Enabling Deterministic Execution in Distributed Systems Based on Posix-Compliant Operating Systems

Software development has become central in the automotive field, as modern automotive systems aim to improve customers' driving experiences. Safety-critical automotive applications require predictable and deterministic execution to ensure they meet the timing requirements and guarantee the correct functionality. To this end, the Logical Execution Time (LET) paradigm has been introduced to improve the determinism and correctness of time-critical applications. The LET paradigm is already established in the automotive industry, having been integrated into the AUTOSAR Classic Platform standard. Despite the AUTOSAR Classic being widely adopted and continuously improved, the future of the automotive industry is moving towards a new standard able to simplify the development of automotive software and support new technologies to satisfy the ever-growing demand for high-performance and computation-intensive functionalities. Today, the AUTOSAR Adaptive standard aims to provide guidelines for automotive systems relying on a Service-Oriented Architecture and POSIX-compliant dynamic operating systems. However, the integration of the LET paradigm into the Adaptive Platform standard has not yet been addressed, as it would require a new design of LET for this kind of architecture. In addition, modern automotive software are designed to be executed in a distributed environment, as the heavy computational load can be partitioned across different ECUs, communicating via AUTOSAR-compliant network protocols. In such a scenario, ensuring deterministic execution can be even more challenging, mainly due to the presence of unknown network delays. In recent years, a new concept named System-Level Logical Execution Time (SL-LET) has been developed as an extension of the LET paradigm to support the deterministic execution of automotive software even in the presence of an unpredictable delay. This new concept is currently well established, although there are no current implementations. This thesis first proposes and discusses two different LET design approaches for POSIX-based operating systems, which will be the base of next-generation automotive Electronic Control Units (ECUs). Design protocols are formalized and explained, highlighting the requirements to support the LET paradigm in POSIX-compliant systems. Two implementations integrating the LET paradigm in user and kernel space are then provided, highlighting the differences between these two design approaches. These implementations are evaluated and compared through the WATERS Challenge automotive application running on a multicore heterogeneous hardware platform. Then, studies the integration of the System-Level Logical Execution Time (SL-LET) paradigm in AUTOSAR Adaptive. The key design challenges and requirements to support SL-LET in AUTOSAR Adaptive are described, highlighting how to overcome the considerable differences between the AUTOSAR Classic and Adaptive domains. Then, a meta-protocol named AP-LET is presented, together with two concrete instances: one based on high-priority tasks to handle communications, and another one leveraging timestamps in the message payload to ensure determinism. A complete implementation of both protocols is also described. AP-LET was evaluated with a realistic automotive application, showing its feasibility and effectiveness. Finally, this thesis presents and describes a model extension of the AUTOSAR Adaptive Platform standard to integrate the SL-LET paradigm, along with an evaluation of a prototype implementation on the AUTOSAR Adaptive Platform Demonstrator (APD) to corroborate the feasibility and the correctness of the model extension.