Goal of this paper is to develop adaptive software solution, with ability for quick response to input requirements changes. Keywordsâpersistent data storage, ...
One solution for persistent data storage in automotive industry Dragan Radanović `1 , Ivan Kaštelan1 1
Milovan Vidović 2 , Radovan Prodanović 2 2
Faculty of Technical Sciences, University of Novi Sad Novi Sad, Serb ia
RT-RK Institute for Co mputer Based Systems Novi Sad, Serb ia
Abstract—–Persistent data storage problem in modern automotive vehicles can be trivially viewed, as function of storing favorite radio stations, all the way up to safety critical functions, like black box. In this paper we present one solution for persistent data storage and quick integration in automotive industry. Goal of this paper is to develop adaptive software solution, with ability for quick response to input requirements changes.
requirements are common. Given that software is becoming more co mplex with every day, with frequent input changes, delivering reliable software in short timeframe is becoming more and more d ifficult. It’s estimated that in modern cars there is more the ten million lines of program source code [3]. With further development and growth in the number and complexity of functions, this number will increase significantly.
Keywords—persistent data storage, automotive, safety, agile development, AUTOSAR, MISRA
To enable quick changes of program source code based on input changes, it is necessary to automate process. In these situations it is suitable to use code generators. Source code is separated into two parts, independent and dependent part of input parameters. An independent part is often called a handwritten, and dependant part is called generated code. Code generators are suitable in this application, reducing possibility of error, thereby facilitating agile software develop ment.
I.
INT RODUCTION
Advanced driver assistance systems are fastest growing segment in automotive industry [1] [2]. Co mpanies engaged in production of automotive equipment have constant desire to innovate new and enhance existing features in their vehicles and devices. Constant development of software and hardware enables development of new functionalities with different levels of complexity, ranging fro m interior light control, all the way up to advanced systems, like autopilot and autonomous driving. Modern vehicles have very high requirements for safety, economy and comfort. Modern vehicles can contain dozens, even hundreds of ECU’s (Electronic Control Units) which are connected via networks (CA N, Flex Ray, and lately Ethernet).
This paper contain the following sections. The second chapter describes theoretical foundations necessary for understanding basic concepts in problem of persistent data storage, and methodology of software development. The third and fourth chapters are describing concept and implementation of presented software solution for persistent data storage. Fifth chapter presents testing and verification procedures with results. II. THEORY
Persistent data storage in automotive systems can be seen as trivial function for storing favorite radio stations, seat, light, rear v iew mirro rs adjustment, mileage, average fuel consumption, calibration data, all the way up to safety critical data, such as pictures from cameras, radars, and other sensor in the mo ments before accident (black bo x).
A. Software model Model presents a description of the system, using welldefined language that supports automatic interpretation by computer. A well-defined language must have an abstract syntax (meta model), concrete syntax (notation presentation) and semantics. Meta model defines the basic concepts of the language ant its mutual relations. Model represents an abstraction of real system, meta model is representation of an explicit abstraction of real system [4].
Desire of lead ing automotive companies to provide new services and features in their vehicles require fast development of advanced driver assistance systems. On the other hand, it is necessary to make reliab le systems with minimal probability of unpredictable behavior.
Idea is to consider model on a higher level of abstraction, without imp lementation details. Increase in productivity is achieved by maximizing compatib ility between systems, using standardized models, simplify ing the design process, facilitating co mmun ication between different teams, using techniques and technologies that have proved to be best in practice. Due to inability of third-generation programming
Software for such systems must be developed according to the highest safety standards, to ensure correct functionality, and early detection of faults and errors, reducing risk and possibility of faulty software that can cause property damage and human casualties. During
software
development,
changes
of
input
This work was partially supported by the Ministry of Education, Science and Technological Development of the Republic of Serbia, under grant number: T R32041 .
60
languages to reduce complexity, and express certain concepts of problem do main, usage of model driven software development is proving to be promising approach [5].
