Search Results

Software-in-the-Loop (SiL) test environments are the ideal virtual platforms for enabling continuous-development, -integration, -testing -delivery or -deployment commonly referred as Continuous-X (CX) of the complex functionalities in the current automotive industry. This trend especially is contributed by several factors such as the industry wide standardization of the model exchange formats, interfaces as well as architecture definitions. The approach of frontloading software testing with SiL test environments is predominantly advocated as well as already adopted by various Automotive OEMs, thereby the demand for innovating applicable methods is increasing. However, prominent usage of the existing monolithic architecture for interaction of various elements in the SiL environment, without regarding the separation between functional and non-functional test scope, is reducing the usability and thus limiting significantly the cost saving potential of CX with SiL.

This paper presents an overview of the evolution & revolution of automotive E/E architectures and how we at Bosch, envision the technology in the future. It provides information on the bottlenecks for current E/E architectures and drivers for their evolution. Functionalities such as automated driving, connectivity and cyber-security have gained increasing importance over the past few years. The importance of these functionalities will continue to grow as these cutting-edge technologies mature and market acceptance increases. Implementation of these functionalities in mainstream vehicles will demand a paradigm shift in E/E architectures with respect to in-vehicle communication networks, power networks, connectivity, safety and security. This paper expounds on these points at a system level.

This paper describes the concept of the Diagnostic System Management DSM which introduces an improved object-oriented software architecture in order to meet the high performance and reliability requirements of automotive On-Board Diagnostic Systems (OBD). DSM handles standard tasks and offers services to integrate diagnostic and control functions. This architecture enables the flexible composition of system-independent, reusable function implementations. Hence a distributed software development and software sharing are supported. The module DSM consists of a Fault Code Memory, an Inhibit Handler, a Validator and a Function Scheduler. Special care has been taken to achieve robustness against EMI effects. Bosch will use DSM in the future powertrain control systems.

Dynamic route guidance is a main feature when discussing traffic telematics systems. At the present time, several system concepts are in the development or implementation stage. The key elements of dynamic route guidance systems are illustrated in the following. Two approaches could be used when designing the system architecture: 1. Centralized routing in traffic information centers combined with on-board terminals. 2. Mobile routing by on-board navigation units which use information received from traffic information centers. The different approaches are presented in this paper. The influences on component design and the effects on communication needs are discussed. This leads to the “hybrid” system architecture which is presented including implementation examples.

The continuously increasing performance of modern automotive microelectronics is leading to ever more complex open and closed-loop control functions. Rigid mechanical connections a broken down and electronics applied to make them controllable. Among the examples are camshaft control, or future systems for variable valve-lift control. In addition, the individual systems in the vehicle, such as engine management, transmission-shift control, and ABSR will be networked with one another. The result is a system alliance which communicates through a car-wide web. The major challenge posed by this development in the future, lies in still being able to reliably control the complexity of the system alliance from the point of view of reliability and safety. This means that the suitable sensor and actuator basis, together with an architecture having fixed configuration rulings and matching development methods, are indispensable.

In order to master the increasing complexity of electrical/electronic (E/E) systems in vehicles, E/E architecture design has become an established discipline. The task of the E/E architecture design is to come up with solutions to challenging and often contradictory requirements such as reduced cost and increased flexibility / scalability. One way to optimize the E/E architecture in terms of cost (electronics & wiring harness) is to integrate functions. This can be done by either combining functions from multiple ECUs into a single ECU or by introducing Domain Control Units. Domain Control Units provide the main software functionality for a vehicle domain, while relegating the basic functions of actuator control to connected intelligent actuators. Depending on the different market segments (low price, volume and premium) and the different vehicle domains, the actual usage of Domain Control Units can be quite different and sometimes questionable.

The development of future automotive electronic systems requires new concepts in the software architecture, development methodology and information exchange. At Bosch an XML and MSR based technology is applied to achieve a consistent information handling throughout the entire software development process. This approach enables the tool independent exchange of information and documentation between the involved development partners. This paper presents the software architecture, the specification of software components in XML, the process steps, an example and an exchange scenario with an external development partner.

