Fail-Operational Decentralized Automotive System Architectures

With the advent of autonomous driving, existing fail-safe technologies are reaching their limits. With the absent of a driver as a fall-back level, a shutdown or switch to a safe state will be no option for many safety-critical applications . Thus, fail-operational approaches are necessary to enable autonomous driving at level 5. However, adding redundancy to keep applications fail-operational is costly. New decentralized software platform architectures allow to move functions between ECUs at run-time and offer new ways to support fail-operational approaches. In a failure-scenario the safety-critical functions of a failed ECU could be executed by the remaining ECUs in the system. In such a case, graceful degradation techniques can be used, to shut down less critical applications and free sufficient resources.  The goal of this research is to achieve efficient decision making and reorganization at run-time. In a first step, methods to derive criticality hierarchies are being investigated to obtain a fine-grained differentiation between applications.