Virtualization in Automotive     Embedded Systems :          an Outlook Nicolas Navet, RTaW Bertrand Delord, PSA Peugeot C...
Outline          1. Automotive E/E Systems: mastering complexity          2. Ecosystems of virtualization technologies    ...
Mastering complexity of                                    automotive Electrical and                                    El...
Electronics is the driving                                       force of innovation                                      ...
Proliferation of ECUs                                                                                     raises problems!...
The case of a “generalist”                                        car manufacturer - PSA                                  ...
Possible upcoming architectures                            in two car generations           Fewer ECUs but more powerful  ...
Ecosystem of virtualization                                           technologies© 2010 RTaW / PSA / Freescale - 8
Virtualization basics    Executing software on virtual machines      decoupled from the real HW    –     Virtual Machine: ...
Classification of virtualization schemes                             [3]                                             Virtu...
Use-cases of virtualization© 2010 RTaW / PSA / Freescale - 11
Heterogeneous operating system                             environments (1/2)              Re-use of a complete legacy ECU...
Heterogeneous operating system                             environments (2/2)          Using the best execution platform :...
Virtualization for                              security-critical sub-systems                 Benefits:                 – ...
Virtualization for                                 safety-critical sub-systems        Short term benefits:        – Memory...
AUTOSAR OS protection mechanism -                    a recap (see [7])           Issues : resource confiscation (CPU, memo...
Limits of virtualization© 2010 RTaW / PSA / Freescale - 17
Real-time performances               Virtualization implies a         hierarchical two-level scheduling         that is in...
Technical issues           Memory:                   VMM footprint: < 64KB                   Possibly several OSs !       ...
Conclusion               Virtualization is a mature technology, industrial               risk is limited               Aut...
References© 2010 RTaW / PSA / Freescale - 21
References                                     [1] N. Navet, F. Simonot-Lion, editors, The Automotive Embedded Systems    ...
Questions / feedback ?                                           Please get in touch at :                                 ...
Upcoming SlideShare
Loading in...5
×

Virtualization in Automotive Embedded Systems : an Outlook

725

Published on

N. Navet, B. Delord, M. Baumeister, "Virtualization in Automotive Embedded Systems : an Outlook", talk at RTS Embedded System 2010, Paris, France, March, 2010.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
725
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Virtualization in Automotive Embedded Systems : an Outlook

