Designing Predictable Multicore Architectures for Avionics and Automotive Systems

This paper deals with architectures and their design principles for embedded control systems as they are used in the automotive and aeronautics industries. Growing software complexity in the embedded domain has led to the development of standardized frameworks which focus on composing components, possibly developed by different suppliers, on Electronic Control Units (ECUs). Examples are AUTOSAR in the automotive domain and the IMA architecture in the aeronautics industry. Both IMA and AUTOSAR are claimed to support compositionality and composability; the behavior of a system is determined by the behavior of the system’s components and the type of composition (compositionality), and the behavior of individual components should not change by the composition (composability). This is the assumption on which the incremental acceptance of IMA is based; To facilitate composability, AUTOSAR abstracts from the underlying hardware, i.e. the actually deployed ECUs. For time-critical systems, composability of the timing behavior would mean that the modification of one component would only influence its timing behavior and not that of other components. This paper proposes a design philosophy supporting composability of the timing behavior. It is claimed that without such a design philosophy composability is hard to achieve without sacrificing too much performance. The AUTOSAR timing model currently being developed mainly concerns the integration of scheduling requirements. The success of scheduling analysis depends on the predictability of the execution times of the AUTOSAR“runnables”, the basic building blocks of a software component. When multiple software components are mapped to a hardware architecture where a high degree of interference between the components cannot be avoided (e.g. due to shared caches or buses) execution times of runnables may vary considerably endangering the possibility to predict safe and precise execution time bounds, which again