Search Results

The new generation of drive-by-wire systems currently under development has demanding requirements on the electronic architecture. Functions such as brake-by-wire or steer-by-wire require continued operation even in the presence of component failures. The electronic architecture must therefore provide fault-tolerance and real-time response. This in turn requires the operating system and the communication layer to be predictable, dependable and composable. It is well known that this properties are best supported by a time-triggered approach. A consortium consisting of German and French car manufacturers and suppliers, which aims at becoming a working group within the OSEK/VDX initiative, the OSEKtime consortium, is currently defining a specification for a time-triggered operating system and a fault-tolerant communication layer.1 The operating system and the communication layer are based on applicable interfaces of the OSEK/VDX standard.

Actual research results in the automotive field show that there is a big potential in increasing active and passive safety by implementing intelligent driver assisting systems. Realizing such safety related system functions requires an electronic system without mechanical or hydraulic backup to de-couple the human interface from the vehicle functions, e.g., steering and braking. Safety critical functions without mechanical backup enforce new requirements in system design. Any faulty behavior of a component within the system must not lead to a malfunction of the overall system. Consequently in the system design fault-tolerance mechanisms in real time must be introduced. Active replication of a functional node is a proper solution to guarantee this real time fault-tolerance. Redundancy management of the functional nodes can be implemented by fail-silent replicas, i.e. a node behaves correctly or does not produce any output at all.