Schedulability and end-to-end latency in distributed ECU networks: formal modeling and precise estimation

International Conference on Embedded Software Pub Date : 2010-10-24 DOI:10.1145/1879021.1879039

A. Rajeev, S. Mohalik, Manoj G. Dixit, Devesh B. Chokshi, S. Ramesh

{"title":"Schedulability and end-to-end latency in distributed ECU networks: formal modeling and precise estimation","authors":"A. Rajeev, S. Mohalik, Manoj G. Dixit, Devesh B. Chokshi, S. Ramesh","doi":"10.1145/1879021.1879039","DOIUrl":null,"url":null,"abstract":"Embedded control systems in automobiles are typically implemented by a set of tasks deployed on multiple Electronic Control Units (ECUs) communicating via one or more buses like CAN or FlexRay. In the case of safety-critical systems, there are hard real-time bounds on the (i) response times of tasks/messages, and (ii) end-to-end latencies of certain task/message chains. These depend on various factors like the number of tasks (and messages) involved in the processing (and communication) sequence, parameters of these tasks/messages, scheduling policies, communication protocols, clock drifts, etc. Moreover, since the data transfer among tasks/messages is typically via asynchronous buffers that are overwritable and sticky, multiple semantics are possible for end-to-end latency. Hence, precise estimation of response times and end-to-end latencies in embedded systems is a non-trivial problem.\n In this paper, we propose a model-checking based technique to compute worst-case response times and end-to-end latencies. We consider a distributed system made of preemptively scheduled tasks and non-preemptively scheduled messages. Given a chain in the system, we estimate two different end-to-end latencies --LIFO and LILO-- which are important in automotive domain. From a system description, we automatically synthesize a formal model based on a discrete event simulation formalism called Calendar Automata. It is then model-checked to compute response times and end-to-end latencies. Our technique is more scalable than the existing formal methods based techniques. We have illustrated this technique on reasonably large case-studies from the automotive domain.","PeriodicalId":143573,"journal":{"name":"International Conference on Embedded Software","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"42","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Embedded Software","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1879021.1879039","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 42

Abstract

Embedded control systems in automobiles are typically implemented by a set of tasks deployed on multiple Electronic Control Units (ECUs) communicating via one or more buses like CAN or FlexRay. In the case of safety-critical systems, there are hard real-time bounds on the (i) response times of tasks/messages, and (ii) end-to-end latencies of certain task/message chains. These depend on various factors like the number of tasks (and messages) involved in the processing (and communication) sequence, parameters of these tasks/messages, scheduling policies, communication protocols, clock drifts, etc. Moreover, since the data transfer among tasks/messages is typically via asynchronous buffers that are overwritable and sticky, multiple semantics are possible for end-to-end latency. Hence, precise estimation of response times and end-to-end latencies in embedded systems is a non-trivial problem. In this paper, we propose a model-checking based technique to compute worst-case response times and end-to-end latencies. We consider a distributed system made of preemptively scheduled tasks and non-preemptively scheduled messages. Given a chain in the system, we estimate two different end-to-end latencies --LIFO and LILO-- which are important in automotive domain. From a system description, we automatically synthesize a formal model based on a discrete event simulation formalism called Calendar Automata. It is then model-checked to compute response times and end-to-end latencies. Our technique is more scalable than the existing formal methods based techniques. We have illustrated this technique on reasonably large case-studies from the automotive domain.

查看原文本刊更多论文

分布式ECU网络中的可调度性和端到端延迟:形式化建模和精确估计

汽车中的嵌入式控制系统通常由部署在多个电子控制单元(ecu)上的一组任务实现，这些电子控制单元通过CAN或FlexRay等一个或多个总线进行通信。在安全关键型系统的情况下，在(i)任务/消息的响应时间和(ii)某些任务/消息链的端到端延迟上存在硬实时边界。这取决于各种因素，如处理(和通信)序列中涉及的任务(和消息)的数量、这些任务/消息的参数、调度策略、通信协议、时钟漂移等。此外，由于任务/消息之间的数据传输通常是通过可覆盖且具有粘性的异步缓冲区进行的，因此端到端延迟可以采用多种语义。因此，在嵌入式系统中精确估计响应时间和端到端延迟是一个非常重要的问题。在本文中，我们提出了一种基于模型检查的技术来计算最坏情况下的响应时间和端到端延迟。我们考虑一个由抢占式调度任务和非抢占式调度消息组成的分布式系统。给定系统中的一条链，我们估计了两种不同的端到端延迟-LIFO和LILO-这在汽车领域很重要。从系统描述中，我们自动合成了一个基于离散事件模拟形式的形式化模型，称为日历自动机。然后对其进行模型检查，以计算响应时间和端到端延迟。我们的技术比现有的基于技术的正式方法更具可扩展性。我们已经在汽车领域的大型案例研究中说明了这种技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Conference on Embedded Software

自引率

0.00%

发文量