ModelMap: A Model-Based Multi-Domain Application Framework for Centralized Automotive Systems
Article No.: 163, Pages 1 - 9
Abstract
This paper presents ModelMap, a model-based multi-domain application development framework for DriveOS, our in-house centralized vehicle management software system. DriveOS runs on multicore x86 machines and uses hardware virtualization to host isolated RTOS and Linux guest OS sandboxes. In this work, we design Simulink interfaces for model-based vehicle control function development across multiple sandboxed domains in DriveOS. ModelMap provides abstractions to: (1) automatically generate periodic tasks bound to threads in different OS domains, (2) establish cross-domain synchronous and asynchronous communication interfaces, and (3) handle USB-based CAN I/O in Simulink. We introduce the concept of a nested binary, for the deployment of ELF binary executable code in different sandboxed domains. We demonstrate ModelMap using a combination of synthetic benchmarks, and experiments with Simulink models of a CAN Gateway and HVAC service running on an electric car. ModelMap eases the development of applications, which are shown to achieve industry-target performance using a multicore hardware platform in DriveOS.
References
[1]
Apex.ai. Customer Success Story: Toyota's Woven Planet, 2022. https://www.apex.ai/toyota-woven-planet.
[2]
M. Becker, D. Dasari, S. Mubeen, M. Behnam, and T. Nolte. End-to-end Timing Analysis of Cause-effect Chains in Automotive Embedded Systems. Journal of Systems Architecture, 80:104--113, 2017.
[3]
L. Belluardo, A. Stevanato, D. Casini, G. Cicero, A. Biondi, and G. Buttazzo. A Multi-Domain Software Architecture for Safe and Secure Autonomous Driving. In Proceedings of the 27th IEEE RTCSA Conference, 2021.
[4]
P. Berger, J.-P. Katoen, E. Ábrahám, M. T. B. Waez, and T. Rambow. Verifying Auto-generated C Code from Simulink. In the International Symposium on Formal Methods, pages 312--328. Springer, 2018.
[5]
H. Bourbouh, P.-L. Garoche, T. Loquen, É. Noulard, and C. Pagetti. CoCoSim, a Code Generation Framework for Control/Command Applications: An Overview of CoCoSim for Multi-Periodic Discrete Simulink Models. In the 10th European Congress on Embedded Real Time Software and Systems, Toulouse, France, 2020.
[6]
O. Burkacky, J. Deichmann, G. Doll, and C. Knochenhauer. Rethinking Car Software and Electronics Architecture. McKinsey & Company, 2018.
[7]
O. Burkacky, J. Deichmann, and J. P. Stein. Automotive Software and Electronics 2030: Mapping the Sector's Future Landscape. McKinsey & Company, 2019.
[8]
A. Canedo, J. Wan, and M. A. Al Faruque. Functional Modeling Compiler for System-level Design of Automotive Cyber-Physical Systems. In 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pages 39--46, 2014.
[9]
P. Caspi, A. Curic, A. Maignan, C. Sofronis, S. Tripakis, and P. Niebert. From Simulink to SCADE/Lustre to TTA: A Layered Approach for Distributed Embedded Applications. In LCTES, page 10, 2003.
[10]
W. Chang, D. Roy, L. Zhang, and S. Chakraborty. Model-Based Design of Resource-Efficient Automotive Control Software. In the IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pages 1--8, Nov 2016.
[11]
Z. Cheng, R. West, and C. Einstein. End-to-End Analysis and Design of a Drone Flight Controller. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 37(11):2404--2415, Nov 2018.
[12]
Cincoze. DX1100. https://www.cincoze.com/, 2021.
[13]
A. Crespo, I. Ripoll, and M. Masmano. Partitioned Embedded Architecture Based on Hypervisor: The XtratuM Approach. In the European Dependable Computing Conference, pages 67--72, 2010.
[14]
M. Danish, Y. Li, and R. West. Virtual-CPU Scheduling in the Quest Operating System. In the 17th IEEE Real-Time and Embedded Technology and Applications Symposium, pages 169--179. IEEE, 2011.
[15]
A. Davare, Q. Zhu, M. Di Natale, C. Pinello, S. Kanajan, and A. Sangiovanni-Vincentelli. Period Optimization for Hard Real-time Distributed Automotive Systems. In Proceedings ofthe 44th Annual DAC, 2007.
[16]
D. de Niz, G. Bhatia, and R. Rajkumar. Model-Based Development of Embedded Systems: The SysWeaver Approach. In the 12th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 231--242, Apr. 2006.
[17]
P. Devanbu, P.-L. Fong, and S. G. Stubblebine. Techniques for Trusted Software Engineering. In Proceedings of the 20th International Conference on Software Engineering, pages 126--135. IEEE, 1998.
[18]
M. Dürr, G. V. D. Brüggen, K.-H. Chen, and J.-J. Chen. End-to-end Timing Analysis of Sporadic Cause-effect Chains in Distributed Systems. ACM Transaction on Embedded Computing Systems (TECS), 18(5s):1--24, 2019.
