A Safe Graphics Rendering Solution for Consolidated Operating Systems

Mouzakitis, Angelos; Chappuis, Kevin; Vetter, Julian; Paolino, Michele; Kamoun, Youssef; Raho, Daniel

Home // ICONS 2018, The Thirteenth International Conference on Systems // View article

A Safe Graphics Rendering Solution for Consolidated Operating Systems

Authors:
Angelos Mouzakitis
Kevin Chappuis
Julian Vetter
Michele Paolino
Youssef Kamoun
Daniel Raho

Keywords: Graphics, Split-Display, Mixed-Criticality, Real-Time, VOSYSmonitor

Abstract:
New Breakthroughs in the automotive domain, such as Advanced Driver Assistance Systems (ADAS), 5G Vehicle to Everything (V2X) connections and In-Vehicle Infotainment (IVI) systems have made a significant impact on the automotive industry. Virtualization plays a key role in this trend, since it provides the ability to consolidate services with different levels of criticality, such as for instance ADAS functions and IVI or 5G connectivity services. Today, one scenario that arises with this new trend is the consolidation of a safety critical digital instrument cluster which displays safety metrics, e.g., speed, torque, etc. along with an IVI system. In such an architecture, the Graphical Processing Unit (GPU) is of central importance to ensure an efficient implementation. However, utilizing the GPU in both compartments raises safety concerns, and poses the question whether the strict isolation implemented by the virtualization layer can be upheld. Therefore, in this paper, we investigate this issue, and address it, by proposing a solution that consolidates a safety critical digital cluster along with an IVI system. We present the design of a safety mechanism to isolate the GPU rendering in both compartments, called “split- display”, leveraging the ARM R TrustZone R technology. In our design, the secure world hosts a Real-Time Operating System (RTOS), which handles the GPU rendering in order to protect mission-critical tasks (e.g., speedometer and warning icons) from potential failures occurring in the IVI system. The mechanism provides safety guarantees for the GPU rendering of the RTOS. Our prototype “split-display” solution for mixed-criticality sys- tems is implemented on the Renesas R-Car H3 platform. To val- idate our prototype implementation, we performed a number of experiments and evaluate the performance impact that occurs due to the consolidation. The results show that our implementation ensures at least 30 frames per second (fps) which is in line with the ISO 15005 safety standards. This number can even be achieved if a failure occurs in the IVI system.

Pages: 18 to 24

Copyright: Copyright (c) IARIA, 2018

Publication date: April 22, 2018

Published in: conference

ISSN: 2308-4243

ISBN: 978-1-61208-626-2

Location: Athens, Greece

Dates: from April 22, 2018 to April 26, 2018