link to the Technological Research Web site
link to the CEA Web site
 
 

 

LIST news
 


More reliable automotive controllers providing mixed functions

Project partners: Renault, Valéo, Trialog, CNRS, Loria, IRCCYN

Automotive manufacturers aim to reduce the number of controllers in future system architectures in order to reduce their cost and power footprint. This means that functions of varying criticality (trust) must coexist, demanding enhanced automotive controller security to prevent any interference between them.
In the SCARLET project (Num@tec/System@TIC), the CEA’s LIST is designing and producing fault detection and isolation mechanisms to ensure faultless operation and an acceptable level of system availability. These techniques, which are globally implemented (application-independent and constantly active), are based on the effective use of hardware protection mechanisms (MPU, timers and operating modes) and the automatic configuration of protective barriers preventing any interference between functions. As a result, the system is always stable, can continue to operate in degraded mode, and can resume controlled operation of the faulty function to ensure improved availability.

scarlet The first model of these mechanisms was produced using a S12XEP100 (Freescale) microcontroller, for which a streamlined automotive version of the application providing CAN communications and realtime I/O management was developed. Errors (incorrect addressing, CPU overloading and faulty interrupt bursts) were then injected into it. The faulty function is then confined, allowing other functions to continue their real-time computing while the faulty task is resumed within the time specified in the design. Unlike existing onboard automotive controllers, which must restart with the result that none of their functions are available until they enter their nominal mode, LIST’s solution offers an unprecedented level of availability.
solution offers an unprecedented level of availability. The result of the innovative solution is even more significant because it meets the future ISO26262 automotive standard’s highly stringent security requirements (ASIL D) without increasing the production cost. The protection it provides generates time savings, as the generic mechanisms are automatically configured by the support tools without requiring any development work and simplify troubleshooting.
Lastly, the technology demands significantly fewer resources, as the level of protection provided means that some existing memory- and CPU-hungry mechanisms can be eliminated. The approach also contributes to the critical and expensive function deployment phase and provides a necessary foundation for the coexistence of not only the application functions but also the system layers, with their different inherent designs and criticalities.



 
 
 
 
CEA LIST - Updated on 21 April 2009 . Disclaimer © CEA 2004 - All rights reserved
   
 
Search by keywords
 

 
lien vers la version française de ce site
  
write an email to the webmaster
  
LIST website map
  
 
link to the letter A page link to the letter B page link to the letter C page link to the letter D page link to the letter E page link to the letter F page link to the letter G page link to the letter H page link to the letter I page link to the letter J page link to the letter K page link to the letter L page link to the letter M page link to the letter N page link to the letter O page link to the letter P page link to the letter Q page link to the letter R page link to the letter S page link to the letter T page link to the letter U page link to the letter V page link to the letter W page link to the letter X page link to the letter Y page liink to the letter Z page