Automotive embedded systems software reprogramming

This thesis was submitted for the degree of Doctor of Philosophy and was awarded by Brunel UniversityThe exponential growth of computer power is no longer limited to stand alone computing systems but applies to all areas of commercial embedded computing systems. The ongoing rapid growth in intelligent embedded systems is visible in the commercial automotive area, where a modern car today implements up to 80 different electronic control units (ECUs) and their total memory size has been increased to several hundreds of megabyte. This growth in the commercial mass production world has led to new challenges, even within the automotive industry but also in other business areas where cost pressure is high. The need to drive cost down means that every cent spent on recurring engineering costs needs to be justified. A conflict between functional requirements (functionality, system reliability, production and manufacturing aspects etc.), testing and maintainability aspects is given. Software reprogramming, as a key issue within the automotive industry, solve that given conflict partly in the past. Software Reprogramming for in-field service and maintenance in the after sales markets provides a strong method to fix previously not identified software errors. But the increasing software sizes and therefore the increasing software reprogramming times will reduce the benefits. Especially if ECU’s software size growth faster than vehicle’s onboard infrastructure can be adjusted. The thesis result enables cost prediction of embedded systems’ software reprogramming by generating an effective and reliable model for reprogramming time for different existing and new technologies. This model and additional research results contribute to a timeline for short term, mid term and long term solutions which will solve the currently given problems as well as future challenges, especially for the automotive industry but also for all other business areas where cost pressure is high and software reprogramming is a key issue during products life cycle

Extensible FlexRay communication controller for FPGA-based automotive systems

Modern vehicles incorporate an increasing number of distributed compute nodes, resulting in the need for faster and more reliable in-vehicle networks. Time-triggered protocols such as FlexRay have been gaining ground as the standard for high-speed reliable communications in the automotive industry, marking a shift away from the event-triggered medium access used in controller area networks (CANs). These new standards enable the higher levels of determinism and reliability demanded from next-generation safety-critical applications. Advanced applications can benefit from tight coupling of the embedded computing units with the communication interface, thereby providing functionality beyond the FlexRay standard. Such an approach is highly suited to implementation on reconfigurable architectures. This paper describes a field-programmable gate array (FPGA)-based communication controller (CC) that features configurable extensions to provide functionality that is unavailable with standard implementations or off-the-shelf devices. It is implemented and verified on a Xilinx Spartan 6 FPGA, integrated with both a logic-based hardware ECU and a fully fledged processor-based electronic control unit (ECU). Results show that the platform-centric implementation generates a highly efficient core in terms of power, performance, and resource utilization. We demonstrate that the flexible extensions help enable advanced applications that integrate features such as fault tolerance, timeliness, and security, with practical case studies. This tight integration between the controller, computational functions, and flexible extensions on the controller enables enhancements that open the door for exciting applications in future vehicles

A Quantitative Analysis of Interfaces to Time-Triggered Communication Buses

@ 2021 IEEE. The is the version of record of an article which will be published in final form at https://dx.doi.org/10.1109/TNET.2021.3073460. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see (https://creativecommons.org/licenses/by/4.0/).Nodes connected to a time-triggered (TT) network can access the network interface in two different ways, synchronously or asynchronously, which greatly impacts communication timing and message lifespans (i.e., the time from writing a message to its send buffer till the time when the message is read by the receiver). In this paper we present a clear timing model to reason about the timing variation possible with TT interfaces. This model facilitates the quantitative analysis of the message lifespans of synchronous and asynchronous TT interfaces. Further, we develop a tool to search for node and network configurations that minimise or maximise message lifespans. We show that choosing the right configuration for synchronous interface access can reduce message lifespan significantly (we observed a factor of 9 even for small scenarios). While industrial practice typically is to choose a slot allocation a priory, we show that optimising the slot allocation in coordination with task scheduling gives an extra edge in obtaining minimal message lifespans. For nodes with synchronous interface access, the tool determines the parameters needed to obtain minimal message lifespan and jitter.Peer reviewe