[19]
B. Finkbeiner, G. Pu, and L. Zhang, editors. Formal Verification of Simulink/Stateflow Diagrams, volume 9364 of Lecture Notes in Computer Science. Springer International Publishing, Cham, 2015.
[20]
B. Fons-Albert, H. Usach-Molina, J. Vila-Carbo, and A. Crespo-Lorente. Development of Integrated Modular Avionics Application Based on Simulink and XtratuM. In Data Systems In Aerospace, volume 720, page 15, Aug. 2013.
[21]
J. Friedman. MATLAB/Simulink for Automotive Systems Design. In the Design Automation Test in Europe Conference, volume 1, pages 1--2, Mar. 2006.
[22]
A. Golchin, S. Sinha, and R. West. Boomerang: Real-Time I/O Meets Legacy Systems. In IEEE RTAS, pages 390--402, 2020.
[23]
Intel. Benefits of ECU Consolidation. 2020.
[24]
Z. Jiang, S. Zhao, P. Dong, D. Yang, R. Wei, N. Guan, and N. Audsley. Re-thinking Mixed-criticality Architecture for the Automotive Industry. In IEEE ICCD, pages 510--517, 2020.
[25]
J. Koshy. libelf by Example, 2010. http://people.freebsd.org/jkoshy/download/libelf/article.html.
[26]
Kvaser. https://www.kvaser.com/product/kvaser-usbcan-pro-5xhs/, 2022.
[27]
J. Lelli, G. Lipari, D. Faggioli, and T. Cucinotta. An Efficient and Scalable Implementation of Global EDF in Linux. In OSPERT, pages 6--15, 2011.
[28]
Linux. fexecve - Execute Program Specified via File Descriptor, 2022. https://man7.org/linux/man-pages/man3/fexecve.3.html.
[29]
Linux. memfd_create - Create an Anonymous File, 2022. https://man7.org/linux/man-pages/man2/memfd_create.2.html.
[30]
C. L. Liu and J. W. Layland. Scheduling Algorithms for Multiprogramming in a Hard Real-time Environment. Journal of the ACM (JACM), 20(1):46--61, 1973.
[31]
H. Lu. ELF: From The Programmer's Perspective, 1995.
[32]
MathWorks. Block Target File Methods, 2022. https://www.mathworks.com/help/rtw/tlc/block-target-file-methods.html.
[33]
MathWorks. Call Custom C/C++ Code from the Generated Code, 2022. https://www.mathworks.com/help/coder/ug/call-cc-code-from-matlab-code.html.
[34]
MathWorks. Create a Basic C MEX S-Function, 2022. https://www.mathworks.com/help/simulink/sfg/example-of-a-basic-c-mex-s-function.html.
[35]
MathWorks. Create Block Masks, 2022. https://www.mathworks.com/help/simulink/block-masks.html.
[36]
MathWorks. Generate Source and Header Files with a Custom File Processing (CFP) Template, 2022. https://www.mathworks.com/.
[37]
MathWorks. Simulink Desktop Real-time, 2022. https://www.mathworks.com/products/simulink-desktop-real-time.html.
[38]
MathWorks. Spawn Task Function as Separate Linux Thread, 2022. https://www.mathworks.com/help/supportpkg/armcortexa/ref/linuxtask.html.
[39]
MathWorks. Using Function-Call Subsystems, 2022. https://www.mathworks.com/help/simulink/ug/using-function-call-subsystems.html.
[40]
B. Meenakshi, A. Bhatnagar, and S. Roy. Tool for Translating Simulink Models into Input Language of a Model Checker. In Formal Methods and Software Engineering, volume 4260, pages 606--620. Springer Berlin Heidelberg, Berlin, Heidelberg, 2006.
[41]
Mercedes-Benz. MB.OS is the "Next Big Thing" - Interview with Dr. Michael Hafner, 2022. https://group.mercedes-benz.com/careers/about-us/mercedes-benz-operating-system/michael-hafner.html.
[42]
C. Miller and C. Valasek. Adventures in Automotive Networks and Control Units. Def Con, 21:260--264, 2013.
[43]
Newlib. The Newlib Homepage, 2022. https://sourceware.org/newlib/.
[44]
C. Pagetti, J. Forget, H. Falk, D. Oehlert, and A. Luppold. Automated Generation of Time-Predictable Executables on Multicore. In the 26th ACM International Conference on Real-Time Networks and Systems, pages 104--113, France, Oct. 2018.
[45]
C. Pagetti, D. Saussié, R. Gratia, E. Noulard, and P. Siron. The ROSACE Case Study: From Simulink Specification to Multi/Many-Core Execution. In the 19th IEEE RTAS, pages 309--318, Apr. 2014.
[46]
R. Ramsauer, J. Kiszka, D. Lohmann, and W. Mauerer. Look Mum, No VM Exits! (Almost). arXiv preprint arXiv:1705.06932, 2017.
