Scribd
Upload
251 views21 pages

MICROSAR Safe - A and Solution - V

The document discusses software solutions for safety-critical ECUs that allow for mixed criticality, with applications of different Automotive Safety Integrity Levels (ASILs) to coexist on the same hardware. Safety mechanisms are implemented to detect and handle interference faults between applications and prevent lower integrity software from interfering with higher integrity software. This is achieved through memory encapsulation, program flow monitoring, and safe execution of tasks using memory protection and a safe watchdog manager. The architecture employs checkpointed safety elements, a safe operating system, and safety mechanisms throughout to ensure freedom from interference and safe mixed criticality functionality.

Uploaded by

rasminoj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
251 views21 pages

MICROSAR Safe - A and Solution - V

The document discusses software solutions for safety-critical ECUs that allow for mixed criticality, with applications of different Automotive Safety Integrity Levels (ASILs) to coexist on the same hardware. Safety mechanisms are implemented to detect and handle interference faults between applications and prevent lower integrity software from interfering with higher integrity software. This is achieved through memory encapsulation, program flow monitoring, and safe execution of tasks using memory protection and a safe watchdog manager. The architecture employs checkpointed safety elements, a safe operating system, and safety mechanisms throughout to ensure freedom from interference and safe mixed criticality functionality.

Uploaded by

rasminoj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

 MICROSAR Safe

-A and Solution -
V1.02 | 2014-11-21
Software for Safety ECUs
Software for Safety ECUs

 Mixed ASIL ECUs

2
Software for Safety ECUs
Software for Safety ECUs

Application SW Application SW
1 1
ASIL D ASIL D
Safety Mechanism
Application SW Application SW
2
ASIL Coexistance
according to ISO 26262 2
QM
ASIL D
Basic SW
Basic SW
3
3
QM

The safety mechanisms


 detect and handle interference faults
> in the basic SW
> in the application SW
> in the hardware (partly)

 and thus allow the coexistence of software with different integrity levels

3
Software for Safety ECUs
Software for Safety ECUs

Requirement for Coexistence

4
SafeExecution
Freedom from Interference

Application A Application B
activate Set
Task 1 Task 2 Task 3 Event ISR 1

RAM

CPU

Threat Solution
Memory corruption Memory encapsulation & Context save
 Safety relevant tasks run in protected
 Tasks affect safety related memory
memory partitions

Insufficient execution time Program Flow Monitoring


 QM task blocks CPU  Checks correct execution of

 OS does not provide CPU slot safety relevant tasks

5
SafeExecution
Memory Protection

Software MPU RAM

Application A
Task 1
 Task1
 Stack
 Task2
 Application Data
Application B
Task 2
 Task3
 Stack
 Application Data

Task 3
 Stack
Operating System  Application Data
 Context Switching

6
SafeExecution
Memory Protection

Software MPU RAM

Application A
Task 1
 Task1
 Stack
 Task2
 Application Data
Application B
Task 2
 Task3
 Stack
 Application Data

Task 3
 Stack
Operating System  Application Data
 Context Switching

7
SafeExecution
Program Flow Monitoring

 Correct timing (Deadline, Frequency)


 Correct sequence
 Safe Watchdog handling

Time

Task A Task A Task A

Task B Task B

Task C

SafeWatchdog Manager

Watchdog

8
Software for Safety ECUs
Software for Safety ECUs

“Safe” “Safe”
SWC C SWC D
SWC A SWC B

MICROSAR RTE

MICROSAR DIAG
MICROSAR COM

MICROSAR MEM
MICROSAR SYS
MICROSAR OS (SC3/4)

J1939TP

MICROSAR IO

Safe Complex Drivers


MICROSAR MOST
MICROSAR LIN

MICROSAR FR

MICROSAR IP
MICROSAR CAN
XCP

MICROSAR CAL MICROSAR EXT

Microcontroller

Safety Related Autosar Non-safety related


Safety Mechanism Function Basic SW Module Function

9
SafeExecution
Architecture

„rope of pearls”
“Safe” “Safe”
Checkpoint Checkpoint SWC SWC
SWC SWC

MICROSAR RTE

MICROSAR DIAG
Safe Watchdog MICROSAR COM

Checkpoint
SafeContext
Manager

MICROSAR MEM
MICROSAR SYS

J1939TP

MICROSAR IO

Safe Complex Drivers


MICROSAR MOST
MICROSAR LIN

MICROSAR FR

MICROSAR IP
MICROSAR CAN
MICROSAR OS (SC3/4)

XCP

Wdg Drv MICROSAR CAL MICROSAR EXT


Watch
dog
Microcontroller

Safety Related Non-safety related


Safety Mechanism
Function Function Hardware

10
Software for Safety ECUs

Communication / Data Exchange

Internal

External

11
Safe Communication

“Safe” “Safe”
SWC C SWC D
SWC A SWC B

MICROSAR RTE

MICROSAR DIAG
MICROSAR COM

MICROSAR MEM
MICROSAR SYS
MICROSAR OS (SC3/4)

