Architectural Concepts for Fail-Operational Automotive Systems 2016-01-0131
The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time.
The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment. Hence, it can no longer be expected that the driver will take over control of the vehicle quickly in case of a failure and taking into account the idea of a driverless car, this option might get even completely dispensable. This raises dramatically the requirements for availability and robustness of the involved car systems. Here the capability to provide functionality even in case of an error or defect is in focus inducing demand for a certain degree of redundancy.
Currently this redundancy is quite often implemented by physical duplication of hardware and the involved software, leading to higher hardware costs, weight and energy consumption and finally also negatively impacting fuel efficiency.
In this paper we will point out how an optimized fail operational approach can be realized. We also present different concepts for an implementation and identify deficits in the design and implementation of today’s automotive Electronic Control Units (ECUs), involved semiconductor products and software approaches. This is where we expect the main challenges to realize an optimized redundancy, especially for X-by-Wire systems. The hardware architecture of semiconductors as well as the applied software architecture on ECUs must be designed accordingly in order to reach smarter solutions.