Search Results

Software complexity of vehicles is constantly growing especially with additional autonomous driving features being introduced. This increases the risk for bugs in the system, when the car is delivered. According to a car manufacturer, more than 90% of availability problems corresponding to Electronic Control Unit (ECU) functionality are either caused by software bugs or they can be resolved by applying software updates to overcome hardware issues. The main concern are sporadic errors which are not caught during the development phase since their trigger condition is too unlikely to occur or is not covered by the tests. For such systems, there is a need of safe and secure infield diagnosis. In this paper we present a tool software architecture with remote access, which facilitates standard read/write access, an efficient channel interface for communication and file I/O, and continuous trace.

The current automotive electronic and electrical (EE) architecture has reached a scalability limit and in order to adapt to the new and upcoming requirements, novel automotive EE architectures are currently being investigated to support: a) an Ethernet backbone, b) consolidation of hardware capabilities leading to a centralized architecture from an existing distributed architecture, c) optimization of wiring to reduce cost, and d) adaptation of service-oriented software architectures. These requirements lead to the development of Zonal EE architectures as a possible solution that require appropriate adaptation of used security mechanisms and the corresponding utilized hardware trust anchors. 1 The current architecture approaches (ECU internal and in-vehicle networking) are being pushed to their limits, simultaneously, the current embedded security solutions also seem to reveal their limitations due to an increase in connectivity.

Recently, vehicle networks have increased complexity due to the demand for autonomous driving or connected devices. This increasing complexity requires high bandwidth. As a result, vehicle manufacturers have begun using Ethernet-based communication for high-speed links. In order to deal with the heterogeneity of such networks where legacy automotive buses have to coexist with high-speed Ethernet links vehicle manufacturers introduced a vehicle gateway system. The system uses Ethernet as a backbone between domain controllers and CAN buses for communication between internal controllers. As a central point in the vehicle, the gateway is constantly exchanging vehicle data in a heterogeneous communication environment between the existing CAN and Ethernet networks. In an in-vehicle network context where the communications are strictly time-constrained, it is necessary to measure the delay for such routing task.

The powertrain module is being introduced to embedded System on Chips (SoCs) designed to increase available computational power. These high-performance SoCs have the potential to enhance the computational power along with providing on-board resources to support unexpected feature growth and on-demand customer requirements. This project will investigate the radial basis function (RBF) using the Gaussian process (GP) regression algorithm, the ETAS ASCMO tool, and the hardware accelerator Advanced Modeling Unit (AMU) being introduced by Infineon AURIX 2nd Generation. ETAS ASCMO is one of the solutions for data-driven modeling and model-based calibration. It enables users to accurately model, analyze, and optimize the behavior of complex systems with few measurements and advanced algorithms. Both steady state and transient system behaviors can be captured.

For highly automated driving, commercial vehicles require an Electric/Electronic (E/E) architecture, which - in addition to sensor fusion - ensures safety-critical processes such as steering and braking at all times. Among other things, a redundant 24 V supply with corresponding disconnection is required. The battery switch is a key component. Commercial, construction, and agricultural vehicles (CAV) need to operate at the highest possible availability and the lowest possible cost of ownership. This is why automated and autonomous driving has the potential to revolutionize the CAV sector. Driverless machines can be operated around the clock and almost non-stop. Platooning allows automated, interconnected trucks to drive in a convoy and very close to each other. Platooning saves fuel.

The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls. This paper addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software.

Connecting mobile communication channels to vehicles’ networks is currently attracting engineers in a wide range. Herein the desire of vehicle manufacturers to remotely execute software updates over the air (SOTA) within electronic control units (ECU) is probably the field of highest attention at the moment. Today software updates are typically done at vehicle service stations and connection the vehicles electronic network via the onboard diagnosis (OBD) interface to a service computer. Herby the duration of the update is invisible to the user, as this happens during standard service appointments. With introduction of SOTA, these updates become very convenient to the customer and can lead to higher customer satisfaction levels. SOTA can be made transparent to the user however the method of implementation can affect the user experience.