This paper presents a commercial off-the-shelf (COTS) approach to the automated generation of safety critical software for a distributed control system. The tool suite presented supports Honeywell's next generation Modular Aerospace Controls (MAC) architecture that facilitates fault tolerant distributed engine control utilizing intelligent components connected with TTP/C. This paper describes the integration of tool chains from two commercial vendors, the BEACON™ tool chain from Applied Dynamics International (ADI) and the TTP support tool chain from Time Triggered Technology (TTTech). The integration of these tool chains yields a powerful end-to-end systems-to-software environment that enables a fully automated approach to the development of distributed embedded software and its verification data.

Car Periphery Supervision (CPS) systems comprise a family of automotive systems that are based on sensors installed around the vehicle to monitor its environment. The measurement and evaluation of sensor data enables the realization of several kinds of higher level applications such as parking assistance or blind spot detection. Although a lot of similarity can be identified among CPS applications, these systems are traditionally built separately. Usually, each single system is built with its own electronic control unit, and it is likely that the application software is bound to the controller's hardware. Current systems engineering therefore often leads to a large number of inflexible, dedicated systems in the automobile that together consume a large amount of power, weight, and installation space and produce high manufacturing and maintenance costs.

A major trend in modern vehicle control is the increase of complexity and interaction of formerly autonomous systems. In order to manage the resulting network of more and more integrated (sub)systems Bosch has developed an open architecture called CARTRONIC for structuring the entire vehicle control system. Structuring the system in functionally independent components improves modular software development and allows the integration of new elements such as integrated starter/generator and the implementation of advanced control concepts as drive train management. This approach leads to an open structure on a high level for the design of advanced vehicle control systems. The paper describes the integration of the spark-ignition (SI) engine management system (EMS) into a CARTRONIC conform vehicle coordination requiring a new standard interface between the vehicle coordination and the EMS level.

Connecting microcontrollers, sensors and actuators by several communication systems is state of the art within the electronic architectures of modern vehicles. The communication among these components is widely based on the event triggered communication on the Controller-Area-Network (CAN) protocol. The arbitrating mechanism of this protocol ensures that all messages are transferred according to the priority of their identifiers and that the message with the highest priority will not be disturbed. In the future some mission critical subnetworks within the upcoming generations of vehicle systems, e.g. x-by-wire systems (xbws), will additionally require deterministic behavior in communication during service. Even at maximum bus load, the transmission of all safety related messages must be guaranteed. Moreover it must be possible to determine the point of time when the message will be transmitted with high precision.

Automotive product lines promote reuse of software artifacts such as architectures, designs and implementations. System architectures, and especially software architectures, are difficult to create due to the need to support variations. Traditional approaches emphasize the identification and description of generic components, which makes it difficult to support variations among products. The paper proposes an approach for transforming a software architecture to product design through using patterns in a four-way refinement and evolution process. The paper investigates how patterns may be used to verify the conceptual integrity in the view integration procedure to support software sharing in an open automotive system.

Over the last couple decades, there has been a growing interest in incorporating commercial off-the-shelf (COTS) technologies and open standards in the design of human-rated spacecraft. This approach is intended to reduce development and upgrade costs, lower the need for new design work, eliminate reliance on individual suppliers, and minimize schedule risk. However, it has not traditionally been possible for COTS solutions to meet the high reliability and fault tolerance requirements of systems implementing critical spacecraft functions. Byzantine faults are considered particularly dangerous to such systems because of their ability to escape traditional means of fault containment and disrupt consensus between system components. In this paper, we discuss the design of a voting protocol using Time-Triggered Ethernet capable of achieving data integrity in the presence of a single Byzantine fault.

Cybersecurity attacks exploit vulnerabilities related to the increased complexity and connectivity of critical infrastructure systems. This paper investigates the context and use of key security technologies, processes, challenges and use cases for the design of advanced integrated architectures with security, safety, and real-time performance considerations. In such architectures, deterministic Ethernet standards are used as a baseline for system integration in closed embedded systems or open mixed criticality systems. Security-informed safety development processes for integrated architectures are required to prevent catastrophic failures caused by environmental and cyber threats, due to expanding number of security vulnerabilities in complex and increasingly open systems. State-of-art safety/security processes for integrated systems in cross-industry environments are considered and similarities examined, for different types of integrated architectures.

