Safe Adaptive Software for Fully Electric Vehicles

The automotive industry faces an era of rapid change with the advent of electric drive trains. The trend towards electric vehicles also means a shift to full electric control of existing and new functions. This requires a dramatic change of a vehicle´s system architecture. Highly integrated subsystems, like wheel-hub drives and brake-by-wire systems, require innovative hardware approaches and software implementations to adress their safety-critical nature. As a result, the overall Electric/Electrical (E/E) vehicle architecture is becoming extremely complex.

Within the EU-funded project SafeAdapt (Safe Adaptive Software for Fully Electric Vehicles), a consortium of 9 partners from six European countries was making innovative changes to the E/E architecture. These concepts reduce the complexity of the system by generic, system-wide fault and adaptation handling. This leads to better reliability even during outages, improved active safety and optimised resources. SafeAdapt followed a holistic approach for building adaptable systems in safety-critical environments, including tool chain support, reference architectures, modelling of system design and validation & verification.

For safe runtime adaptation, the specific system behaviour in different modes and configurations has to be known and validated at runtime. The adaptation specification encompasses the definition of diverse configurations, adaptations, as well as requirements to be met, such as maximum switching delays between configurations. Safe adaptation is modelled during the design process of the system architecture, which can be based on existing modelling languages such as UML, EAST-ADL and AUTOSAR. This enables early verification and validation of a system's non-functional requirements such as adaptability. Based on the system model, valid configurations taking into account all failure scenarios can be generated automatically. This is compliant to the AUTOSAR standard, faciliating a deployment to diverse Electronic Control Units (ECUs) and off-the-shelf toolchains. Thereby, SafeAdapt provides a technologyneutral solution for enabling safe adaption of future vehicle ICT systems.

Another step in designing today’s E/E systems is the assessment process for each new vehicle model according to the functional safety standard ISO26262. SafeAdapt addressed this issue by identifying and using respective concepts from the ISO26262, e.g. its Safety-Element-out-of-Context (SEooC). Through the latter, software components can be integrated as reusable components in different vehicles, without the need to recertify them in every single system to be developed. For example, the developed Safe Adaption Platform Core is considered as SEooC, which can be verified once and reused within different platforms.

The SafeAdapt approach is designed to:

• reduce the complexity and the hardware cost of safety-critical systems
• handle failures in safety-critical systems through adaptation/reconfiguration
• reduce development, testing and certification costs

In order to conduct a realistic evaluation, SafeAdapt integrated the resulting E/E architecture concept, as well as the hardware and software developed within the project, into an existing e-vehicle prototype platform. Moreover, the approach waas validated and evaluated in a car simulation environment.

The Fraunhofer Institute for Cognitive Systems IKS (former Fraunhofer ESK) offers its long-standing experience in the area of concepts for future E/E architectures to enable customers to incorporate such enhanced fail-operational behaviour into their own products. This may start from initial evaluation studies over design, tool implementations and prototypes. Contact us to discuss potential collaborations suiting your needs.