This report is a thesis for the degree of Master of Science and Engineering in Information Technology.
Increased demand of complex functionality in vehicles leads to constant additions of electronic control units with corresponding software. The approach to add hardware into a vehicle when new functionality is required do not work in the long run due to restrictions regarding space, cost, fuel consumption and weight in a vehicle. One solution would be to create a platform that supports integration of application software from different suppliers.
This thesis is a strict theoretical investigation regarding the requirements and methods that could be used in order to realise a robust system platform for vehicles. Areas that have been investigated include real-time scheduling, embedded hardware, memory management, internode and interprocess communication, real-time operating systems and software protection methods.
The research is compiled into an approach for a software architecture placed on a 32-bit processor with hardware support for a memory management unit. The architecture is based on the real-time operating system OSEK/VDX, which aims to become a standard in the automotive domain.
In order to create an environment that allows applications to be integrated without neglecting safety or timing requirements certain additions to OSEK/VDX has been discussed. A module for scheduling that supports the deadline monotonic and earliest deadline first algorithm has been proposed. For memory management a module that provides the protection benefits from paging without allowing virtual memory has been introduced. The third addition is a module that handles interprocess communication. Communication between processes in our approach is only allowed by message passing through the kernel and thus no global variables can be used. These modules should together with the real-time operating system and other drivers, e.g. we suggest that Volcano is to be used for internode communication, should interact with applications through a mapping interface.
The benefit from our approach is that applications can work independently from each other, which means that errors cannot propagate outside an application.
No implementations or tests have been conducted and this is recommended for future research in order to evaluate whether or not the architecture still can uphold requirements in the temporal domain.