The development of vehicle communication networks is challenged not only by the increasing demand in data exchange and required data rate but also the need to connect the vehicle to external sources for personal connectivity of driver and car to infrastructure applications. Solutions are required to master complexity of in-vehicle communication networks, e.g. diagnostic access, flashing of Electronic Control Units, the data backbone connecting the vehicle domains and the data transfer of cameras. Safety (data transfer) and security (violation) issues of the communication networks gain more importance especially by introducing interfaces to external sources either via mobile devices or by connecting the vehicle to other external sources, e.g. Internet and Car to Infrastructure applications. The Internet Protocol (IP) appears to be an ideal solution to address these challenges, especially in connection with an Ethernet physical layer for fast data transfer.

AUTOSAR (AUTomotive Open System ARchitecture) is a worldwide standard for automotive basic software in line with an architecture that eases exchange and transfer of application software components between platforms or companies. AUTOSAR provides the standardized architecture together with the specifications of the basics software along with the methodology for developing embedded control units for automotive applications. AUTOSAR matured over the last several years through intensive development, implementation and maintenance. Two main releases (R3.2 and R4.0) represent its current degree of maturity. AUTOSAR is driven by so called core partners: leading car manufacturers (BMW, Daimler, Ford, GM, PSA, Toyota, Volkswagen) together with the tier 1 suppliers Continental and Bosch. AUTOSAR in total has more than 150 companies (OEM, Tier X suppliers, SW and tool suppliers, and silicon suppliers) as members from all over the world.

This paper presents the conceptual model and the fundamental mechanisms for software development in the context of the Brite-EuRam project Safety Related Fault Tolerant Systems in Vehicles (nick-named X-By-Wire). The objective of the X-By-Wire project is to achieve a framework for the introduction of safety related fault tolerant electronic systems without mechanical backup in vehicles. To achieve the required level of fault-tolerance, an X-By-Wire system must be designed as a distributed system comprising a number of fault-tolerant units connected by a reliable real-time communication system. For the communication system, the time-triggered TTP/C real-time communication protocol was selected. TTP/C provides fault-tolerance message transfer, state synchronization, reliable detection of node failures, a global time base, and a distributed membership service. Redundancy is used for masking failures of individual processor nodes and hardware peripherals.

The car industry has reached a point where electronic systems, which were so far essentially autonomous, begin to grow together to a Car-Wide Web. The main driving force is the demand for more safety, security, and comfort implemented economically. Already various parties are working on control networks. In the long run, vehicle motion and dynamic systems, safety, security, comfort as well as mobile multimedia systems will integrate and reach out for the vision of accident-free, comfortable, and well-informed driving. As a foundation for a Car-Wide Web, Bosch is developing an open architecture called CARTRONIC. The essence of CARTRONIC is to define structuring rules, modeling rules and patterns for total, integrated control of vehicles. The rules and patterns allow the mapping of high-level functions onto several physical implementations, for instance one logical description of functional connections could be created for cars with different equipment packages.

Signals in Automotive Communication Networks often represent safety relevant information. Therefore, automotive network protocols provide multiple powerful mechanisms for error detection and for error reporting. The objective is to ensure that on average less than one undetected error occurs during the lifetime of a vehicle. This places an upper bound on the residual error probability of the communication network. The determination of this residual error probability requires new methods in order to account for the interaction of the various error detection mechanisms. This paper presents an analysis method that has been developed for the investigation of the CAN protocol. This comprehensive investigation distinguishes two types of errors that contribute most significantly to the residual error probability of the CAN protocol. Errors of one type transform stuffbits into information bits or vice versa, and are related to the use of variable bit stuffing.

Serial communication by means of CAN is being used more and more for data transfer between in-vehicle control units to link components of the drive train, body electronics and mobile communication electronics. In order to design distributed electronic systems, software engineers today must not only develop the application software but also supply the communication software to handle the communication hardware, thereby reinventing the wheel with each new application software package. This procedure is inefficient as it leads to hardly reusable special solutions. To avoid incompatibilities between the modules of a distributed system a lot of additional coordination work must be done during the design phase. As a consequence, each new software package is faced with additional costs for the indispensible tests of the communication software. This paper describes a network architecture that has been designed for CAN systems.