J1939TP

MICROSAR IO

Safe Complex Drivers


MICROSAR MOST
MICROSAR LIN

MICROSAR FR

MICROSAR IP
MICROSAR CAN
XCP

MICROSAR CAL MICROSAR EXT

Microcontroller

Safety Related Autosar Non-safety related


Safety Mechanism Function Basic SW Component Function

12
SafeRTE
Freedom from Interference

ASIL Partition QM Partition


high ASIL
Tier1/OEM
SWC1 SWC2 SWC3 SWC4 SWC5
high ASIL
SafeRTE Read RTE 3rd party

Safe MICROSAR
Context Safe
(OS) BSW
QM
Tier1/OEM

QM
MCAL 3rd party

MICROSAR
Hardware* QM

 SafeRTE realizes correct communication


 Freedom from Interference is realized by
SafeContext regarding Memory

* Hardware ASIL can be raised by software means

13
SafeRTE
Tool Based Qualification

Design of safety related communication

QM
Design &
Configuration C
o
m
ECU Extract of System Configuration p
a
ECU Configuration Description r
… e

!
TCL1
RTE Generator
TCL2
rte.c Configuration
RTE Verify Feedback
rte.h

Report on Integrity
14
SafeCOM
Topic

Application Application
A B

SWC A SWC B

MICROSAR RTE MICROSAR RTE

MICROSAR BSW MICROSAR BSW

CAN, FlexRay

15
SafeCOM
Solution

Application Application
A B

E2E E2E
Protection Protection
Wrapper Wrapper
E2E LIB E2E LIB
RTE RTE
Rte_Write_<A>_<B> increment
increment Verify
verify Rte_Read_<A>_<B>
message
messagecounter
counter message
messagecounter
counter
SWC A calculate
calculate CRC verify
verify CRC
SWC B
CRC CRC

MICROSAR RTE MICROSAR RTE

MICROSAR BSW MICROSAR BSW

CAN, FlexRay

16
SafeCOM
Solution

Application Application
A B

SafeCOM
E2E E2E
Protection Protection
Wrapper Wrapper
E2E LIB E2E LIB
RTE RTE
Rte_Write_<A>_<B> increment
increment Verify
verify Rte_Read_<A>_<B>
message
messagecounter
counter message
messagecounter
counter
SWC A calculate
calculate CRC verify
verify CRC
SWC B
CRC CRC

MICROSAR RTE All protection profiles are supported MICROSAR RTE

MICROSAR BSW MICROSAR BSW

CAN, FlexRay

17
MICROSAR Safe

 … is the AUTOSAR basic software of Vector


 … combined with safety mechanisms (SafeContext, SafeWatchdog, SafeRTE,
SafeCOM) developed by TTTech and Vector

Checkpoint “Safe” Checkpoint “Safe” SWC SWC


SWC SWC
E2E Protection Wrapper
Safe RTE

MICROSAR DIAG
OS MICROSAR COM

Checkpoint
E2E Library
SafeContext

Safe Complex Drivers


MICROSAR MEM
MICROSAR SYS

MICROSAR IO
J1939TP

MICROSAR MOST
Safe Watchdog

MICROSAR LIN

MICROSAR FR

MICROSAR IP
MICROSAR CAN
Manager
MICROSAR OS (SC3/4)

XCP

Wdg Drv MICROSAR CAL MICROSAR EXT


Watch
dog
Micro Controller

Safety Related Non-safety related


Safety Mechanism
Function Function Hardware

18
MICROSAR Safe
Integration of SEooC

Your Project Vector


Products  SEooC
Risk / Hazard  Microsar Safe
Analysis / > OS SafeContext / SafeWatchdog
Safety
Requirements > SafeRTE
> Microsar SafeCOM
Development
ASIL  Characteristics
Software  Developed according to ASIL-D

MICROSAR  Certified by TÜV or similar


SAFE organization

Safety  Integration
Requirements  Safety Case
 Safety Manual
Development
Integration > Assumptions on Safety Goals
SEooC
> Functional extensions and
restrictions
Development
QM Software > Integration requirements,
e.g. interrupt handling
> Process requirements, e.g. reviews
19
ISO26262 on Multi-Core Architecture

MicrosarSafe is also available for Multi-core Architectures


For further information please contact
[email protected]

20
Webinars

Thank you for your attention.

For detailed information please have a look at:


www.vector.com
www.tttech.com

 Registration to the upcoming Webinars and the list of recorded Webinars:


http://www.vector.com/vi_webinars_en.html

 Contact data for additional questions, product information or presentation :


[email protected]
 +49 (0) 711 80670 400
[email protected]

21

You might also like