Helmut Fennel, Head of the Competence Centre for Automatic Controls and Software at the Automotive Systems Division of Continental AG says, "You could say that our MK II anti-blocking system from 1984 was the first embedded system in automotive engineering designed for safety to be ready for series production. It was the first to use processors".
The division, a leading technology partner in the global automotive industry, combines the extensive know-how of the Continental Teves and Continental Temic brands in the fields of vehicle safety, comfort, and powertrain performance. Attracting attention towards embedded systems in modern-day cars, Helmut says that embedded systems are fundamentally different from PCs, mobile phones, or other modern electronic devices. He adds, "A characteristic of embedded systems is the combined working effect of electronics and mechanics into a mechatronic system. If the ABS electronic control unit processes signals emitted by the electronic wheel revolution sensors that indicate a wheel lock is imminent, a hydraulic valve is activated that modulates the brake pressure at just this wheel to within the optimal friction range. Driving stability and steering control are maintained."
The development and production of the embedded system for brakes, for example, require an interdisciplinary team of sensor specialists, mechanical engineers and electronic hardware designers to co-operate very closely with one another. Software is the element that ties it all together. It insures that optimal system functioning is achieved with the most cost efficient hardware. Another critical element is the road test, where the complete function is evaluated to ensure that individual components are optimized at the proper points. "This know-how developed over decades and is now one of our strengths. We understand the dynamics of the vehicle, " says Fennel.
Sources close to Continental AG add that their road test engineers - often together with the developer of the respective system - venture out onto frozen lakes beyond the polar circle to demonstrate in practice that everything functions perfectly, just as the developers had planned. The pre-occupation with FME (Failure Mode and Effects Analysis) is very important for all participants, and even a bit abstract for the engineers as it concerns method, experience, and intuition. "We have to imagine the driving style of the person who will some day buy this car," says Fennel. "A driver should feel comfortable and safe in a car that responds exactly as expected of certain brand name products."
Resource management: exact software for the job
The realm of the software engineers encompasses such questions as whether the electronic stability control (ESC) functions late and rough or early and smooth to keep an unstable vehicle on the road. The algorithms developed by over 1000 software engineers control these functions. However, space is limited for their automotive software. A hard drive would be totally unreliable within the rough confines of an automobile. Much more frequent - also for cost reasons - is the use of single chip processors that can only be described in marketing jargon as "lean" software.
In 1984, at the time of the first Teves-ABS MK II, processors had only about four kilobytes of ROM storage. Today, the smallest ABS from Continental Teves stores up to 128 kilobytes - surprisingly little for the basis of all driver assistance systems, considering the fact that operating system of a PC requires several hundred kilobytes. The performance of the automotive software is even more amazing when one looks at the most highly developed system, the Electronic Stability Control (ESC). By evaluating the sensor inputs for speed, wheel speed, steering angle, lateral acceleration and yaw rate of the car, it can differentiate between where the driver wants to go and where the vehicle is really going. When gaps between driver intentions and actual behaviour of the vehicle become critical, perhaps because the street has suddenly turned slippery, the curve too narrow, or the steering movements too extreme, the ESC brings the vehicle back under control - within the range of what is physically possible. It throttles the engine and varies the braking force and duration on one or more of the wheels. The software that makes all of this possible requires approximately just one megabyte of storage space.
Real time requirements: all about milliseconds
It is understandable that such decisive operations must be conducted very quickly, that is, in real time. "A randomly determined time window, as with a PC, is out of the question," emphasizes Fennel. The embedded system in a vehicle must react within milliseconds - in all conditions, for the entire lifetime of the vehicle.
Further, many of the functionalities demand that the software possess almost visionary powers, as for example, the ARP (Active Rollover Protection). Continental Teves developed this system especially for vehicles with high profiles or high centre of gravity and are thus prone to tip over easily when making sharp turns too quickly. ARP is a predictive system. It calculates the next steering action based on the most recent steering actions and the response of the vehicle. If there is a high probability that this is leading to an unstable situation, the ARP intervenes to increase the stability of the vehicle by taking preventive measures in motor management and gradual application of the brakes.
The future: hybrid drives and networked systems
The hybrid drive is particularly complex in view of the embedded system being introduced into new cars. Continental Automotive Systems is one of the very few European suppliers delivering this technology to production vehicles. The development of the software for this system is one of the most exciting projects in the automotive industry because hybrid cars combine a conventional combustion engine with an electric drive and require a cleverly-designed energy management system between the motor, the batteries, the transmission, and the brake systems.
Different challenges are brought about by the increasingly networked electronic systems in the vehicles. According to Fennel, this is the logics next step into the future: "The embedded systems today represent a symbiosis of electrical, electronic, mechanic, and sensor technology where parts are interwoven and highly integrated. Now, we must open up the embedded systems and standardize their components. This will facilitate a higher-level networking of the complete vehicle and provide benefits such as sensor sharing, i.e., the common use of sensor signals by multiple systems." A program known as AUTOSAR (Automotive Open System Architecture) is a co-operative development effort between automobile manufacturers and suppliers like Continental AG to produce the necessary standardised software architecture.
At least in theory, such networking poses the inherent danger that a virus could be introduced during an engine tuning via chip, or even mobile telephone or the Internet into the on-board computer. The embedded systems from Continental are already protected from viruses. The software is embedded into the hardware, partly in a mask ROM that can no longer be changed and partly programmed in a flash memory with access security. Additionally, all input signals are checked for plausibility, making it far more likely the ABS or ESC would switch over to an emergency program before initiating any counterproductive actions. "After each engine start everything is once again as it should be," says Fennel, because the virus can only attack the memory where the measured and computed data are stored. "This memory is reinitialized each time the ignition switch is turned." Nevertheless, the entire on-board computer network must be immunized against external attack. This is among the responsibilities of the overall system integrator - the automobile manufacturer.
There is simply no alternative to networking, as it enables the implementation of new functions, such as the APIA (Active Passive Integration Approach) with reduced costs. This is the name given to a network of active and passive safety systems being developed at Continental Auto-motive Systems. According to the vision, a car equipped with APIA can better avoid accidents and reduce injuries through autonomous braking by conditioning seat belts and airbags in time before the inevitable crash as well as by electrically repositioning seats and closing windows and the sun roof. This potential protection level would not be feasible if systems like seats, window lift, and brakes - that originally have nothing to do with each other - were not networked and integrated with new sensors for monitoring the vehicle B environment.