Evaluation of an Adaptive AUTOSAR System in Context of Functional Safety Environments Master Thesis Submitted in Fulfilment of the Requirements for the Academic Degree M.Sc. Dept. of Computer Science Chair of Computer Engineering Submitted by: Mostafa Massoud Student ID: 364160 Date: 14.09.2017 Supervisor: Prof.Dr. W. Hardt External Supervisor: Dipl.-Ing. Martin Ott [email protected] [email protected] Abstract Abstract The rapidly evolving technologies in the automotive industry have been defining new challenges, setting new goals and consenting to more complex systems. This steered the AUTOSAR community toward the independent development of the AUTOSAR Adaptive Platform with the intention of addressing and serving the demands defined by the new technology drivers. The use of an already existing software based on an open-source development - specifically GNU/Linux - was recognized as a matching candidate fulfilling the requirements defined by AUTOSAR Adaptive Platform as its operating system. However, this raises new challenges in addressing the safety aspect and the suitability of its implementation in safety-critical environments. As safety standards do not explicitly handle the use of open-source software development, this thesis proposes a tailoring procedure that aims to match the requirements defined by ISO 26262 for a possible qualification of GNU/Linux. And while very little is known about the behavior specification of GNU/Linux to appropriate its use in safety-critical environments, the outlined methodology seeks to verify the specification requirements of GNU/Linux leveraging its claimed compliance to the POSIX standard. In order to further use GNU/Linux with high pedigree of certainty in safety-critical applications, a software partitioning mechanism is implemented to provide control over the resource consumption of the operating system –specifically computation time and memory usage- between different criticality applications in order to achieve Freedom from Interference. The implementation demonstrates the ability to avoid interference concerning required resources of safety-critical applications. Keywords: AUTOSAR Adaptive Platform, Open Source Development Environments, Embedded Linux, Functional Safety (ISO 26262) ii Acknowledgments Acknowledgments At this point, I would like to express my appreciation to the ITK Engineering team, especially Martin Ott my thesis advisor and Jochen Breidt for their efforts and continuous support throughout the course of this work, and for giving me the chance to be a part of this research, which has been most educational as well as career advancing. I would also like to thank Owes Khan for his invaluable guidance and comments on this thesis. iii Table of Contents Table of Contents Abstract ....................................................................................................................... ii Acknowledgments ...................................................................................................... iii Table of Contents ....................................................................................................... iv List of Figures ............................................................................................................ vii List of Tables .............................................................................................................. ix Abbreviations ............................................................................................................... x 1 Introduction .......................................................................................................... 1 Problem Description ....................................................................................... 1 Scope ............................................................................................................. 3 Methodology ................................................................................................... 3 2 Fundamentals ...................................................................................................... 4 AUTOSAR Adaptive Platform ......................................................................... 4 Service Oriented Architecture .................................................................. 5 POSIX ...................................................................................................... 6 Software Platform Architecture ................................................................ 6 SOME/IP .................................................................................................. 7 Operating System Requirements ............................................................. 8 AUTOSAR Classical Platform vs AUTOSAR Adaptive Platform .............. 9 GNU/Linux .................................................................................................... 11 Free/Libre and Open Source Software .................................................. 12 Open Source Software Development .................................................... 12 Real time Capability ............................................................................... 14 Commercial-Off-the-Shelf Software ....................................................... 14 Safety ........................................................................................................... 15 Definition of Safety ................................................................................. 15 Automotive Safety Standard ISO 26262 ................................................ 16 iv Table of Contents ISO 26262 definitions ............................................................................ 16 Safety Life-Cycle .................................................................................... 18 Hazard Analysis and Risk Assessment ................................................. 19 Freedom from Interference .................................................................... 21 Safety Measures and Safety Mechanisms ............................................. 21 3 State of the Art ................................................................................................... 23 The reuse of Software and Safety Standards ............................................... 23 The use of COTS Software in Safety-Critical Applications ........................... 24 The use of GNU/Linux in safety-critical applications .................................... 29 Software Safety Mechanisms ....................................................................... 32 4 Evaluation of GNU/Linux in the Context of ISO 26262 ....................................... 38 Product Development on the Software Level ............................................... 38 Requirements for Software Qualification ...................................................... 40 Tailoring the Qualification Requirements for GNU/Linux .............................. 42 Limitations .................................................................................................... 47 5 Implementation ................................................................................................... 50 AUTOSAR Adaptive Platform Demonstrator ................................................ 50 System Functional Description .............................................................. 51 Software Component Description .......................................................... 51 System Dynamic Behavior ..................................................................... 53 System Environment .............................................................................. 54 MinnowBoard Turbot ............................................................................. 54 Partitioning Mechanism Approach ................................................................ 56 Configuration of the Control Groups ...................................................... 57 Implementation of the Partitioning Mechanism ............................................. 60 Setup of the Control Groups .................................................................. 60 CPU time ............................................................................................... 62 Memory Usage ...................................................................................... 65 v Table of Contents 6 Software Partitioning Results and Evaluation ..................................................... 67 CPU time ...................................................................................................... 67 Memory Usage ............................................................................................. 73 Limitations .................................................................................................... 74 7 Discussion .......................................................................................................... 76 8 Conclusion ......................................................................................................... 79 References ................................................................................................................ 80 Appendix ................................................................................................................... 85 Appendix A: CPU time restriction code .................................................................. 85 Appendix B: Memory usage restriction code.........................................................