Search Results

Multicore processor are well established in classical and tablet personal computers for some year. Such processors use more then one central core for computation and allow to integrate more computational power with smaller costs. However more than 90% of all processors worldwide are not placed in classical IT but are empedded in bigger systems like in modern vehicles or airplanes. Such systems face a very high demand in terms of safety, security an reliability which hinders the use of multicores in such systems. The funded project ARAMiS faces these demands and has the goal to enable the usability of multicore systems in the domains automotive and avionics, as well as later also railway. ARAMiS is the basis for higher traffic safety, traffic efficiency and comfort.

In ride comfort as well as driving dynamics, the behavior of the vehicle is affected by several subsystems and their properties. When analyzing the suspension, especially the characteristics of the main spring and damper but also rubber bushings are of main importance. Still, the properties of the different components are dependent on the present operating conditions. Concerning rubber bushings, several effects have already been investigated, e.g. dependencies of the transfer function of frequency, amplitude or load history. In this context influences of changes in temperature are often neglected. However, in the following research, the focus specifically lies on determination and analysis of the temperature dependency of rubber bushings. For this purpose, initially the relationship between properties of pure rubber and rubber bushings is described, which serves as a basis for correlating respective temperature dependencies.

More and more high-level algorithms are emerging to improve the existing systems in a car. Often these algorithms only need a platform with a bus connection and some resources such as CPU time and memory space. These functions can easily be integrated into existing systems that have free resources. This paper describes some encapsulation techniques and mechanisms that can be used in the automotive domain. The discussion also takes into account the additional resources consumed on the microcontroller to meet these requirements and by the software to implement the encapsulation mechanisms. Overviews of some general concepts of software-architectures that provide encapsulation are also shown.

This paper proposes end-to-end protection mechanisms to be added to a generic FlexRay network in order to achieve fault detection and integrity levels sufficient for a SIL3 fail safe communication system. The mechanisms are derived from the random hardware failure modes to be considered for communication controllers according to IEC 61508. Mechanisms provided by the FlexRay protocol are pointed out. Additional features necessary to fulfil the requirements are discussed. It is shown how to calculate the failure rate probabilities of the CRC used as a safety code with respect to EN 50159.

With the ever increasing amount of available software processing resources in a vehicle, more and more high-level algorithms are emerging to improve the existing systems in a car. Often these algorithms only need a platform with a bus connection and some resources such as processing power and memory space. These functions are predestined to be integrated into existing systems that have free resources. This paper will examine the role of time protection in these multi-algorithm systems and describe what timing protection means and why it is required. The processing time will be partitioned to the different processing levels like interrupts, services and tasks. The problems of timing protection will be illustrated as well as its limitations. The conflict between real-time requirements and timing protection will be shown. Finally Autosar will be examined with focus on timing protection and applicability in actual development projects.

With increasing levels of driving automation, the perception provided by automotive environment sensors becomes highly safety relevant. A correct assessment of the sensors’ perception reliability is therefore crucial for ensuring the safety of the automated driving functionalities. There are currently no standardized procedures or guidelines for demonstrating the perception reliability of the sensors. Engineers therefore face the challenge of setting up test procedures and plan test drive efforts. Null Hypothesis Significance Testing has been employed previously to answer this question. In this contribution, we present an alternative method based on Bayesian parameter inference, which is easy to implement and whose interpretation is more intuitive for engineers without a profound statistical education. We show how to account for different environmental conditions with an influence on sensor performance and for statistical dependence among perception errors.

Driven by the growing internet and remote connectivity of automobiles, combined with the emerging trend to automated driving, the importance of security for automotive systems is massively increasing. Although cyber security is a common part of daily routines in the traditional IT domain, necessary security mechanisms are not yet widely applied in the vehicles. At first glance, this may not appear to be a problem as there are lots of solutions from other domains, which potentially could be re-used. But substantial differences compared to an automotive environment have to be taken into account, drastically reducing the possibilities for simple reuse. Our contribution is to address automotive electronics engineers who are confronted with security requirements. Therefore, it will firstly provide some basic knowledge about IT security and subsequently present a selection of automotive specific security use cases.

