Search Results

A main challenge when developing next generation architectures for automated driving ECUs is to guarantee reliable functionality. Today’s fail safe systems will not be able to handle electronic failures due to the missing “mechanical” fallback or the intervening driver. This means, fail operational based on redundancy is an essential part for improving the functional safety, especially in safety-related braking and steering systems. The 2-out-of-2 Diagnostic Fail Safe (2oo2DFS) system is a promising approach to realize redundancy with manageable costs. In this contribution, we evaluate the reliability of this concept for a symmetric and an asymmetric Electronic Power Steering (EPS) ECU. For this, we use a Markov chain model as a typical method for analyzing the reliability and Mean Time To Failure (MTTF) in majority redundancy approaches. As a basis, the failure rates of the used components and the microcontroller are considered.

Today's automotive software integration is a static process. Hardware and software form a fixed package and thus hinder the integration of new electric and electronic features once the specification has been completed. Usually software components assigned to an ECU cannot be easily transferred to other devices after they have been deployed. The main reasons are high system configuration and integration complexity, although shifting functions from one to another ECU is a feature which is generally supported by AUTOSAR. The concept of a Virtual Functional Bus allows a strict separation between applications and infrastructure and avoids source code modifications. But still further tooling is needed to reconfigure the AUTOSAR Basic Software (BSW). Other challenges for AUTOSAR are mixed integrity, versioning and multi-core support. The upcoming BMW E/E-domain oriented architecture will require all these features to be scalable across all vehicle model ranges.

This paper presents new comfort and convenience features in the luxury segment and focuses especially on Comfort Access and iDrive. The Comfort Access System offers the customer the possibility of unlocking the vehicle without active use of a key, of starting the engine and at the end of the journey of locking the car again. The aim of the iDrive concept was to enable intuitive operation of the various functions with simultaneously improved ergonomics. Both, a monitor and a controller with its variable haptic are the concept’s innovation. In addition, this paper also discusses future ECU (Electronic Control Unit) networks for body electronics. The focus is on package-driven ECU network architecture, having many functions developed by different suppliers on a single ECU.

Handling characteristics, ride comfort and active safety are customer relevant attributes of modern premium vehicles. Electronic control units offer new possibilities to optimize vehicle performance with respect to these goals. The integration of multiple control systems, each with its own focus, leads to a high complexity. BMW and ITK Engineering have created a tool to tackle this challenge. A simulation environment to cover all development stages has been developed. Various levels of complexity are addressed by a scalable simulation model and functionality, which grows step-by-step with increasing requirements. The simulation environment ensures the coherence of the vehicle data and simulation method for development of the electronic systems. The article describes both the process of the electronic control unit (ECU) development and positive impact of an integrated tool on the entire vehicle development process.

This paper presents an object-oriented method customized for a tool-assisted development of car software components. Tough market conditions motivate smart software development. ASCET SD is a tool to generate target code from graphic specifications, avoiding costly programming in C. But ASCET lacks guidelines on what to do, how to do it, in what order, like a fully equipped kitchen without a cooking book. Plans to employ the tool for BMW vehicle software sparked off demand for an adequate, object-oriented real-time methodology. We show how to scan the methodology market in order to adopt an already existing method for this purpose. The result of the adaptation of a chosen method to ASCET SD is a pragmatic version of ROOM, which we call BROOM. We present a modeling guidebook that includes process recommendations not only for the automotive sector, but for real-time software development in general.

The individual development process for distributed, communicating electronic control units hinders the integration of Automotive systems and increases the overall costs. In order to facilitate such applications, services and protocols for Communication, Network Management, and Operating System must be standardized. The aim of the OSEK project is to work out a respective specification proposal in cooperation with several car manufacturers and suppliers. This will permit a cost-effective system integration and support the portation of system functions between different electronic control units.

The increasing complexity of automotive functions which are necessary for improved driving assistance systems and automated driving require a change of common vehicle architectures. This includes new concepts for E/E architectures such as a domain-oriented vehicle network based on powerful Domain Control Units (DCUs). These highly integrated controllers consolidate several applications on different safety levels on the same ECU. Hence, the functions depend on a strictly separated and isolated implementation to guarantee a correct behavior. This requires middleware layers which guarantee task isolation and Quality of Service (QoS) communication have to provide several new features, depending on the domain the corresponding control unit is used for. In a first step we identify requirements for a middleware in automotive DCUs. Our goal is to reuse legacy AUTOSAR based code in a multicore domain controller.

Increasing demand for dynamically controlled safety features, passenger comfort, and operational convenience in upper class automobiles requires an intensive use of electronic control units including software portions. Modeling, simulation, rapid prototyping, and verification of the software need new technologies to guarantee passenger security and to accelerate the time-to-market of new products. This paper presents the state-of-the-art of the design methods for the development of electronic control unit software at BMW. These design methods cover both discrete and continuous system parts, smoothly integrating the respective methods not merely on the code level, but on the documentation, simulation, and design level. In addition, we demonstrate two modeling and prototyping tools for discrete and continuous systems, namely Statemate and MatrixX, and discuss their advantages and drawbacks with respect to necessary prototyping demands.