Introduction The introduction of Ethernet and Gigabit Ethernet [2] as the main invehicle network infrastructure is the technical foundation for different new functionalities such as piloted driving, minimizing the CO2- footprint and others. The high data rate of such systems influences also the used microcontrollers due the fact that a big amount of data has to be transferred, encrypted, etc. Figure 1 Motivation - Vehicles will become connected to uncontrolled networks The usage of Ethernet as the in-vehicle-network enables the possibility that future road vehicles are going to be connected with other vehicles and information systems to improve system functionality. These previously closed automotive systems will be opened up for external access (see Figure 1). This can be Car2X connectivity or connection to personal devices. Allowing vehicle systems to communicate with other systems that are not within their physical boundaries impose a previously non-existing security problem.

Vehicle manufacturers are challenged by rising costs for vehicle recalls. A major part of the costs are caused by software updates. This paper describes a feasibility study on how to implement software update over the air (SOTA) in light vehicles. The differences and special challenges in the automotive environment in comparison to the cellular industry will be explained. Three key requirements focus on the drivers’ acceptance and thus are crucial for the vehicle manufacturers: SOTA must be protected against malicious attacks. SOTA shall interfere as little as possible with the availability of a vehicle. Long update processes with long vehicle downtimes or even complete fails must be avoided. The functional safety of the vehicle during operation may not be limited in any way The study gives options how those objectives can be achieved. It considers the necessary security measures and describes the required adaptations of the board-net architectures both on software and hardware level.

The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time. The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment.

In-vehicle communication faces increasing bandwidth demands, which can no longer be met by today's MOST150, FlexRay or CAN networks. In recent years, Fast Ethernet has gained a lot of momentum in the automotive world, because it promises to bridge the bandwidth gap. A first step in this direction is the introduction of Ethernet as an On Board Diagnostic (OBD) interface for production vehicles. The next potential use cases include the use of Ethernet in Driver Assistance Systems and in the infotainment domain. However, for many of these use cases, the Fast Ethernet solution is too slow to move the huge amount of data between the Domain Controllers, ADAS Systems, Safety Computer and Chassis Controller in an adequate way. The result is the urgent need for a network technology beyond the Fast Ethernet solution. The question is: which innovation will provide enough bandwidth for domain controllers, fast flashing routines, video data, MOST-replacement and internal ECU buses?

The German funded project ARAMiS included work on several demonstrators one of which was a multicore approach on large scale software integration (LSSI) for the automotive domain. Here BMW and Audi intentionally implemented two different integration platforms to gain both experience and real life data on a Hypervisor based concept on one side as well as using only native AUTOSAR-based methods on the other side for later comparison. The idea was to obtain figures on the added overhead both for multicore as well as safety, based on practical work and close-to-production implementations. During implementation and evaluation on one hand there were a lot of valuable lessons learned about multicore in conjunction with safety. On the other hand valuable information was gathered to make it finally possible to set up a cost model for estimation of potential overhead generated by different integration approaches for safety related software functions.

In Engine Management System, more accurate control is required to improve engine performance. Especially generating the precise ignition signal has a direct effect on better engine performance. In the beginning of this paper, a basic software structure to synchronize the engine crank signal and generate ignition signals will be explained. Several cases which can generate dwell timing error will be introduced based on this software structure. In addition, each impact level for each error case will be described. For cases of major error, compensation ways will be proposed in order to obtain more accurate dwell timing. The compensation ways by both microcontroller hardware and user software will be explained in detail. In conclusion, this paper will show the accuracy of ignition signal which implements proposed compensation ways that can be improved as compared to conventional ignition signal.

A variety of methodologies to use embedded multicore controllers efficiently has been discussed in the last years. Several assumptions are usually made in the automotive domain, such as static assignment of tasks to the cores. This paper shows an approach for efficient task allocation depending on different system modes. An engine management system (EMS) is used as application example, and the performance improvement compared to static allocation is assessed. The paper is structured as follows: First the control algorithms for the EMS will be classified according to operating modes. The classified algorithms will be allocated to the cores, depending on the operating mode. We identify mode transition points, allowing a reliable switch without neglecting timing requirements. As a next step, it will be shown that a load distribution by mode-dependent task allocation would be better balanced than a static task allocation.