E. Run-time Environment (RTE) AUTOSAR (AUTo motive Open System ARchitecture) layer for data exchange between different software components (SWC) in is called RTE. In scope of this paper, RTE can be considered as RAM memo ry which can be accessed from d ifferent SWC’s.
B. Code generators Code generation is the process of automatic source code generation, by which code generator converts some intermediate representation of source code into a form that can be readily executed by a machine. In a way, integrated development environ ments (IDE) can be considered as code generators [6], but in this paper we are referring to usage of software tools for processing templates. Use of these tools is useful in cases where similar p ieces of code appear mult iple times, or when input specifications are changed frequently. In the event of input specifications change, it is only necessary re-generate source code.
III. CONCEPT Main task of presented solution is to preserve content of RTE between power cycles, using NvM. Memory content fro m RTE is preserved in data blocks. One data block contains two files, main and backup. Each file have ID, data, and CRC calculated based on that data. If main file is corrupted, backup file is used to restore original memory content. When system is powered on, data is retrieved from NvM, data integrity checks are performed, and data is provided to the rest of system through RTE. When system is power of, CRC is calculated over data, and data is stored in NvM.
Input data for code generation can be obtained in different ways. So me of co mmon ly used ways are parsing files (XM L, CSV, or some other format), direct access to data in memory or reading database.
The solution presented in this paper consists of two parts: a hand-written code and generated code. By separating code into two parts further developments is made easier and amount of needed effort is reduced. It is possible to imp lement comp lete solution in generated code, but in that case it is necessary to manually imp lement changes, and then to implement those changes it code generator. Hand-written code contains implementation parts that are not dependant on input data, providing basic functionality. Generated part contains parts of code that are input (model) dependant. Preservation of the data block integrity is checked using CRC algorith ms .
C. Non-volatile memories (NvM’s) Co mputer memories that can retrieve stored informat ion even after having been power cycled are called non-volatile. In the scope of this paper of particular interests are semiconductor flash memo ry, due to their availability, price, and capacity. Magnetic mediu ms are mo re sensitive to physical shocks, and therefore are not suitable for use in the automot ive industry.
Fig. 2 represents ideal examp le of code generator usage, where generated code is connected with other parts of system, and no additional hand-coded part is required. Fig. 3 represents real use case, where some addit ional part is often required, in order to use generated parts with rest of the system.
D. Cyclic redundancy check (CRC) The CRC was invented by William Wesley Peterson in 1961 [7]. CRC is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data. Blocks of data entering these systems get a short check value attached, based on the remainder of a polynomial division of their contents. On retrieval, the calculation is repeated and, in the event the check values do not match, corrective action can be taken against data corruption. CRCs are popular because they are simple to implement in hardware, easy to analyze mathematically, and particularly good at detecting common errors in trans mission channels. CRC algorithms provide protection against unreliable behaviour caused by memory device malfunction.
Fig. 2. Ideal example of code generator usage
Fig. 1. Code generator
61
Function NvmCheckCrc() is used for checking if data in NvM has correct CRC (CRC is calculated and compared with stored value). Function NvmCheckMem() provides diagnostic functions for checking availab ility and health status of NvM. CRC module provides fast software CRC calculation, using pre-calculated lookup table. In this solution used CRC module was developed by Michael Barr [12]. CRC data integrity checks is imp lemented using 32-bt Ethernet polynomial (0x04C11DB7), wh ich was performed well in practice. Code generator is developed in Python programming language, using Jinja temp late engine. Jinja is one of the most used template engines in Python [13]. Output from code generator is C source and header files, which are compliant with AUTOSAR nad MISRA C standards. Python library “lxml”[14] is used for parsing XML input file. In presented solution input file is extracted fro m AUTOSA R model.
