This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Architectural Concepts for Fail-Operational Automotive Systems
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 05, 2016 by SAE International in United States
Annotation ability available
The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time.
The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment. Hence, it can no longer be expected that the driver will take over control of the vehicle quickly in case of a failure and taking into account the idea of a driverless car, this option might get even completely dispensable. This raises dramatically the requirements for availability and robustness of the involved car systems. Here the capability to provide functionality even in case of an error or defect is in focus inducing demand for a certain degree of redundancy.
Currently this redundancy is quite often implemented by physical duplication of hardware and the involved software, leading to higher hardware costs, weight and energy consumption and finally also negatively impacting fuel efficiency.
In this paper we will point out how an optimized fail operational approach can be realized. We also present different concepts for an implementation and identify deficits in the design and implementation of today’s automotive Electronic Control Units (ECUs), involved semiconductor products and software approaches. This is where we expect the main challenges to realize an optimized redundancy, especially for X-by-Wire systems. The hardware architecture of semiconductors as well as the applied software architecture on ECUs must be designed accordingly in order to reach smarter solutions.
|Technical Paper||Platform-Based Automotive Safety Features|
|Technical Paper||Adaptive Remote Vehicle Start Operation for Reduced Fuel Consumption|
|Journal Article||Achieving a Scalable E/E-Architecture Using AUTOSAR and Virtualization|
CitationKohn, A., Schneider, R., Vilela, A., Roger, A. et al., "Architectural Concepts for Fail-Operational Automotive Systems," SAE Technical Paper 2016-01-0131, 2016, https://doi.org/10.4271/2016-01-0131.
- Liggesmeyer, P., Trapp, M., “Trends in Embedded Software Engineering”, IEEE Software, May/June 2009, pp. 19-25
- Braun, J., Mottok, J., “Fail-Safe and Fail-Operational Systems safeguarded with Coded Processing”, EuroCon 2013, July 2013, Zagreb, Croatia
- Mariani, R., Kuschel, T., Shigehara, H., “A flexible micro controller architecture for fail-safe and fail-operational systems”, 2nd HiPEAC Workshop on Design for Reliability (DFR’10)
- Bak, S.. Chivukula, D.K et. Al., “The System-Level Simplex Architecture for Improved Real-Time Embedded System Safety”, 15th IEEE Real-Time and Embedded Technology and Applications Symposium, April 2009, San Francisco, USA
- Baleani, M., Ferrari et.al., “Fault-Tolerant Platforms for Automotive Safety-Critical Applications”, In: Proceedings of the 2003 International Conference on Compilers, Architecture and Synthesis for Embedded Systems, ACM, pp. 170-177
- Isermann, R., Schwarz, R. et al., “Fault-tolerant drive-by-wire systems”, IEEE Control Systems Magazine, October 2002, 22(5):64-81
- Temple, C., Vilela, A., “Fehlertolerante Systeme im Fahrzeug - Von Fail Safe zu Fail Operational“, Elektroniknet, July 2014
- Kohn, A., Käßmeyer, M., Schneider, R,. Roger, A. et. Al., “Fail-Operational in Safety-Related Automotive Multi-Core Systems”, 10th IEEE International Symposium on Industrial Embedded Systems (SIES), 2015, Siegen
- ISO 26262 Road vehicles - Functional safety - Part 1 to 10
- IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1 to 7
- AUTOSAR Specification Release 4.2.2
- Infineon AURIX Safety Manual, Application Note 2013