An intro to the software-defined car

Modern cars are a combination of steel and silicon controlled by more than 100 million lines of code (MLOC). In an average vehicle today, that software runs on a network of hundreds of in-car controllers called electronic control units (ECUs).

ECUs are embedded processing subsystems that manage the various other vehicular subsystems, such as the engine, transmission, power steering, airbags, and brakes. Today, these controllers are interconnected via wires and cables that transmit signals and communicate dependencies. It works, but there are significant drawbacks to this architecture:

• Weight: The wires and cabling required to connect all these subsystems add significant weight to the vehicle, which impacts important consumer metrics like fuel economy.
• Maintenance: Increased component count means additional potential points of failure.
• Attack vectors: ECUs in connected cars are particularly vulnerable to cyber threats as internal vehicle networks often lack the defense mechanisms we expect on modern networks.
• Cost: Each additional logic device with its memory, interfaces, and packaging adds incremental cost to already cost-sensitive automotive designs.
   

Meanwhile, the desire to add more functionality in next-generation vehicles will continue to increase the amount of code in cars. For example, estimates put the software requirements for fully autonomous vehicles at somewhere between 300 and 500 MLOC.

These software-defined vehicle (SDV) architectures will become increasingly unmanageable if half a billion lines of code are distributed across hundreds of interconnected, interdependent yet separate vehicle controllers. These systems are only truly feasible if in-car processing architectures become more like data centers with consolidated resources than embedded systems.

Consolidating SDV Architectures

To understand the need for new vehicle architectures, consider the firmware over the air (FOTA) update process on a vehicle with hundreds of ECUs (some of which are daisy chained and many of which have strict dependencies), each running different firmware versions. The orchestration and management of such a process for even simple updates quickly becomes unmanageable.

Enter ECU consolidation, a movement to streamline the number and type of domain controllers in modern vehicles into fewer higher-performance, partitioned multi-core processors capable of managing multiple vehicle domains or subsystems simultaneously. The concept of ECU consolidation presents an alternative architectural approach with several compelling advantages. First, grouping functionalities significantly reduces complexity compared to current prevailing architectures. This results in a more manageable hardware and software stack, cleaner code, simplified integration, and easier maintenance as we proceed into the era of SDVs.

Second, the ECU consolidation model enhances development efficiency, as development teams can implement standardized tools and processes as they concentrate on logical vehicle domains and/or subsystems rather than a series of specific functions. This focused approach encourages collaboration, accelerates innovation, and ultimately reduces time to market for new features and updates.

Next, the consolidated architecture promotes OTA updates, as updating software becomes more manageable than updating hundreds of ECUs distributed across a car and the efficiency trade-offs that come with that approach. Furthermore, the smaller attack surface provided by the zonal approach makes the entire system more resilient to cyber threats. It allows for more robust security to be focused on a smaller number of platforms, thus improving overall system integrity.

Finally, the ECU consolidation approach contributes to cost-effective performance. Optimizing hardware and software requirements in fewer targets can generate significant cost savings. These optimizations can ensure that resources are utilized efficiently, providing an economic advantage in the overall cost of a vehicle.

Two main approaches to ECU consolidation have emerged to date: the centralized architecture and the zonal architecture.

Centralized Architectures

Imagine server-class multi-core processors or chiplets churning data in a vehicle’s core. This is a centralized architecture that replaces scattered islands of ECUs with a unified command center. This architecture manages all vehicle domains and functions, from engine control to advanced driver-assistance systems (ADAS), from a central point.

This monolithic approach offers several perks:

Streamlined updates and maintenance: Software updates become much easier, rolling out across the entire system in a single effort.

Boosted performance: By pooling resources, centralized architectures can greatly increase processing power, offering high-speed data crunching for complex autonomous driving algorithms.

Fortified security: One central hub simplifies security measures, offering a unified defense against cyber threats.

Cuts to cost and complexity: Fewer ECUs translate to less hardware, wiring, and overall complexity, resulting in cost savings and weight reduction.

However, centralization comes with its challenges. Putting multiple disparate functions into a single system requires precision integration work. There is also the possibility of a single point of failure, where a problem with one core device or clustered devices could seriously impact the whole car. To protect against this risk, careful redundancies must be implemented.

