Project: Safe Automotive soFtware architEcture-Enhancement
Background _x000D_Safe-E targets to handle the increasing complexity in embedded systems in modern cars, which host software and hardware from a large number of suppliers. It replies to the increased demand of integrating safety-critical applications, complying with the functional safety standard ISO 26262 based on the AUTOSAR architecture. This becomes even more an issue when respecting the large number of new requirements added in case of electrical vehicles, which will need a lot of functions requiring different ASIL levels integrated in and the same Electronic Control Units (ECUs). The following functions and applications may serve as examples in case of e-vehicles: (a) electronic brakes (recovering kinetic energy to re-load the batteries in e-vehicles), (b) inverter control to precisely control the electric motors per wheel, (c) implementation of “electronic differential gear boxes” replacing mechanic gear boxes since one motor per wheel will be used, and many others. Many of the examples definitely needed in e-vehicles will also have significant benefit in conventional, combustion engine driven vehicles such as brakes, chassis control, steering, etc. The Safe-E results will therefore be applicable to the automotive industry in general._x000D_Goal_x000D_The Safe-E project will cope with increasing complexity in modern vehicles during development, by (a) the use of suitable abstractions, i.e., models that allow for an early validation of important properties and (b) by apply additional software layers that support solving such issue and (c) by providing suitable tool prototypes and by integration of existing tools with enhancements and new tools and (d) by developing appropriate training material to allow immediate pick-up in automotive industry._x000D_In more detail _x000D_Technical and market applications_x000D_In addition to the application examples provided already in the background description, the trend to look into e-vehicles on the one side and into broadening the electronic functions in modern vehicles with respect to safety critical applications is steadily increasing. Large companies in the area of fuel start to look into the e-market and first infrastructure to facilitate wide e-vehicle spread is taking up speed. These are indicators for a potential paradigm shift in mobility during the next decade. Preparatory R&D work and initial developments are starting right now. Thus Safe-E is definitely replying to the market request in time and the results expected will strengthen the Safe-E Ps including potential applicators within the European automotive supplier and OEM industry._x000D_Consortium _x000D_The consortium has carefully been put together supporting the needs to provide AUTOSAR architecture based functional safety standard ISO 26262 compliant solutions to the automotive industry. The consortium as a whole focuses on safety-critical applications and providing solutions according to the new and demanding requirements defined in the automotive standards. Due to the fact that the R&D work by the SME TTTech needs to be directly harmonized with the goals of large automotive suppliers and needs to respect the interests of leading silicon suppliers on the market, the consortium selected consist of: (a) TTTech Computertechnik AG, Austria, SME (coordinator); (b) AVL Software and Functions GmbH, Germany, industry; (c) Fortiss GmbH, Germany, research institute, (d) Infineon Technologies, Germany, industry._x000D_Structure_x000D_(a) WP 1, project management, will cover all managerial tasks; (b) WP 2, Requirements elicitation, will collect all requirements; (c) WP 3, safety model based, will generate specifications and the will define the safety models required; (d) WP 4, technology platform, will design and develop the software, hardware and the models; (e) WP 5, use cases for evaluation, will provide verification and the appropriate means and tools; (f) WP 6, methodology and application rules, will define how to apply the results for broad automotive industrial use; (g) WP 7, training, dissemination, exploitation, will develop the training for potential customers and will care for the market approach._x000D_
| Acronym | Safe-E (Reference Number: 6095) |
| Duration | 01/07/2011 - 31/12/2014 |
| Project Topic | Safe-E provides a microcontroller model platform, process modeling, model based analysis & components fulfilling the functional safety standard ISO 26262 based on AUTOSAR architecture & a SW Safety Layer for re-use of AUTOSAR Basic SW in up to ASIL-D applications plus verification using tailored HW. |
|
Project Results (after finalisation) |
TTTech is involved in R&D work and component developments for Electric/Electronic E-vehicles including suitable backbone networks in order to conduct the safety-relevant data communication for control functions within the vehicle. The idea is to come closer to the vision running E-Vehicles with wheel hub motors reducing the parts subjected to regular wear to an absolute minimum. While mechanical components such as complex, high COtenance combustion engines are replaced by E-motors hardly requiring any COtenance at all, such concepts eliminate expensive components like drive shafts, exhaust pipes, gear boxes, mechanical brakes etc. from such vehicles completely and thus remove any cost related to such parts in conventional cars. _x000D_By doing so, TTTech strives for concepts and products that support such designs. One critical point is dedicated to the fact that wheel-hub driven E-vehicles will also use recuperative brakes, using the energy of the moving vehicles to charge the battery of such vehicle while electrically braking directly using the wheel hub motors as generators. Due to the fact that such simplified drive train does not offer any means to mechanically interrupt the drive train by any kind of means like a clutch, the need for preventing undesired power delivery to the phase voltages of the E-motors becomes evident. Consider the case of failure of an electronic inverter where the voltage supplied to the E-motor would not represent the desired value derived from the position of the acceleration pedal operated by the driver. In such case the vehicle would run on a particular speed until the battery is exhausted without any possibility to gain control over the vehicle speed. Such scenario needs to be avoided and requires special means to control the system also in case of a failure of a particular ECU responsible for the voltage supply to the E-motor. _x000D_Within Safe-E such component has been developed up to a prototype level. It has been tested extensively on a specially dedicated motor test-stand._x000D_Another R&D brick investigated in Safe-E is the decision criteria for using single core or dual core (many core) based ECUs. _x000D_The project goal followed by TTTech aimed at designing, developing and setting up a prototype for a Safety ECU and to compare the "single-core" approach to a dual-(multi-) core approach. Due to the long project lead time between the information of winning the proposal to receiving the contract (> 12 months!) and due to the significantly delayed kick-off (> 9 months) and due to the fast moving technology developments we upgraded the scope from single-core to "lockstep CPU" (actually 2 CPUS but from functional point of view only one CPU) and from dual core-CPU to multi core approach (2x Lockstep + 1x single core CPU within the same device). This delivered results that were surprising for us and delivered argumentation in favor of each of the approaches depending on the application._x000D_Finally we added a brick in the area of integration of Basic AUTOSAR SW components, which do not fulfill any safety standards into systems that require high safety standards and high ASIL levels. Such approach is promising since no system provider intends to develop all already proven SW modules from scratch just because the new function requires safety standards. Thus a safety software layer concept and implementation was developed from scratch._x000D_ |
| Network | Eurostars |
| Call | Eurostars Cut-Off 5 |
Project partner
| Number | Name | Role | Country |
|---|---|---|---|
| 4 | AVL Software and Functions GmbH | Partner | Germany |
| 4 | FORTISS GmbH | Partner | Germany |
| 4 | Infineon Technologies | Partner | Germany |
| 4 | TTTech Computertechnik AG | Coordinator | Austria |