Wednesday, October 19, 2016

Crossroads - INNOTRANS 2016

Terry Staycer
Global Business Development Manager 

Readers of this blog might be interested in hearing how demands for software safety and security are growing not only in automotive, but in other transportation areas as well – specifically, the railway industry.

Last month in Berlin, the 11th annual largest global railway industry event took place.  It was a smashing four-day success in terms of attendance and powerful discussions.   I was honored to attend this event. Overall, the hot topics revolved around improving mobility issues, digitization in rail passenger and freight transport, and technology for digital services.  Safety and security  remain key points of concern.   

QNX's hardware partner, MEN Micro, introduced Internet on trains to ease passenger communication and increase convenience.  However, that comes with increasing risk in terms of bad actors' being able to hack into a rail network.  It is critical to ensure that rail systems are at their most secure and that there is no potential violation to a train.
Here is a summary of some other key takeaways from what is the leading trade fair for transport technology:

Evident Re-Focusing
There is a re-focusing of development regarding interlocking and signal control among many of the big rail players such as Alstom, Bombardier, GE, and many others.  Application code, hardware, electronics, and sensors are being outsourced. The rail industry is maturing like the automotive market.

SIL 2. All the way
Customers are pursuing requirements from European and Chinese regulatory commissions, and increasingly those requirements are emerging as SIL-2, and not the anticipated SIL-4.  With these lower Safety Integrity Levels (SILs), the level of system failure increases. Of course customers are still asking for SIL-4, but this is an interesting trend to note.

Security is Critical
Security is a maturing requirement.  At the recent Deutsche Bahn Cyber Security Congress security was a top priority, and it was a hot topic at Innotrans as well. Some of the questions emerging about the security include: If there is a cybersecurity violation, how long does it take to recover? And, how does one architect a system for resiliency to cyberattacks?

Fail Safe vs. availability

Fail safe is good, but high availability is a demand. This topic dovetails into the statement above. Systems must be available in a sense that requires redundancy and fail safe. QNX is well positioned to address this trend with a microkernel based operating system architecture that delivers high-availability and reliability, making it perfect for mission-critical operations such as rail safety. 

China and North America Expansion
China was the most represented company outside of Germany.  The Chinese high speed rail network will span 25,631 KM by 2030. China will boast a total track length of 120,000 KM by 2020.  In addition, North America will invest over $9.8 Billion per year  towards modernization continuing until 2022. Signaling, locomotives, and rail cars have the highest priority.

It is exciting to watch these trends develop and see which new ones will emerge.   

Already looking forward to Innotrans 2017!


Thursday, October 13, 2016

The Automotive Shift to Software-Defined, Consolidated Controller Architectures

Thomas Bloor

Automotive Business Development Manager

Electronics in the car have come a long way from the first in-car radio in 1930, and 1978 when Mercedes-Benz introduced the first production car with an optional electronic four-wheel multi-channel anti-lock braking system (ABS) from Bosch.
Today, according to Manfred Broy, a professor at the Technical University of Munich, the cost of electronics and software has increased to 30% of a car's bill of materials. He estimates that 90% of new innovations now come from electronic systems in the car, and projections indicate the cost of electronics will surpass 50% in ten years as we move towards more advanced driver assist and fully autonomous functions in the car. These costs are driven by the electronic architecture of the modern car. 

If we were to examine a modern luxury vehicle we would find a very complex interconnected network of between 60 to 100 electronic control units (ECUs) in aggregate running between 6 to 8 different operating systems with around 100 million lines of code. The distributed automotive computing architecture has evolved over many product generations as new features and innovations have been added though new hardware modules. This approach has served the industry well, but being faced with rising costs from more complex infotainment and new driver assist systems the existing model is becoming inefficient and a drag on bringing new features and innovations into the car. Complexity presents serious challenges, not the least of which are safety and security.

