10th AUTOSAR Open Conference
AUTOSAR Nov-2017
Virtualization Solutions for the AUTOSAR Classic and Adaptive Platforms
Pierre-Antoine BernardOpenSynergy GmbH
Cornel IzbasaOpenSynergy GmbH
AUTOSAR Nov-2017 2
OpenSynergy GmbH
• Headquarters in Berlin (Germany), further locations in Munich, San Diego and Salt Lake City
• Platform virtualization software (COQOS, COQOS micro) as part of the product portfolio
• Focus on cockpit controller, connectivity (smart antenna) and ADAS systems
Global provider of software and services for automotive embedded systems to Tier-1 suppliers and OEMs
Development Member
AUTOSAR Nov-2017 3
– Hardware Consolidation– Software Consolidation– AI for Autonomous Driving and Virtualization
• Semantic Abstraction and Virtualization• Informational ADAS and Virtualization
– Hypervisor– Inter-VM Communication
Outline
AUTOSAR Nov-2017 4
Hardware Consolidation
System-on-Chip (SoC)
Ethe
rnet
AVB
CAN
FD
Flex
ray
SPI
USB
Audi
o IF
Dis
play
IF
Video Decoder
…
GPU
DSPIPU
…
Cam
era
IF
Hardware ConsolidationSilicon manufacturers tend to intensify the integration of IP blocks inside SoCs:
• Clusters of powerful homogeneous or heterogeneous CPU cores• I/O interfaces (Ethernet AVB, CAN FD…)• Acceleration blocks (video decoder, DSP…)
CPU Cores CPU Cores
AUTOSAR Nov-2017 5
Software Consolidation
System-on-Chip
Virtualization LayerIn
stru
men
t Clu
ster
SW
Hea
d U
nit S
W
ADAS
SW
Con
nect
ivity
SW
…
Benefits• Safety (real-time, freedom from interference)• Enhanced security• Use of automotive standards• Low impact on performance
Why virtualization?• Heterogeneous SW platforms onto a single SoC• Efficient use of highly integrated SoC• Extra SW layer between HW and OSs• Reduced attack surface (limited API)• Overall cost reduction• Modular software update
AUTOSAR Nov-2017 6
Artificial Intelligence for Autonomous Driving
Symbolic• Putative characteristics
of cognition• Information processing
metaphor
Subsymbolic• Inspired by neurobiology• How cognition emerges
from neurobiology
Based on “The Mind-Body Problem” from [8], using [1] for IP reasons.
• Expert systems
• Artificial Neural Networks
• Deep Neural Networks (DNN)
I’m a CartesianDualist!
AUTOSAR Nov-2017 7
Deep Learning Architectures for Autonomous Driving
• End-to-End
• Semantic Abstraction
Semantic Abstraction is superior to End-to-End architecture, for a given amount of training data. [4] demonstrates cases in which End-to-End requires exponentially greater number of examples.
InputSensorData
DNN
PD
LD
VDControlDNN /algo
OutputVehicleControl
OutputVehicleControl
InputSensorData
Diagrams based on [5]
AUTOSAR Nov-2017 8
Semantic Abstraction enables running the different neural network and algorithmic components in different VMs, ensuring freedom from interference.
Semantic Abstraction enables Virtualization
System-on-Chip
Virtualization Layer
Inst
rum
ent C
lust
er S
W
Hea
d U
nit S
W
Con
nect
ivity
SW
…
ADAS/AD SW
VD 1 ControlLogic
Adaptive AR
Adaptive AR …
PD
Adaptive AR
LD
Adaptive AR
VD2
Adaptive AR
ASIL B ASIL D
AUTOSAR Nov-2017 9
Informational ADAS, helpful for societal, individual and even legal acceptance of AD [7], is easier and more efficiently realized on a system that integrates ADAS, IC and IVI functionality in separate VMs with mixed criticality.
– Decision explanation challenging for Subsymbolic AI, but see [6] for related work.
Efficient Informational ADAS through ADAS/IC/IVI Consolidation
Examples of salient objects, inspired by [6],based on [3] for IP reasons.
AUTOSAR Nov-2017 10
Hypervisor
VM
interrupt handling
memory management
memory management
Guest OS
I/O resource management exception
handling
Application
exception handling
INTC
Hypervisor
1st level MMU2nd level MMU vINTC
interrupt handling
Multi-Core HWHyper Privileged
Privileged
Non-Privileged
System Call
• Type-1 hypervisor• CPU abstraction (multi-core capable)• Containment and scheduling of VMs• Highest CPU operation mode• Non-monolithic architecture• Access control to I/O• Low footprint
HyperCall
AUTOSAR Nov-2017 11
Inter-VM Communication
Hypervisor
VM VM
MonolithicKernel
Application
Driver
Kernel API
Inter-VM Communication
Application
Driver
A Hypervisor provides the low level communication mechanisms (multi-core capable) to set the foundation for high level communication frameworks (virtual Ethernet for example):• Shared memory• Hypercall
The communication properties may be similar to the AUTOSAR OS IOC (Inter-OS-Application Communicator):• Event vs Last-is-Best semantic• Triggering on data reception
AUTOSAR Nov-2017 12
Virtual Ethernet
Hypervisor
VM
Inter-VM Communication
Virtual Ethernet Driver
Service VM
Virtual Ethernet Switch
VM
Kernel
Application
Virtual Ethernet Driver
Kernel
Application
Virtual Ethernet Switch
Virtual Ethernet enables the use (or reuse) of an IP communication stack. Applications are able to perform high level inter-VM communication (BSD socket as kernel interface).
