tttech automotive-overview

Copyright © TTTech Automotive GmbH. All rights reserved. www.tttech-automotive.com

TTTech Automotive Solutions for Safety, Electric Vehicles and Testing

Company Overview

[email protected]


What do they have in common …

… Reliable Networks and Controls from TTTech

Boeing 787 NASA Orion

Prinoth LeitwolfAudi A8


Company Mission

TTTech establishes time-triggered communication platforms and certifiable safety modules as the solutions of choice for volume embedded market segments that need and value reliability and robustness.

Benefits include simple to use complete products, best-in-classproduct cost performance and service, and enabling our customersto deploy their solutions more efficiently and profitably.


Experts for Reliable Networks and Safe Controls

• Founded in 1998

• Award-winning spin-off of Vienna Technical University

• Unique know-how pool of 200+ employees

• Headquartered in Vienna, Austria

• Shareholders• Founders & employees: ~40%

• AUDI AG: < 25%

• Remaining shares: investorsincluding aeris Capital AG Gaimersheim

GermanyBukarestRomania

ViennaAustria

BrixenItaly

YokohamaJapan

SeoulKoreaCarlsbad

California


TTTech Automotive GmbH

• 100% subsidiary of TTTech Computertechnik AG

• Premium associate member of FlexRay Consortium

• Premium member of AUTOSAR Consortium

• Premium member of JasPar Consortium

Stuttgart• Sales

Ingolstadt• Support• Engineering

Vienna• Headquarters• Sales• R&D• Engineering• Support

Yokohama• Sales• Engineering• Support

Seoul• Sales


Automotive Production Program Reference Audi A8

Communication Software• FlexRay, CAN, LIN, Tools• Performance optimized

Premium Engineering• 10 Mbit/s physical layer • Stable parameterizing and interoperability• Software integration and prototype support• Diagnostics specification• Representation in FlexRay Consortium

Communication Safety Software• End-to-end safety on FlexRay and CAN• ISO 26262 ASIL D

VW Touareg, … Bentley Arnage, Continental

Process Optimization • Automated ECU Validation• Testbench automation

Audi A8, A6, A4, …


Automotive Portfolio

Reliable Networks and Safe CommunicationReliable Networks and Safe Communication

Embedded SafetySoftware

• Autosar Safe up to ASIL D• SafeCOM

Safety Hardware forE-Vehicles

• Modulare Safety Platform• IEC 61508 / ISO 26262• SIL 2-3

Testing Tools

• Data Logger • FlexRay Tools

Networks & Engineering


TTTech AutomotiveSafety Hardware and Solutions for Electric Vehicles

• Electric Vehicle Safety Unit• Electric Vehicle Control Unit• Modular ECU Family


Solutions for Functional Safety in Electric Vehicles

Modular Hardware Safety PlatformModular Hardware Safety Platform

Inverter Safety Unit• Safety for electric powertrain• Add-on or integrated

Electric Vehicle Control Unit• Platform for electric powertrain

control strategy

Modular ECU Family• Certified for SIL 2/3 (ASIL C/D)• Off-the-shelf / customizable• Flexible configurable I/O

ISU

Inverter

ISU

VCU

… cost effective customized versionpossible

HY-TTC 90HY-TTC 100HY-TTC 200Safety ECUs certified by TÜV Nord Standard ECUs

HY-TTC 50HY-TTC 60 HY-Vision2

Modular Software Safety PlatformModular Software Safety Platform

SafeExecution• For safety functions up to ASIL D• Co-existance of safety related and

non-safety related functions• Integrates with AUTOSAR SafeExec

SafeCOM• Safe end-to-end comm.

over CAN or FlexRay• Up to ASIL D• Conform to AUTOSAR SafeCOM

Application

PDU Router

RTE

LIN Interface

LIN Driver

AUTOSARCOM

CAL

SafeCOM

FlexRay Interface

FlexRay Driver

FX TP CAN TPCAN Interface

CAN Driver

Application

PDU Router

RTE

LIN Interface

LIN Driver

AUTOSARCOM

CAL

SafeCOM

FlexRay Interface

FlexRay Driver

FX TP CAN TPCAN Interface

CAN Driver


E-Motor

• Electric vehicles are „by-wire“ (safety-relevant system)

• Unintended acceleration or deceleration to be avoided!