This paper presents the challenges in automotive electronics. Considering the deficiencies of the current ECU (electronic control unit) design process, a new design process is outlined. This design process mainly focuses on the independence of the ECU hardware architecture development and the software function development.

Sensing and acting elements to guarantee the locking functions of seat belt retractors can emit noise when the retractor is subjected to externally applied vibrations. For these elements to function correctly, stiffness, inertia and friction needs to be in tune, leading to a complex motion resistance behavior, which makes it delicate to test for vibration induced noise. Requirements for a noise test are simplicity, robustness, repeatability, and independence of laboratory and test equipment. This paper reports on joint development activities for an alternative test procedure, involving three test laboratories with different equipment. In vehicle observation on parcel shelf mounted retractors, commercially available test equipment, and recent results from multi-axial component tests [1], set the frame for this work. Robustness and reliability of test results is being analyzed by means of sensitivity studies on several test parameters.

A reliable environment perception is a requirement for safe automated driving. For evaluating and demonstrating the reliability of the vehicle’s environment perception, field tests offer testing conditions that come closest to the vehicle’s driving environment. However, establishing a reference ground truth in field tests is time-consuming. This motivates the development of a procedure for learning the vehicle’s perception reliability from fleet data without the need for a ground truth, which would allow learning the perception reliability from fleet data. In Berk et al. (2019), a method based on Bayesian inference to determine the perception reliability of individual sensors without the need for a ground truth was proposed. The model utilizes the redundancy of sensors to learn the sensor’s perception reliability. The method was tested with simulated data.

The permanently increasing number of convenience and safety functions leads to higher complexity of in-car electronics and the rapidly growing amount of sensors, actuators and electronic control units places higher demands on high- speed data communication protocols. Safety-critical systems need deterministic protocols with fault-tolerant behavior. The need for on-board diagnosis calls for flexible use of bandwidth and an ever-increasing number of functions necessitates a flexible means of extending the system. None of the communication solutions available on the market until now (like CAN or TTP) have been able to fulfill all these demands. To solve these problems, BMW together with several semiconductor companies has developed a new protocol for safety-critical applications in automotive vehicles.

A key criterion for launching autonomous vehicles on real roads is the knowledge of their capability to ensure traffic safety. In contrast to ADAS, deriving this measure of safety is difficult to achieve as the functional scope of an autonomous driving function exceeds by far the one of ADAS. As a consequence, real-world testing solely is not sufficient enough to cover the required test volume. This assessment problem imposes new requirements on a valid test concept for automated driving. A possible solution represents simulation by enabling it to generate reliable test kilometers. As a first step, we discuss in this paper the feasibility of simulation frameworks to re-simulate a real-world test in certain scenarios. We will demonstrate that even with ground truth information of the vehicle odometry and corresponding environment model an acceptable accordance of functional behavior is not guaranteed.

The continuous encouragement of lightweight design in modern vehicles demands a reliable and efficient method to predict and ameliorate the interior acoustic comfort for passengers. Due to considerable psychological effects on stress and concentration, the low frequency contribution plays a vital rule regarding interior noise perception. Apart other contributors, low frequency noise can be induced by transient aerodynamic excitation and the related structural vibrations. Assessing this disturbance requires the reliable simulation of the complex multi-physical mechanisms involved, such as transient aerodynamics, structural dynamics and acoustics. The domain of structural dynamics is particularly sensitive regarding the modelling of attachments restraining the vibrational behaviour of incorporated membrane-like structures. In a later development stage, when prototypes are available, it is therefore desirable to replace or update purely numerical models with experimental data.

The introduction of autonomous vehicles has gained significant attention due to its potential to revolutionize mobility and safety. A critical aspect underpinning the functionality of these autonomous vehicles is their sensor perception system. Demonstrating the reliability of the environment perception sensors and sensor fusion algorithms is, therefore, a necessary step in the development of automated vehicles. Field tests offer testing conditions that come closest to the environment of an automated vehicle in the future. However, a significant challenge in field tests is to obtain a reference truth of the surrounding environment. Here, we propose a pipeline to assess the sensor reliabilities without the need for a reference truth. The pipeline uses a model to estimate the reliability of redundant sensors. To do this, it relies on a binary representation of the surrounding area, which indicates either the presence or absence of an object.

Software complexity of vehicles is constantly growing especially with additional autonomous driving features being introduced. This increases the risk for bugs in the system, when the car is delivered. According to a car manufacturer, more than 90% of availability problems corresponding to Electronic Control Unit (ECU) functionality are either caused by software bugs or they can be resolved by applying software updates to overcome hardware issues. The main concern are sporadic errors which are not caught during the development phase since their trigger condition is too unlikely to occur or is not covered by the tests. For such systems, there is a need of safe and secure infield diagnosis. In this paper we present a tool software architecture with remote access, which facilitates standard read/write access, an efficient channel interface for communication and file I/O, and continuous trace.