

Timing verification of automotive communication architecture using quantile estimation

**Nicolas NAVET** (Uni Lu), Shehnaz LOUVART (Renault), Jose VILLANUEVA (Renault), Sergio CAMPOY-MARTINEZ (Renault) and Jörn MIGGE (RealTime-at-Work).

ERTSS'2014 - Toulouse, February 5-7, 2014.

February 07, 2014

07/02/2014 - 3

## 2 Automotive communication architectures

- ✓ Increased bandwidth requirements & timing constraints
- More complex & heterogeneous architectures with black-box ECUs
- ✓ Optimized CAN networks for higher bus loads: priorities, frame offsets, gateways, communication stacks, etc
- ✓ Verification activity of higher importance today, higher load levels calls for more accurate verification models
   → no margin for errors
- Main performance metrics: frame response time = communication latency

ERTSS'2014

uni.lu



 ✓ Early-stage timing verification of wired automotive buses – CAN-based communication architectures













## Concluding remarks

- Timing verification techniques & tools should not be trusted blindly
- 2 Simulation is well suited to systems that requires timing guarantees but
  - ✓ Are not well amenable to schedulability analysis
    ✓ Or can tolerate deadline misses with a controlled level of risk
- 3 Some methodological aspects

 $\checkmark$  Determine quantile wrt criticality, and simulation length wrt to quantile

- ✓ Simulator and models validation
- $\checkmark$  High-performance simulation engine needed for higher quantiles