Electronic control system partitioning in the autonomous vehicle
These new advanced vehicles functions present a whole new challenge to the already complex vehicle electronic systems. They are driving demand for higher compute performance, more connectivity, increased levels of safety and security as well as new system partitioning to offer a cost efficient implementation.
There are many opinions on market development with predictions of up to 75% of all vehicles being fully autonomous by 2040. Consumer acceptance and legislative governance will dictate autonomous vehicle proliferation in the market. OEMs are starting to introduce forms of autonomous vehicles, initially with limited applications such as intelligent cruise control, lane change assist, emergency brake, and parking assist, but we already see higher levels of autonomous control in industrial applications such as farming and mining.
For these autonomous applications, the system must monitor the external surroundings and the vehicle’s driver in addition to the vehicle systems and dynamics. It has to observe multiple conditions and activities occurring around the vehicle, predict the most probable outcome of the conditions and events, and then choose the best course of action.
Each decision potentially creates a new driving scenario in addition to the dynamic external conditions and will demand a rapid response in microseconds. All of this translates into an extreme increase in workload for the electronic control systems in today’s vehicles.
Autonomous passenger cars will be realized through incrementally adding assisted-drive and navigation assist features that increasingly shift control away from the driver to the vehicle. These new features will require a parallel and unprecedented increase in sensor technology, data bandwidth, processing performance, safety and security capabilities of the electronic control systems.
The initial path already taken by some car makes for the integration of assisted-drive features is that of a partial domain controller. In this example sensor fusion and decision making functions are added to existing distributed vehicle systems connecting through a network interface.
The control system ECU functions are mostly unchanged while adding new application dedicated hardware and adaptations to cooperate with the automated drive system. This approach is acceptable for limited automated or assisted-drive features, but will not be adequate for a fully autonomous vehicle where more control is directed independently by system and not the driver requiring decision making at the vehicle level as well as precise interaction between lower level nodes and data sharing between the sensing and control points for, powertrain, steering and braking, and decision making functions with fast control loop update rates.
Maintaining full local decision making functions in each of the distributed vehicle systems would result in an overly complicated implementation requiring extremely high communication bandwidth, and would likely have inadequate overall response time because of the need to arbitrate between independently made decisions. Since every action taken by an autonomous vehicle system results in a new scenario, the action of each control function must be precisely synchronized.
Transformation trends in automotive network for autonomous vehicle applications
This massive increase in system interaction and connectivity, including the Cloud and V2X is expected to drive a migration from todays distributed systems to a more centralized. One example of this is where cars implement a high-level vehicle controller managing the overall autonomous strategy.
These vehicle controllers will need microprocessors with high level of performance. In some implementations a lower intermediate class of controller may also be included in the form of domain controller. The centralized system will consolidated decision-making function defining the higher-level response of the vehicle and passing strategy information to the lower levels of the system.
Evaluation and development of the high level controller needs is not a trivial task and requires a flexible environment to identify the most effective solution for system developers. Freescale has created a powerful development environment called the Blue Box which offers developers a hardware environment to rapidly evaluate different needs.
It offers high end microprocessor compute performance based on networking microprocessor capabilities and flexible robust, functionally safe automotive microcontroller features packaged with a Linux BSP to provide desktop like development of the embedded system.
Due to the up-integration of the control functionality to the high-level domain controllers there is the potential to reduce the computational performance and memory requirements for the now lower level vehicle dynamics ECUs. These low-level ECU’s will focus on the sensor/actuator interface, providing the data collection and transforms which will be used by the autonomous vehicle systems to determine vehicle course and control dynamics.
The vehicle dynamics systems will also provide the low-level, real-time control interface to the various motor, solenoid, and relay drivers. As the I/O interface becomes the primary role of these devices the integration of sensors and high-voltage drivers in these microcontrollers will increase as will and hybrid technologies or system-in-package (SiP) solutions offering CMOS logic, high voltage, high performance, and RF technologies.
Even if a major consolidation of ECUs does not occur in tomorrow’s vehicles, there is likely to be a reduction in the microcontroller offerings going forward. This will be due to both car makers and Tier1 suppliers need to share development across systems to maintain cost and by semiconductor suppliers offering fewer new products due to the incredibly high development costs for advanced technologies and products.
The need for the cars connection to external wireless networks such as cellular and WiFi to offer services and information sharing for autonomous drive functionality introduces new security attack surfaces. Coupling this trend with vehicles becoming increasingly capable of taking action that initiates a physical changes without the interaction of the driver such as braking and steering, it is critical that unauthorized access is prevented. The distributed nature of current vehicle control systems all provide multiple potential entry points for hackers.
Example of a projected autonomous vehicle Electronic Control System
It is expected that more ECUs in autonomous vehicle will require higher ISO-26262 certification due to direct involvement in the vehicle dynamics. The safe real-time interface with the vehicle dynamics systems will be performed by lower-level, local ECU’s. These systems will provide the first response to hard faults, but will defer overall recovery strategy to the centralized decision making controllers requiring these to also possess safety characteristics and for the approach to be designed into the complete architecture.
The evolution of assisted and automated-drive features into fully autonomous vehicles will significantly increase the workload of vehicle electronic control and information systems. It is expected that high-level changes to the control system architectures will be required to achieve desired functionality and to avoid large cost increases.
Short term, the addition of sensor fusion and local decision making functionality to existing nodes is capable of supporting the adoption of some assisted-drive functionality, but for higher levels of autonomous drive and the introduction for autonomous vehicles, a centralized electronic control system is emerging as the accepted architecture with a possible simplification of the lower level ECU’s.
With such a change comes the potential for a shift in the responsibility if a safety incident occurs which is related to the availability of the new autonomous features. Moving to such a centralized architecture sooner will assist in more rapid adoption of higher functionality as systems are enhanced.
About the authors:
James Scobie and Mark Stachew are systems engineers at Freescale – www.freescale.com