Design of in-vehicle networked control system architectures through the use of new design to cost and weight processes : innovation report

Over the last forty years, the use of electronic controls within the automotive industry has grown considerably. In-vehicle network technologies such as the Controller Area Network (CAN) and Local Interconnect Network (LIN) are used to connect Electronic Control Units (ECU) together, mainly to reduce the amount of wiring that would be required if hardwired integration were used. Modern passenger cars contain many networks, which means that for the architecture designer, there is an almost overwhelming number of choices on how to design/partition the system depending on factors such as cost, weight, availability of ECUs, safety, Electro-Magnetic Compatibility (EMC) etc. Despite the increasing role played by in-vehicle networks in automotive electrical architectures, its design could currently be described as a “black art”. Not only is there an almost overwhelming number of choices facing the designer, but there is currently a lack of a quantifiable process to aid decision making and there is a dearth of published literature available. NetGen is a software tool used to design CAN/J1939, LIN and FlexRay networks. For the product to remain competitive, it is desirable to have novel features over the competition. This report describes a body of work, the aim of which was to research in-vehicle network design processes, and to provide an improvement to such processes. The opportunities of customer projects and availability of customer information resulted in the scope of the research focusing on the adoption of LIN technology and whether the adoption of it could reduce the cost and weight of the target architecture. The research can therefore be seen to address two issues: firstly the general problem of network designers needing to design in-vehicle network based architectures balancing the needs of many design targets such as cost, weight etc, and secondly the commercial motivation to find novel features for the design tool, NetGen. The outcome of the research described in this report was the development of design processes that can be used for the selection of low cost and weight automotive electrical architectures using coarse information, such as that which would be easily available at the very beginning of a vehicle design programme. The key benefit of this is that a number of candidate networked architectures can be easily assessed for their ability to reduce cost and weight of the electrical architecture

A qualitative cybersecurity analysis of time-triggered communication networks in automotive systems

© 2023 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY license. (http://creativecommons.org/licenses/by/4.0/).Security is gaining increasing importance in automotive systems, driven by technical innovations. For example, automotive vehicles become more open systems, allowing the communication with other traffic participants and road infrastructure. Also, automotive vehicles are provided with increased autonomy which raises severe safety concerns, and consequently also security concerns – both concerns that interweave in such systems. In this paper we present a qualitative cybersecurity analysis by comparing different time-triggered (TT) communication networks. While TT communication networks have been analysed extensively for dependability, the contribution of this work is to identify security-related benefits that TT communication networks can provide. In particular, their mechanisms for spacial and temporal encapsulation of network traffic are instrumental to improve network security. The security arguments can be used as a design guide for implementing critical communication in flexible network standards like TSN.Peer reviewe

Formal Modelling and Verification of the Clock Synchronization Algorithm of FlexRay

The hundreds of electronic control devices used in an automotive system can effectively communicate with one another, thanks to an in-vehicle network (IVN) like FlexRay. Even though every node in the network will be running on its local clock, a global notion of time is essential. The clock synchronisation algorithm accomplishes this global time between the nodes in FlexRay. In this era of self-driving cars, the vehicle’s safety is paramount. For the vehicle to operate safely and smoothly, timely communication of information is critical, and the clock synchronisation algorithm plays a vital role in this. It is essential to formally test the clock synchronisation algorithm’s correctness. This paper attempts to model and verify the clock synchronisation algorithm of FlexRay using formal methods, which in turn enhance the reliability of safety-critical automotive systems. The clock synchronisation is modelled as a network of six timed automata in the UPPAAL model checker. Three system models were developed, a model for an ideal clock, another for a drifting clock, and a third model considering propagation delay. The precision of the clocks is verified to be within the prescribed limits. Simulation studies are also conducted on the model to ensure that the clock’s drift is always within the precision