Reliable Fail-Operational Automotive E/E-Architectures by Dynamic Redundancy and Reconfiguration [in press]

For future autonomous driving cars, fail-operational systems are necessary. Dynamical reconfiguration is one possible approach to fulfill this requirement for fail-operational behavior. For automotive real-time embedded systems in a failoperational context, dynamical reconfiguration has not yet been investigated. At first, this paper describes a process to realize this approach in the automotive industry and shows its advantages. Second, we adopt an existing fail-operational architecture to the requirements of the steering function and extend the existing state handover with the CAN communication. For this, we modeled a hardware extension to prevent the system from a loss of state and integrated it into this architecture. Third, we integrate the adapted architecture into a service-oriented architecture, and specify necessary interfaces and protocols. By using a service-oriented approach, we enhance the principle of dynamic redundancy from the component level to the system level. As an evaluation, we provide an implementation on a test bench which reveals indications for the use of our concept in future autonomous driving cars.