Towards Timing Isolation for Mixed-Criticality Communication in Software-Defined Vehicles

TL;DR

This paper proposes a layered software architecture with traffic prioritization and hardware isolation techniques to ensure predictable latency for mixed-criticality applications in Linux-based automotive systems.

Contribution

It introduces a comprehensive timing isolation approach across middleware, network, and hardware layers for automotive Linux systems handling mixed-criticality data.

Findings

Achieves consistent latency for real-time traffic under interference

Uses XDP to bypass Linux network stack for critical data

Dedicates NIC queue for real-time traffic

Abstract

As the automotive industry transitions toward centralized Linux-based architectures, ensuring the predictable execution of mixed-criticality applications becomes essential. However, concurrent use of the Linux network stack introduces interference, resulting in unpredictable latency and jitter. To address this challenge, we present a layered software architecture that enforces timing isolation for Ethernet-based data exchange between mixed-criticality applications on Linux-based automotive control units. Our approach integrates traffic prioritization strategies at the middleware layer, the network stack layer, and the hardware layer to achieve isolation across the full software stack. At the middleware layer, we implement a fixed-priority, non-preemptive scheduler to manage publishers of varying criticality. At the network layer, we leverage the express data path (XDP) to route high-priority data directly from the network interface driver into critical application memory, bypassing the standard Linux network stack. At the hardware layer, we dedicate a network interface card (NIC) queue exclusively to real-time traffic. We demonstrate how our architecture performs in a Data Distribution Service (DDS)-based system. Our evaluation shows that the approach leads to consistent and predictable latencies for real-time traffic, even under heavy interference from best-effort applications.