Embedded software architectures or platforms (middleware and real time operating systems) used in the automobile industry, such as OSEK and AUTOSAR, are statically configured at design time with a fixed set of operating system tasks. All tasks that will ever execute on a given computing hardware node are allocated at the time the executable image is built (compiled and linked).
Software-based electronic control systems are increasingly being used in the automobile industry to control active safety and autonomous driving features that impact the motion and dynamic stability of the vehicle. As the levels of control intelligence, automated decision making, and control authority over actuators implemented in software continues to increase, these control systems become more and more critical. The software, hardware, and system architectures of these control systems must therefore be fault-tolerant, and in some cases, even fail-operational. This requires that redundant software, computing hardware, sensors, actuators, and network communication components must be designed into the system so that if one component fails, another component is available to continue to provide a safe level of functionality, whether in a full-performance mode or in a degraded-performance mode.
Redundant hardware components must be statically designed into the system, because one cannot easily add new hardware (sensors, actuators, computers, communication links, wiring harnesses) into a vehicle that is in the middle of a driving cycle. Redundant software components, on the other hand, may be either statically or dynamically allocated into the system.
Each of the redundant instantiations of the critical software and/or hardware components must be capable of transmitting and/or receiving data and/or signal information across the vehicle network. These redundant instantiations of the software and/or hardware components which co-exist and transmit their respective own unique output signals requires duplication of network signal information at the data dictionary level, and receiver side processing/selection of redundant messages, thereby increasing network bandwidth, message priority and its allocation in the data dictionary. Additionally, data dictionary changes would be required to introduce scalability to create additional redundant instantiations of the critical software.