Architects and software developers of embedded systems have recently been facing increasing challenges: They operate with increasing complexity to build ever more powerful systems such as advanced driver assistance systems. The specifications of automotive and railroad software experts are greatly increasing in volume. This alone is a headache for project managers. But when the dependencies force system architects to build complex systems in such a way that they not only function error-free, but also with high performance, and on top of that there are also requirements for real-time, safety and security, problems are the only components that are effortlessly pre-programmed. Although there are means to alleviate the complexity and also the programming effort with model-driven development frameworks, the devil is in the details.

The project partners of the recently completed Ampere project therefore set themselves the task of researching a framework that would serve system integrators in the automotive and rail industries to reduce complexity and increase performance without having to compromise on safety and security. Specifically, the combination and set of methods, techniques and tools should be explored to enable secure parallel computing for cyber-physical systems (CPS) on high-performance heterogeneous computer architectures. A heterogeneous architecture system is a board that combines diverse processors and controller chips, unlike boards built with only similar chipsets. Parallel means that tasks are distributed and executed simultaneously (safely) on different chips. A CPS is a system that has mechanical components and software and is network-enabled. Its components may or may not be distributed across different locations. Crucially, the CPSs can communicate among and with each other, often meeting real-time requirements. So the idea was to make the new computationally intensive challenges of our time, such as software autonomy or the use of machine learning, available to embedded systems in a performant way. These CPSs, which have been improved in their parallel computing capability, can serve as the basis for autonomous driving, among other things, and are therefore of interest to automotive and rail market participants. However, they can also be found in industrial contexts, for example in virtual power plants.

The first problem faced by the researchers, which include Thales, Bosch, ETH Zurich and SYSGO, was that an interface already existed in the form of the OpenMP API that enabled parallel computing, but it had a large overhead and was therefore in principle rather unsuitable for energy-efficient and safety-critical embedded systems. The second problem was - and primary project goal - to translate the system architecture description of a CPS based on a model-driven development framework into a parallel computing model. Specifically, the Domain Specific Modeling Languages (DSLM) Capella and Amalthea, one describing functional behavior, the other non-functional behavior, were to be given new features to enable parallelism. With these new features, CPS descriptions could now be translated into parallel-capable source code using Bosch's APP4MC framework. Since OpenMP was basically suitable for execution, but carried too much overhead, the researchers extended the interface so that it too became more performant.

Figure 1: PikeOS Architecture for Automotive

The secure foundation of all of this is the real-time operating system and hypervisor PikeOS. For the project, PikeOS' capabilities as a hypervisor and its fundamentals in terms of safety (certifications including ASIL D according to ISO 26262, SIL 4 according to EN 50128 and EN 50657) and security (certification EAL 5+ according to Common Criteria) were particularly in demand. By securely separating applications in space and time, the architecture is robust enough to couple real-time capability, safety and security. This is done in a performant manner while simultaneously executing computationally intensive tasks based on the research results. The architecture comprises among other entities the real-time operating system ERIKA suitable for automotive, ROS2 as well as a Linux partition.

Read more about PikeOS in Ampere: https://www.sysgo.com/blog/article/tackling-mixed-criticality-for-automotive

To demonstrate the new capabilities, the researchers created two demonstrators: Bosch created a predictive cruise-control application. This enables more energy-efficient driving and therefore offers the potential to reduce energy costs and make driving more sustainable. The second demonstrator, built by THALES Italy, is an obstacle detection and avoidance system. Here, the exemplary interaction between machine learning, complex sensors and tracking algorithms was tested with the aim of increasing passenger safety. Although computationally intensive, both demonstrators run more performantly than it would have been possible by using conventional means.

The AMPERE project also aims to enable the predictable execution of hardware-accelerated tasks on FPGA-based system-on-chips platforms. To achieve this, it uses the FRED framework, which is a software infrastructure that manages the communication and scheduling of FPGA-accelerated tasks. The FRED framework consists of two main components: the in-kernel components, which handle the low-level interaction with the FPGA device, and the user-space components, which provide a high-level interface for the application developers. Initially, the FRED in-kernel components were developed as a collection of Yocto layers, which made them work with Peta Linux v2020.2-compatible kernel versions. This allowed the FRED framework to run on a bare-metal set-up on the target platform. However, to support more advanced features, such as virtualization and security, the FRED framework had to be integrated with the PikeOS hypervisor and its companion Linux distribution, ElinOS. Therefore, SYSGO and Scuola collaborated to port the FRED in-kernel components to be compatible with ElinOS 7.0, and to create a single project that contains all the necessary components to run FRED-based applications on top of PikeOS. The project is hosted at https://github.com/fred-framework/fred-elinos, where detailed instructions are available to compile and flash the framework onto a memory card, ready to be executed on the target platform. As a future task, SYSGO is working on the topic of FPGA virtualization using FRED and PikeOS, which aims to integrate applications with different levels of criticality on a single hardware platform and also improve the compatibility, interoperability, security, and isolation of FPGA resources among multiple applications and users. This would allow new applications and domains that can benefit from FPGA virtualization in mixed-criticality systems.

The groundwork laid with Ampere enables up to 30 percent savings in CPS software development costs and up to three times higher performance of these systems while meeting safety and security requirements.

More information at www.sysgo.com/pikeos

More information at www.sysgo.com/elinos