Entering new worlds
New E/E architectures with vehicle computers offer new opportunities
Automotive electronics are set to undergo profound changes driven by the megatrends connectivity and automated driving. These call for completely new E/E architectures in which microprocessor-based vehicle computers (VCs) make it possible to merge domains that are currently distributed. Software based on the AUTOSAR Adaptive standard and the possibility to partition VCs into virtual machines are creating a dynamic that will lead us into new worlds in automotive software development.
Driven by the megatrend of connectivity, communication technology and hardware from the consumer electronics industry are making their way into cars, and modern vehicles are becoming connected with their environment. This opens up a completely new field of possibilities, resulting in an enormous increase in functions and making the services and user experience that end customers have come to expect from their smartphones available in vehicles. This development is introducing an array of tried-and-tested IT (software) technologies into vehicles. A second megatrend is also playing its part: assisted and increasingly automated driving, which in turn means a dramatic increase in functions, such as environmental detection.
These two technological advancements together can hardly be realized in practice with the ECU networks available today. It will take significantly more computing power and more structured architectures than are currently used, as the expected gain in functions would cause a sharp increase in the complexity of today’s solutions, which often involve as many as 120 decentralized ECUs.
To understand the scale of this task, consider this comparison: today’s automotive software already comprises more than 100 million lines of code – about 100 times more than the software for the space shuttle and more than four times as much as that for commercial aircraft. Experts at Bosch expect the scope of future automotive software to increase by a factor of 10,000, with functionality ranging from hard real-time systems to interactive apps. The car will become a software-dominated system – a “smart device on wheels.” Now, the task at hand is to reliably integrate all these software parts while simultaneously satisfying the highest safety requirements of Automotive Safety Integrity Level (ASIL) D, combined with cybersecurity requirements.
Borderline complexity – new approaches are needed
There is work to be done, and the automotive industry is tackling it with IT and mobile communications hardware: microprocessor (µP)-based vehicle computers (VCs) with high computing power and significantly more (external) storage capacity are supplementing the current microcontroller-based ECUs, allowing manufacturers to transfer functions from conventional ECUs to centralized VCs (Fig. 1).
As a result, domains that were previously distributed can be merged. Mergers of three to four domains on one vehicle computer are becoming conceivable and feasible – also because VCs can be partitioned using a hypervisor. An entire array of virtual ECUs can be integrated and operated independently of each other on the encapsulated domains.
This flexibility, coupled with connectivity to the cloud, opens up the possibility of transferring new functions or updates to the vehicle, even in the field. These over-the-air (OTA) technologies are considered to be the key to new business models that will pave the way for new sales opportunities.
Comprehensive access to in-field vehicle data is another attractive possibility. This would allow manufacturers to provide their customers more targeted advice when they come in to buy a car, such as the ability to offer them tailored drive configurations or insurance rates based on real driving profiles. The data will also make it possible to draw conclusions regarding the service life of vehicle components and to avoid replacing them until it is actually necessary. In short, a huge field of possibilities will open up.
For highly complex cross-domain functions of automated driving, decentralized ECU infrastructures also come up against limits that could be overcome with centralized approaches and a standardized control layer. Much more powerful vehicle computers are needed to enable the enormous volumes of data from environment sensors (radar, video, and lidar) to be merged, compared, and validated with a view to ensuring maximum safety.
Merging domains constructively
E/E architectures with VCs make it possible to do away with domain separation, which evolved over time but is now physically redundant. Decisions will then be made centrally, replacing distributed decision making and coordination between numerous ECUs. This keeps complexity manageable and reduces dependencies between control and drive type, which will create control platforms that can be used to address functional characteristics of a broad spectrum of determinants in detail – for instance, for an efficient recuperation strategy for hybrid and electric drives or for decision making in automated vehicles.
Here’s an example to illustrate the scope and benefits of the tasks that lie ahead: to implement automated driving, developers perform calculations in three-dimensional movement trajectories. The actual route is determined in line with various trajectories the vehicle can take on the road. These are highly complex processes into which not only all safety-relevant information flows, but even such parameters as driving comfort and energy consumption. Domain consolidation harbors particular potential here – initially for the drive and chassis functions, including brakes and steering. The aim here is to functionally integrate these as a software package at the control level and to run this package as a vehicle-motion controller on the VC. This software-based controller receives trajectories, analyzes and optimizes them, and translates the result into commands to the drive, regardless of type, and to the chassis functions. Whether these commands are sent to a combustion, hybrid, electric, or fuelcell drive is irrelevant.
Separating software development and hardware
Bosch and ETAS already offer solutions for powerful VCs (Fig. 2). At their core is the RTA-VRTE (Vehicle Runtime Environment) platform software framework for µP-based VCs, and software based on the AUTOSAR Adaptive standard. This framework makes it possible to partition the VC into virtual machines that are free from mutual interference and to integrate disparate data and signal transmission structures based on POSIX-compliant operating systems.
Whether domain consolidation, new convenience functions, or security updates – thanks to partitioning and freedom from interference in encapsulated virtual machines (VMs), it is no longer necessary to update all applications in the course of integration and further development. As in PCs and smartphones, ongoing function upgrades and software updates will be possible. Additionally, software development can be completely separated from hardware.
RTA-VRTE therefore runs on any µP-based hardware, regardless of whether it’s a VC or a PC, paving the way for end-toend virtualization of software development. After all, software that already operates in the vehicle on encapsulated partitions of the vehicle computer – in other words, on virtual ECUs – can be developed on any PC on virtual ECUs. This is made possible by appropriate hardware abstraction layers.
Precisely this approach is the basic idea underlying ETAS’ Early Access Program, which, starting immediately, enables early starters to explore future methods and architectures. You can read more about this in the articles that follow, but first we’ll take a closer look at the AUTOSAR Adaptive Platform standard.
Dr. Andreas Lock is Vice President of Systems Engineering, Sector Electric & Electronic at Robert Bosch GmbH.
Dr. Nigel Tracey is Vice President of RTA Solutions and General Manager at ETAS Ltd. in York, UK.
Dr. Detlef Zerfowski is Vice President of Vehicle Computer and Security at ETAS GmbH.