Adas Eb

Download as pdf or txt
Download as pdf or txt
You are on page 1of 50

Software Architectures for

Advanced Driver Assistance


Systems (ADAS)
Robert Leibinger
July 7th, 2015
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Agenda
Short overview of Elektrobit automotive

The road to Advanced Driver Assistance Systems

Challenges for ADAS

System Architecture

ECU Software Architecture

2
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Agenda
Short overview of Elektrobit automotive

The road to Advanced Driver Assistance Systems

Challenges for ADAS

System Architecture

ECU Software Architecture

3
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

About Elektrobit (EB) Automotive

OVER 1300 EMPLOYEES

* including 51% of e.solutions

OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.


All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Our solutions for the automotive world

OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.


All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Delivering unique experiences year over year


Providing navigation e.solutions is formed, EB, the first company
for the first fully a joint venture to take AUTOSAR 4.0
connected solution between EB and Audi to the road across the
(Daimler A-class and Electronics Venture globe (all BMW
smart) GmbH (AEV) carline)

1997 2003 2004 2008 2010 2012 2014

Establishing Pioneering Strategic Expanded


the idea of the partnership innovation
embedded separation of of Daimler focus:
systems HMI and EB Automated
control via software by centered Driving, Car
Internet rest of the around driver as a Sensor,
technologies vehicle (Audi assistance Connected
A6) software Everything
development

OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.


All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

EB at the forefront of automotive technology

- EB‘s electronic horizon information is


playing a major role for predictive driving
- Connected Navigation in combination with
Driver Assistance is the lever for highly
automated driving

- Delivering ADAS and navigation data


(electronic horizon) to enable future driving
experiences
- Long-standing experience with connected
services in safety- and security-critical
environments

- Know-how in OBD with experience in


mission critical client/server systems
- Secure back-end infrastructure to enable
OTA data and service updates.
- Always up-to-date maps validated by EB via
vehicle sensor data to provide the highest
quality maps
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Agenda
Short overview of Elektrobit automotive

The road to Advanced Driver Assistance Systems

Challenges for ADAS

System Architecture

ECU Software Architecture

8
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

http://www.continental-corporation.com/www/download/portal_com_en/themes/ir/financial_reports/download_download_channel/fb_2014_en.pdf
9
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Agenda
Short overview of Elektrobit automotive

The road to Advanced Driver Assistance Systems

Challenges for ADAS

System Architecture

ECU Software Architecture

10
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Confidence

11
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Who was this


woman?

Taken from wikipedia.org

12
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Bridget Driscoll
• Bridget Driscoll received instant notoriety when she stepped off the kerb and
into the history books on August 17th 1896.

• Mrs Driscoll, a 44 year old housewife, who was travelling from Old Town,
Croydon to a folk-dancing display in Crystal Palace, became the first pedestrian
in the UK to be killed by a car.

• Mrs Driscoll, a resident of Croydon, was hit by a demonstration car travelling at


4mph. She died within minutes of receiving a head injury.

13
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

The Case
• Witnesses said that the car, driven by Arthur Edsel, was travelling at a reckless
pace, in fact: “like a fire engine”.

• Mr Edsel claimed that he had only been doing 4 mph and that he had rung his
bell as a warning.

• The jury took six hours to reach a verdict that Mrs. Driscoll had died of
accidental death.

• At Mrs Driscoll’s inquest, Coroner William Percy Morrison said he hoped that
“such a thing would never happen again” and was the first to apply the term
“accident” to violence caused by speed.
Coroners across the country have followed his example ever since.

14
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Today…

15
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Complexity

16
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Complexity - Callgraph of an Engine Control Unit

Simon Fürst, BMW, EMCC2015 Munich

17
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Complexity - Callgraph of an integration platform

• 150 software components


• 14 of them are safety-relevant
according to ASIL B
• Over 1000 assembly connectors
• Multiple n:m edges between SWCs

Simon Fürst, BMW, EMCC2015 Munich

18
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Rising amount of OEM application software at Volkswagen

T. Flämig, Volkswagen, EMCC2015 Munich

Standardized software architectures necessary.


AUTOSAR is the first step to handle this complexity.
19
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Computing Power

20
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

BMW i8 and i3 – Figures and Facts

Simon Fürst, BMW, EMCC2015 Munich

Already large number of ECUs


Where to get the computing power for ADAS?
21
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Power Consumption within BMW cars

Simon Fürst, BMW, EMCC2015 Munich

Max. power consumption limits the number of ECUs


22
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Automotive Multicore Microcontroller

Simon Fürst, BMW, EMCC2015 Munich

23
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Rising Quota of Multicore deliveries at Volkswagen

T. Flämig, Volkswagen, EMCC2015 Munich

Multicore usage ramps up (e.g. Powertrain).