ISO 26262 is the actual standard for Functional Safety of automotive E/E (Electric/Electronic) systems. One of the challenges in the application of the standard is the distribution of safety related activities among the participants in the supply chain. In this paper, the concept of a Safety Element out of Context (SEooC) development will be analyzed showing its current problematic aspects and difficulties in implementing such an approach in a concrete typical automotive development flow with different participants (e.g. from OEM, tier 1 to semiconductor supplier) in the supply chain. The discussed aspects focus on the functional safety requirements of generic hardware and software development across the supply chain where the final integration of the developed element is not known at design time and therefore an assumption based mechanism shall be used.

The increased pressure for power, space, and cost reduction in automotive applications together with the availability of high performance, automotive qualified multicore microcontrollers has lead to the ability to engineer Domain Controller ECUs that can host several separate applications in parallel. The standard automotive constraints however still apply, such as use of AUTOSAR operating system, support for legacy code, hosting OEM supplied code and the ability to determine warranty issues and responsibilities between a group of Tier 1 and Tier 2 vendors who all provide Intellectual Property to the final production ECU. Requirements for safety relevant applications add even more complexity, which in most current approaches demand a reconfiguration of all basic software layers and a major effort to redesign parts of the application code to enable co-existence on the same hardware platform. This paper outlines the conflicting requirements of hosting multiple applications.

Multicore-based ECUs are increasingly used in embedded automotive software systems to allow more demanding automotive applications at moderate cost and energy consumption. Using a high number of parallel processors together with a high number of executed software components results in a practically unmanageable number of deployment alternatives to choose from. However correct deployment is one important step for reaching timing goals and acceptable latency, both also a must to reach safety goals of safety-relevant automotive applications. In this paper we focus at reducing the complexity of deployment decisions during the phases of allocation and scheduling. We tackle this complexity of deployment decisions by a mixed constructive and analytic approach.

The increasing complexity of automotive functions which are necessary for improved driving assistance systems and automated driving require a change of common vehicle architectures. This includes new concepts for E/E architectures such as a domain-oriented vehicle network based on powerful Domain Control Units (DCUs). These highly integrated controllers consolidate several applications on different safety levels on the same ECU. Hence, the functions depend on a strictly separated and isolated implementation to guarantee a correct behavior. This requires middleware layers which guarantee task isolation and Quality of Service (QoS) communication have to provide several new features, depending on the domain the corresponding control unit is used for. In a first step we identify requirements for a middleware in automotive DCUs. Our goal is to reuse legacy AUTOSAR based code in a multicore domain controller.

Audi's new full scale aeroacoustic wind tunnel is under full operation now. The new facility is designed for full scale automotive testing of aerodynamics and aeroacoustics for vehicles up to 3 m2 frontal area at wind speeds up to 300 kph. The highlights are the unique ground simulation system with boundary layer suction and a 5-belt-system, and the extremely low background noise of only 60 dB(A) at 160 kph. First the background of the project is illustrated and the need for the special features of the tunnel is deduced form the industrial requirements. Then an overview of the facility design is given with a detailed description of the key technical components. The calibration of the self-correcting test section will be discussed and the physical background for it will be examined more closely. For the calibrated wind tunnel the results of two correlation tests including open jet as well as closed wall wind tunnels show a reasonable conformity.

Structural component testing is essential for the development process to have an early knowledge of the real world behaviour of critical structural components in crash load cases. The objective of this work is to show the development for a self-sufficient structural component test bench, which can be used for different side impact crash load cases and can reflect the dynamic behaviour, which current approaches are not able. An existing basic system is used, which includes pneumatic cylinders with a controlled hydraulic brake and was developed for non-structural deformable applications only (mainly occupant assessments). The system is extended with a force-distance control. The method contains the analysis of a whole vehicle FEM simulation to develop a methodology for controlled force transmission with the pneumatic cylinders for a structural component test bench.

