The X-by-Wire Project

The objective of this project is to achieve a framework for the introduction of safety related fault tolerant electronic systems without mechanical backup in vehicles (so-called "x-by-wire systems"). The "x" in "x-by-wire" represents the basis of any safety related application,such as steering, braking, power train or suspension control or multi-airbag systems. These applications will greatly increase overall vehicle safety by liberating the driver from routine tasks and assisting the driver to find solutions in critical situations.

Home
[ Project Summary ] [ Objectives ] [ State of the Art ] [ Project Documents ]

Project Summary

Constraints of Mass Production

The severe constraints of mass production and easy maintenance require manufacturable cost effective solutions for safety increasing driver assistance applications. Solutions which rely on complex mechanical backups will not meet the cost requirements. With no mechanical backup available, x-by-wire system have to be used. Therefore, reliability and demonstration of the safety of these new systems becomes crucial.

Project Goal

Within this project an architecture for fault tolerant electronic systems in vehicles, capable of steer-by-wire, will be worked out and implemented in a prototype. The resulting architecture will meet automotive requirements including the safety analysis. Results will be submitted as draft standards to appropriate standardisation bodies (ISO, SAE). The project addresses Brite-EuRam 111, technical areas 3B.5 and 3B.6.

For this purpose, existing approaches (aeronautic, railway, nuclear, ships) will be investigated concerning their suitability for vehicles. Especially, work which has already been done in other EC-Projects will be taken into account in order to realise a technology transfer from research status into production.

Safety Certification with a European Dimension

Because of big expenditure and outlay in advance, no single vehicle manufacturer has up to now introduced really fault tolerant safety related x-by-wire systems without mechanical backup. In order to share research effort and to make mass production possible, the European vehicle industry has to offer European wide accepted solutions, and to set standards for x-by-wire systems to remain competitive. A common approach towards safety certification and clear legal requirements is necessary to avoid European fragmentation and uncoordinated and parallel research.

Benefits

A common European x-by-wire development, which has the potential to become a European or even a world-wide standard, accompanied by broad and fast dissemination of the results, translates into a significant strategic advantage for the European automotive, supplier and semiconductor industry. The success of this project will put the European Industry in a pole position in an important emerging high technology market. A direct benefit will be given to the vehicle customer. Safe intelligent driver assistance systems based on x-by-wire solutions will make affordable safety for everybody possible. Gaining the technological leadership, will also bring a number of benefits to other industry sectors.

The Consortium

The consortium came together as the result of the EUCAR masterplan. Driven by EUCAR, all the interests in the field of x-by-wire of the European automotive industry were focused and harmonised. The consortium is, therefore, well suited for the work and very powerful for exploitation and enforcement of standardisation.

The consortium consists of

DaimlerChrysler AG (the project coordinator)
Centro Ricerche Fiat
Ford
Magneti Marelli
Mecel
Robert Bosch GmbH
Vienna University of Technology
Chalmers University of Technology
Volvo

Industrial Objectives and Expected Achievements

Introduction

Highly sophisticated future vehicle applications such as driver assistance or autonomous driving need computerised control of the driving dynamics. This requires that driver requests be sensed and interpreted appropriately so as to take proper account of the current driving conditions and environmental influences. These requests have to be translated into optimum steer, brake, and acceleration manoeuvres. The advantages of such safety and comfort increasing applications are well known. They have been demonstrated in the Prometheus project (CED 3), that has also established the appropriate functionality required of such a computerised control system. However, with present implementation strategies this functionality, or even just a subset thereof, cannot be realised within the typical constraints of mass production: low costs, reliability, system modularity, maintainability in the field, whilst meeting the requirements for safety certification. At the moment it can't be expected that cost-effective manufacturable x-by-wire solutions will rely on expensive mechanical backup. Today's fail-safe systems have in general a reduced limp-home and a driver dependent functionality in case of one significant failure. A fault-tolerant system, on the other hand, guarantees the whole functionality even after a major failure has occurred.