Additionally, the vision of urban mobility that will utilize fully electric autonomous cars has brought new competitors to the industry. These new entrants are rooted in hi-tech and are entering the automotive industry with the opportunity to architect the car from a clean sheet. Unencumbered by the burdensome legacy of traditional automotive manufacturers face,  the newcomers are architecting vehicle systems by leveraging advances in silicon technology to make designs with a smaller number of consolidated controllers with larger processing capabilities.
The evolution to these new consolidated controllers will provide a number of cost benefits. According to a study by Roland Berger associates, consolidated controllers will provide $110 of direct cost savings from hardware consolidation alone. An additional $65 of secondary savings will come from a reduction in software licensing and tools. The study did not quantify savings from software reuse, but positioned reuse as the unseen bulk of the iceberg under the water. As software development costs are often the largest single item in terms of time and manpower, a development savings in the software domain can dwarf the $175 of savings quantified by the researchers.

So, both the new entrants and established companies within the industry are moving towards a domain or area controller architecture – consolidating functions into a smaller number of more flexible processing nodes within the vehicles architecture. This consolidation opens the possibility of reducing the number of operating systems in the car to three or four and the total number of controllers to between six to ten.

This enables a more flexible architecture with a high degree of reuse of the software code base between the different domain/area controllers. In turn this allows the complete vehicle architecture to be built in a flexible manner, enabling the same code base to be reused across generations and differing variants within a model range. 

This more efficient vehicle architecture provides benefits such as reducing the number and duplication in development tools and the associated costs. Developers benefit as deeper experience in a smaller number of operating systems will reduce training requirements and improve developer skills and efficiency.  Reducing overall complexity also improves security and safety, because fewer attack surfaces are presented to a hacker with malicious intent, and  it focuses resources to find and fix security vulnerabilities in a smaller number of operating systems.

So, you can probably see that the auto industry is entering a revolutionary period in vehicle architecture.  Vehicle electronics will consolidate, and with that automakers and Tier 1s have the opportunity to build consolidated, adaptable software environments to speed time to market and enable multiple model variants to be derived from a common code base.  To realize the benefits of these changes a software architecture that is applicable across the majority of vehicle functions is desired. 

The choice of an operating system that enables increased reuse and has proven quality and reliability provides a valuable foundation upon which this architecture is built.  Wide applicability guides the choice to an operating system that is capable of providing mission-critical reliability and security for advanced driver assist (ADAS)and autonomous drive functions, while also being capable of underpinning consumer facing infotainment solutions.
BlackBerry's QNX subsidiary has a long history of underpinning the majority of autmotive infotainment systems in production today.  That is in no small part because QNX's common code base supports both safety OS and infotainment requirements, which provides an advantage in developing, reusing, and productizing code across safety and non-safety certified domains.   QNX recognizes that automakers may want to build mixed ASIL environments in their consolidated controllers as well as consumer infotainment offerings such as those from Google or other sources, so we built QNX’s hypervisor solution.
Availability of safety certification on the hypervisor with no changes adds flexibility and reduces development costs as ASIL certification can be completed after the code is partitioned between controllers, knowing that the underlying software complies with ISO26262. This enables a cockpit controller running a cluster application to have mixed ASIL A and B partitions in its software, and combine these in different informational zones in the same display. The obvious example being cluster gauges and navigational maps being displayed side by side with both partitions being run on a single processor.

Running this type of mixed environment requires full separation and isolation between domains and a safety certified hypervisor solution.  With QNX’s safe, secure, and reliable software solutions you can build an adaptable and dependable vehicle architecture. With safety certification available without the need for code base changes you can develop flexibly with the knowledge of being able to achieve ASIL certification where required.

The changes in vehicle architectures towards more consolidated domain/areas controllers enables am evolution in the software development methodology for the car, namely a shift to a continuous platform development methodology that will enable automakers to compete with new entrants from the high-tech world.  The new architectures will also allow the increased complexity of vehicle systems evolve safety and securely as we move towards the fully autonomous car. 
The ability to drive a flexible architecture and derive multiple vehicle platforms from a common code base and set of hardware controllers will be a competitive advantage to automakers and Tier 1s who embrace this approach.  They seem to already know that. Additional benefits of this approach include cost reduction and time to market acceleration stemming from reuse and improved security through the elimination of attack surfaces and the ability to embed cryptographic countermeasures security into the more capable controllers and ECUs.

This may be quite a challenge but we see many automakers and Tier 1s today accepting the challenge and adopting these practices.