Zonal Architectures

Zonal architectures offer nuanced consolidation. Here, each vehicle domain is managed by its powerful zonal controller. These controllers handle specific domains while remaining interconnected with a central ECU that oversees all of a car’s functions.

This model has several advantages:

Modular design: Zonal architectures enable modularity and design isolation. Each zone operates independently, simplifying development and maintenance.

Scalability on demand: Adding new functionality by way of FOTA or otherwise is simplified because updates can target particular zones.

Flexibility and fault tolerance: Independent zones enhance system resilience. Zones remain interconnected yet isolated, so a failure in one zone won’t hinder the entire vehicle.

Reduced wiring headaches: The need for complex, sprawling wiring harnesses is diminished by grouping functionalities within zonal controllers.

However, this decentralized approach isn’t without trade-offs. Managing software across potentially heterogeneous hardware platforms in each zone introduces complexity. Because this architecture is hierarchical, with zonal controllers reporting to a higher-order ECU, software updates also become a multi-step process that requires careful coordination across zones.

Choosing the right architecture is a complex equation, balancing centralization’s efficiency with zonal architecture’s flexibility.

Virtualization and Containerization

While centralized and zonal architectures offer exciting pathways for ECU consolidation, they face an inherent challenge: running and managing numerous software workloads on less hardware. This is where virtualization and containerization (Figure 1) step in, acting as potent tools to unlock the full potential of SDVs.

Image caption: Figure 1: Application hosting architecture in virtualization and containerization environments. Image credit: Mouser Electronics. Click on image for a clearer view.

Virtualization: Virtualizing Processors

On a single physical multi-core hardware platform, virtualization technology can create one or more isolated execution environments. Called virtual machines (VMs), these environments can be allocated their own compute, memory, and I/O resources and host additional operating environments that coexist harmoniously— but separately — from software running in other VMs.

In an automotive context, each VM can house specific subsystem or domain functions like driver-assistance systems, infotainment, or powertrain controls. This isolation offers several benefits:

Improved performance: Virtualization ensures smooth resource allocation that prevents one application from monopolizing resources or crashing the entire system.

Flexible deployment: VMs can also serve as sandboxes that allow software-compatible environments to be spun up on an available processor core.

Containerization: Virtualizing Operating Systems

Containerization, on the other hand, packages application code, libraries, and dependencies into portable, standardized units ready to be deployed on top of virtualized operating systems. This approach offers further advantages:

• Resource efficiency: Unlike VMs, containers can share an underlying operating system, which minimizes resource footprint and maximizes hardware utilization.
• Ultimate portability: Containers can also be deployed on virtual operating systems, enabling massive portability and design flexibility as software can be created once and run almost anywhere.
   

In short, VMs create isolated execution environments, and containers enable efficient software packaging and deployment within these VMs. This opens myriad possibilities around mixed-criticality management, including the ability for safety-critical functions to reside in dedicated VMs while less critical applications run in others.

Virtualization and containerization can be leveraged to further unlock the advantages of ECU consolidation by enhancing scalability and flexibility and making adding and removing functionality easier. With virtualization and containerization paving the way, the journey toward SDVs becomes smoother and more efficient.

Conclusion

As the number of lines of code in cars rises to an expected 500 MLOC, traditional distributed ECU architectures will no longer work. Centralized and zonal ECU architectures hold promise as next-generation alternatives. However, using them likely means an investment in virtualization and containerization capabilities that ensure software workloads can coexist and improve speed, portability, and resource efficiency.

But their effects go far beyond just keeping things in good shape. Virtualization and containerization are changing how software is developed and deployed in vehicles. As part of future FOTA update strategies, they will enable the automotive industry to say goodbye to expensive recalls and inconvenient trips to the mechanic. Imagine adding new features, fixing critical bugs, and even customizing your driving experience through FOTA updates that work without any problems. This directly correlates with happier customers, less downtime, and a steady flow of income from remote purchases and upgrades that occur when owners have driven their cars off the dealership.

Utilizing the transformative power of centralized and zonal designs, we can make the car more than just a machine. It will become a dynamic, living innovation platform.

Reference:

1 “Global Automotive Supplier Study 2018,” Roland Berger, December 2017, 49, https://www.rolandberger.com/publications/publication_pdf/roland_berger_global_automotive_supplier_study_2018.pdf.

Top image credit: iStock.com/kaptnali