Automotive Embedded Systems ? Lots of Standards
March 18, 2019
Story
The auto industry has a complex supply chain, so compliance with standards is easier to manage than individual, very detailed specifications.
Complexity never, in itself, impresses me. I can be impressed by people's ability to understand complex ideas and create complex machines, but a truly elegant and simple solution is always what gives me most pleasure. This might beg the question as to why I work in software - a business well known for creating incredibly complex things. I often ask myself the same question.
Systems where there are safety issues are a particular concern and a context, which is of interest to us all, is automotive systems ...
When I first got a car (in 1975) there were really no electronic systems in vehicles at all. A few high-end models had "electronic ignition," but that was very primitive analog electronics that barely counts. That has all changed. Modern cars - even basic models - have dozens of microprocessors and microcontrollers, which span the complete spectrum of power/complexity from tiny 4-bit controllers to monster 32-bit (maybe 64-bit) supercomputers on a chip. Every system is electronic, and a variety of design approaches are applicable. The degree of safety criticality in automotive systems varies and this has a significant effect on how they are implemented.
I am not a specialist in the automotive business, but I observe a particular characteristic that seems specific to car makers: they are very keen on standards. I believe that this comes about because, apart from being good business practice to take standards-based approaches to design when possible, the auto industry has a complex supply chain, so compliance with standards is easier to manage than individual, very detailed specifications. Some of the standards that apply to electronic systems in cars (not an exhaustive list):
- CAN Bus - a means to reliably connect numerous systems together whilst minimizing the amount of wiring.
- MISRA C (and C++) - a detailed set of guidelines in the use of this language in a safety critical system, like a car.
- OSEK/VDX - a standard for real time operating systems used in such systems in cars.
- Genivi - a standard for Linux based systems used for in-car infotainment systems.
Although MISRA C has always interested me (and I serve on the MISRA C Working Group), I am particularly focused today on the two operating system standards.
OSEK/VDX is a standard for RTOSes destined for use in automotive control systems. It was designed from the ground up for this purpose and incorporates the key characteristics needed for a safety critical system. The key feature is a lack of dynamic objects; everything is created statically at build time. The intrinsic simplicity of this implementation makes total sense to me, as it does not constrain the software designer significantly and eliminates a significant potential source of system failure. It is unsurprising that other industries are taking an interest in the standard. OSEK/VDX RTOSes are available from a number of vendors; it is also encompassed by AUTOSAR, which is a broader standard.
Most of the driver-facing systems in a car are not hard real time and do not have harsh safety requirements. So, Linux is a good choice, as it opens up the availability of a wide range of off-the-shelf software components. Genivi is a standard for the implementation of Linux in this context.
A closing note: the complexity of automotive systems means that deployment of a hypervisor – one optimized for embedded applications – becomes very attractive. This ensures isolation between sub-systems, thus increasing security and reliability.