Fail-Operational Automotive Software Design Using Agent-Based Graceful Degradation

Philipp Weiss^1,a, Andreas Weichslgartner², Felix Reimann³ and Sebastian Steinhorst<sup>1,b

1</sup>Technical University of Munich
^aphilipp.weiss@tum.de
^bsebastian.steinhorst@tum.de
²Audi Electronics Venture GmbH
andreas.weichslgartner@audi.de
³AUDI AG
felix.reimann@audi.de

ABSTRACT

Ensuring fail-operational behavior is critical to enable autonomous driving. With the absence of a driver as a fallback in a failure scenario it will not be sufficient to use stateof-the-art fail-safe approaches. Here, instead of costly hardware redundancy, graceful-degradation can be used by repurposing the allocated resources of non-critical applications for safetycritical applications. However, solving the mapping problem with a state-of-the-art design-time analysis leads to semi-static solutions, where the mapping is fixed and the task activation is chosen at run-time. Therefore, such solutions are unsuited for future automotive architectures that will be highly customizable and which will include frequent software updates. In this paper we introduce and analyze the effectiveness of an agent-based approach that finds application mappings at run-time, ensures the fail-operational behaviour of safety-critical applications by using graceful degradation, and reconfigures itself after ECU failures. Our results indicate that the number of tolerated ECU failures until a safety-critical application fails can be significantly improved without adding any redundant hardware resources.

---

Full Text (PDF)

© 2020 EDAA. All rights reserved.