Safe Adaptive Software for Fully Electric Vehicles

The automotive industry faces an era of rapid change with the advent of electric drive trains. The trend towards electric vehicles also means a shift to full electric control of existing and new functions. This requires a dramatic change of a vehicle´s system architecture. Highly integrated subsystems, like wheel-hub drives and brake-by-wire systems, require innovative hardware approaches and software implementations to adress their safety-critical nature. As a result, the overall Electric/Electrical (E/E) vehicle architecture is becoming extremely complex.

Privacy warning

With the click on the play button an external video from www.youtube.com is loaded and started. Your data is possible transferred and stored to third party. Do not start the video if you disagree. Find more about the youtube privacy statement under the following link: https://policies.google.com/privacy

Safe Adaptation E/E-Architecture

Within the EU-funded project SafeAdapt (Safe Adaptive Software for Fully Electric Vehicles), a consortium of 9 partners from six European countries was making innovative changes to the E/E architecture. These concepts reduce the complexity of the system by generic, system-wide fault and adaptation handling. This leads to better reliability even during outages, improved active safety and optimised resources. SafeAdapt followed a holistic approach for building adaptable systems in safety-critical environments, including tool chain support, reference architectures, modelling of system design and validation & verification.

SafeAdapt Platform Core Enables Efficient Redundancy

Fully electric vehicles have a very special set of requirements, in particular with respect to safety. As an example, in vehicles with electric wheel-hub drive, no clutch can separate the transmission from the engine. In order to safely stop the vehicle, the software for controlling the drive train must ensure that the specified behaviour is adhered to even in case of failure.

SafeAdapt established a so-called Safe Adaption Platform Core, combining different existing platforms with adaptive data communication in order to achieve the ambitious goal of cost-effective redundancy in safety-critical systems. This approach allows the tailored adaptation of redundancy concepts based on reconfiguration capabilities. This is achieved through the intelligent use of available CPU resources and fault tolerant, time-triggered networks. Through this, so-called fail-operational behaviour of the E/E architecture can be realised efficiently, e.g. graceful failure handling.

Furthermore, problem handling takes considerable effort in system development and also diminishes the reusability of software components since problem resolution currently depends on the underlying hardware platform. This is why software is always designed for a specific vehicle model in today’s environment. This results in too little reuse of the vehicle software components or architectures. The generic failure and adaptation handling used in the SafeAdapt approach resulted in significantly better software reusability.

SafeAdapt Provides Design and System Architecture

© Fraunhofer ESK
In the SafeAdapt project researchers are developing an adaptive architecture for electric vehicles.

For safe runtime adaptation, the specific system behaviour in different modes and configurations has to be known and validated at runtime. The adaptation specification encompasses the definition of diverse configurations, adaptations, as well as requirements to be met, such as maximum switching delays between configurations. Safe adaptation is modelled during the design process of the system architecture, which can be based on existing modelling languages such as UML, EAST-ADL and AUTOSAR. This enables early verification and validation of a system's non-functional requirements such as adaptability. Based on the system model, valid configurations taking into account all failure scenarios can be generated automatically. This is compliant to the AUTOSAR standard, faciliating a deployment to diverse Electronic Control Units (ECUs) and off-the-shelf toolchains. Thereby, SafeAdapt provides a technologyneutral solution for enabling safe adaption of future vehicle ICT systems.

Reuse of Software Components by Modular Certification

Another step in designing today’s E/E systems is the assessment process for each new vehicle model according to the functional safety standard ISO26262. SafeAdapt addressed this issue by identifying and using respective concepts from the ISO26262, e.g. its Safety-Element-out-of-Context (SEooC). Through the latter, software components can be integrated as reusable components in different vehicles, without the need to recertify them in every single system to be developed. For example, the developed Safe Adaption Platform Core is considered as SEooC, which can be verified once and reused within different platforms.

Proof-of-Concept Using Full-Scale Prototype E-Vehicle

The SafeAdapt approach is designed to:

  • reduce the complexity and the hardware cost of safety-critical systems
  • handle failures in safety-critical systems through adaptation/reconfiguration
  • reduce development, testing and certification costs

In order to conduct a realistic evaluation, SafeAdapt integrated the resulting E/E architecture concept, as well as the hardware and software developed within the project, into an existing e-vehicle prototype platform. Moreover, the approach waas validated and evaluated in a car simulation environment.

Support and Services

The Fraunhofer Institute for Cognitive Systems IKS (former Fraunhofer ESK) offers its long-standing experience in the area of concepts for future E/E architectures to enable customers to incorporate such enhanced fail-operational behaviour into their own products. This may start from initial evaluation studies over design, tool implementations and prototypes. Contact us to discuss potential collaborations suiting your needs.

SafeAdapt was funded through the European Union Seventh Framework Programme - Grant agreement No 608945