WIXLIB

Signal-Oriented ECUs in a Centralized Service-Oriented Architecture:Scalability of the Layered Software ArchitectureHoai Hoang BENGTSSON & Martin HILLERVolvo Cars SwedenJörn MIGGERealTime-at-Work (RTaW)Nicolas NAVETUni. Luxembourg & CognifyerAutomotive Ethernet Congress 2022, Volvo SoA2022-06-01

AgendaIntroduction of SOA architecture –ChallengesService interface communication modelModelling of the systemPerformance evaluationConclusion2022-06-01Automotive Ethernet Congress 2022, Volvo SoA2

Introduction of SOA in nextgeneration architecture2022-06-01Automotive Ethernet Congress 2022, Volvo SoA3

Centralized E/E Architecture with Ethernet BackboneEthernetCAN/CAN FDLinThe VCU coordinates fundamental capabilities in the MechatronicRimto provide vehicle level behavior. For example: vehicle dynamics,propulsion control, climate control, exterior lighting, interior lighting, .VIU RightSensorsA VIU provides a andtranslation from the specificactuatorsnetwork interfaces of the nodes in the MechatronicRim to the Core Network. Think ”Gateway”.ECUIHUADPMVCULow PowerControllerVIU FrontVIU LeftVCU: Vehicle Computation UnitVIU: Vehicle Integration UnitADMP: Autonomous Driving Primary ModuleIHU: Infotainment Head Unit2022-06-01Automotive Ethernet Congress 2022, Volvo SoAAn ECU in the Mechatronic Rim is highly specialised forcontrolling its specific device. For example: engine,transmission, brakes, steering, doors, windows, seats, .4

SW Layering ArchitectureDevice: One or more ECUs, sensor or actuator in the Mechatronic Rim which are connected to the Core System as one unit.Functional interface: Accessing the (payload) functionality provided by a device.Administrative interface: Accessing diagnostics, software download, network management, and power management.VCUApplication LayerServiceIntegration InterfaceVIUSignalsIntegration LayerECUECUSensor tomotive Ethernet Congress 2022, Volvo SoA5

Devices and proxies and services, Oh my.VCUFunction FooServiceServiceV1V2V3V4Core System valuesD1D2D3D4Device-level data itemsFunction BarServiceServiceServiceDevice PDUD1D2Device PDUD3D4Device-level PDUs(grouping of device-leveldata items into devicedefined groups)UDP packet Device PDUD1D2UDP packet Device PDUD3D4UDP packet containingdevice-level PDUsDevice frameD1D2Device frameD3D4Device-specific framescontaining device-leveldata ySoftwareDownloadNetwork zerPacking/UnpackingDevice proxyVIUD1D2D3D4Device-level data itemsv1v2v3v4Device-level valuesDevice2022-06-01Automotive Ethernet Congress 2022, Volvo SoA6

Layering Architecture Concept - ChallengesHow to efficiently transform signals to services? Whatare suitable services that a device can provide?VCUAppAppAppWhat communication model is suitable for ourarchitecture choice?ServiceServiceServiceServiceDevice Abstraction Layer (DAL)How the design choices affect the system performance?2022-06-01Automotive Ethernet Congress 2022, Volvo vice7

Service interfacecommunication modelTiming chains from sensor to actuatorcomprise several successive“segments” : data transmission andfunctions execution2022-06-01Automotive Ethernet Congress 2022, Volvo SoA8

Where do end-to-end delays come from ?1. Delays come from processors and network loads f (frequencies, transmission and execution times)2. Burstiness of the load3. Waiting times between successive tasks andmessages of a timing chain our focusPeriodic activations reduce loads! Several signals into same frame Periodic tasks and “PublisherSubscribers” services executionrate under control2022-06-01Automotive Ethernet Congress 2022, Volvo SoAEvent-Triggered (ET) activations reduce latencies! No waiting times between segments of atiming chain Apps call services whenever needed and getresponses asap (ODS: “On-Demand Service” next)9

Choice of activation model at several levelsService InterfaceAppAppAppHALHALVCUAppHALSDBDP1Updating signal databaseDPmDP2Publisher-Subscriber model (subscribers areupdated e.g. periodically by server) or ClientServer model (ODS) ?DPnDevice Proxy executed periodically ortriggered by ETH packet ?Forwarding on ETHPeriodic (“snapshots”) or ET transmissionwhen CAN frame arrives at VIU ?ETHVIUCAN / T1SECU2022-06-01Automotive Ethernet Congress 2022, Volvo SoAECUECUTransmission on CANPeriodic or ET transmission on signal’supdate?10

Design options compared nextFully periodicmodel Service level: publisher-subscriber model (“PubSub”)with periodic events Task execution CAN andETH frames are periodicFully eventtriggered model Service level: ODS CAN frame arriving at a VIUtriggers ETH packet Signal production triggersCAN frameSimplifications: Safety constraints are not discussed PDUs are kept out of the picture as far as possible2022-06-01Automotive Ethernet Congress 2022, Volvo SoAMixedmodel Periodic model for non-time-critical timing chains Event-triggered model fortime-critical timing chainsMetric for performanceevaluation : max # oftiming chains supported11

