Autosar

Compliance to ISO 26262 for the open and standardized software architecture in automotive electronic control units

Quick Explanation

  • Supports Autosar RTE libraries
  • Supports scheduling policy and scheduling tables
  • Supports execution time monitoring
  • Supports resource locking time monitoring
  • Supports task inter-time arrival monitoring
  • Supports end-to-end signal protection
  • Supports debugging operations
  • Supports import of AUTOSAR system and ECU configurations

Protocol

  • Supports AUTOSAR based design per the ISO 26262

Autosar

VisualSim Autosar  library provides the first and only simulation-based Autosar platform to verify the safety mechanisms in an AUTOSAR-based design per the ISO 26262 functional safety process. This virtual platform simulation technology achieves the above verification goal at the infrastructure service-level modeling (i.e. modeling at a higher level of fidelity than merely application software components exchanging information using the Virtual Functional Bus, but at a lower level of fidelity than cycle-accurate processor modeling). This solution saves time and effort, compared to verification on a hardware bench or in final vehicle tests (i.e., aim for “no surprises” during final vehicle verification).

VisualSim Autosar provides the Autosar RTE libraries, ability to graphical import the Runnables, OS, Schedule, basic software modules (BSW), watchdog manager, and E2E library. The system generates over 200 reports including log files of all the actions at the BSW and the Runnable level. A unique report is the reason for the failure of the watchdog items – deadline monitor, program flow and aliveness indications.

The key features of the platform include:

  1. The RTE port interfaces and associated port attributes (sender-receiver vs. client-server, synchronous vs. asynchronous, queue length, timeout, acknowledgement)
  2. Model the RTE runnable schedule table, accommodating both Category 1 Runnables (cannot wait on events) and category 2 Runnables (can wait on events)
  3. Model the AUTOSAR OS scheduling policy and schedule tables
  4. Model Scalability Class 4 (SC4) AUTOSAR OS (includes both memory protection and timing protection)
  5. Model AUTOSAR OS memory protection for data, code, and stack
  6. Model AUTOSAR OS execution time monitoring
  7. Model AUTOSAR OS resource locking time monitoring
  8. Model AUTOSAR OS task inter-arrival time monitoring
  9. Model AUTOSAR OS protection hooks for memory or timing protection violations
  10. Model AUTOSAR Watchdog Manager services for deadline monitoring
  11. Model AUTOSAR Watchdog Manager services for program flow monitoring
  12. Model AUTOSAR Watchdog Manager services for aliveness monitoring
  13. Model AUTOSAR services for end-to-end signal protection
  14. Model AUTOSAR CAN, and FlexRay communication stacks
  15. Model observability, tracing, and logging facilities for use in debugging
  16. Testing and fault-injection framework that provides both interactive and scripting methods for providing inputs and injecting faults (see section 5.6 for a list of faults to be injected)
  17. Mechanism to import AUTOSAR system and ECU configurations from the standard AUTOSAR XML files
  18. Mechanism to interactively view/query and modify AUTOSAR system and ECU configuration parameters

The system configuration can be done via a series of tables that can be imported from XML files. These include the RTE, OS, Watchdog and Communication. The user creates a network layer of CAN, FlexRay or Ethernet. To each node, the hardware definition is added and then Autosar components are attached. Finally, the association of the Runnables to each Node is completed. Each node and the network are configured and the models are simulated. A combination of graphical displays and log files are generated for interactive and off-line post processing.

VisualSim Autosar library is used by the AUTOSAR Integration Team, ISO Validation Team and Advanced Development Team for:

  1. AUTOSAR designers can validate the AUTOSAR specification of the safety services?
  2. Is the implementation of the specification in BSW modules consistent with the specification?
  3. Are any extensions to the specification valid?
  4. Have we used and configured the safety services correctly to achieve system-level safety goals and functional performance requirements of a particular design per ISO 26262?
  5. Are the AUTOSAR specifications of the safety-related services complete, consistent, and unambiguous?
  6. Are software implementations of the AUTOSAR safety-related consistent with the AUTOSAR specifications?
  7. Are the usage and configuration of the AUTOSAR safety-related services in designs capable of achieving system-level safety goals and functional performance requirements per ISO 26262?

A unique feature of the VisualSim Autosar library is the ability to inject faults into the simulation model. The faults can be electronic device degradation, memory error, illegal user operation, data manipulation or incorrect overwrite, and software scheduling. These can be used to test the vulnerability of the system and the ability to detect issues that needed to be responded too before the eventual failure occurs. This allows the designers to conduct large variety of ad-hoc tests that would not be possible on the physical systems.

Another feature is the ability to create multiple instances of the Autosar infrastructure to simulate multi-processor and multi-core ECU. This can be setup on a network and the end-to-end latency computation can be from the Sensor in one or more ECUs through multiple ECUs and end with one or attenuators.

Autosar - Configuring the Scheduler, Tasks, Runnables and Watchdog