Search Results

The development of highly automated driving functions (AD) recently rises the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is increasing rapidly and especially in vehicles with highly automated functions, there is a high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who should no longer occupied with driving tasks.

Software complexity of vehicles is constantly growing especially with additional autonomous driving features being introduced. This increases the risk for bugs in the system, when the car is delivered. According to a car manufacturer, more than 90% of availability problems corresponding to Electronic Control Unit (ECU) functionality are either caused by software bugs or they can be resolved by applying software updates to overcome hardware issues. The main concern are sporadic errors which are not caught during the development phase since their trigger condition is too unlikely to occur or is not covered by the tests. For such systems, there is a need of safe and secure infield diagnosis. In this paper we present a tool software architecture with remote access, which facilitates standard read/write access, an efficient channel interface for communication and file I/O, and continuous trace.

The current automotive electronic and electrical (EE) architecture has reached a scalability limit and in order to adapt to the new and upcoming requirements, novel automotive EE architectures are currently being investigated to support: a) an Ethernet backbone, b) consolidation of hardware capabilities leading to a centralized architecture from an existing distributed architecture, c) optimization of wiring to reduce cost, and d) adaptation of service-oriented software architectures. These requirements lead to the development of Zonal EE architectures as a possible solution that require appropriate adaptation of used security mechanisms and the corresponding utilized hardware trust anchors. 1 The current architecture approaches (ECU internal and in-vehicle networking) are being pushed to their limits, simultaneously, the current embedded security solutions also seem to reveal their limitations due to an increase in connectivity.

It is particularly easy to get tunnel vision as a domain expert, and focus only on the improvements one could provide in their area of expertise. To make matters worse, many Original Equipment Manufacturers (OEMs) are silo-ed by domain of expertise, unconsciously promoting this single mindedness in design. Unfortunately, the successful and profitable development of a vehicle is dependent on the delicate balance of performance across many domains, involving multiple physics and departments. Taking for instance the design of a Heating, Ventilation & Air Conditioning (HVAC) system, the device’s primary function is to control the climate system in vehicle cabins, and more importantly to make sure that critical areas on the windshield can be defrosted in cold weather conditions within regulation time. With the advent of electric and autonomous vehicles, further importance is now also placed on the energy efficiency of the HVAC, and its noise.

This paper explains why software for efficient model-based development is needed to improve the efficiency of automakers and suppliers when implementing solutions with next generation automotive embedded systems. The resulting synergies are an important contribution for the automotive industry to develop safer, smarter, and more eco-friendly cars. To achieve this, it requires implementations of algorithms for machine learning, deep learning and model predictive control within embedded environments. The algorithms’ performance requirements often exceed the capabilities of traditional embedded systems with a homogeneous multicore architecture and, therefore, additional computing resources are introduced. The resulting embedded systems with heterogeneous computing architectures enable a next level of safe and secure real-time performance for innovative use cases in automotive applications such as domain controllers, e-mobility, and advanced driver assistance systems (ADAS).

The reduction of vehicle exhaust particle emissions is a success story of European legislation. Various particle number (PN) counters and calibration procedures serve as tools to enforce PN emission limits during vehicle type approval (VTA) or periodical technical inspection (PTI) of in-use vehicles. Although all devices and procedures apply to the same PN-metric, they were developed for different purposes, by different stakeholder groups and for different target costs and technical scopes. Furthermore, their calibration procedures were independently defined by different stakeholder communities. This frequently leads to comparability and interpretation issues. Systematic differences of stationary and mobile PN counters (PN-PEMS) are well-documented. New, low-cost PTI PN counters will aggravate this problem. Today, tools to directly compare different instruments are scarce.

