The safety-relevant portion of the action is handled by an Aurix multicore microcontroller from Infineon. “You need to differentiate between the computational tasks associated to the graphical procedures and the really safety-critical decision making,” explains Thomas Boehm, Senior Director, Chassis and Safety Microcontrollers at chipmaker Infineon. “For decision-making and communications, the real-time requirements are significantly higher.” These tasks have to meet high functional safety standards such as ISO 26262, and the Aurix architecture therefore provides lockstep mechanisms – two identical cores that perform the same computational tasks; if the results do not match, a safety interrupt stops the system.
The communication between the application processor and the host processor occurs across a high-performance Ethernet switch on the PCB, implemented in an Altera Cyclone 5 FPGA. Additionally, this chip is responsible for the central timing and functions on the board, “a very important aspect”, the Audi spokesperson notes. The Ethernet bus within the zFAS board is not the same Ethernet we it from our office computers, but instead a species of deterministic Ethernet developed by Austrian technology company TTTech. This company also developed the middleware layer that enables the platform to run multiple virtual machines in a safe and secure manner. The middleware is compatible to the Autosar, the automotive standard software framework, explains Marc Lang, Director Sales & Marketing Automotive at TTTech. “The virtual machines with their applications are hermetically separated against each other to make sure that they have no mutual interaction”, Lang says. “The communication between tasks runs across the middleware layer.”
Audi’s zFAS design has already stimulated similar efforts across the automotive industry, Lang and Boehm acknowledge unanimously. Driven by the desire of carmakers to reduce the complexity of automotive control electronics - today, already a medium-sized vehicles run some 80 separate electronic control units, each one for a single task – OEMs transplant the basic architecture of the zFAS to other real-time critical domains like chassis control. The computing power and functional safety of this architecture enables innovative functions like torque vectoring or four-wheel steering, Lang says. Aurix is not the only architecture deployed in this environment; Lang says that he also has seen implementations with Renesas or NXP (formerly Freescale) processors. Nevertheless, Infineon holds a strong position in this field. “We know several OEMs that will bring their Aurix-based systems to the market in 2016”, says Boehm. In particular the usual suspects among the European premium OEMs are on the starting blocks. Including Audi himself: The carmaker already has plans to apply the zFAS approach to other domains beyond driver assistance. In the future, there will be only eight domain controllers instead of dozens of dedicated ECUs”, the Audi spokesperson quotes E/E development manager Rick Hudy.