System Model & Performanceevaluation2022-06-01Automotive Ethernet Congress 2022, Volvo SoA12

System Model :network Modelling and simulation withRTaW-Pegase / SDVCentral Computer with 2 cores forApps, 1 for Device Proxy and 1for Service3 Zone ControllersLinksSpeedETH: 1GbpsCAN FD: 2Mbps orT1S: 10MbpsSamplingPeriod10ms and 50msTimingChainsEnd-to-enddeadlines set to 4x(25%) or 10xsampling period45 ECUs on 9 CAN FD / T1S buses[RTaW-Pegase screenshot]2022-06-01Automotive Ethernet Congress 2022, Volvo SoA13

System model : flows of data between functions- Excerpt of thefunctional architecturewith a timing chainhighlighted- Apps are subscribedto several services andthus participate inseveral timing chains2022-06-01Automotive Ethernet Congress 2022, Volvo SoAD. proxyServiceAppsExecutableData exchange[RTaW-Pegase / SDV screenshot]ECUSegment ofthe timing chainselected14

Breakdown of an end-to-end delay: periodic PubSub serviceStep2022-06-01Actuator TaskApplicationSensor TaskActivation MechanismMax. Waiting TimesSensor TaskPeriodic tasksnoneCANPeriodic framesframe periodEthernetBuffered PDUsbuffering timeoutDevice ProxyPeriodic taskperiodServiceService event (PubSub)periodApplicationPeriodic tasksperiodServiceService method call (ODS)noneDevice ProxyPeriodic tasksperiodEthernetBuffered PDUsbuffering timeoutCANPDU triggers CAN framenoneActuator TaskPeriodic tasksperiodAutomotive Ethernet Congress 2022, Volvo SoALots of waiting timesbetween successivesegments !15

Breakdown of an End-to-end Delay: periodic PubSub serviceDelays of a timing chain’s segments[RTaW-Pegase screenshots]2022-06-01Automotive Ethernet Congress 2022, Volvo SoAEnd-to-End delays4x or 10xsampling periodPeriodic activations may be a solution only if theend-to-end latency constraints are several/manytimes larger than the sampling periods16

Event Triggered (ET) activation ODS for critical chainsStepActivation MechanismMax. Waiting TimesDetrimental impact of triggeringSensor TaskPeriodic tasksnoneCANSignals trigger CAN framenonehigher bus and CPU loadsEthernetCAN frame trigger ETH framesnonehigher links and CPU loadsDPPeriodic tasksperiodServiceService Method call (ODS)periodAppPeriodic tasksnoneServiceService Method callnoneDPPeriodic tasksperiodEthernetPDUs trigger framesnonehigher links loadsCANPDU triggers CAN framenonehigher bus loadsActuatorTaskPeriodic tasksperiodhigher load and larger response timesImprovements in terms of waiting times2022-06-01Automotive Ethernet Congress 2022, Volvo SoA17

Periodic PubSub versus ET ODSTriggered PeriodicPeriodicTriggeredWaiting times disappear withtriggered activations and ondemand service requests at the expense of CPU andnetwork load[RTaW-Pegase screenshots]2022-06-01Automotive Ethernet Congress 2022, Volvo SoA18

Mixed model is the best option in our case-studyProbability to meet timing& load constraints whenthe # of executablesincreases (CAN FD setup)- Periodic PubSub for non-critical chains(75%, D 10x sampling period)100100- ET ODS for critical chains100100989490(25%, D 4x sampling period)8078ET ODS for all timing chains645848 Fully periodic model not shown hereas unable to meet timing constraints46363222 Load, not timing, is the limiting factorfor ET ODS model T1S outperforms CAN FD here butdependent on setup and parameters2022-06-01Automotive Ethernet Congress 2022, Volvo SoA8506070809010011000000200120130140150160170180# of executablesEach executable involved in 6.5 timing chains on avg19

TakeawaysPresented technical solutions exploredby Volvo to integrate signal-basedECUs in a zone-based SOAChoice of activation patternsis key to meeting load andtiming requirements: mix ofboth periodic and ET offersbest solution automationthrough DSE algorithms2022-06-01Automotive Ethernet Congress 2022, Volvo SoAET activation creates couplingbetween segments asjitters/bursts are propagated unwanted coupling between subnetworks, between network andSW development!Local jitter-reduction shapingstrategies may allow topreserve independenceTime betweenforwarding CAN frameswith/wo jitter reduction(Davis & Navet, 2012)20

Thank you for your attention!

Signal-Oriented ECUs in a Centralized Service-Oriented Architecture: Scalability of the Layered Software Architecture Automotive Ethernet Congress 2022, Volvo SoA 2022-06-01 Hoai Hoang BENGTSSON & Martin HILLER Volvo Cars Sweden Jörn MIGGE RealTime-at-Work (RTaW) Nicolas NAVET Uni. Luxembourg & Cognifyer