Real-Time Automotive – Safe Systems for the Future

By Marija Sokcevic

“In the next decade, the automotive industry will face a magnitude of change that has not been seen in a century. This change will be driven primarily by four mutually reinforcing trends, i.e., autonomous, connected, electric, and shared (ACES) vehicles.”

Automotive software and electronics 2030 – McKinsey & Company Report 2019

As stated by the McKinsey & Company report, one of the three key factors that contribute to the strong overall growth of the software market is the increase in software complexity in domains most influenced by ACES (autonomous, connected, electric, and shared) trends. In autonomous driving, complexity is driven by the rising number of dedicated automated driving software functions as well as by the complexity of the underlying hardware, operating systems and communication networks. This complexity emergence creates the need for the orchestration layer that ensures functioning of the overall system, especially when it comes to safety-critical operations. At the same time, it imposes new challenges in system design practices and, consequently, in gaining acceptance from the public. According to the Gartner Consumer Trends in Automotive online Survey 2017, 55 % of respondents will not ride in a fully autonomous vehicle, while 71 % may consider riding in a partially autonomous vehicle. It is stated how “consumer trust is essential for mass adoption of autonomous vehicle technology”, as trust and personal safety are being top concerns. To earn the needed trust and allow for the evolution of an automotive industry, dependability should be the acceptance criteria and the key concept to consider when ensuring quality of the service in autonomous driving. There are five attributes of dependability that relate to the quality of the service over an extended period of time – reliability, safety, maintainability, availability and security – that are crucial in constructing trustworthy systems.

To show availability and guarantee of service, computing systems inside modern automated vehicles need to be highly responsive to the external environment and designed to meet timing constraints. Such systems are called real-time computer systems or reactive systems. Prof. Dr. Hermann Kopetz, in his book Real-Time Systems, defines a real-time computer system as “a computer system in which the correctness of the system behavior depends not only on the logical results of the computations, but also on the physical instant at which these results are produced.” Reasonably, if a real-time computer system is integrated into a larger system (e.g. vehicle), we call it embedded real-time computer system. Embedded real-time computer systems are designed to perform specific real-time tasks and require minimal or no human intervention. We build upon these fundamentals to introduce complexity and safety requirements of embedded real-time computer systems showcased in vehicles of the new generation as well as ways of managing those complexities.

Underlying principles

A real-time system is a bigger entity consisting of a real-time computer system (computational cluster), an operator (operator cluster) and a controlled object (controlled cluster). The controlled object and an operator together form the environment of the real-time computer system. The environment dictates in which time intervals the stimuli, coming from the controlled object or an operator, triggers a real-time system´s reaction. The result from a system must be produced at the deadline.

Representation of a real-time system (Source: Real-Time Systems, Graphics: TTTech Auto)

Keeping in mind the five attributes of dependability that are crucial for building safe and reliable systems, we will focus on real-time computer systems capable of handling safety-critical tasks. Those real-time computer systems are classified as hard or safety-critical, time-triggered (depending on design and implementation) and fail-operational real-time computer systems (depending on the characteristics of the applications).

In a hard real-time computer system, the result must be produced at an instant of time (a deadline), specifically in a very short time frame, measured in milliseconds or less. We may say that a hard-real-time computer system must meet all hard-deadlines. Hard-deadlines unlike soft-deadlines, are points in time at which a result must happen otherwise a catastrophic outcome could arise. All the scenarios resulting from the different system conditions, in both performance and fault cases, need to be well defined in order to achieve a guaranteed response from the system. Hard real-time computer systems are also called safety-critical real-time computer systems. In safety-critical systems, a time-aware design approach is required to ensure the temporal correctness of safety-critical operations. Time-aware architectures are especially useful within systems that consist of regular or cyclic activity, a high level of complexity and when a highly reliable and safe solution is required.

Furthermore, we may define an event to be any occurrence on a timeline of real-time flow, and a trigger to be an event causing a reaction of a system (e.g. message transmission). Depending on the triggering mechanism for the start of processing activities inside a system, two different design approaches to the real-time computer applications can be defined: event-triggered and time-triggered approach. For time-triggered real-time computer systems, unlike event-triggered real-time computer systems where every event (other than the regular tick of the clock) can trigger a system’s reaction, all the internal communication and other processes are initiated at predetermined points in time. Time-triggered design approach thus allows for predictability of a system’s behavior.

These systems must be designed to tolerate any fault that could cause a critical failure. In autonomous driving or aerospace, it is mandatory to ensure operation of a system even during failures. Let us imagine that the failure of a traffic signaling system is detected. If it is possible to stop all the vehicles and set all the signaling lights to red to reach the safe state almost instantly and avoid the catastrophic consequence, we define the system to be fail-safe. On the contrary, if a safe state cannot be identified (e.g. airplane´s flight control system applications), we are facing a major risk unless our system is designed to keep functioning even when faults are detected. Here we introduce fail-operational real-time computer system, a system capable of the minimal level of service even if a failure occurs.

