Search Results

The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time. The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment.

Driven by the growing internet and remote connectivity of automobiles, combined with the emerging trend to automated driving, the importance of security for automotive systems is massively increasing. Although cyber security is a common part of daily routines in the traditional IT domain, necessary security mechanisms are not yet widely applied in the vehicles. At first glance, this may not appear to be a problem as there are lots of solutions from other domains, which potentially could be re-used. But substantial differences compared to an automotive environment have to be taken into account, drastically reducing the possibilities for simple reuse. Our contribution is to address automotive electronics engineers who are confronted with security requirements. Therefore, it will firstly provide some basic knowledge about IT security and subsequently present a selection of automotive specific security use cases.

Multi-core systems are adopted quickly in the automotive domain, Proof of concepts have been implemented for power train, body and chassis, involving hard real-time constraints. However, depending on the degree of integration, it can be costly, especially in those cases where existing single-core software has to be migrated over. Furthermore, there seems to be a high level of uncertainty, whether a found solution, with regards to partitioning, mapping and orchestration of software is close to an optimum solution. Some integrated solutions demonstrate considerably less performance, for instance due to communication overhead compared to execution on single-core systems. This paper discusses a methodology, as to how to effectively and efficiently investigate the software architecture design space for multi-core software development.

The infrastructure in modern cars is a heterogeneous and historically grown network of different field buses coupling different electronic control units (ECUs) from different sources. In the past years, the amount of ECUs in the network has rapidly grown due to the mushrooming of new functions which historically were mostly implemented on a one-ECU-per-function basis resulting in up to a hundred ECUs in fully equipped luxury cars. Additionally, new functions like parking assist systems or advanced chassis control functions are getting increasingly complex and require more computing power. These two facts add up to a complex challenge in development. The current trend to host several functions in single ECUs as integration platforms is one attempt to address this challenge. This trend is supported by the increased computing power of current and upcoming multi-core microcontrollers.

End of Line tests are brief set of tests intended to evaluate ECU's in order to ensure correct functioning of its intended functionality. As these tests are executed on the production line, available time to perform these tests is limited. On one hand, faster production demands require these tests and its framework to be designed in a time optimized manner. On the other hand, increase in ECU functionality translates to an increase in test's functional coverage, requiring more time. Therefore the time taken to execute the tests reaches a critical point in overall ECU production. Availability of multicore microcontrollers with increase in clock speed can increase the performance of end of line tests, but design challenges e.g. synchronization do not guarantee a linear performance increase. Therefore, design of test execution framework is absolutely critical to increase performance of test execution.

A main challenge when developing next generation architectures for automated driving ECUs is to guarantee reliable functionality. Today’s fail safe systems will not be able to handle electronic failures due to the missing “mechanical” fallback or the intervening driver. This means, fail operational based on redundancy is an essential part for improving the functional safety, especially in safety-related braking and steering systems. The 2-out-of-2 Diagnostic Fail Safe (2oo2DFS) system is a promising approach to realize redundancy with manageable costs. In this contribution, we evaluate the reliability of this concept for a symmetric and an asymmetric Electronic Power Steering (EPS) ECU. For this, we use a Markov chain model as a typical method for analyzing the reliability and Mean Time To Failure (MTTF) in majority redundancy approaches. As a basis, the failure rates of the used components and the microcontroller are considered.

A variety of methodologies to use embedded multicore controllers efficiently has been discussed in the last years. Several assumptions are usually made in the automotive domain, such as static assignment of tasks to the cores. This paper shows an approach for efficient task allocation depending on different system modes. An engine management system (EMS) is used as application example, and the performance improvement compared to static allocation is assessed. The paper is structured as follows: First the control algorithms for the EMS will be classified according to operating modes. The classified algorithms will be allocated to the cores, depending on the operating mode. We identify mode transition points, allowing a reliable switch without neglecting timing requirements. As a next step, it will be shown that a load distribution by mode-dependent task allocation would be better balanced than a static task allocation.

In recent years, we see more and more ECUs integrating a huge number of application software components. This process mostly results from the increasing amount of so called in-house software in various fields like electric-drive, chassis and driver assistance systems. The software development for these systems is partially moved from the supplier to the car manufacturers. Another important trend is the introduction of new network architectures intending to meet the growing communication requirements. For such ECUs the software integration scenarios become more complicated, as more quality of service requirements with regards to timing, safety and security need to be considered [2]. Multi-core microcontrollers offer even more potential variants for integration scenarios. Understanding the interaction between the different software components, not only from a functional, but also from a timing view, is a key success factor for modern electronic systems [6,7,8,9].

In Engine Management System, more accurate control is required to improve engine performance. Especially generating the precise ignition signal has a direct effect on better engine performance. In the beginning of this paper, a basic software structure to synchronize the engine crank signal and generate ignition signals will be explained. Several cases which can generate dwell timing error will be introduced based on this software structure. In addition, each impact level for each error case will be described. For cases of major error, compensation ways will be proposed in order to obtain more accurate dwell timing. The compensation ways by both microcontroller hardware and user software will be explained in detail. In conclusion, this paper will show the accuracy of ignition signal which implements proposed compensation ways that can be improved as compared to conventional ignition signal.

Integration scenarios for ECU software become more complicated, as more constraints with regards to timing, safety and security need to be considered. Multi-core microcontrollers offer even more hardware potential for integration scenarios. To tackle the complexity, more and more model based approaches are used. Understanding the interaction between the different software components, not only from a functional but also from a timing view, is a key success factor for high integration scenarios. In particular for multi-core systems, an amazing amount of timing data can be generated. Usually a multi-core system handles more software functionality than a single-core system. Furthermore, there may be timing interference on the multicore systems, due to the shared usage of buses, memory banks or other hardware resources.