The German funded project ARAMiS included work on several demonstrators one of which was a multicore approach on large scale software integration (LSSI) for the automotive domain. Here BMW and Audi intentionally implemented two different integration platforms to gain both experience and real life data on a Hypervisor based concept on one side as well as using only native AUTOSAR-based methods on the other side for later comparison. The idea was to obtain figures on the added overhead both for multicore as well as safety, based on practical work and close-to-production implementations. During implementation and evaluation on one hand there were a lot of valuable lessons learned about multicore in conjunction with safety. On the other hand valuable information was gathered to make it finally possible to set up a cost model for estimation of potential overhead generated by different integration approaches for safety related software functions.

Strategies for weight reduction have driven the noise treatment advanced developments with a great success considering the already mastered weight decreases observed in the last years in the automotive industry. This is typically the case for all soft trims parts. In the early 2010's a typical european B-segment car soft trims weights indeed 30 to 40% less than in the early 2000's years. The main driver behind such a gap has been to combine insulation and absorption properties on a single part while increasing the number of layers. This product-process evolution was conducted using a significant improvement in the simulation capacities. In that sense, several studies presenting very good correlation results between Transmission Loss measurements and finite elements simulations on dashboard or floor insulators were presented. One may consider that those kinds of parts have already achieved a considerable improvement in performance.

In the context of the ARAMiS project, AUDI AG contributed the development of a multi-core demonstrator based on car functions already in production. For this demonstrator, these legacy car functions were ported from single-core platforms to a multi-core platform to gain real world close-to-production experience while utilizing the new technology. For complex functions with high demands for computational resources, it may be necessary to distribute computation over several cores. In this context, we investigated the parallelization of a legacy sequential AUTOSAR function. A main contribution of this work is an analysis of mechanisms provided by AUTOSAR, their limitations and, possible remedy. This paper will point out observations and experiences during the development of this demonstrator and show practical solutions for parallelization in an AUTOSAR environment.

Automotive engineering processes are dynamic, iterative and driven by changes. Reasons for changes on development artifacts are manifold, but the result is a new evolution step which may influence all, some, or just a single development artifact. Consequently, research on impact analysis put forth approaches to assess the adverse effects of changes. However, understanding and implementing functional changes and its consequences in the safety domain is often aggravated by dependencies between different types of development artifacts, scattered in various (tool) formats. Safety properties may change depending on the type of a modification. Thereby, connected analyses like fault trees, Failure Modes and Effects Analysis (FMEA), and safety concepts cannot be reused easily if the artifacts on which they are based on are affected by changes. In this paper we suggest a new difference analysis approach which allows a (semi-)automated comparison of safety work products based on models.

The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time. The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment.

One main goal of the automotive industry is to reduce the aerodynamic drag of passenger vehicles. Therefore, a deeper understanding of the flow field is necessary. Time-resolved data of the flow field is required to get an insight into the complex unsteady flow phenomena around passenger vehicles. This data helps to understand the temporal development of wake structures and enables the analysis of the formation of vortical structures. Numerical simulations are an efficient method to analyze the time-resolved data of the unsteady flow field. The analysis of the steady and unsteady numerical data is only relevant for aerodynamic developments in the wind tunnel, if the predicted temporal evolving structures of a passenger vehicle’s simulated flow field correspond to the structures of the flow field in the wind tunnel. In this study, time-resolved measurements of the empty wind tunnel and a notchback passenger vehicle in the wind tunnel are conducted.

This paper describes how a safety-oriented software development could look like as soon as an appropriate standard exists which is applicable for the automotive industry. Such a standard is currently being developed which is a tailoring of the safety standard IEC61508. The IEC61508 is generic and not specific for any industry. It allows tailoring of the complete safety lifecycle for specific domains. This paper focuses mainly on the software lifecycle of the evolving standard for the automotive industry. With regard to the development process the objectives of each phase are explained and it is described how these can be achieved by using certain techniques and measures.