Objectives

This project has the following objectives:

Specification and design of a fault tolerant electronic architecture which is suitable to be the basis for any safety related intelligent driver assistance application onboard a vehicle. The architecture will cover x-by-wire applications which do not rely on mechanical backup. It will meet all vehicle requirements such as costs, manufacturability, and easy maintenance.
A prototype implementation of this fault tolerant architecture covering a steer-by-wire application without mechanical backup. The prototype will be a laboratory demonstrator.
Recommendations for the design process and rules for certification and maintenance of x-by-wire systems. Drafts will be submitted to standardisation bodies (ISO, SAE ...)

Approach

The project will establish a common set of automotive industry requirements for safety critical electronic onboard systems (x-by-wire systems) under the constraints of mass production. The approach includes investigation of existing solutions and necessary improvements concerning their suitability for vehicle requirements and manufacturability. An architecture, based on the world-wide state of the art in ultra dependabie system design, which will meet these requirements will be defined. Work already done in other EC-Projects concerning fault tolerant systems will be taken into account in order to realise a technology transfer from research status into production. The results will be disseminated to the European automotive industry and to other interested European industries such as semiconductor, automatisation, and aircraft industry, and to standardisation committees.

Expected Achievements

An architecture for safety related x-by-wire applications in vehicles under the special constraints of mass-production will be worked out, as well as recommendations for certification and for standardisation.

This architecture will be the framework for highly reliable and manufacturable cost effective systems and components, linked by a network and adequate development and maintenance processes. The development of special driver assistance applications which base on this architecture, such as autonomous driving, is not part of this project.

In the automotive industry the lead-time for an entirely new model is approximately five years. If a highly reliable microelectronics architecture for vehicles is successfully established by the end of this project, i.e. in the year 1999, the basic technologies will be available and proven. It then can be expected that affordable safety increasing driver assistance systems for everybody will hit the market by the year 2004.

State-of-the-Art and Degree of Innovation

The long-term needs of the European automotive industry in the field of microelectronics are described in the EUCAR masterplan. The availability of a highly dependable distributed electronic system onboard a car for x-by-wire applications has been identified as a key element for the future competitiveness of the European automotive industry.

Similar activities take place in the USA within the SAE (Society of Automotive Engineers), particularly-in the SAE Committee on multiplexing onboard a car. In 1993 this SAE committee published a document [SAE 94b] on the requirements of safety critical control applications onboard vehicles. In this document the topics of temporal performance, dependability and implementation constraints of safety critical automotive networks are established and a typical benchmark problem of a safety critical application is defined. In a companion document [SAE 94c] the SAE came to the conclusion that none of the surveyed protocols (J 1850 [SAE94a], CAN [SAE90], VAN, AUTOLAN, etc.) satisfies the requirements of distributed safety critical applications onboard vehicles.

In parallel, work has already started in Europe on applying safety critical software principles to automotive applications. The PROMETHEUS software dependability subgroup have produced guidelines [PROM94], and in the UK, a consortium of twelve companies forming The MOTOR Industry Software Reliability Association, has produced Development Guidelines for Vehicle Based Software [MIRA94].

In the aerospace industries the topic of dependable electronics system has been the subject of intensive investigations over many years. In 1993 the FAA published the well known RTCA/DO-178/B [RTCA92] document on guidelines for the design of safety critical systems and software onboard airplanes. The architectures of the AIRBUS A320 fly-by-wire system is contained in [Trav88]. A seminal document [Rush931 on the issues of "Formal Methods and the Certification of Critical Systems" has been written by John Rushby, SRI International in the context of an FAA project on system validation. Communication systems standards for aerospace applications are established by ARINC, e.g., the ARINC 629 bus [ARIN91 ] used on the Boeing 777 airplane, and the SAFEBUS developed jointly by Boeing and Honeywell.

Other solutions are available in transportation in general, e.g. military vehicles, ships, trains, as well as in safety critical industrial applications like nuclear power plants.