[47]
F. Reghenzani, G. Massari, and W. Fornaciari. The Real-time Linux Kernel: A Survey on PREEMPT_RT. ACM Computing Surveys (CSUR), 52(1):1--36, 2019.
[48]
R. Reicherdt and S. Glesner. Formal Verification of Discrete-Time MAT-LAB/Simulink Models Using Boogie. In Software Engineering and Formal Methods, volume 8702, pages 190--204. Springer International Publishing, Cham, 2014.
[49]
D. Roy, M. Balszun, T. Heurung, S. Chakraborty, and A. Naik. Waterfall Is Too Slow, Let's Go Agile: Multi-domain Coupling for Synthesizing Automotive Cyber-Physical Systems. In ICCAD, pages 1--7, Nov. 2018.
[50]
J. M. Rushby. Design and Verification of Secure Systems. ACM SIGOPS Operating Systems Review, 15(5):12--21, 1981.
[51]
K. Shigematsu, T. Sekisue, and K. Tsuji. The Automotive System Simulation by Using Multi Domain Modeling Technique. In 2007 European Conference on Power Electronics and Applications, pages 1--8, Sept. 2007.
[52]
H. Simpson. Four-slot Fully Asynchronous Communication Mechanism. IEEE Computers and Digital Techniques, 137:17--30, January 1990.
[53]
Simulink. Extending Embedded and Generic Real-Time System Target Files, 2022. https://www.mathworks.com/help/physmod/simscape/ug/extending-embedded-and-generic-real-time-targets.html.
[54]
S. Sinha, A. Golchin, C. Einstein, and R. West. A Paravirtualized Android for Next Generation Interactive Automotive Systems. In Proceedings of HotMobile, pages 50--55, 2020.
[55]
S. Sinha and R. West. Towards an Integrated Vehicle Management System in DriveOS. ACM TECS, 20(5s):1--24, 2021.
[56]
J. Sommer and R. Blind. Optimized Resource Dimensioning in an Embedded CAN-CAN Gateway. In the International Symposium on Industrial Embedded Systems, pages 55--62. IEEE, 2007.
[57]
B. Sprunt, L. Sha, and J. Lehoczky. Scheduling Sporadic and Aperiodic Events in a Hard Real-time System. Technical report, Carnegie-Mellon University, Pittsburgh, PA, Software Engineering Institute, 1989.
[58]
R. West, Y. Li, E. Missimer, and M. Danish. A Virtualized Separation Kernel for Mixed-Criticality Systems. ACM Transactions on Computer Systems, 34(3):8:1--8:41, June 2016.
[59]
R. Wilhelm, J. Engblom, A. Ermedahl, N. Holsti, S. Thesing, D. Whalley, G. Bernat, C. Ferdinand, R. Heckmann, T. Mitra, et al. The Worst-case Execution-time Problem - Overview of Methods and Survey of Tools. ACM Transactions on Embedded Computing Systems (TECS), 7(3):1--53, 2008.
[60]
Wind River. VxWorks | Real-Time Operating System (RTOS), 2022. https://www.windriver.com/products/vxworks.
Index Terms
- ModelMap: A Model-Based Multi-Domain Application Framework for Centralized Automotive Systems
Recommendations
SRVM: Hypervisor Support for Live Migration with Passthrough SR-IOV Network Devices
VEE '16Single-Root I/O Virtualization (SR-IOV) is a specification that allows a single PCI Express (PCIe) device (ysical function or PF) to be used as multiple PCIe devices (virtual functions or VF). In a virtualization system, each VF can be directly assigned ...
Transparently bridging semantic gap in CPU management for virtualized environments
Consolidated environments are progressively accommodating diverse and unpredictable workloads in conjunction with virtual desktop infrastructure and cloud computing. Unpredictable workloads, however, aggravate the semantic gap between the virtual ...
SRVM: Hypervisor Support for Live Migration with Passthrough SR-IOV Network Devices
VEE '16: Proceedings of the12th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsSingle-Root I/O Virtualization (SR-IOV) is a specification that allows a single PCI Express (PCIe) device (ysical function or PF) to be used as multiple PCIe devices (virtual functions or VF). In a virtualization system, each VF can be directly assigned ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2022
1467 pages
ISBN:9781450392174
DOI:10.1145/3508352
- Conference Chair:
- Tulika Mitra,
- Program Chairs:
- Evangeline Young,
- Jinjun Xiong
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
- IEEE-EDS: Electronic Devices Society
- IEEE CAS
- IEEE CEDA
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 December 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- NSF
Conference
ICCAD '22
Sponsor:
ICCAD '22: IEEE/ACM International Conference on Computer-Aided Design
October 30 - November 3, 2022
California, San Diego
Acceptance Rates
Overall Acceptance Rate 457 of 1,762 submissions, 26%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 127Total Downloads
- Downloads (Last 12 months)89
- Downloads (Last 6 weeks)8
Reflects downloads up to 23 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in