Integrating applications with different criticality levels into one electronic control unit requires special care. An unlucky priority assignment (as part of the overall dynamic software architecture) can result in the violation of safety requirements of the ISO 26262.
Hence, a certain protection is needed to guarantee the so called freedom from interference. In this paper, we evaluate the three priority-assignment strategies: CAPA, RMS and a hybrid approach.
The optimal selection requires a trade-off between safety and resource-efficiency. We show how the AUTOSAR Timing Protection mechanism – when configured wisely – facilitates combining the advantages of the three approaches and yields safe and very efficiency schedules.
We show a method for determining good configurations for the Timing Protection service, how it works, how it facilitates safe and efficient schedules, and how the service itself must be configured.
Especially we show how good (reasonable) Timing Protection Budget values (TPB) can be determined and how they interacts with Recovery Times (RCT).
We show that this is only possible through an assessment of the expected execution times of tasks, and a reliable scheduling analysis in the error-free and the error-case.
To read more of this external content, download the complete paper from the author archives at the SEE archives. http://web1.see.asso.fr/erts2012/Site/0P2RUC89/4C-4.pdf