With personal safety and sense of trust being the main drivers of the evolution of an automotive industry, system designers of the new generation are challenged by these safety requirements to sustain themselves in this demanding market.

The market asked…

Vehicles with high level of automation are a significant technological innovation and evolution leap in the automotive industry. The underlying paradigm shift within the E/E vehicle architecture is that we are transitioning from a dedicated hardware-based, fragmented system to a software-defined, converged architecture. The number of dedicated automated driving software functions as well as the complexity created by the latest requirements of the underlying hardware, operating systems and communication networks is growing rapidly.

Car Architecture Solution Evolution

This evolutionary leap is heavily redefining the competitive landscape of the whole industry, as well as raising many challenges that the industry is facing today. The biggest challenge is the functional safety and fail-operational performance requirements, paired with highest levels of complexity. The value chain in the automotive industry is disrupted, with new contributors such as software companies entering the market and bringing different collaboration practices.

The Mc Kinsey and Company Report 2019, focusing on automotive software and electronics development up to 2030, confirms this: “In the upcoming years, software will become one of the strategic development areas for the automotive sector.” From the graphical representation below, it is evident that investments into development of software platform solutions are expected to keep rising in the future. ADAS systems are getting more and more complex and include growing number of different interacting elements. All these elements need to deliver fail-operational & real-time, safety-critical performance in order to gain acceptance from the public.

Breakdown of software development efforts into domain [USD billions] (Source: Mc Kinsey & Company, Graphics: TTTech Auto)

When talking about future trends in the automotive industry development, embedded real-time computer systems take a significant role in managing complexity of real-time technologies by allowing for new functional capabilities of a system and for easy integration of different applications.

“In the future, embedded real-time systems will form the most important market segment for real-time technology.”

Prof. Dr. Kopetz, Real Time Systems

From the aspect of economy market requirements, it is strongly justified to replace the old mechanical/electronic control systems with more financially viable, embedded real-time computer systems. However, with the growing number of automated functions in today’s vehicles, requirements on such embedded systems become very strict, requesting for smart and dependable designs that allow for safe execution of tasks as well as fail-operational performance.

With higher system requirements and tighter timing constraints, an embedded real-time computer system becomes increasingly difficult to manage. The complexity and interdependencies are calling for an orchestration layer, a centralized solution platform that can serve as a focal point for computing, prioritizing and execution of the tasks as well as the required services, to achieve the desired behavior of the vehicle. This kind of a central task manager must ensure a responsive environment for safety-critical missions by synchronizing each interacting part of a complex real-time computer system. MotionWise is a platform solution that efficiently answers a number of challenges posed by the automotive industry of today.

We answered.

MotionWise is a safety software platform aiming at supporting highest levels of automated driving. It ensures that all the parts of a complex real-time computer system interact in a predictable and aligned way by bringing freedom from interference. MotionWise is based on a time-aware approach, a generalized variant of a time-triggered technology, which allows for deterministic behavior of the entire system. It complies with ASIL D (Automotive Safety Integrity Level), the highest safety level of ISO 26262 – Functional Safety for Road Vehicles standard.

From the perspective of software, we can say that the software “thinks in layers”. If we define them top-down as the application layer, safety platform layer, operating system layer and a communication protocol layer, roughly speaking, MotionWise would be the central orchestration layer ensuring predictable and safe operation of the system. It offers a framework for the applications’ efficient functioning with implemented scheduling, communication, and other mechanisms.

MotionWise – Safety Software Platform

With its Platform Integration Services: Automotive, Communication, Time, AD Support, Development, Safety and Scheduling services, MotionWise ensures a homogenous environment for heterogeneous elements of different safety criticalities. It also incorporates an extensive toolkit comprised of MotionWise SDK (Software Development Kit) and MotionWise Creator. Every element of MotionWise is continuously evolving with top level engineers dedicating their efforts to product development. Premium engineering services as well as supporting tools empower the customers to seamlessly integrate, test and cross-validate applications from varying sources, resulting in a larger service agility and an end-to-end solution.

MotionWise manages high levels of complexity and enables the convergence of software functions on one platform as well as ensures seamless integration of all solution elements, while delivering fail-operational performance. It is designed to tackle the challenges brought by automation requirements and to accelerate the OEMs journey towards highly automated driving, safely and reliably.

Marija Sokcevic Author
About the Author
Marija Sokcevic is a Technical Content Manager at TTTech Auto. She holds a master’s degree in Physics from the University of Zagreb. One of her greatest passions is to link creativity and technology by expressing the most recent technological findings through different media.

 

Accelerate your journey towards highly automated driving with MotionWise safety software platform. MotionWise delivers safety by design and fail-operational performance while managing the high complexity of solution elements. As a result, OEMs and Tier 1 suppliers can benefit from faster time-to-market for their automated driving projects and increased competitive edge at reduced costs.

 Stay informed about the most recent technological findings in the automotive industry – visit us at www.tttech-auto.com and follow us on LinkedIn for more on this exciting topic.