Electronic architecture and system engineering for integrated safety systems

From a technical point of view, today's safety systems have a limited degree of interdependency. To enable new safety functions, these systems need integration and combination with innovative enhanced telematic services - into a complete network of integrated safety systems (ISS). Services for communication, dependability and gateway functionality For the realisation of ISS a powerful, highly dependable in-vehicle electronic architecture - both hardware and software - is necessary. Those elements, which are not competition-relevant for OEMs and suppliers, must be standardised to achieve an improvement in system quality with shorter development times and lower system costs. One major part of this electronic architecture is the software architecture upon which the ISS shall be executed. Embedded system safety analysis A prerequisite for the near future introduction of ISS is the definition of a vehicle on-board electronic hardware infrastructure that supports in a cost effective manner the very high ISS application demands in terms of dependability, computational power, high speed and accurate information exchange. This infrastructure consists of a distributed electronic architecture composed by several electronic control units (ECUs) with a proper internal fault tolerant design, connected by means of a complex communication system and a dependable power supply network. Provision of high availability and safety Integrated Safety Systems have demanding requirements in terms of dependability; especially regarding the dependability attributes safety, reliability, availability and security. Moreover, achieving system dependability in a predictable and assessable way is significantly harder for integrated safety systems than for traditional safety critical vehicle subsystems. There are three reasons for this: criticality of software, complexity and responsibility. First of all, software-based components has become more safety critical than in traditional systems. The more complicated the control mechanisms of safety-critical actuators become, the less it is possible to achieve dependability by other technology fallback (e.g. mechanical backup). The second reason is the higher complexity of integrated safety systems. Aspects of complexity in integrated safety systems are a high number of connected ECUs providing a function, a high complexity of the functions in terms of the number of inputs and the number of failure modes to be considered, the possibility of actuator control conflicts between different safety functions, and the complexity of the control algorithms. The third reason is that no single party involved in the development of integrated safety systems should be able to take over the sole responsibility for system safety and dependability. Methods and approaches are necessary that support shared responsibilities. While the transition towards complex safety critical software-based systems has already taken place in other industries (e.g. avionics), the approaches followed there for achieving system dependability are not transferable to the automotive industry without modification –due to different constraints concerning volumes, variability, and cost. Provision of introduction plan for new concepts into existing automotive system architectures To meet future safety requirements, the automotive community is faced with a demand for E/E architecture and a systems engineering process that fits the needs of ISS. The activities of this work package focus on the systems engineering process, which needs to be as uniform as possible and supported by a cross-competitive and seamless tool chain. Preparation for standardization On a Hardware-In-the-Loop (HIL) simulator the developed 'Safe Speed Function' was prototyped. This simulator allowed the demonstration and evaluation of the complete truck behaviour with all its electronic systems in a wide range of conditions. The truck behaviour in case of software and hardware failures was investigated in a thorough and structured way. Results A platform for software-based functionality in vehicle electronic systems has been defined, providing common services upon which future applications can be built. A vehicle on-board electronic hardware infrastructure, which supports the requirements of integrated safety systems in a cost effective manner has been specified. Methods and techniques for handling critical dependability-related parts of the development lifecycle have been analysed, adapted, extended and defined. An engineering process and a suitable tool chain have been defined, enabling the application of integrated safety systems. The results have been validated by two different domain overlapping demonstrators: To prove the gateway and firewall capabilities of the EASIS architecture, a telematics gateway was realised. Overall system dependability e.g. in case of system or component failure was demonstrated by a commercial vehicle HIL testbench with an electronically controlled Intarder.