process 2(MSR)

IPC OS

High Level functionality +

ASR Classic connectivity

MCU Process 1

(ADAPTIVE) Process 2

(ADAPTIVE)

POSIX

Middleware

AUTOSAR Adaptive

6

Introduction

How to integrate high level functionality?

And what about deep embedded systems?

Summary

Agenda

7

AUTOSAR Adaptive How to integrate high level functionality?

Targets

Highly automated driving

Car2-X

Connectivity

Vehicle in the cloud

POSIX OS as basic runtime environment

Planned Dynamics

The whole system needs to be

1. Fail-Safe

2. Fail-Operational

3. Secure

8

POSIX only systems How to integrate high level functionality?

Microcontroller

MCAL

Application MICROSAR RTE

OS

AUTO

SAR O

S

Wra

pper

XCP

SYS

DIA

G

AM

D

MEM

COM

IO

LIN

CAN

FR

ETH

V2G

1

EXT

LIBS

AVB

1

POSIX OS POSIX OS MCALs

POSIX Process

High Level functionality already implemented on POSIX OS

Image processing algorithms

2D/3D visualization

Machine learning

AUTOSAR BSW elements can be executed on top of POSIX OS to fill this gap.

MSR Guest OS

Other BSW components

9

POSIX only systems How to integrate high level functionality?

Microcontroller

MCAL

Application MICROSAR RTE

OS

AUTO

SAR O

S

Wra

pper

XCP

SYS

DIA

G

AM

D

MEM

COM

IO

LIN

CAN

FR

ETH

V2G

1

EXT

LIBS

AVB

1

POSIX OS POSIX OS MCALs

POSIX Process

Tight Timing constrainings may not be met in this setup

HW Fault metrics are typically an issue

HW too complex

Higher ASIL levels may not be reachable

Can also be realized by

Multiprocessor setup

Hypervisor setup

10

Using a hypervisor to add high level functionality in a safety environment How to integrate high level functionality?

Suitable for mixed criticality

Current HW architectures typically offer a separate safety core

High Level functionality can still run on the high performance cores

Safety relevant functionality is isolated on separate safety core

ASIL decomposition

Another alternative is redundancy

POSIX Guest

POSIX OS

ASR Guest

ASR OS

Process Process SWC SWC

Hardware

Hypervisor

Safe

CPU

Safe

IO CPU IO

Direct Access

Virtualized Access

IPC over Hypervisor

CPU

Process Process

11

Introduction

How to integrate high level functionality?

And what about deep embedded systems?

Summary

Agenda

12

And what about deep embedded systems? And what about deep embedded systems?

There is still the need for deep embedded systems

Cost as a driver

Automotive MCUs have more and more cores

Next generation has up to 6 cores

Restriction of parallelizability

Communication

Shared Resources

Synchronization

Parallelizability is the key

Amdahl‘s Law

Nr. of processors

Spe

edup

Parallelity

13

Consolidation the AUTOSAR way And what about deep embedded systems?

AUTOSAR OS supports multicore functionality

SWCs can be distributed among cores

According to Amdahls Law parallelizability is the key to success

If parallelizability is not possible multicore systems can become slower than single core systems

Alternative use case for multicore systems?

ASR

OS

CPU IO CPU IO CPU IO

SWC SWC SWC SWC

Hardware

SWC SWC

RTE

BSW

14

System partitioning And what about deep embedded systems?

Multicore systems can also be used for consolidation

Mixed criticality possible

SW/HW supports up to ASIL-D

1:n mapping of Guests to Cores

Otherwise hierarchical scheduling becomes a topic

Elimination of shared resource usage where possible

Virtualization of shared resources where necessary

ASR Guest A

ASR OS

ASR Guest B

ASR OS

Shared

IO CPU IO CPU IO CPU IO

SWC SWC SWC SWC

Hardware Direct Access

Virtualized Access

IPC over Hypervisor

VIO

Lean Hypervisor

SWC SWC

15

System partitioning And what about deep embedded systems?

Small hypervisor footprint

No or low virtualization overhead

Each partition can be configured separately Easy integration

Hypervisor may provide inter partition communication interface

ASR Guest A

ASR OS

ASR Guest B

ASR OS

Shared

IO CPU IO CPU IO CPU IO

SWC SWC SWC SWC

Hardware Direct Access

Virtualized Access

IPC over Hypervisor

VIO

Lean Hypervisor

SWC SWC

16

Introduction

How to integrate high level functionality?

And what about deep embedded systems?

Summary

Agenda

17

Summary Summary

POSIX Guest

POSIX OS

ASR Guest

ASR OS

Process Process SWC SWC

Hardware

Hypervisor

Safe

CPU

Safe

IO CPU IO

Direct Access

Virtualized Access

IPC over Hypervisor

CPU

Process Process

There are different approaches to integrate high level functionality in embedded systems

AUTOSAR Adaptive is on its way

Until that

POSIX Only systems with hosted ASR components

Hypervisor setups

Redundancy

Automotive MCUs gain more and more cores (many core systems)

Lean hypervisor setups that focus in separation only

ASR Guest A

ASR OS

ASR Guest B

ASR OS

Shared

IO CPU IO CPU IO CPU IO

SWC SWC SWC SWC

Hardware Direct Access

Virtualized Access

IPC over Hypervisor

VIO Lean Hypervisor

SWC SWC

18 © 2016. Vector Informatik GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.0 | 2016-11-25

For more information about Vector and our products please visit www.vector.com

Author: Dr. Timo Kerstan Vector Germany