Search Results

It is the beginning of a new age: multicore technology from the PC desktop market is now also hitting the automotive domain after several years of maturation. New microcontrollers with two or more main processing cores have been announced to provide the next step change in available computing power while keeping costs and power consumption at a reasonable level. These new multicore devices should not be confused with the specialized safety microcontrollers using two redundant cores to detect possible hardware failures which are already available. Nor should they be confused with the heterogeneous multicore solutions employing an additional support core to offload a single main processing core from real-time tasks (e.g. handling peripherals).

More electronic vehicle functions lead to an exponentially growing degree of software integration in automotive ECUs. We are seeing an increasing number of ECUs with mixed criticality software. ISO26262 describes different safety requirements, including freedom from interference and absence from error propagation for the software. These requirements mandate particular attention for mixed-criticality ECUs. In this paper we investigate the ability to guarantee that these safety requirements will be fulfilled by using established (deadline monitoring) and new error detection mechanisms (execution time monitoring). We also show how these methods can be used to build up safe and efficient schedules for today's and future automotive embedded real time systems with mixed criticality software.

With the increasing complexity of electronic vehicle systems, one particular “gap” between function development and ECU integration becomes more and more apparent, and critical; albeit not new. The core of the problem is: as more functions are integrated and share the same E/E resources, they increasingly mutually influence and disturb each other in terms of memory, peripherals, and also timing and performance. This has two consequences: The amount of timing-related errors increases (because of the disturbance) and it becomes more difficult to find root causes of timing errors (because of the mutual influences). This calls for more systematic methods to deal with timing requirements in general and their transformation from function timing requirements to software architecture timing requirements in particular.

Future applications in the automotive domain such as distributed control functions need a highly dependable communication system. The current FlexRay standard already provides high transmission speeds and addresses deterministic data communication. This paper shows how to enhance the safety properties for handling a new set of applications and speeding up the communication even more. The concept of Layered FlexRay is based on the FlexRay protocol and addresses the requirements of safety-relevant applications in a distributed communication network. An implementation of this approach is depicted with a Safety Core hardware chip. It is designed to handle the communication between the FlexRay system beneath and the application on the host CPU above, providing highly efficient data management and execution of safety functions which otherwise would have to be executed in software on the host CPU.

The term X-by-Wire is commonly used in the automotive industry to describe the notion of replacing current mechanical or hydraulic chassis and powertrain systems with pure electro-mechanical systems. The paper describes the current trends and the architecture of future chassis electronics systems. The first part of the paper covers the systems architecture of x-by-wire electronics systems. We describe the network and the software architecture in more detail. The paper also explains some of the software components, in particular the operating system and the communication layer. The second part of the paper gives a description of the current state of the development process for software intended for safety-relevant systems. A possible tool chain for this development process, current possibilities as well as limitations and challenges are described.

With the increased adoption of AUTOSAR operating systems across the different automotive system domains a notable exception has been that of the safety critical systems. This domain has strict requirements on precise requirements capturing, proven design flow, robust implementation, exhaustive testing, detailed documentation and traceability, and project management processes. These requirements are normally prohibitive to adopt for commercial ‘one size fits all’ solutions due to the huge expense and resources required to meet such a strict regime. So under these constraints AUTOSAR is far from a perfect fit for safety systems. Nonetheless, the attractive features of reuse and portability still make AUTOSAR based systems highly desirable.