Automotive software design: new challenges through multiprocessing
Sensor fusion, virtualization and security are requirements not necessarily unique to automotive electronics, but in no other industry these requirements are combined with the need for high reliability, long product lifetime – and all that in a rather small form factor. Heterogeneous multicore processors is therefore the order of the day in this industry. But the semiconductor is not enough – the entire tool chain, the software architecture and the development strategies have to be adapted to the needs of such systems. Therefore the participants of the EMCC meeting also discussed topics like real-time analysis on multicore embedded systems, software architectures and distributed development. Out of distributed development arises a new challenge: The subsequent integration of software modules developed with different tools in one ECU. And also debugging of multiprocessor systems is more challenging than debugging of single-core, in particular if these cores are not equal.
As the general manager for software development and software infrastructure at carmaker BMW, Simon Fürst knows the issue like the back of his hand. He also is familiar with the specific challenges of automotive real-time data processing. One of them is power dissipation per ECU. “We have to find ways not to exceed the magic limit of 50 watts”, Fürst said in his keynote speech. Given the multitude of ECUs in a car – BMW’s current i8 top-of-the line sports car i8 has 105 ECUs under its bonnet and in the dashboard – this limit is particularly relevant for electric vehicles. And given the future design trends that provides for less but more powerful ECUs, the automotive industry is facing “a massive redesign of existing software”, as Fürst said. Elements of future software environments will include partial and full symmetric execution as well as virtualization. Fürst also held out the prospect of an Autosar adaptive platform that could accommodate Autosar compliant and non Autosar compliant applications.
System software and tool vendors also see the necessity to build future automotive software generations on heterogeneous multicore systems. “We see a great demand for an optimization”, said Robert Leibinger from Elektrobit (now a subsidiary of Continental). “Multicore Hardware could offer a huge performance boost.” However, specific aspects like load distribution have yet to be solved. At least as long as it can be distributed at all – specific elements requiring their own driver like GPUs are an exception. “The whole thing becomes interesting where you (as a developer) have a choice – for instance if you want to run a program on a device with three slightly different cores like this is the case with certain Infineon microprocessors.”
In contrast to consumer electronics, automotive software typically has to meet strict real-time requirements, highlighted Michael Deubzer from tool vendor Timing Architects. The company offers multicore software tools that enable static and dynamic distribution of the software across multiple cores, whereas in automotive environments however, today only static distribution is relevant. “In automotive environments, you won’t find many symmetric multicore devices”, he said. “In most cases, the cores are slightly different – which however has to be taken into account by the developer”.
Jens Harnisch, Tool Line Manager at chip vendor Infineon, pointed out that now is the time to do away with legacy software in the car. “Through the introduction of multicore software we have triggered the problems to some extend”, Harnisch said. “But multicore processors offer a good opportunity to straighten out the software. This will be necessary anyway”. Harnisch highlighted tracing as the method of choice to debug multicore software other than the classical debug approach with breakpoints. “it is much faster and makes programmers more productive that step-by-step debugging”, Harnisch said. “In the future, we will see more tracing also in production devices. And it will become affordable”, he added.
Related articles:
Architectures for ISO 26262 systems with multiple ASIL requirements
More powerful simulations through multiprocessor support
Multicore microcontrollers combine safety, security features