Fig. 3. Real example of code generator usage
Code generator provides functionality for code generation based on input file extracted fro m model. The input file format is XM L (eXtensible Markup Language). Input file is created of the software model of the system. Input file is checked with XSD (XM L Schema Defin ition) scheme, verify ing that input file is valid, and that code generator will make valid C source code, which can be compiled and executed. If input file is incorrect in relation to scheme, generation is terminated:
Result of code generation is C source and header files which contains descriptor table, and functions for reading and writing data blocks from/to NvM. Descriptor table is a static array of structures which contains informat ion about file names, sizes, identifications.
IV. SOFTWARE SOLUTION Non-generated part is written in C programming language. Developed by ISO C99 [8], ISO 26262 [9] MISRA C [10] and AUTOSA R [11] standards. It consists of two modules: Nv mManager and CRC module. Nv mManager module provides the functionality to read and write data blocks, files, as well as the data blocks integrity checks, using CRC algorith ms.
For each data block defined in model, two functions are generated, one for reading and one for writ ing data block. Generated "read" function (e.g. NvmRead_DataBlock001() ) is used for integrity checks, and to provide correct data. Generated "write" function (e.g. Nv mWrite_DataBlock001() ) is used for CRC calcu lation, and for storing data in NvM. Interface functions are also generated: Nv mRead_WriteRte() and RteRead_NvmWrite() . These functions are used by system on startup and on shutdown.
Nv mManage module consists of following parts: •
Nv mReadFile()
•
Nv mReadBlock
•
Nv mWriteFile()
•
Nv mWriteBlock()
•
Nv mCalcCrc()
•
Nv mCheckCrc()
•
Nv mCheckMem()
These functions provide functionality of persistent memo ry storage to the rest of the system. Other SW C’s can use RTE between power cycles, without any additional effort. In this way, loading calibration and configuration data into SWC is made easier for other SWC, as they don’t have to take care about loading values from NvM. V. TEST S AND VERIFICATION
Functions NvmReadFile() and Nv mWriteFile() contain system calls for reading and writ ing files fro m NvM.
During development of solution presented in this paper, tests were performed on platform with n Vid ia Tegra K1 processor[15], over Linu x distribution Jetson TK1 R21.5, with kernel version 3.10.40 [16].
Function NvmRead Block() provides functionality for reading main or redundant data block file, depending on file integrity.
Using software tool for static analysis of code PRQA QA C 8.1.1 it was determined that software solution does not violate any unjustified MISRA C: 2004 guidelines.
Function NvmWriteBlock() is used for calculat ion CRC check value, and storing data block files into NvM. Functions Nv mCalcCrc() is used for calculating CRC value. Before file is written to NvM, check is performed to verify that CRC value of data block in NvM, and CRC of data in RTE is not equal. If values are equal, we presume that data is the same, and file is not written. This is done in order to preserve flash memo ry and increase life span of memo ry device.
Three groups of functional tests were carried out: tests for verify ing reading of correct data from NvM, tests for writ ing data to NvM, and tests for verify ing error detection. Tests for all three groups were successfully executed, with positive results. Performance measurements were also taken. Given that at the time of test execution no additional software components
62
(applications) were present in system, or using NvM, achieved read/write speeds were close to maximu m for g iven memory device. Write speeds achieved during the test were about 10 MB / s and read speeds around 15 MB / s . Memory consumption depends on data defined in model. Fo r each data element defined in model, memory buffer will be allocated.