AUTOSAR Nov-2017 13
AdaptiveAUTOSAR
ClassicAUTOSAR
ClassicAUTOSAR
Use Case: Multi-AUTOSAR
Hypervisor
ClassicAUTOSAR
vECU
vECU
vECU
ServiceVM
• Time and space partitioning• Cluster of VMs to implement multiple vECUs• VM SW update granularity• Different SW suppliers• Easier development across multiple SW suppliers
AUTOSAR Nov-2017 14
Classic AUTOSAR: Inter-VM Communication
Hypervisor
ClassicAUTOSAR
RTE
Inter-VM Communication
CDD
Inter-VM Communication
SWCSWC
DescriptionCDD
Description
ClassicAUTOSAR
RTE
Inter-VM Communication
CDD
SWC
ECU ConfigurationCDD Code
Gen
Metadata
Gen
RTE Code Gen
• Data proxying overhead (CDD)• Dedicated tooling required• Not standardized
AUTOSAR Nov-2017 15
Classic AUTOSAR: Standardized Inter-VM Communication
Hypervisor
ClassicAUTOSAR
RTE
Inter-VM Communication
SWC
VirtCom
ClassicAUTOSAR
RTE
SWC
OS
IOC
SWC
Standardized Module (Proposal):• Signal Interface to BSW and RTE• “Last-is-Best” and “Event” semantics• Polling or (virtual) interrupt driven• Similar to OS IOC• May be an extension of the IOC sub-module instead of a separate module• Could pave the road for a distributed BSW across VMs
AUTOSAR Nov-2017 16
Classic AUTOSAR
Classic AUTOSAR: Service-Oriented Inter-VM Communication
Hypervisor
Classic AUTOSAR
LdCom
EthIfEth (virtual)
PduR
SoAdTcpIp
BswMSD
(SOME/IP SD)
RTE
SWC
LdCom
VirtCom
PduR
BswMSD
(Inter-VM SD)
RTE
SWC
Inter-VM Communication
Possible Solution:• PDU interface towards PduR and SD• Inter-VM SD specific protocol• No overhead of TCP, IP and Ethernet (OSI Layer 2)
Adaptive AUTOSAR
Xf Xf
AUTOSAR Nov-2017 17
Adaptive AR: Service-Oriented Inter-VM Communication
System-on-Chip
Virtualization Layer
ara::com
Adaptive Application …
Adaptive Application
ara::cominter-VM binding
ara::comInter-ECU binding
SOME/IP, DDS, etc.
Inter-VM Communication
Adap
tive
AR P
latfo
rm In
stan
ce
Adap
tive
AR P
latfo
rm In
stan
ce
Ethernet
Cla
ssic
AR
Pla
tform
Inst
ance
Adap
tive
AR P
latfo
rm In
stan
ce
Cla
ssic
AR
Pla
tform
Inst
ance
…
Con
solid
atio
n
ara::rest
Object Graph
HTTP/JSON
vETH vETH
AUTOSAR Nov-2017 18
Standard interface for ara::com bindings on Adaptive AUTOSAR?
ara::com
Adaptive Application …
Adaptive Application
ara::com inter-VM binding
ara::com Inter-ECU binding(s)
SOME/IP, DDS, etc.
Adap
tive
AUTO
SAR
Pla
tform
Inst
ance
Standard interface? Standard interface? Standard interface?
ara::com local IPC binding
– Allows integration of binaries from Adaptive Application providers onto a project’s specific communication binding(s).
– Ease testing of application code using mock bindings.
AUTOSAR Nov-2017 19
– OpenSynergy aims to bring the hypervisor concept into AUTOSAR through the creation of a CONC document and related artifacts such as:• Methodology and metamodel• Software modules and APIs
– OpenSynergy welcomes the cooperation with other AUTOSAR members on this topic.
Hypervisor Concept for AUTOSAR
AUTOSAR Nov-2017 20
1. Brain image: https://commons.wikimedia.org/wiki/File:PSM_V46_D167_Outer_surface_of_the_human_brain.jpg.2. “Data is the New Oil in the Future of Automated Driving”, Brian Krzanich, Intel, https://newsroom.intel.com/editorials/krzanich-the-future-of-
automated-driving/.3. Road image: https://commons.wikimedia.org/wiki/File:California_I-280_Mill_Road.jpg.4. “On the Sample Complexity of End-to-end Training vs. Semantic Abstraction Training”, S. Shalev-Shwartz, A. Shashua, Mobileye,
https://arxiv.org/abs/1604.06915.5. “Autonomous Car - what goes into sensing for autonomous driving?”, presentation by A. Shashua, Mobileye, https://youtu.be/GCMXXXmxG-
I?t=271.6. “Explaining How a Deep Neural Network Trained with End-to-End Learning Steers a Car”, M. Bojarski et al., NVIDIA Corporation,
https://arxiv.org/abs/1704.07911.7. “European Union regulations on algorithmic decision-making and a right to explanation”, B. Goodman, S. Flaxman,
https://arxiv.org/abs/1606.08813.8. “The Symbolic vs Subsymbolic Debate”, H. Bowman, CCNS, Kent, https://www.cs.kent.ac.uk/people/staff/hb5/SymbSubSymb.ppt.
References
10th AUTOSAR Open Conference
Thank you for your attention!
- AUTOSAR - page 21
OpenSynergy GmbHRotherstraße 2010245 Berlin / Germanyt +49 30 60 98 540 [email protected]
Pierre-Antoine Bernard
OpenSynergy GmbHRotherstraße 2010245 Berlin / Germanyt +49 30 60 98 540 [email protected]
Cornel Izbasa