Automotive Architecture Topologies: Analysis for Safety-Critical Autonomous Vehicle Applications

Safety-critical systems such as Advanced Driving Assistance Systems and Autonomous Vehicles require redundancy to satisfy their safety requirements and to be classified as fail-operational. Introducing redundancy in a system with high data rates and processing requirements also has a great impact on architectural design decisions. The current self-driving vehicle prototypes do not use a standardized system architecture but base their design on existing vehicles and the available components. In this work, we provide a novel analysis framework that allows us to qualitatively and quantitatively evaluate an in-vehicle architecture topology and compare it with others. With this framework, we evaluate different variants of two common topologies: domain and zone-based architectures. Each topology is evaluated in terms of total cost, failure probability, total communication cable length, communication load distribution, and functional load distribution. We introduce redundancy in selected parts of the systems using our automated process provided in the framework, in a safety-oriented design process that enables the ISO26262 Automotive Safety Integrity Level decomposition technique. After every design step, the architecture is re-evaluated. The advantages and disadvantages of the different architecture variants are evaluated to guide the designer towards the choice of correct architecture, with a focus on the introduction of redundancy.

[1]  Mel Siegel,et al.  The sense-think-act paradigm revisited , 2003, 1st International Workshop on Robotic Sensing, 2003. ROSE' 03..

[2]  D. D. Ward,et al.  The uses and abuses of ASIL decomposition in ISO 26262 , 2012 .

[3]  Eric Sax,et al.  A Taxonomy and Systematic Approach for Automotive System Architectures - From Functional Chains to Functional Networks , 2017, VEHITS.

[4]  Kees Goossens,et al.  Component-Level ASIL Decomposition for Automotive Architectures , 2019, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[5]  Jonas Westman,et al.  Improved Pattern for ISO 26262 ASIL Decomposition with Dependent Requirements , 2019, 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C).

[6]  Myoungho Sunwoo,et al.  Development of Autonomous Car—Part II: A Case Study on the Implementation of an Autonomous Driving System Based on Distributed Architecture , 2015, IEEE Transactions on Industrial Electronics.

[7]  Alexandr Murashkin,et al.  Automated Decomposition and Allocation of Automotive Safety Integrity Levels Using Exact Solvers , 2015 .

[8]  Udo Dannebaum,et al.  Architectural Concepts for Fail-Operational Automotive Systems , 2016 .

[9]  Johan J. Lukkien,et al.  An architecture pattern for safety critical automated driving applications: Design and analysis , 2017, 2017 Annual IEEE International Systems Conference (SysCon).

[10]  Lars Reger The EE architecture for autonomous driving a domain-based approach , 2017 .

[11]  Michael Armbruster,et al.  RACE: A Centralized Platform Computer Based Architecture for Automotive Applications , 2013, 2013 IEEE International Electric Vehicle Conference (IEVC).

[12]  Kees G. W. Goossens,et al.  A Generic Method for a Bottom-Up ASIL Decomposition , 2018, SAFECOMP.

[13]  Rami I. Debouk,et al.  ASIL Decomposition: The Good, the Bad, and the Ugly , 2013 .

[14]  Martin Walker,et al.  Automatic allocation of safety integrity levels , 2010, EDCC-CARS.