ADAS will speed this up.
24
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Next level of
Functional Safety
25
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

„Definition“ of a safe system

There is a very basic and helpful definition for a safe system:

“You know what the system does”

26
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Current Systems (usually fail-safe)

Failure Detected?
• Deactivate / degrade function
 Safe State
• Inform the driver
• Report a diagnostic error

Standard approach in many safety relevant systems:


• Airbag, ESP, air conditioning, battery charging, …
• Driver assistant functions such as adaptive cruise control, lane assist, …

Some functions provide a degraded mode, sometimes limited in time:


• Electronic Power Steering
• Braking
27
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Wolfgang Schäfer, Continental, May 19, 2015

28
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Levels of Autonomous Driving (AD)


degree of automation

Driver Auto-
mation

driver in the loop yes (required) not required

time to take control several


- ~ 1s couple of minutes
back seconds

other activities
not allowed specific all (even sleeping)
while driving

FCW, ACC, Traffic Jam Highway


examples Valet Parking Robot car
LDW LKA Assistant Chauffeur

FCW … Forward Collosion Warning ACC … Adaptive Cruise Control


LDW … Lane Departure Warning LKA … Lane Keeping Assistant Source: SAE, NHTSA, VDA

29
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Goal: Autonomous driving


Condi-
Driver Partial High Full
Assisted tional
only autom. autom. autom.
autom.

Fail safe Fail operational

Safe State means:


• Continue driving until driver is in the loop
‒ approx. 7-15s for conditional autonomous driving
‒ Several minutes for high and full autonomous driving
• Perform an autonomous „safe-stop“ (stand-still at a non-hazardous place)
‒ Main issue is to get the driver attention focused on the situation
‒ Several minutes, depending on the situation

30
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Agenda
Short overview of Elektrobit automotive

The road to Advanced Driver Assistance Systems

Challenges for ADAS

System Architecture

ECU Software Architecture

31
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Approach: 2 channels with comparison

ECU 1

Input Output
Data = Data
ECU 2

Two ECUs working on the input data, outputs are compared

A 2 channels with comparison system is simply fail-safe and since you cannot
distinguish between “ECU1 not ok” and “ECU2 not ok”.

The safe state is a complete system shutdown.


32
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Approach: 2oo3 Systems

ECU 1

V
Input O Out-
ECU 2 T put
Data
E Data
R

ECU 3

If one of the ECUs fails the system can continue with the remaining two ECUs.

Failures in the input data can be detected by an “Input-Voter”.

This pattern is well established.


33
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

2oo3 Systems and automotive


Applicable for automotive?
• More ECUs
• More wiring
• More weight
• More power consumption
• Higher complexity to manage

Will we as a customer accept that?


• Different opinions and market studies
• Referring to several studies, customer will pay 1500 - 3000€ more for autonomous
driving car (mid-size car).
Source: KPMG(2013), autelligence (2015)

34
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Approach: 1oo2D System


Input Logic Output
ECU 1
Diagnostics Enable
Input Output Output
Data Data
Diagnostics Enable
Output
ECU 2
Input Logic Output

• High diagnostic coverage needed to detect failures in one channel


• IF component fails in one of the two channels, the system does not shut down but
continues to operate with one channel

Common sense:
The best policy is not to operate on a single channel, or not for a long period of time.
 See above: only some seconds may be needed.
35
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Diagnostics in software in autonomous driving systems


Integrity mechanism
• Memory Partitioning
• Temporal Monitoring QM ASIL Safety E2E
SW-Cs SW-C Protection
• Data protection

Safety OS Safety RTE


Infrastructure

QM Functions
• Fault tolerant Ethernet Microkernel Safety
AUTOSAR OEM QM ASIL
BSW TimE
• Service Orientated OS modules CDD CDD
Protection
communication
MCAL MCAL (ASIL) Wdg

Software Engineering Memory Partitions


• Plausibility checks Safety OS Safety E2E Safety TimE Protection
• Functional monitoring • Data Protection Protection • Alive supervision
• Stack Protection • Safe • Deadline Monitoring
• Defensive programming • Context Protection communication • Control flow monitoring
• Dynamic analysis • OS Protection
• Hardware Error
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015. management
36
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Outlook: Reconfiguration for rebuilding 1oo2D

1oo2D
• Normal operation 1oo2D*
• Rebuilding 2
1 channel channel
system
• Still Operational • Disabling of
• Handover to driver comfort
• Failure recovery functions
• Internal recovery

< 10s

37
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

1oo2D - Normal operation


1oo2D system
ECU1 ECU2 ECU3
Func4
Func2 Func2 Func5
Func1 Func1 Func6
Func3 Func3
Func3 Func1
Diagnostics Diagnostics
Fault tolerant Ethernet

Sensors
/Actuators

dis-
abled
critical
non-
critical
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

1oo2D – 1 channel
1oo2D system
ECU1 ECU2 ECU3
Func4
Func2 Func2 Func5
Func1 Func1 Func6
Func3 Func3
Func3 Func1
Diagnostics Diagnostics
Fault tolerant Ethernet

Sensors
/Actuators

dis-
abled
critical
non-
critical
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

1oo2D*
1oo2D system
ECU1 ECU2 ECU3
Func4
Func2 Func2 Func5
Func1 Func1 Func6
Func3 Func3
Func3 Func1
Diagnostics Diagnostics
Fault tolerant Ethernet

