1 option
Techniques and Measures for Improving Domain Controller Availability while Maintaining Functional Safety in Mixed Criticality Automotive Safety Systems Delphi Deutschland GmbH
- Format:
- Conference/Event
- Author/Creator:
- Gandhi, Gandhi, author.
- Conference Name:
- SAE 2013 World Congress & Exhibition (2013-04-16 : Detroit, Michigan, United States)
- Language:
- English
- Physical Description:
- 1 online resource
- Place of Publication:
- Warrendale, PA SAE International 2013
- Summary:
- With the advent of AUTOSAR version 4 and the availability of automotive specific multicore microcontrollers in volume production it is now possible to make very large scale integrations of different vehicle functions in a single ECU, running on a single high performance microcontroller. These microcontrollers typically provide all the hardware diagnostic mechanisms to achieve functional safety up to ISO 26262 ASILD, however careful consideration must be made in regard to the overall availability when undertaking large scale integrations in a single MCU. The motivation is clear. Up integration reduces costs, energy usage, wire harness complexity, and system bus traffic. However, when a multicore microcontroller is running different software for different applications on each of the available cores, if a fault is detected in one core the side effects and fault reactions must be contained, to prevent the fault propagating to other cores and applications. AUTOSAR version 4 does not implement any specific measures for fault containment, and, to the contrary, relies on a cooperative OS application model to work successfully. The challenge is to retain a high level of system availability but still meet the rigorous fault metrics defined in ISO 26262 by providing additional strategies for fault containment, fault classification, and function degradation. This paper describes the motivation for up-integration of functions on a domain controller ECU, shows the technologies required, and provides some solutions and workarounds for multicore microcontrollers running AUTOSAR version 4 in a mixed criticality safety system
- Notes:
- Vendor supplied data
- Publisher Number:
- 2013-01-0198
- Access Restriction:
- Restricted for use by site license
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.