AUTOSAR Timing Specification
Today’s automobiles include an increasing number of functions that are realized by electronics and especially by software. The development of these modern vehicle electrical systems is a complex task mainly due to the following five reasons:
- Software-based car functions are often distributed across the system and can involve several electronic control units (ECUs), sensors, actuators and communication busses for their execution.
- Each ECU can be involved in the realization of many different functions. This leads to a mutual influence of the functions on each ECU.
- Subsystems are often developed by different teams and suppliers. The car manufacturer (OEM, Original Equipment Manufacturer) must integrate the subsystems to a fully functioning system. This approach is called distributed development.
- The ECUs realize an increasing number of functions. This leads to a higher degree of integration on each ECU.
- Many of the functions of an automobile, especially safety-relevant functions, have to fulfill stringent timing constraints to function properly.
Those timing constraints for example restrict the maximum allowed reaction time measurable at an actuator based on certain sensor data input. Car functions with timing constraints are typically provided by so-called real-time systems.
The Challenge of Distributed Development
Due to the distributed development nature of the automotive domain, the OEM specifies the desired functionality of a subsystem, and suppliers develop this subsystem according to its specification. Thereby, the specification must also include the desired timing behavior, i.e. timing constraints for the subsystems. AUTOSAR allows for a standardized formal description of a system or its subsystems that consist of application software components, communication, basic software and the mapping of software to ECUs. This information can be exchanged between car manufacturers and suppliers if necessary, i.e. between different development teams.
In this distributed development OEMs today face a challenging system integration task. First, they must ensure that the combined timing behavior of all supplied subsystems fulfills all timing constraints of the system functions. Second, if a timing constraint is not fulfilled, the OEMs need to know which subsystem causes the problem and how the problem can be solved. At BMW Car IT a solution to that system integration challenge has beed developed in a doctoral thesis. The approach includes:
- A special timing model to capture both timing constraints of functions
- A method to derive subsystem timing requirements from these function timing constraints
- An algorithm to evaluate and iteratively refine the subsystem timing requirements
Extension of the AUTOSAR Model
In earlier releases of AUTOSAR timing was not properly addressed by the specification. BMW Car IT developed an early prototype of an extension for the AUTOSAR model that enables the specification of timing constraints for a given system. Together with various AUTOSAR partners, the so-called AUTOSAR Timing Extensions have been developed and standardized. Since AUTOSAR Release 4.0 the standard is available and used in an increasing number of development projects. The AUTOSAR timing extensions are compatible with the timing model of the doctoral thesis, which was mentioned in the previous section.
Timing Development Tools
BMW Car IT is still involved in the continuous improvement and maintenance of the AUTOSAR Timing Extensions. However, besides a standardized formal timing model to capture the timing constraints of automotive systems, it is also important to offer specification and development tools for the engineers, which use the formalism. As such a tool BMW Car IT developed Artime, a textual editor that uses a well-defined syntax and semantics to create text-based timing models, compliant to the AUTOSAR Timing Extensions.