Sensors
/Actuators
Requirements for Reconfiguration
dis-
• Req. 1: Functions can be dynamically relocated
abled
• Req. 2: Sensor/Actuators are redundant or accessible via critical
network non-
critical
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Dynamic Reconfiguration
OS_App1 OS_App2
Req. 1: Functions can be dynamically Data Data
relocated
Task1 Task2 Task3 ISR1
• Application information based on Data Data Data Data
AUTOSAR xml description available Stack Stack Stack Stack
• Runtime environment (RTE) supporting
reconfigurable software components OS Data Stack
• Threads can started/stopped in EB tresos
Safety OS

Req. 2: Sensor/Actuators are redundant or


accessible via network
• Service orientated communication
• Multi-cast fault-tolerant Ethernet

41
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Agenda
Short overview of Elektrobit automotive

The road to Advanced Driver Assistance Systems

Challenges for ADAS

System Architecture

ECU Software Architecture

42
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Overview of different architecture approaches

?
Core Core Core Micro1 Micro2 Core1 Core2 Core3 Core1 Core2 Core3
1 2 3
Autosar Autosar Autosar Autosar
ADAS ADAS ADAS ADAS
SW-C SW-C SW-C SW-C
Linux/QNX/
RTE Linux/QNX/ RTE Linux/QNX/… RTE
RTE Safety OS,BSW BSW
AUTOSAR… Com Safety OS,BSW AUTOSAR… COM
Safety OS,BSW Hypervisor

Microcontroller Core
Full AUTOSAR Hypervisor
Partitioning Partitioning
43
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Full AUTOSAR architecture


• Safety Microcontroller Core1 Core2 Core3
• AUTOSAR Multi-Core Safety OS
• ADAS algorithms as SWC ADAS Application Autosar
SW-C SW-C
• Advanced hardware drivers integration as
Complex Device Drivers RTE
Safety OS,BSW
‒ e.g. OpenCL, AVB
‒ Proprietary video bus systems

Pro Con

Easy integration into OEM/T1 AUTOSAR Advanced hardware support needs


process AUTOSAR complex device drivers
One System High Performance Safety Microcontoller
necessary
44
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Microcontroller partitioning architecture


• Partitioning in Safety and Core 1 Core 1
Performance Microcontroller
• Separated applications treated as ADAS Autosar
Application SW-C
different ECUs during development
• Private Network for communication Linux/QNX/
RTE
Com Safety OS,BSW
AUTOSAR…

Performance Safety
Micro Micro

Pro Con

Scalable Additional hardware costs


(combine two or more Microcontoller)
Suitable Micocontroller already available Need for private communication link
Complex Flashloader and Startup
45
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Core partitioning architecture


• One Microcontroller with Performance Performance Safety Core
several performance cores and Core1 Core2
one safety core (typically Lockstep) Application Autosar
SW-C

RTE
Linux/QNX/ AUTOSAR…
COM Safety OS,BSW

Pro Con

No need for private network hardware No suitable Microcontroller available


today
Performance and Safety in one Micro

46
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Hypervisor architecture
• Host OS with AUTOSAR guest system Core1 Core2 Core3
on one Microcontroller
• Hypervisor could be part of Guest OS Application Autosar
SW-C

RTE
Linux/QNX/…
BSW
Hypervisor

Pro Con

Hypervisor as Gateway between different Limited realtime capabilites


OS
Hypervisor as Security Gateway between Limited Performance
car and cloud

47
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Compare and contrast each architecture


Core Core Core Micro1 Micro2 Core1 Core2 Core3 Core1 Core2 Core3
1 2 3 Applicat
Applicatio Autosar Application Autosar Application Autosar
Autosar ion
n SW-C SW-C SW-C
SW-C
SW-C
Linux/QNX/
RTE Linux/QNX/ RTE Linux/QNX/… RTE
RTE Safety OS,BSW BSW
AUTOSAR… Com Safety OS,BSW AUTOSAR… COM
Safety OS,BSW Hypervisor

Microcontroller Core
Full AUTOSAR Hypervisor
Partitioning Partitioning

Safety or Performance Safety & Performance Safety & Performance Security Architecture
optimized

Software Architectures define next generation Microcontroller Architectures

AUTOSAR is part of each architecture as a common standard for


- Basic Software, Safety and Security in ECUs
- Synchronized development process between OEM and T1

48
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Software Architectures for Advanced Driver Assistance Systems (ADAS)

Summary
• Re-use of available integrity mechanisms from
fail-safe systems is the basis for building fail-
operational systems.
• Software systems that are designed to achieve
a high diagnostic coverage are available today
• Fault tolerant Automotive Ethernet is available
today.
• Established concepts for fail-operational system
are available and can be reused in automotive
systems with cost constraints.

49
OSPERT Leibinger | 2015-07-07 | © Elektrobit Automotive GmbH 2015.
All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Let‘s build the next generation
automotive.elektrobit.com
software systems for [email protected]

autonomous driving!

You might also like