AUTOSAR Extensions for Predictable Task Synchronization in MultiCore ECUs

Multi-core processors are becoming increasingly prevalent, with multiple multi-core solutions being offered for the automotive sector. Recognizing this trend, the AUTomotive Open System ARchitecture (AUTOSAR) standard version 4.0 has introduced support for multi-core embedded real-time operating systems. A key element of the AUTOSAR multi-core specification is the spinlock mechanism for inter-core task synchronization. In this paper, we study this spinlock mechanism from the standpoint of timing predictability. We describe the timing uncertainties introduced by standard test-and-set spinlock mechanisms, and provide a predictable priority-driven solution for inter-core task synchronization.

The proposed solution is to arbitrate critical sections using the well-established Multi-processor Priority Ceiling Protocol [3], which is the multiprocessor version of the ceiling protocol for uniprocessors [1, 2] used by AUTOSAR. We also present the associated analysis that can be used in conjunction with the AUTOSAR task model to bound the worst-case waiting times for accessing shared resources. The timing predictability provided by our protocol is an important requirement for automotive applications from both certification and validation standpoints.