Search Results

A main challenge when developing next generation architectures for automated driving ECUs is to guarantee reliable functionality. Today’s fail safe systems will not be able to handle electronic failures due to the missing “mechanical” fallback or the intervening driver. This means, fail operational based on redundancy is an essential part for improving the functional safety, especially in safety-related braking and steering systems. The 2-out-of-2 Diagnostic Fail Safe (2oo2DFS) system is a promising approach to realize redundancy with manageable costs. In this contribution, we evaluate the reliability of this concept for a symmetric and an asymmetric Electronic Power Steering (EPS) ECU. For this, we use a Markov chain model as a typical method for analyzing the reliability and Mean Time To Failure (MTTF) in majority redundancy approaches. As a basis, the failure rates of the used components and the microcontroller are considered.

Infineon's latest high-end automotive microcontrollers like TC1796 are complex Systems On Chip (SoC) with two processor cores and up to two internal multi-master buses. The complex interaction between cores, peripherals and environment provides a big challenge for debugging. For mission critical control like engine management the debugging approach must not be intrusive. The provided solution are dedicated Emulation Devices which are able to deal with several 10 Gbit/s of raw internal trace data with nearly no cost adder for mass production and system design. Calibration, which is used later in the development cycle, has different requirements, but is covered by the Emulation Devices as well. The architecture of TC1796ED comprises the unchanged TC1796 silicon layout, extended by a full In-Circuit Emulator (ICE) and calibration overlay memory on the same die. In most cases, the only debug/calibration tool hardware needed is a USB cable.

Driven by the growing internet and remote connectivity of automobiles, combined with the emerging trend to automated driving, the importance of security for automotive systems is massively increasing. Although cyber security is a common part of daily routines in the traditional IT domain, necessary security mechanisms are not yet widely applied in the vehicles. At first glance, this may not appear to be a problem as there are lots of solutions from other domains, which potentially could be re-used. But substantial differences compared to an automotive environment have to be taken into account, drastically reducing the possibilities for simple reuse. Our contribution is to address automotive electronics engineers who are confronted with security requirements. Therefore, it will firstly provide some basic knowledge about IT security and subsequently present a selection of automotive specific security use cases.

Integration scenarios for ECU software become more complicated, as more constraints with regards to timing, safety and security need to be considered. Multi-core microcontrollers offer even more hardware potential for integration scenarios. To tackle the complexity, more and more model based approaches are used. Understanding the interaction between the different software components, not only from a functional but also from a timing view, is a key success factor for high integration scenarios. In particular for multi-core systems, an amazing amount of timing data can be generated. Usually a multi-core system handles more software functionality than a single-core system. Furthermore, there may be timing interference on the multicore systems, due to the shared usage of buses, memory banks or other hardware resources.

The infrastructure in modern cars is a heterogeneous and historically grown network of different field buses coupling different electronic control units (ECUs) from different sources. In the past years, the amount of ECUs in the network has rapidly grown due to the mushrooming of new functions which historically were mostly implemented on a one-ECU-per-function basis resulting in up to a hundred ECUs in fully equipped luxury cars. Additionally, new functions like parking assist systems or advanced chassis control functions are getting increasingly complex and require more computing power. These two facts add up to a complex challenge in development. The current trend to host several functions in single ECUs as integration platforms is one attempt to address this challenge. This trend is supported by the increased computing power of current and upcoming multi-core microcontrollers.

Automotive powertrain and safety systems under design today are highly complex, incorporating more than one CPU core, running with more than 100 MHz and consisting of several 10 million transistors. Software complexity increases similarly making new methodologies and tools mandatory to manage the overall system. The use of accurate virtual prototypes improves the quality of systems with respect to system architecture design and software development. This approach is demonstrated with the example of the PCP/GPTA subsystem for Infineon's AUDO-NG powertrain controllers.

In recent years, we see more and more ECUs integrating a huge number of application software components. This process mostly results from the increasing amount of so called in-house software in various fields like electric-drive, chassis and driver assistance systems. The software development for these systems is partially moved from the supplier to the car manufacturers. Another important trend is the introduction of new network architectures intending to meet the growing communication requirements. For such ECUs the software integration scenarios become more complicated, as more quality of service requirements with regards to timing, safety and security need to be considered [2]. Multi-core microcontrollers offer even more potential variants for integration scenarios. Understanding the interaction between the different software components, not only from a functional, but also from a timing view, is a key success factor for modern electronic systems [6,7,8,9].

The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time. The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment.

Software complexity of vehicles is constantly growing especially with additional autonomous driving features being introduced. This increases the risk for bugs in the system, when the car is delivered. According to a car manufacturer, more than 90% of availability problems corresponding to Electronic Control Unit (ECU) functionality are either caused by software bugs or they can be resolved by applying software updates to overcome hardware issues. The main concern are sporadic errors which are not caught during the development phase since their trigger condition is too unlikely to occur or is not covered by the tests. For such systems, there is a need of safe and secure infield diagnosis. In this paper we present a tool software architecture with remote access, which facilitates standard read/write access, an efficient channel interface for communication and file I/O, and continuous trace.