Adas Eb
Adas Eb
Adas Eb
Agenda
Short overview of Elektrobit automotive
System Architecture
2
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Agenda
Short overview of Elektrobit automotive
System Architecture
3
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Agenda
Short overview of Elektrobit automotive
System Architecture
8
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
http://www.continental-corporation.com/www/download/portal_com_en/themes/ir/financial_reports/download_download_channel/fb_2014_en.pdf
9
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Agenda
Short overview of Elektrobit automotive
System Architecture
10
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Confidence
11
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
12
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Bridget Driscoll
• Bridget Driscoll received instant notoriety when she stepped off the kerb and
into the history books on August 17th 1896.
• Mrs Driscoll, a 44 year old housewife, who was travelling from Old Town,
Croydon to a folk-dancing display in Crystal Palace, became the first pedestrian
in the UK to be killed by a car.
13
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
The Case
• Witnesses said that the car, driven by Arthur Edsel, was travelling at a reckless
pace, in fact: “like a fire engine”.
• Mr Edsel claimed that he had only been doing 4 mph and that he had rung his
bell as a warning.
• The jury took six hours to reach a verdict that Mrs. Driscoll had died of
accidental death.
• At Mrs Driscoll’s inquest, Coroner William Percy Morrison said he hoped that
“such a thing would never happen again” and was the first to apply the term
“accident” to violence caused by speed.
Coroners across the country have followed his example ever since.
14
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Today…
15
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Complexity
16
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
17
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
18
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Computing Power
20
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
23
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Next level of
Functional Safety
25
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
26
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Failure Detected?
• Deactivate / degrade function
Safe State
• Inform the driver
• Report a diagnostic error
28
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Driver Auto-
mation
other activities
not allowed specific all (even sleeping)
while driving
29
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
30
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Agenda
Short overview of Elektrobit automotive
System Architecture
31
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
ECU 1
Input Output
Data = Data
ECU 2
A 2 channels with comparison system is simply fail-safe and since you cannot
distinguish between “ECU1 not ok” and “ECU2 not ok”.
ECU 1
V
Input O Out-
ECU 2 T put
Data
E Data
R
ECU 3
If one of the ECUs fails the system can continue with the remaining two ECUs.
34
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Common sense:
The best policy is not to operate on a single channel, or not for a long period of time.
See above: only some seconds may be needed.
35
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
QM Functions
• Fault tolerant Ethernet Microkernel Safety
AUTOSAR OEM QM ASIL
BSW TimE
• Service Orientated OS modules CDD CDD
Protection
communication
MCAL MCAL (ASIL) Wdg
1oo2D
• Normal operation 1oo2D*
• Rebuilding 2
1 channel channel
system
• Still Operational • Disabling of
• Handover to driver comfort
• Failure recovery functions
• Internal recovery
< 10s
37
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Sensors
/Actuators
dis-
abled
critical
non-
critical
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
1oo2D – 1 channel
1oo2D system
ECU1 ECU2 ECU3
Func4
Func2 Func2 Func5
Func1 Func1 Func6
Func3 Func3
Func3 Func1
Diagnostics Diagnostics
Fault tolerant Ethernet
Sensors
/Actuators
dis-
abled
critical
non-
critical
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
1oo2D*
1oo2D system
ECU1 ECU2 ECU3
Func4
Func2 Func2 Func5
Func1 Func1 Func6
Func3 Func3
Func3 Func1
Diagnostics Diagnostics
Fault tolerant Ethernet
Sensors
/Actuators
Requirements for Reconfiguration
dis-
• Req. 1: Functions can be dynamically relocated
abled
• Req. 2: Sensor/Actuators are redundant or accessible via critical
network non-
critical
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Dynamic Reconfiguration
OS_App1 OS_App2
Req. 1: Functions can be dynamically Data Data
relocated
Task1 Task2 Task3 ISR1
• Application information based on Data Data Data Data
AUTOSAR xml description available Stack Stack Stack Stack
• Runtime environment (RTE) supporting
reconfigurable software components OS Data Stack
• Threads can started/stopped in EB tresos
Safety OS
41
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Agenda
Short overview of Elektrobit automotive
System Architecture
42
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
?
Core Core Core Micro1 Micro2 Core1 Core2 Core3 Core1 Core2 Core3
1 2 3
Autosar Autosar Autosar Autosar
ADAS ADAS ADAS ADAS
SW-C SW-C SW-C SW-C
Linux/QNX/
RTE Linux/QNX/ RTE Linux/QNX/… RTE
RTE Safety OS,BSW BSW
AUTOSAR… Com Safety OS,BSW AUTOSAR… COM
Safety OS,BSW Hypervisor
Microcontroller Core
Full AUTOSAR Hypervisor
Partitioning Partitioning
43
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Pro Con
Performance Safety
Micro Micro
Pro Con
RTE
Linux/QNX/ AUTOSAR…
COM Safety OS,BSW
Pro Con
46
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Hypervisor architecture
• Host OS with AUTOSAR guest system Core1 Core2 Core3
on one Microcontroller
• Hypervisor could be part of Guest OS Application Autosar
SW-C
RTE
Linux/QNX/…
BSW
Hypervisor
Pro Con
47
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Microcontroller Core
Full AUTOSAR Hypervisor
Partitioning Partitioning
Safety or Performance Safety & Performance Safety & Performance Security Architecture
optimized
48
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)
Summary
• Re-use of available integrity mechanisms from
fail-safe systems is the basis for building fail-
operational systems.
• Software systems that are designed to achieve
a high diagnostic coverage are available today
• Fault tolerant Automotive Ethernet is available
today.
• Established concepts for fail-operational system
are available and can be reused in automotive
systems with cost constraints.
49
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Let‘s build the next generation
automotive.elektrobit.com
software systems for [email protected]
autonomous driving!