• TTTech‘s ESU is a safe guarding unit to control thisbehavior

• Torque supervision by voltage and current measurements, switch off in case of error

• Retrofit to existing powertrain concepts,or customized integration with inverter / VCU

• Certified for SIL 2-3)

• Prototypes available now, SOP in Q1/2011

Example 1: Electric Vehicle Safety Unit

InverterBattery Unit

ESU

Accelerator Pedal


Example 2: Electric Vehicle Control Unit

• 16/32 Bit main CPU, supervised by certified watchdog CPU

• ISO 26262 compliant Hardware and Software platform

• Safe software runtime environment (SafeExecution and SafeCOM)

• Accomodates non-safe Basic Software (AUTOSAR, Diagnostics, …) and non-safe application software modules

• Supports mixed-criticality applications

ECU Platform for Electric Powertrain Control

VCU

E-MotorInverterBatteryUnit


TTTech AutomotiveEmbedded Safety Software

• Modular Safety Platform• Partnership with Vector Informatik• MICROSAR Safe


ASIL Decomposition

The safety elements …• … detect and handle possible faults in the Basic SW• … are independent elements in the system with specific functionality

(addressing the detection and mitigation of faults in the Basic SW) • … are developed according to the required ASIL• … are developed as „Safety Element out of Context“ and have to be

integrated according to their „Safety Manual“

Application SW(ASIL D)

Basic SW(ASIL D)

Safety Mechanisms

Reused Standard SW

Application SW(ASIL D)

Basic SW(QM)

Safety Layer(ASIL D)

Safety Concept Economic Implementation

ASIL D ASIL D (D) + QM (D)


Use Case 1: End-to-End Communication Protection

• SafeCOM ensuring end-to-end communication protection• Errors in the conduction can be detected. The application can

react accordingly

Basic SoftwareBasic Software

App. 3 App. 4App. 2App. 1

E2E ProtectionWrapper

E2E-Lib


Safety-Relevant Application• Trusted input data required


Use Case 2: Different ASIL Levels

• SafeExecution ensuring „Criteria for Coexistence“ of QM SW

• Violation of the “Freedom from Interference” is detected safely

Basis SoftwareBasis Software SafeWatchdog

App. 3 App. 4

ComplexDrivers

SafeSelfCheck

SafeWatchdogM

gr

SafeMem

oryProtection

App. 2App. 1

Checkpoint „SafeCDD“

Checkpoint „SafeApp2“


SafeIO

ASIL-x Application• Usage of AUTOSAR system services

(QM)

SafeExecution - Safety Layer for:

• Timing protection

• Memory protection

• Program flow monitoring

• Separation of different ASIL levels


Modular Safety Platform

• Safety Layer(s) for ECUs up to ASIL D• Mapping for SIL 3 and PL e

SafeWatchdog

App. 3 App. 4

CommComm..ServicesServices

MemoryMemoryServicesServices

System System ServicesServices

ComplexDrivers

BSPBSP

SafeSelfCheck

SafeWatchdogM

gr

RTERTE

I/OI/OServicesServices

SafeMem

oryProtection

OS

Bootloader

App. 2App. 1



E2E-Lib




SafeIO

Safety Layer for ECUs

• Freedom from Interference(incl. Watchdog)

• Communication Protection

• IO Protection

• HW Integrität

Safety Layer for ECUs

• Freedom from Interference(incl. Watchdog)