Integration scenarios for ECU software become more complicated, as more constraints with regards to timing, safety and security need to be considered. Multi-core microcontrollers offer even more hardware potential for integration scenarios. To tackle the complexity, more and more model based approaches are used. Understanding the interaction between the different software components, not only from a functional but also from a timing view, is a key success factor for high integration scenarios. In particular for multi-core systems, an amazing amount of timing data can be generated. Usually a multi-core system handles more software functionality than a single-core system. Furthermore, there may be timing interference on the multicore systems, due to the shared usage of buses, memory banks or other hardware resources.

In modern vehicles, the number of small electrical drive systems is still increasing continuously for blowers, fans and pumps as well as for window lifts, sunroofs and doors. Requirements and operating conditions for such systems varies, hence there are many different solutions available for controlling such motors. In most applications, simple, low-cost DC motors are used. For higher requirements regarding operating time and in stop-start capable systems, the focus turns to highly efficient and durable brushless DC motors with electronic commutation. This paper compares various electronic control concepts from a semiconductor vendor point of view. These concepts include discrete control using relays or MOSFETs. Furthermore integrated motor drivers are discussed, including system-on-chip solutions for specific applications, e.g. specific ICs for window lift motors with LIN interface.

Multi-core systems are adopted quickly in the automotive domain, Proof of concepts have been implemented for power train, body and chassis, involving hard real-time constraints. However, depending on the degree of integration, it can be costly, especially in those cases where existing single-core software has to be migrated over. Furthermore, there seems to be a high level of uncertainty, whether a found solution, with regards to partitioning, mapping and orchestration of software is close to an optimum solution. Some integrated solutions demonstrate considerably less performance, for instance due to communication overhead compared to execution on single-core systems. This paper discusses a methodology, as to how to effectively and efficiently investigate the software architecture design space for multi-core software development.

ISO 26262 is the actual standard for Functional Safety of automotive E/E (Electric/Electronic) systems. One of the challenges in the application of the standard is the distribution of safety related activities among the participants in the supply chain. In this paper, the concept of a Safety Element out of Context (SEooC) development will be analyzed showing its current problematic aspects and difficulties in implementing such an approach in a concrete typical automotive development flow with different participants (e.g. from OEM, tier 1 to semiconductor supplier) in the supply chain. The discussed aspects focus on the functional safety requirements of generic hardware and software development across the supply chain where the final integration of the developed element is not known at design time and therefore an assumption based mechanism shall be used.

Automotive applications classed as safety-related or safety-critical are now important differentiating technologies in the automotive industry. The emergence of safety standard ISO 26262 underlines the increasing importance of safety in automotive software. As well as functional requirements, hard real-time requirements are of crucial importance to safety-related software as there is a need to prove that the system functionality is fulfilled, even in worst-case scenarios. Measurement-based WCET (Worst-Case Execution Time) analysis combines on-target timing measurements with static analysis of program structure to calculate predicted worst-case paths and times. This is in contrast to traditional end-to-end timing measurements, which give no confidence that the worst-case path is actually tested and no insight into the location of any timing problems that do emerge.

Single Edge Nibble Transmission (SENT) is a promising low-cost solution for communication between off-ECU sensors and a microcontroller. First, this paper analyses the advantages of digital sensors with a special focus on position sensors. The possible integration of SENT in other application fields (such as pressure sensors) is also discussed. Secondly, it describes possible solutions for handling SENT communication on microcontrollers and it gives practical examples based on Infineon's TriCore and XC2000 families. It discusses the constraints and limitations on software level and how they could be solved by dedicated hardware implementations. Finally, this paper presents the Short PWM Code (SPC) protocol, which is a further extension of the SENT protocol. SPC aims at increasing the performance of the communication link and reducing system costs at the same time. By allowing bidirectional communication, SPC opens the way to new system relevant functionalities.