[4] A. Rodrigues da Silva, "Model-driven engineering: A survey supported by the unified conceptual model", Co mputer Languages, Systems & Structures , Volu me 43, pp 139–155, Oct. 2015. [Online] Availab le: http://www.sciencedirect.co m/science/article/pii/S1477842415 000408#. [Do wnloaded: Jan. 15, 2017]. [5] D.C. Sch midt, " Guest Ed itor's Introduction: Model-Driven Engineering," IEEE Co mputer, vol 39, no., pp. 25-31, Feb. 2006
VI. CONCLUSION Presented software solution for persistent data storage in this paper is in compliance with current standards (AUTOSAR, ISO26262, MISRA C), and easily can be integrated into AUTOSA R system, or as part of separate ECU. Data integrity preservation is ensured by using CRC algorith ms. By separation to generated and non-generated part, agile software develop ment is supported (support for quick reaction on input requirements change). AUTOSAR standard allo ws and supports easy integration with other AUTOSAR software. Advantages of presented solutions over other NvM managers are increased life span of memory device, due to CRC overwrite protection, diagnostic and early fault detection features.
[6] J. Wilco x, "Paying Too Much for Custom Application Develop ment," blog.edgewater.com, Mar. 18, 2011. [Online]. Available : https://blog.edgewater.com/2011/ 03/ 11/paying-toomuch-for-custom-application-implementation-codegeneration/. [Downloaded: Dec. 18, 2016]. [7] W. W Peterson, D. T. Brown, "Cyclic Codes for Error Detection", Proceedings of the IRE, vol: 49, issue 1, Jan. 1961. [8] ISO/ IEC 9899:1999: Programming languages - C, Dec. 1, 1999. JTC 1/SC 22/W G 14
Further development of presented solution may be towards implementation of additional features such as data encryption, etc.
[9] ISO 26262:2011, "Road vehicles -Functional safety," International Standardization Organization.
Integration of presented solution requires extraction of input data for code generator fro m AUTOSA R model. W ith this data, code generator can generate NvM manager implementation in C programming language.
[10] "MISRA C and MISRA C++ Compliance,” 2016. [Online]. Available: http://www.programmingresearch.com/codingstandards/misra/. [Downloaded: Dec. 18, 2016].
REFERENCES
[11] AUTOSA R , (AUTo motive Open System ARchitecture), Dec. 10, 2016. [Online]. Availab le: http://www.autosar.org. [Do wnloaded: Dec. 10, 2016]. [12] M. Barr, " CRC Series, Part 3: CRC Imp lementation Code in C/ C++", barrgroup.com, Jan. 1, 2000. [Online]. Available: http://www.barrgroup.com/ EmbeddedSystems/How-To/CRC-Calculation-C-Code[Downloaded: Nov. 19, 2016].
[1] I. Riches, "Strategy Analytics: Automotive Ethernet: Market Growth Outlook," IEEE SA: Ethernet & IP @ Automotive Technology Day. Oct. 23, 2014. [Online]. Available : IEEE, http://standards.ieee.org/events/automotive/2014/00_Automoti ve_Ethernet_Market_Gro wth_Outlook.pdf. [Preuzeto: Dec. 17, 2016].
[13] "Jinja2," 2014. [On line]. Availab le: http://jinja.pocoo.org/ [Downloaded: Aug. 17, 2016 ] [14] " lxml - XM L and HTM L with Python", 2017. [Online]. Availab le: http://lxml.de/
[2] "Global Automotive Supplier Study 2016", Jul. 2016. [Online]. Availab le: https://www.rolandberger.co m/publications/publication_pdf/ro land_berger_global_automotive_supplier_2016_ final.pdf. [Down loaded: Jan. 14, 2017].
[15] "Tegra K1 Next -Gen Mobile Processor", 2017. [Online]. Available :http://www.nvidia.co m/object/tegra-k1processor.html. [Downloaded: Jan. 15, 2017].“
[3] Roberto Saracco, " Guess what requires 150 million lines of code",Jan. 13, 2016.[On line]. Availab le: https://www.eitdigital.eu/news -events/blog/article/guess-whatrequires-150-million-lines-of-code/. [Do wnloaded: Jan. 23, 2017].
[16] "Linu x For Tegra R21.5", 2017. [Online]. Availab le: https://developer.nvidia.co m/linu x-tegra-r215. [Downloaded Jan. 15, 2017].
63
