Timing Analysis for Hypervisor-based I/O Virtualization in Safety-Related Automotive Systems

The increasing complexity of automotive functions which are necessary for improved driving assistance systems and automated driving require a change of common vehicle architectures. This includes new concepts for E/E architectures such as a domain-oriented vehicle network based on powerful Domain Control Units (DCUs). These highly integrated controllers consolidate several applications on different safety levels on the same ECU. Hence, the functions depend on a strictly separated and isolated implementation to guarantee a correct behavior. This requires middleware layers which guarantee task isolation and Quality of Service (QoS) communication have to provide several new features, depending on the domain the corresponding control unit is used for. In a first step we identify requirements for a middleware in automotive DCUs. Our goal is to reuse legacy AUTOSAR based code in a multicore domain controller. In an example use case scenario, we analyze the end-to-end latency for transmitting and receiving CAN messages in a system using a hypervisor-based virtualization approach. A model-based timing analysis and an implementation on a state-of-the-art automotive microcontroller shall help to assess the usability for safety-related domains. Additionally, the timing behavior is compared to a common AUTOSAR implementation. We could show that a well-configured hypervisor and scheduling can provide similar results as an AUTOSAR implementation under certain circumstances. Furthermore, a model-based timing analysis allows evaluating different hypervisor configurations without physical hardware.