In modern cars more and more algorithms are implemented as distributed systems. For example, an ACCSystem (Adaptive Cruise Control) today requires a minimum of 5 ECUs (Electronic Control Units): Engine ECU, Gearbox ECU, Breaking ECU, the MMI-Interface, and an ECU operating the radar system. Mastering the overall timing behaviour of such a distributed system is a fundamental challenge during design. The so-called end-to-end timing from a sensor to an actuator must meet a certain deadline, also claimed by functional safety regulations like IEC 61508 and ISO DIS 26262. In order to fulfil such requirements, the timing on the bus, the ECU-timing, and the timing of the communication controller have to be taken into account.
Control engineering and body electronics are two important domains in automotive systems. Both domains use multi-rate functions and rely on correct end-to-end timing, but they essentially differ in the meaning of end-to-end delays. Control systems that continuously drive external actuators shall ensure that these driving signals do not exceed a maximum age. ’Data age’ is a concept in the heart of control engineering theory. Clearly, if the
same signal is consumed twice, the second consumption is critical because the (unchanged) signal at the time of the second consumption is older. In body electronics, the situation can be very different. In a door lock system, the first arriving signal will command the consuming device to lock the door. Any later signal duplicate can not lock the door ’more’. This shows that there exist at least two different semantics of end-to-end timing. In addition, constraining timing is not always about delays between stimuli and responses.
An important class of constraints deals with the synchronization between either stimuli or responses, respectively. Referring again to the door lock system, the reaction time between button pressed (stimuli) and door locked (response) could typically have a span between fastest and slowest reaction of several hundreds of milliseconds. However, the tolerated difference between when the different doors are locked is perhaps just some tens of milliseconds. There is, consequently, a need for classification of the semantics of end-to-end timing constraints in terms of the treatment of duplicate data and the synchronization of input or output data. Also, when applications are composed of different subsystems, it is important to know how the effects of duplicated or purged signal data propagate over subsystem interfaces and what the net effect of them are on the application itself.
The main goal of the TIMMO project is to define a predictable development process that is able to handle timing in all design phases and able to verify as well as validate the timing behaviour of a real-time system throughout the process.
[1]
Ken Tindell,et al.
ADDING TIME-OFFSETS TO SCHEDULABILITY ANALYSIS
,
1994
.
[2]
Alberto L. Sangiovanni-Vincentelli,et al.
Loosely time-triggered architectures based on communication-by-sampling
,
2007,
EMSOFT '07.
[3]
Richard Gerber,et al.
Guaranteeing end-to-end timing constraints by calibrating intermediate processes
,
1994,
1994 Proceedings Real-Time Systems Symposium.
[4]
Behavioral Suppport.
Advancing Traffic Efficiency and Safety through Software Technology, Phase 2 (ATESST2)
,
2010
.
[5]
R. Ernst,et al.
Model composition for scheduling analysis in platform design
,
2002,
Proceedings 2002 Design Automation Conference (IEEE Cat. No.02CH37324).
[6]
Alberto L. Sangiovanni-Vincentelli,et al.
Semantics-Preserving Design of Embedded Control Software from Synchronous Models
,
2007,
IEEE Transactions on Software Engineering.
[7]
Lothar Thiele,et al.
Real-time calculus for scheduling hard real-time systems
,
2000,
2000 IEEE International Symposium on Circuits and Systems. Emerging Technologies for the 21st Century. Proceedings (IEEE Cat No.00CH36353).
[8]
Michael González Harbour,et al.
Exploiting precedence relations in the schedulability analysis of distributed real-time systems
,
1999,
Proceedings 20th IEEE Real-Time Systems Symposium (Cat. No.99CB37054).
[9]
Thomas A. Henzinger,et al.
Trading end-to-end latency for composability
,
2005,
26th IEEE International Real-Time Systems Symposium (RTSS'05).