Recently, vehicle networks have increased complexity due to the demand for autonomous driving or connected devices. This increasing complexity requires high bandwidth. As a result, vehicle manufacturers have begun using Ethernet-based communication for high-speed links. In order to deal with the heterogeneity of such networks where legacy automotive buses have to coexist with high-speed Ethernet links vehicle manufacturers introduced a vehicle gateway system. The system uses Ethernet as a backbone between domain controllers and CAN buses for communication between internal controllers. As a central point in the vehicle, the gateway is constantly exchanging vehicle data in a heterogeneous communication environment between the existing CAN and Ethernet networks. In an in-vehicle network context where the communications are strictly time-constrained, it is necessary to measure the delay for such routing task.

Autonomous driving systems and connected mobility are the next big developments for the car manufacturers and their suppliers during the next decade. To achieve the high computing power needs and fulfill new upcoming requirements due to functional safety and security, heterogeneous processor architectures with a mixture of different core architectures and hardware accelerators are necessary. To tackle this new type of hardware complexity and nevertheless stay within monetary constraints, high performance computers, inspired by state of the art data center hardware, could be adapted in order to fulfill automotive quality requirements. The European Processor Initiative (EPI) research project tries to come along with that challenge for next generation semiconductors. To be as close as possible to series development needs for the next upcoming car generations, we present a hybrid semiconductor system-on-chip architecture for automotive.

Current regulatory developments aim for stricter emission limits, increased environmental protection and purification of air on a local and global scale. In order to find solutions for a cleaner combustion process, it is necessary to identify the critical components and parameters responsible for the formation of emissions. This work provides an evaluation process for particle formation during combustion of a modern direct injection engine, which can help to create new aftertreatment techniques, such as a gasoline particle filter (GPF) system, that are fit for purpose. With the advent of “real driving emission” (RDE) regulations, which include market fuels for the particulate number testing procedure, the chemical composition and overall quality of the fuel cannot be neglected in order to yield a comparable emission test within the EU and worldwide.

Highly automated driving (HAD) is under rapid development and will be available for customers within the next years. However the evidence that HAD is at least as safe as human driving has still not been produced. The challenge is to drive hundreds of millions of test kilometers without incidents to show that statistically HAD is significantly safer. One approach is to let a HAD function run in parallel with human drivers in customer cars to utilize a fraction of the billions of kilometers driven every year. To guarantee safety, the function under test (FUT) has access to sensors but its output is not executed, which results in an open loop problem. To overcome this shortcoming, the proposed method consists of four steps to close the loop for the FUT. First, sensor data from real driving scenarios is fused in a world model and enhanced by incorporating future time steps into original measurements.

Functional safe systems fulfilling the ISO 26262 standard are getting more important for automotive applications where additional redundant and diverse functionality is needed for higher rated ASIL levels. This can result in a very complex and expensive system setup. Here we present a sensor product developed according ISO 26262. This sensor product comprises a two channel redundant and also diverse implemented magnetic field sensor concept with linear digital outputs on one monolithically integrated silicon substrate. This sensor is used for ASIL D applications like power-steering torque measurement, where the torque is transferred into a magnetic field signal in a certain magnetic setup, but can also be used in other demanding sensor applications concerning safety. This proposed and also implemented solution is beneficial because of implementation on a single chip in one single chip-package but anyway fulfilling ASIL D requirements on system level.

The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls. This paper addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software.

Connecting mobile communication channels to vehicles’ networks is currently attracting engineers in a wide range. Herein the desire of vehicle manufacturers to remotely execute software updates over the air (SOTA) within electronic control units (ECU) is probably the field of highest attention at the moment. Today software updates are typically done at vehicle service stations and connection the vehicles electronic network via the onboard diagnosis (OBD) interface to a service computer. Herby the duration of the update is invisible to the user, as this happens during standard service appointments. With introduction of SOTA, these updates become very convenient to the customer and can lead to higher customer satisfaction levels. SOTA can be made transparent to the user however the method of implementation can affect the user experience.

