This year, we have five invitees from industry who will talk about their work and experiences with real-world problems. The industrial session will comprise of 20-minute talks by each of our invited guest speakers, followed by a 20-minute short panel. Given the success of the industrial session in 2013, this is expected to be an exciting and informative event. Please make sure to attend.

Automotive Ethernet real-time predictability [Presentation]

Jan Seyler (Daimler AG)


The introduction of Ethernet as an automotive communication system comes along with new challenges in developing E/E-architectures. As an OEM, it is essential to design a feasible communication matrix such that no buffer limits in switches and end nodes as well as end-to-end latencies will be exceeded. To verify a communication matrix, new metrices are needed that can be used to evaluate the communication system. This talk will show the verification methodology that is currently developed at Daimler and gives an example on how to safeguard a typical automotive Ethernet network and the according software stack in terms of timing and functionality.


Jan Seyler has studied scientific computing at the University of Heidelberg. His majors were mathematics, physics and information technology with specialization in numerical optimization, optimal control, hardware design and functional verification. He completed his studies in 2012 with his thesis “A Graphical Guided Testbench Creation Tool for Functional Hardware Verification based on UVM”. Since then Mr. Seyler works on his PhD at Daimler under the supervision of the University Erlangen-Nürnberg with the topic “Evaluation and further Development of Ethernet for in-car Communication”. His main fields of interest are fast and reliable wakeup mechanisms as well as the evaluation of timing and real-time behavior of automotive Ethernet.

Deeply Embedded Real-Time Hypervisors for the Automotive Domain [Presentation]

Gary Morgan (ETAS Ltd.)


In recent the years the number of electronic control units (ECU) in cars has increased enormously. It’s not unusual for a high-end vehicle to have around 100 ECUs, of limited functionality, connected with a variety of LAN technologies. This ECU abundance is expensive in many ways such as procurement cost, weight and maintenance. Merging ECUs into more powerful, more functional and less abundant Domain Control Units (DCUs) can result in savings, but increases integration costs as well as raising real-time, safety and security concerns. This presentation outlines how a new generation of deeply embedded hypervisors is required in order to reduce the integration costs whilst maintaining relevant real-time, safety and security properties. Hypervisors can also provide improved safety and security. ECUs typically have quite stringent real-time constraints, which are relatively easy to satisfy on a dedicated ECU. However, maintaining these constraints in a highly-integrated DCU is an interesting problem; and we outline some of the work we have been doing on this.


Gary Morgan received his Bachelor’s degree in Computer Science, and PhD in highly reliable systems, from the University of York’s Department of Computer Science. He then worked as a lecturer and researcher forming the Advanced Computer Architecture Group and specializing in the interface between hardware and software. In 1997 he joined LiveDevices and has since specialized in deeply embedded automotive systems, especially operating systems such as OSEK, and larger systems such as AUTOSAR. ETAS bought LiveDevices in 2004. He is currently working as an embedded systems and safety consultant for ETAS and is researching into deeply embedded hypervisors for the automotive domain.

Guaranteed Services on the Network-on-Chip of a Manycore Processor [Presentation]

Duco van Amstel (Kalray)


The Kalray MPPA-256 processor (Multi-Purpose Processing Array) integrates 256 processing engine (PE) cores and 32 resource management (RM) cores on a single 28nm CMOS chip. These cores are distributed across 16 compute clusters and 4 I/O subsystems. On-chip communications and synchronizations are supported by an explicitly routed dual network-on-chip (NoC), with one node per compute cluster and 4 nodes per I/O subsystem. The data NoC is dedicated to high bandwidth data transfers and may operate with guaranteed services, thanks to non-blocking routers and flow regulation at the source node. Given a set of flows across the data NoC with predetermined routes, we formulate the problem of guaranteeing fair allocation of bandwidth across flows and bounding their maximum transfer latency. By considering the architecture of the data NoC and by introducing conservative approximations, we show how this formulation can be transformed into a linear program. Solving this linear program is efficient and the quality of its solutions appears comparable to those of the original formulation, based on problem instances obtained from the cyclostatic dataflow compilation toolchain of the Kalray MPPA-256 processor.

Challenges of multicore processors in mixed-criticality systems with focus on temporal aspects [Presentation]

Michael Paulitsch (EADS)


Modern multicore processors are highly integrated and complex with shared resources (like shared caches and memories) influencing timing properties. This talk will present multicore worst case performance evaluation in mixed criticality systems like avionics. It discusses current research and challenges in certification of multicore processors in aerospace.


Michael Paulitsch is Senior Expert in Embedded Networks and Computing at Airbus Group Innovations in the Electronic, Communication and Intelligent Systems Department based in Munich, Germany. His work focuses on dependable and secure embedded computing and networks in avionics. Before this, he worked at Honeywell Aerospace in the U.S.A. on software and electronic platforms in the area of business, regional, air transport, and human space avionics and engine control electronics. Michael Paulitsch published 35+ refereed scientific papers in his area of expertise, participates in internal scientific conference committees and holds more than 20 patents. He holds a PhD in technical sciences from the Vienna University of Technology, Vienna, Austria with emphasis on dependable embedded systems and a doctoral degree in economics and social science with emphasis on production aspects.

Challenges in WCET prediction [Presentation]

Florian Martin (AbsInt)


Safety standards like ISO26262 for the automotive domain, DO179b/c for the avionic domain and others require to demonstrate the availability of sufficient resources to sustain correct functioning of the system. This includes determining safe upper bounds on the worst-case execution and response time of real-time tasks. In mixed-criticality systems the entire system is subject to the highest occurring safety integrity level unless the independence of all safety functions can be demonstrated in the spatial and temporal domain. Spatial independence can be ensured by using partitioned operating systems, or can be proven by static analysis tools which, e.g., can demonstrate the absence of stack overflows or other runtime errors. However, many multicore processors exhibit characteristics that make it difficult or even impossible to ascertain predictable performance. It may be hard to guarantee bounds on the effects of interference on the use of shared resources or to ensure freedom of interference and to determine safe worst-case execution time bounds. We give an overview of hardware features leading predictability problems and show examples of predictability-oriented multi core designs and configurations.


Florian Martin, born in 1968, completed the diploma degree program in computer science at the Saarland University from 1989 to 1995. In his master’s thesis he investigated specification and implementation methods for the generation of static program analyzers. In 1999, he completed his doctorate, his dissertation being entitled “Generating Program Analyzers”. Since 1996, Dr. Martin has been a research associate at the Department for Compiler Construction and Programming Languages at the Saarland University. Dr. Martin has also been the Saarland University’s research coordinator at the Transfer Center no. 14 (“Run-Time Guarantees for Modern Architectures via Abstract Interpretation”) and an instructor of advanced courses on program analysis. He is the author of various publications on static program analysis, program optimization and worst-case execution time prediction. Since 2000, Dr. Martin is Principal Architect at AbsInt, of which he is one of the co-founders. He is the key designer of the PAG Program Analyzer. Since many years his main focus lies on static analyses of binary code for critical embedded systems.