Timing verification of real-time automotive Ethernet networks: what can we expect from simulationReport as inadecuate




Timing verification of real-time automotive Ethernet networks: what can we expect from simulation - Download this document for free, or read online. Document in PDF available to download.

* Corresponding author 1 CSC - Computer Science and Communications Research Unit Luxembourg 2 Daimler - Daimler Chrysler AG 3 RTaW - Realtime-at-Work

Abstract : Switched Ethernet is a technology that is profoundly reshaping automotive communication architectures as it did in other application domains such as avionics with the use of AFDX backbones. Early stage timing verification of critical embedded networks typically relies on simulation and worst-case schedulability analysis. When the modeling power of schedulability analysis is not sufficient, there are typically two options: either make pessimistic assumptions or ignore what cannot be modeled. Both options are unsatisfactory because they are either inefficient in terms of resource usage or potentially unsafe. To overcome those issues, we believe it is a good practice to use simulation models, which can be more realistic, along with schedulability analysis. The two basic questions that we aim to study here is what can we expect from simulation, and how to use it properly? This empirical study explores these questions on realistic case-studies and provides methodological guidelines for the use of simulation in the design of switched Ethernet networks. A broader objective of the study is to compare the outcomes of schedulability analyses and simulation, and conclude about the scope of usability of simulation in the desi gn of critical Ethernet networks. 1 C o n t e x t a n d o b j e c t i v e s o f t h e s t u d y Ethernet is meant in vehicles not only for the support of infotainment applications but also to transmit time-sensitive data used for the real-time control of the vehicle and ADAS functions. In such use-cases, the temporal behavior of the communication architecture must be carefully validat ed. Early stage timing verification of critical embedded networks typically relies on simulation and worst-case schedulability analysis, which basically consists in building a mathematical model of the worst possible situations that can be encountered at run-time. When the modeling capabilities of schedulability analysis is not sufficient, which given the complexity of today-s architectures is in our experience in many practical situations the case see Na13,Na14 and § 2.4, there are typically two possibilities. The first option is to make pessimistic assumptions e.g., modeling aperiodic frames as periodic ones, which is not always possible because for instance it may result in overloaded resources e.g., link utilization larger than 100%. The second option is to ignore what cannot be modeled e.g., ignoring transmission errors, aperiodic traffic, etc. Both options are unsatisfactory because they are either inefficient in terms of resource usage or potentially unsafe. In addition, it can happen that schedulability analysis tools provide wrong results, most often because the analysis- assumptions are not met by the actual implementation, or possibly because of numerical issues in the implementation e.g., if floating point arithmetic is used, or simply because the analysis is flawed see for instance Da07.

Keywords : timing verification timing-accurate simulation ergodicity automotive Ethernet simulation methodology worst-case response time analysis





Author: Nicolas Navet - Jan Seyler - Jörn Migge -

Source: https://hal.archives-ouvertes.fr/



DOWNLOAD PDF




Related documents