Originally a purely mechanical product, the automobile has been fundamentally changed by electronics throughout the course of its development. And electronics now forms the backbone of a car in almost all of its functions. This is why flaws in hardware and software can have grave consequences. To prevent the electronics from becoming a car's Achilles' heel, developers at DaimlerChrysler have set themselves a clear goal: a culture of zero tolerance for defects in vehicle electronics.
These days, drivers do not seem to really notice power-assisted steering and brakes. They are taken for granted, and have been for many years. And motorists are unwilling to do without their driving dynamics aids either - like the electronic stability program (ESP) or ASR acceleration skid control. Radios with CD, DVD and MP3 players including a dynamic navigation system with GPS? Of course. And thanks to Keyless Go, automatic door opening is even more effortless than in the 'open sesame' fairytale. That is not bad either.
The list of all the things that make driving more comfortable, that make the vehicle safer and its drive system more economical and cleaner grows a little bit longer with each new model. There is an inevitable consequence here in the form of a growing number of electrical control units at work beneath the body panelling, more bus systems channelling the expanding data streams, increasingly comprehensive software programs controlling the electronics, and increasing numbers of cable connections providing the necessary contacts. Practically every automotive innovation - ranging from ABS brakes to the cylinder cutout feature - is now based on electronics and electrical equipment.
And if you ask Stephan Wolfsried, the head of the Electrical/Electronic Systems and Chassis unit at DaimlerChrysler's Mercedes Car Group, the pervasiveness of electronic systems in vehicles now calls for "the largest paradigm shift in automotive development since the invention of the car."
Astronomical number of test cases
Possible malfunctions in vehicle electronics are the other side of the coin: 77 control units, as in a fully-equipped Maybach, result in complexity not by virtue of their sheer number but because of the astronomical number of conceivable interactions that can happen among the roughly 2000 electrical contacts. Wolfsried's colleague Claas Bracklo, who is responsible for electronics integration in vehicle development, calculated the number once 'just for the fun of it': "Despite simplifications in the assumptions we made, we arrived at 10 180 potential test conditions for a single vehicle model. If you wanted to examine all these as a simulation, you would have to book several decades of computing time on a Cray supercomputer."
Obviously, outlays of that kind are not even a remote possibility. That is why the strategy of the designers at DaimlerChrysler relies on intelligence and advanced technology when it comes to testing the functions and reliability of electronic components (see sidebar below)
For Wolfsried, there is only one effective barrier that can protect DaimlerChrysler vehicles from electronic gremlins and bugs; he calls it the 'zero-defect culture.' It is based on a number of precepts that must be strictly adhered to by developers at DaimlerChrysler as well as all suppliers of hardware and software.
Standards instead of ad hoc solutions
As is so often the case at the start of a new technological development, designers initially enjoyed a large degree of freedom in equipping cars with electronic components. Each automaker and each supplier of electronic hardware implemented electronic functions like valve timing or the control of an ABS braking system in the way the company in question felt was best. The result was the appearance of many isolated, manufacturer-specific solutions.
A change in thinking began to set in only about 10 years ago: people recognised that everyone involved would ultimately profit if they could agree on binding standards for basic electronic elements, whether operating systems and communications protocols or bus systems and interfaces.
"In the case of most of these standardisation initiatives, DaimlerChrysler either set them in motion itself or was involved from the very beginning," says Bracklo. Standardised solutions not only provide a high degree of reliability, they also entail lower costs, because universally valid specifications make it possible for suppliers to produce these electronic components in very large batches.
Zero tolerance for software flaws
"The notion that bugs in the software are unavoidable is mistaken, as far as I am concerned. They are not." As a mechanical engineer, Wolfsried believes this misconceived tolerance for defects has opened the way to careless and sometimes downright negligent work on the part of software designers.
Moreover, Wolfsried's critique places him in good company. Both the prestigious Massachusetts Institute of Technology (MIT) in Cambridge as well as the electronics giants, IBM and Microsoft, consider it necessary and possible to apply safeguards to the complex process of software development - to ensure that the product quality of the programs remains right on target.
There are already instruments for assessing the quality of software manufacturers - for example the 'Capability Maturity Model for Software' (CMM) from Carnegie Mellon University in the US. In this rating system, the degree of maturity of the development processes at a software maker is assigned to one of five quality levels in a certification procedure based on defined evaluation criteria. Level 1 is the lowest level, and companies certified as Level 5 produce software of the very highest quality. "We are going to have our software vendors undergo these certification processes. And we are going to set the highest standards in the selection of our partners - as we always have at Mercedes-Benz," says Wolfsried.
Robust hardware for many years of service
Anyone who goes out and buys a PC knows this situation: sometimes you may not even be finished hooking up the newly acquired machine at home, and the manufacturers are already advertising a successor model that is faster and equipped with even more memory. But compare these tremendously rapid model changeovers in the computer world with a product lifecycle of six years and more in the case of cars: What has happened is that in the past, there has often not been an identical replacement for defective chips available, because the producer had long since begun making the second or third generation of the original type.
In Wolfsried's estimation, however, the benefit of such rapid development - smaller components or more power for the same size - are totally outweighed by the risks involved for dependability. Ultimately, each time the model changes, the part must be tested and approved with regard to its ability to withstand vibration and fluctuations in temperature, for example - and that is an elaborate and costly process. "So in the future we are going to work with only those semiconductor makers who will guarantee not only the necessary standards of reliability for the parts but also the availability of certain elements throughout the lifecycle of a vehicle."
