ranthog Ars Tribunus Angusticlavius
9y
11,300
numerobis said:
I was assuming the real-time stuff (e.g. TACC's control loop) was on a separate real-time OS, since it doesn't get affected when the user-mode apps go bonkers. Are they using a real-time linux for that?
You can run a non-real time process, such as an OS, on top of a real time OS. The underlying hypervisor layer is the effective real time OS and safety related stuff is handled down at that layer, and it is likely a fully real time OS in addition to a virtualization environment. //

Numfuddle Ars Scholae Palatinae
4y
1,243
Subscriptor
Rauth85 said:
Hmm surprised none of the current systems would be using nix.
Most use Linux for Non-Safety critical systems (like parts of the infotainment) and QNX for safety. Usually they also use seperate MCUs or cores for the vehicle bus systems that run dedicated low level real time OS kernels (like MicroSAR from Vector Informatik or TresosOS from elektrobit). Tesla is no exception here.

The ability to use Linux for high end safety and non-safety SW (i.e. ASIL certified safety) is novel. It hasn't been done before because it's both hard to certify an OS with as many lines of code as Linux for ISO 26262 and it's also a moving target. As soon as you add a change you would have to re-certify the whole system again and again and again.

If the claims of Elektrobit are true they have now solved the certification issue as well as the IS26262 hardening of the SW stack which makes Liinux ready for ASIL rated systems without running years old kernels and the respective security issues.