Air charge calibration of turbocharged SI gasoline engines with both variable inlet valve lift and variable inlet and exhaust valve opening angle has to be very accurate and needs a high number of measurements. In particular, the modeling of the transition area from unthrottled, inlet valve controlled resp. throttled mode to turbocharged mode, suffers from small number of measurements (e.g. when applying Design of Experiments (DoE)). This is due to the strong impact of residual gas respectively scavenging dominating locally in this area. In this article, a virtual residual gas sensor in order to enable black-box-modeling of the air charge is presented. The sensor is a multilayer perceptron artificial neural network. Amongst others, the physically calculated air mass is used as training data for the artificial neural network.

Introduction The introduction of Ethernet and Gigabit Ethernet [2] as the main invehicle network infrastructure is the technical foundation for different new functionalities such as piloted driving, minimizing the CO2- footprint and others. The high data rate of such systems influences also the used microcontrollers due the fact that a big amount of data has to be transferred, encrypted, etc. Figure 1 Motivation - Vehicles will become connected to uncontrolled networks The usage of Ethernet as the in-vehicle-network enables the possibility that future road vehicles are going to be connected with other vehicles and information systems to improve system functionality. These previously closed automotive systems will be opened up for external access (see Figure 1). This can be Car2X connectivity or connection to personal devices. Allowing vehicle systems to communicate with other systems that are not within their physical boundaries impose a previously non-existing security problem.

Vehicle manufacturers are challenged by rising costs for vehicle recalls. A major part of the costs are caused by software updates. This paper describes a feasibility study on how to implement software update over the air (SOTA) in light vehicles. The differences and special challenges in the automotive environment in comparison to the cellular industry will be explained. Three key requirements focus on the drivers’ acceptance and thus are crucial for the vehicle manufacturers: SOTA must be protected against malicious attacks. SOTA shall interfere as little as possible with the availability of a vehicle. Long update processes with long vehicle downtimes or even complete fails must be avoided. The functional safety of the vehicle during operation may not be limited in any way The study gives options how those objectives can be achieved. It considers the necessary security measures and describes the required adaptations of the board-net architectures both on software and hardware level.

The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time. The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment.

End of Line tests are brief set of tests intended to evaluate ECU's in order to ensure correct functioning of its intended functionality. As these tests are executed on the production line, available time to perform these tests is limited. On one hand, faster production demands require these tests and its framework to be designed in a time optimized manner. On the other hand, increase in ECU functionality translates to an increase in test's functional coverage, requiring more time. Therefore the time taken to execute the tests reaches a critical point in overall ECU production. Availability of multicore microcontrollers with increase in clock speed can increase the performance of end of line tests, but design challenges e.g. synchronization do not guarantee a linear performance increase. Therefore, design of test execution framework is absolutely critical to increase performance of test execution.

It has become an important trend to implement safety-related requirements in the road vehicles. Recent studies have shown that accidents, which occurred when drivers are not focused due to fatigue or distractions, can be predicted in advance when using safety features. Advanced Driver Assistance Systems (ADAS) are used to prevent this kind of situation. Currently, many major tiers are using a DSP chip for ADAS applications. This paper suggests the migration from a DSP configuration to a Microcontroller configuration for ADAS application, for example, using a 32bit Multi-core Microcontroller. In this paper, the following topics will be discussed. Firstly, this paper proposes and describes the system block diagram for ADAS configuration followed by the requirements of the ADAS system. Secondly, the paper discusses the current solutions using a DSP. Thirdly, the paper presents a system that is migrated to a Multi-core microcontroller.

In modern vehicles, the number of small electrical drive systems is still increasing continuously for blowers, fans and pumps as well as for window lifts, sunroofs and doors. Requirements and operating conditions for such systems varies, hence there are many different solutions available for controlling such motors. In most applications, simple, low-cost DC motors are used. For higher requirements regarding operating time and in stop-start capable systems, the focus turns to highly efficient and durable brushless DC motors with electronic commutation. This paper compares various electronic control concepts from a semiconductor vendor point of view. These concepts include discrete control using relays or MOSFETs. Furthermore integrated motor drivers are discussed, including system-on-chip solutions for specific applications, e.g. specific ICs for window lift motors with LIN interface.