System integration - looking at the interactions
To make sure that a piece of hardware or software in a car functions reliably - whether a servomotor for seat adjustment or the control program for the servomotor -it is not enough to test the component for dependability in isolation, since many functions are interlinked. For example, the seat adjustment in a car equipped with Pre-Safe must also function when the driving dynamics sensors of that safety system have identified a situation likely to lead to an accident.
"In the past, we really did not pay enough attention to these interactions among the different systems," Wolfsried admits. "To be able to meet this challenge, we need new tools that measure up to the requirements of a zero-defect culture."
However, the developers at DaimlerChrysler are now beginning to see efforts taken in this direction bear fruit: The 'hardware-in-the-loop' test rigs can examine precisely this sort of interaction among various electronic systems. In Wolfsried's view, there is no doubt whatsoever that 'systems integration in the vehicle is a domain of the automaker.'
Only features with clear utility
Increasingly faster chips that offer more memory capacity - and at lower costs - make it possible to equip existing electronic components with more and more functions. But new functions make testing more expensive and systems integration more difficult. What is more, many users will find they can not operate a device that is overloaded with all conceivable functions until after they have pored through thick user manuals.
Wolfsried adopts a clear-cut position on this matter: "Functions that no one uses and that are of no use to anyone do not belong in the car." He and his team found 'bells and whistles' of this kind at the Mercedes-Benz Car Group as well. "That is why we removed more than 600 functions from our cars."
As examples, he cites an 'anti-booming setting' on the sunroof for highway driving, or the storage of a driver's individual seat position in the car key. "It was done with good intentions, but if I take my wife's key at some point and cannot find my own seat position any more, that tends to be annoying for me instead of comfortable."
With all factors considered, Wolfsried arrives at the following conclusion: "We have to present the car as a package in which everything has been correctly dealt with and the driver has nothing to worry about. And we also have to guarantee the reliability that is promised and expected. That is what we are doing, and we are going to promote this philosophy among all the automakers, hardware manufacturers and software developers worldwide."
Automobile standards
A broad consensus has formed in the auto industry regarding electronic components that can be used without having an impact on the competitiveness of individual automakers. "It is clear to everyone involved that the advantages of standardisation offset the associated disadvantage of giving away intellectual property," explains Claas Bracklo from the Passenger Car Development unit at DaimlerChrysler. This process began in 1993, and many successful initiatives have appeared since then. They have been successful in that some of the standards agreed upon have already found their way into production vehicles at most automakers.
* OSEK: Open systems and the corresponding interfaces for automotive electronics. Launched in 1993, this initiative is concerned with setting standards for an operating system, network management, and the communication levels in automotive electronics.
* MOST: Media oriented system transport. Founded in 1998, this consortium is working to standardise the MOST data bus. Because of its speed and high data transfer rates, this bus system is particularly suitable for the control and integration of infotainment devices.
LIN: Local interconnect network. In this consortium, which has been active since 1998, the goal is to define uniform interfaces for simple automotive electronic devices like keypad controls for the airconditioning unit, or pushbuttons on the steering wheel.
HIS: OEM initiative software. Founded in 1998, this body works on software standardisation in the automotive industry.
* FlexRay: Established in the year 2000, the FlexRay consortium is working on the development and standardisation of a data bus offering maximum reliability and very high rates of data transfer. A bus of this kind is required for 'X-by-Wire' systems, in particular.
* AUTOSAR: Automotive open system architecture. Founded in 2003, the AUTOSAR initiative is concerned with the standardisation of software interfaces and control equipment architectures. One goal is to design control programs for certain functions with a degree of modularity that allows them to be re-used in various car models.
* One example here would be software for controlling lights, which could then be used in everything from the A-Class to the S-Class with no loss of quality, because the interfaces are defined.
Intelligent breadboard
The 'breadboard' is a very efficient structure that designers can use to test the interaction of multiple electronic components. These tests can be done long before the first prototype of a new model is built. Step by step, new components can be inserted into the testing sequence on the portable medium - the board - and the resulting network behaviour can be examined.
Hardware-in-the-loop: Mixture of reality and virtuality
Testing interactions in the vehicle electronics using the 'hardware-in-the-loop' test rigs (HIL) is more complex, but it also approximates the automotive system as a whole, more closely. The basic idea is as follows: the hardware component to be tested and its control software are 'looped into' the new vehicle model, which exists only virtually at this point. A realtime computer creates this loop by simulating the environment surrounding the components that are to be tested. In this process, automatic test cycles can be used to verify the behaviour of the test components and their influence on the system as a whole.
Rapid adjustment of the test repertoire
The computer can simulate crashes, for example, in order to test the behaviour of components under these extreme conditions. In addition, certain errors in individual components can be 'injected' into the loop to examine how the test hardware reacts. Since the loop is virtual, new test cases can be integrated into the existing test program very quickly. In this way, the developers can react quickly if the vehicle testing reveals problems that no one anticipated. "So we definitely will not make the same mistake twice," says Claas Bracklo from DaimlerChrysler's Passenger Car Development unit.
This article was first published in HiTech Report and republished with the kind permission of DaimlerChrysler AG. All pictures copyright DaimlerChrysler AG. For more information about DaimlerChrysler see www.daimlerchrysler.com
© Technews Publishing (Pty) Ltd | All Rights Reserved