Entering new worlds

New E/E architectures with vehicle computers offer new opportunities

RealTimes 2020 Mountain

Automotive electronics are set to undergo profound changes driven by the megatrends connectivity and auto­mated driving. These call for completely new E/E architectures in which microprocessor-based vehicle computers (VCs) make it possible to merge domains that are currently distributed. Software based on the AUTOSAR Adaptive standard and the possibility to partition VCs into virtual machines are creating a dynamic that will lead us into new worlds in automotive software development.

Driven by the megatrend of connectivity, communication tech­nology and hardware from the consumer electronics industry are making their way into cars, and modern vehicles are be­coming connected with their environment. This opens up a completely new field of possibilities, resulting in an enormous increase in functions and making the services and user ex­perience that end customers have come to expect from their smartphones available in vehicles. This development is intro­ducing an array of tried-and-tested IT (software) technolo­gies into vehicles. A second megatrend is also playing its part: assisted and increasingly automated driving, which in turn means a dramatic increase in functions, such as environmen­tal detection.

These two technological advancements together can hardly be realized in practice with the ECU networks available today. It will take significantly more computing power and more struc­tured architectures than are currently used, as the expected gain in functions would cause a sharp increase in the complex­ity of today’s solutions, which often involve as many as 120 decentralized ECUs.

To understand the scale of this task, consider this comparison: today’s automotive software already comprises more than 100 million lines of code – about 100 times more than the software for the space shuttle and more than four times as much as that for commercial aircraft. Experts at Bosch expect the scope of future automotive software to increase by a factor of 10,000, with functionality ranging from hard real-time systems to interactive apps. The car will become a soft­ware-dominated system – a “smart device on wheels.” Now, the task at hand is to reliably integrate all these soft­ware parts while simultaneously satisfying the highest safety requirements of Automotive Safety Integrity Level (ASIL) D, combined with cybersecurity requirements.

Borderline complexity – new approaches are needed

There is work to be done, and the automotive industry is tack­ling it with IT and mobile communications hardware: micro­processor (µP)-based vehicle computers (VCs) with high com­puting power and significantly more (external) storage ca­pacity are supplementing the current microcontroller-based ECUs, allowing manufacturers to transfer functions from con­ventional ECUs to centralized VCs (Fig. 1).

Figure 1: Vehicle computers and cloud connectivity will fundamentally change automotive E/E architectures.

As a result, domains that were previously distributed can be merged. Mergers of three to four domains on one vehicle computer are becoming conceivable and feasible – also be­cause VCs can be partitioned using a hypervisor. An entire array of virtual ECUs can be integrated and operated inde­pendently of each other on the encapsulated domains.

This flexibility, coupled with connectivity to the cloud, opens up the possibility of transferring new functions or updates to the vehicle, even in the field. These over-the-air (OTA) tech­nologies are considered to be the key to new business models that will pave the way for new sales opportunities.

Comprehensive access to in-field vehicle data is another attractive possibility. This would allow manufacturers to provide their customers more targeted advice when they come in to buy a car, such as the ability to offer them tailored drive configurations or insurance rates based on real driving profiles. The data will also make it possible to draw conclu­sions regarding the service life of vehicle components and to avoid replacing them until it is actually necessary. In short, a huge field of possibilities will open up.

For highly complex cross-domain functions of automated driving, decentralized ECU infrastructures also come up against limits that could be overcome with centralized approaches and a standardized control layer. Much more powerful vehicle computers are needed to enable the enormous volumes of data from environment sensors (radar, video, and lidar) to be merged, compared, and validated with a view to ensuring max­imum safety.

Merging domains constructively

E/E architectures with VCs make it possible to do away with domain separation, which evolved over time but is now phy­sically redundant. Decisions will then be made centrally, re­placing distributed decision making and coordination between numerous ECUs. This keeps complexity manageable and re­duces dependencies between control and drive type, which will create control platforms that can be used to address func­tional characteristics of a broad spectrum of determinants in detail – for instance, for an efficient recuperation strategy for hybrid and electric drives or for decision making in auto­mated vehicles.

Here’s an example to illustrate the scope and benefits of the tasks that lie ahead: to implement automated driving, devel­opers perform calculations in three-dimensional movement trajectories. The actual route is determined in line with various trajectories the vehicle can take on the road. These are highly complex processes into which not only all safety-relevant information flows, but even such parameters as driving comfort and energy consumption. Domain consolidation harbors par­ticular potential here – initially for the drive and chassis func­tions, including brakes and steering. The aim here is to functionally integrate these as a software package at the control level and to run this package as a vehicle-motion controller on the VC. This software-based controller receives trajectories, analyzes and optimizes them, and translates the result into commands to the drive, regard­less of type, and to the chassis functions. Whether these commands are sent to a combustion, hybrid, electric, or fuel­cell drive is irrelevant.

Separating software development and hardware

Bosch and ETAS already offer solutions for powerful VCs (Fig. 2). At their core is the RTA-VRTE (Vehicle Runtime En­vironment) platform software framework for µP-based VCs, and software based on the AUTOSAR Adaptive standard. This framework makes it possible to partition the VC into vir­tual machines that are free from mutual interference and to integrate disparate data and signal transmission structures based on POSIX-compliant operating systems.

Figure 2: Basic structure of vehicle computer software with AUTOSAR Classic and AUTOSAR Adaptive components. This structure provides maximum flexibility while maintaining strong safety and security.

Whether domain consolidation, new convenience functions, or security updates – thanks to partitioning and freedom from interference in encapsulated virtual machines (VMs), it is no longer necessary to update all applications in the course of integration and further development. As in PCs and smart­phones, ongoing function upgrades and software updates will be possible. Additionally, software development can be completely separated from hardware.

RTA-VRTE therefore runs on any µP-based hardware, regard­less of whether it’s a VC or a PC, paving the way for end-to­end virtualization of software development. After all, soft­ware that already operates in the vehicle on encapsulated partitions of the vehicle computer – in other words, on virtual ECUs – can be developed on any PC on virtual ECUs. This is made possible by appropriate hardware abstraction layers.

Precisely this approach is the basic idea underlying ETAS’ Early Access Program, which, starting immediately, enables early starters to explore future methods and architectures. You can read more about this in the articles that follow, but first we’ll take a closer look at the AUTOSAR Adaptive Platform standard.


Dr. Andreas Lock is Vice President of Systems Engineering, Sector Electric & Electronic at Robert Bosch GmbH.

Dr. Nigel Tracey is Vice President of RTA Solutions and Gen­eral Manager at ETAS Ltd. in York, UK.

Dr. Detlef Zerfowski is Vice President of Vehicle Computer and Security at ETAS GmbH.

  • Download this article as PDF Entering new worlds Download