The solutions mentioned do not meet the vehicle requirements. Aerospace solutions for example are functionally adequate, but economically far too expensive for the automotive market because of the different world-wide production volumes (1 000 versus 60 000 000 units/year). The cost constraints of the-automotive industry coupled with the potential of a mass-market require innovative system solutions that, if proven successful, will be picked up by the aerospace community, but not vice versa.

There is a visible trend in the automobile industry for an increasing number of safety related electronic systems directly responsible for active and passive driver, passenger and environmental safety. Electronic driver assistance systems with direct control of the steering, braking, and powertrain functionality, partly based on route image processing, were demonstrated successfully last year at the end of the PROMETHEUS project (e.g. CED3, Collision Avoidance).

Because of big expenditure and outlay in advance, no single car manufacturer has introduced really fault tolerant safety related x-by-wire systems up to now without mechanical backup, e.g. for braking or steering. Exceptions are some applications which have the fail safe state defined as "no functionality" in case of one major error (e.g. airbag). However, this local fail safe state is from the drivers point of view insufficient. An airbag system is useless if during an accident the airbag remains in the "no functional"-state because of a previous error.

Considering these facts there is at the moment a window of opportunity for the development of a standard for dependable microelectronic systems onboard mass produced vehicles. This project tries to take advantage of this opportunity and to establish an industrial European leadership in this important new field.

In the-academic community the field of fault-tolerant system research is well established. This year the 25th symposium on Fault-Tolerant Computing will take place in Los Angeles. More than 2000 papers on fault-tolerant system research have been published in the 25 proceedings of this most prestigious world-wide conference on dependable systems, sponsored by the IEEE computer society [FTCS88]. The International Federation of Information Processing (IFIP) has started a Working Group on Dependable Computing (IFIP WG 10.4) in 1979. Within this working group scientists from all around the world meet to discuss the latest advances in the field of dependable system research. Members of this consortium are also members of this working group.

The European Commission has supported the basic research on fault-tolerant distributed systems by a number of projects (ESPRIT project 818/2252 DELTA 4 [Powe91], BRA 6362 PDCS 2, BRA 7071 PROCOS 11 and BRA6360 BROADCAST). The technology transfer from the mentioned projects to this consortium will take place by two members of this consortium who are also active members of the PDCS project.

In a recent book on "Advances in Ultra-Dependable System" [Suri95] the world-wide literature on dependable systems has been surveyed and 34 relevant publications of this field have been selected for inclusion in this book. The papers refer to MARS [Kope89], DELTA 4 [Powe88], FTPP [Harp88], MAFT [Kiec88], and ERICA [vanD90]. They are well known to this consortium.

The National Swedish research during the last six years carried out by Chalmers, Mecel, Volvo, SAAB, SCANIA, concerning distributed systems for safety critical applications in cars, has shown the importance of an appropriate development process for such systems [Bri94a] [Bri94c], [Tom94], [Witt]. The requirements derived from the safety critical closed control loop applications conceding dependability, computing and communication jitter and delay, general performance, gives the important system architecture parameters. A functionally verified distributed architecture, which is able to close control loops over the network, was in a second step enhanced with the fault tolerance properties. The Basement concept (Mecel) and the DACAPO concept (Chalmers) are both an important input for the x-by-wire project.

The consortium will especially take into account

the work done on the MARS architecture refined in PDCS and all the additional work already done or planned contributing to this architecture including the time-triggered communication protocol TTP [Kope94] that has been developed in the context of the MARS project (for which a number of international patents have been granted).
the BASEMENT concept, which is an architecture for in-vehicle distributed real-time systems. It covers application development, as well as hardware and software which provides execution and communication support.
the work done at Chalmers concerning distributed control systems for safety critical applications in cars, covering the DACAPO concept regarding the development process, system architecture, OS, communication, ...

Public Project Documents

[ Home ]

This page was last updated on Oct 1 1997 by webmaster@vmars.tuwien.ac.at