• Communication Protection

• IO Protection

• HW Integrität


Modular Safety Platform

Checking/Protection Function

Safety-Relevant Function

Non-Safety Standard SW, System SW

Non-Critical Application SW

SafeWatchdog

App. 3 App. 4

CommComm..ServicesServices

MemoryMemoryServicesServices

System System ServicesServices

ComplexDrivers

BSPBSP

SafeSelfCheck

SafeWatchdogM

gr

RTERTE

I/OI/OServicesServices

SafeMem

oryProtection

OS

Bootloader

App. 2App. 1



E2E-Lib




SafeIO


TTTech – Vector Partnership


MICROSAR Safe


TTTech AutomotiveTesting Tools - Networks & Engineering

• Testing, Verification and Logging Tools• FlexRay Test Benches and Validation Tools• Engineering Offering


Testing, Verification and Logging Tools

TTXConnexion TTXDisturbance Node

TTXOptical Link Datalogger NG

Optical Decoupling for FlexRayConsistently Data Logging for all

Automotive Bus Systems

Gateway and Manipulation for FlexRay and CAN

Reproducable Failure Injection for FlexRay


FlexRay Test Benches and Validation Tools

TTXPower Link TTXUniversal Control Unit

High-Performance Tool for FlexRay Prototyping Applications

The Modular FlexRayDevelopment Board


Engineering Offering

Onsite and Offsite Engineering

Special Know-How in Time-Triggered Architecture, Safety and Development Processes

Physical Layer Validation

FlexRay Training

Rapid Development

Integration of Basic Software

Communication Validation

Safety Analysis & FMEA

Parameter Validation

Network Tests

Project Support

Functional SafetyHazard & Risk Analysis


TTTech AutomotiveAdvanced Solutions

• TTXMulti Switch for FlexRay• Time-Triggered Ethernet as Vehicle Backbone Network


What is a TTXMulti Switch?

The TTXMulti Switch is a zero-delay, non-buffering, time-triggered switch for multiple parallel FlexRay data streams

• Offers increased FlexRay bandwidth

• Improves system robustness and fault-tolerance

• Can be integrated in 4-fold transceiver chip in central gateway ECU

TTXMulti Switch

FlexRay Network

Central Gateway


Integration of all data flows in one single network• 100% compatible with Ethernet standard IEEE 802.3• Scales from low to high speed (10 Mbit/s, 100 Mbit/s, 1 Gbit/s, …)• Scales from simple to safe and high-availability systems

What is TTEthernet?

Ethernet + ClockSynch.

+ + Rate-ConstrainedCommunication

Time-TriggeredCommunication

+ Safety

=

• Real-time control(chassis, engine, active & passive safety systems)

• Determinism

• Audio/video streaming• Sensor fusion• ARINC 664, AVB

• Established• Dominant• Standard• IEEE 802.3

• Coordination• Distributedcontrol

• SAE AS6802• IEEE 1588

• ISO26262 ASIL D• IEC 61508 SIL 4• DO 254 Level A• „By-wire“


TTEthernet Services

TTEthernet adds Rate-Constrained (Streaming) Services


Time-Triggered Ethernet

Key Features• 3 concurrent traffic classes: time-triggered / rate-constrained / event-triggered

• Core functionality implemented in TTEthernet switch chip

• Software based nodes can use standard Ethernet controllers

• Fulfills highest safety standards (Aerospace DO254 / DO178B Level A)

• 100 Mbit/s and 1 Gbit/s

Mixed-Criticality & Safety• Real-time / non-real-time and

critical / non-critical traffic in one network

• Fail-operational support on network level

• Single, dual and triple channel

Standard Support• Interoperable with standard IEEE 802.3

• Support for IEEE 1588

• Standardization in progress - SAE AS6802

TTEthernet Switch (Evaluation Box)

tttech automotive-overview

Documents

tttech automotivesolutions

functional safety

company mission tttech

certifiable safety modules

electric powertrai

flexray consortium audi

safe controls

audi ag