  1. 1. Virtualization in Automotive Embedded Systems : an Outlook Nicolas Navet, RTaW Bertrand Delord, PSA Peugeot Citroën Markus Baumeister, FreescaleTalk at RTS Embedded Systems 2010 Paris, 31/03/2010
  2. 2. Outline 1. Automotive E/E Systems: mastering complexity 2. Ecosystems of virtualization technologies 3. Automotive use-cases of virtualization 4. Limits of virtualization© 2010 RTaW / PSA / Freescale - 2
  3. 3. Mastering complexity of automotive Electrical and Electronics (E/E) Systems© 2010 RTaW / PSA / Freescale - 3
  4. 4. Electronics is the driving force of innovation – 90% of new functions use software – Electronics: 40% of total costs – Huge complexity: 80 ECUs, 2500 signals, 6 networks, multi-layered run-time environment (AUTOSAR), multi-source software, multi-core CPUs, etc Strong costs, safety, reliability, time‐to‐market,  reusability, legal constraints !© 2010 RTaW / PSA / Freescale - 4
  5. 5. Proliferation of ECUs raises problems! 50 Number of ECUs (CAN/MOST/LIN) 45 40 35 30 25 20 15 Mercedes-Benz BMW 10 Audi 5 VW 0 1986 1988 1990 1992 1994 1996 1998 2000 2002 2004 2006 2008 Year Graphics on this page from [3] Lexus LS430 has more than 100 ECUs [9]© 2010 RTaW / PSA / Freescale - 5
  6. 6. The case of a “generalist” car manufacturer - PSA 45 40 35 30 CAN LAS info-div LIN 25 CAN CAR CAN CONF 20 CAN I/S 15 10 5 0 X4-2000 X4-2003 D2 2004 D2 TG D25 X3 X6-2005 X7-2007 W2 PF3 The number of ECUs has more than doubled in 10 years© 2010 RTaW / PSA / Freescale - 6
  7. 7. Possible upcoming architectures in two car generations Fewer ECUs but more powerful – Multi-core μ-controller – Multi-source software – Autosar OS strong protection mechanisms – Virtualization ? – ISO2626-2 dependability standard Backbone : – CAN 500Kbit/s with offsets – FlexRay™ : 10 Mbit/s – Ethernet ? How centralized is unsure  because of carry‐over ..  FlexRay™ as backbone at BWM in a few years [8]© 2010 RTaW / PSA / Freescale - 7
  8. 8. Ecosystem of virtualization technologies© 2010 RTaW / PSA / Freescale - 8
  9. 9. Virtualization basics Executing software on virtual machines decoupled from the real HW – Virtual Machine: software that executes software like a physical machine – (System) VM contains an OS – HW resources can be shared between VMs : role of hypervisor Strong isolation  between VMs : security  and fault‐confinement are  the primary motivations Picture from [2]© 2010 RTaW / PSA / Freescale - 9
  10. 10. Classification of virtualization schemes [3] Virtualization Emulation Native Hypoth. Real Full Para- Machine Machine Virtua. virtua. eg. JVM eg. Bochs eg. Z/VM eg. Xen, Sysgo, Wind River© 2010 RTaW / PSA / Freescale - 10
  11. 11. Use-cases of virtualization© 2010 RTaW / PSA / Freescale - 11
  12. 12. Heterogeneous operating system environments (1/2) Re-use of a complete legacy ECU : eg. parking assistance Legacy Benefits – Time-to-market, applications – – Cost reduction Validation done Legacy OS – Way to deal with + discontinued hardware Comm. stack Hypervisor hardware© 2010 RTaW / PSA / Freescale - 12
  13. 13. Heterogeneous operating system environments (2/2) Using the best execution platform : eg. Body gateway with both an Autosar and an infotainment VM (eg., linux, android) Benefits – Performances – Availability of manpower / applications – Time-to-market – Security despite open systems – Segregation in “vehicle domains” VMM – Etc Picture from [2] The most obvious and likely use‐case in a first step © 2010 RTaW / PSA / Freescale - 13
  14. 14. Virtualization for security-critical sub-systems Benefits: – Critical code can run on bare hardware – Sufficiently small for formal methods – “Brick-wall” partitioning for open systems (OTA update) Critical code Hypervisor hardware© 2010 RTaW / PSA / Freescale - 14
  15. 15. Virtualization for safety-critical sub-systems Short term benefits: – Memory, CPU, IO protection mechanisms – Redundant execution with diversity reduces common faults, possible to go one step farther with OS and com. stack diversity – Monitoring / watchdog on the same multi-core chip (ideally with some HW diversity at the core level) Medium term goal: – Virtual lockstep execution without dedicated HW Not the same scope of protection as Autosar OS Autosar OS : OS application, OS task, ISR  Virtualization : VM (usually with an OS)© 2010 RTaW / PSA / Freescale - 15
  16. 16. AUTOSAR OS protection mechanism - a recap (see [7]) Issues : resource confiscation (CPU, memory, drivers), non authorized access / calls, fault- propagation 5 types of mechanisms Memory protection Temporal protection As of Autosar R4, there  are multi‐core  OS service protection extensions enabling CPU  HW resource protection core partitioning   trusted / non-trusted code 4 scalability classes© 2010 RTaW / PSA / Freescale - 16
  17. 17. Limits of virtualization© 2010 RTaW / PSA / Freescale - 17
  18. 18. Real-time performances Virtualization implies a hierarchical two-level scheduling that is inherently less predictable and more complex to handle Picture from [2] Actually, three‐level scheduling since runnables are scheduled within OS tasks! Static core allocation (to VMs) is probably the way to go ..© 2010 RTaW / PSA / Freescale - 18
  19. 19. Technical issues Memory: VMM footprint: < 64KB Possibly several OSs ! CPU: Limited hardware support in embedded CPU [6] Preemption, L2 cache flush, locked cache Resource sharing is tricky: ISR, IOs, com. controllers Real-time performances (eg. LIN) peripheral virtualization is complex (eg. CAN) VMM must be kept small to be secure (more than guest OSs) and ideally bug free … otherwise responsibility sharing is impossible© 2010 RTaW / PSA / Freescale - 19
  20. 20. Conclusion Virtualization is a mature technology, industrial risk is limited Automotive can benefit from both aerospace / military and consumer electronic experiences: Products, certification, deployment tools, etc The overlap between virtualization and Autosar OS seems small There are meaningful use-cases but real-time behavior of the virtualized systems should be (formally) verified.© 2010 RTaW / PSA / Freescale - 20
  21. 21. References© 2010 RTaW / PSA / Freescale - 21
  22. 22. References [1] N. Navet, F. Simonot-Lion, editors, The Automotive Embedded Systems Handbook, Industrial Information Technology series, CRC Press / Taylor and Francis, ISBN 978-0849380266, December 2008. [2] R. Kaiser, D. Zöbel, Quantitative Analysis and Systematic Parametrization of a Two-Level Real-Time Scheduler, paper and slides at IEEE ETFA’2009. [3] T. Nolte, Hierarchical Scheduling of Complex Embedded Real-Time Systems, slides presented at the Summer School on Real-Time Systems (ETR’09), Paris, 2009. [4] G. Heiser, The role of virtualization in embedded systems, Proceedings of the 1st workshop on Isolation and integration in embedded systems, 2008. [5] D. Baldin, T. Kerstan, Proteus, a Hybrid Virtualization Platform for Embedded Systems, IFIP Advances in Information and Communication Technology, 978-3-642-04283-6, 2009. [6] F. Behmann, Virtualization for embedded Power Architecture CPUs, Electronic Products, September 2009. [7] N. Navet, A. Monot, B. Bavoux, F. Simonot-Lion, Multi-source and multicore automotive ECUs - OS protection mechanisms and scheduling, to appear in IEEE ISIE, 2010. [8] A. Schedl, Goals and Architecture of FlexRay at BMW, slides presented at the Vector FlexRay Symposium, March 2007. [9] R. Schreffler, Japanese OEMs, Suppliers, Strive to Curb ECU Proliferation, Wardsauto.com, March 6, 2006.© 2010 RTaW / PSA / Freescale - 22
  23. 23. Questions / feedback ? Please get in touch at : nicolas.navet@realtimeatwork.com bertrand.delord@mpsa.com B17517@freescale.com© 2010 RTaW / PSA / Freescale - 23
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×