Autonomous cars are already a technical reality that has not been tested in depth. The increasing need for reducing time-to-market and costs in the automotive sector, coupled with the human inability to produce complex error-free solutions, is a major impairment to the production of safety solutions meeting the strict standards existing in the domain. In addition, automotive systems must be designed to manage changes at all levels, including the evolution in specifications, patches provided for error correction, and eventualities, some of them unexpected, that may impact their always-evolving operational environment. Obviously, the adaptation required to overcome all such changes also encompasses and affects the deployed fault-tolerant mechanisms. Resilience applied to driving assistance solutions ensures a dependable and safe system behaviour, while tolerating faults and unexpected operational changes. Latest advances in the field of configurable logic offer great potential for the development of new adaptive fault tolerance (FT) strategies.
On the one hand, DINAMOS project focuses on designing and implementing adaptive FT HW strategies. This goal is not limited to tolerating those faults that could affect the target implementation technology, but also to enabling the evolution of FT HW mechanisms whenever required and without reprogramming the whole device at once. This will increase the level of protection against HW faults currently integrated in ECUs. This will also reduce the number of HW faults affecting the SW running on the ECU, something of prime importance as ECU architectures grow more complex and integration scales increase.
On the other hand, the adoption of these new adaptive FT mechanisms by the industry will heavily rely on the capacity of DINAMOS to verify, and later certify, their correct behaviour under a set of changing fault hypotheses and operational conditions. Fault injection techniques are privileged evaluation tools in this context. However, most of these techniques assume the immutability of the HW level, which makes them unsuitable for the research context of DINAMOS. As a result, they should be redefined keeping in mind the dynamic partial reconfiguration capabilities available in systems programmed onto configurable logic.
All these challenges align with those considered in the automotive industry. At the design level, the need to ease adaptation in existing automotive platforms has led the AUTOSAR consortium to reconsider its design principles and evolve into a new Adaptive-AUTOSAR standard. At the certification level, it becomes of utmost importance to follow the principles defined by the ISO 26262 safety standard for the verification of proposed novel solutions. DINAMOS not only plans to align its design and verification proposals to accomplish these two standards, but also to provide a return of experience to enrich the currently ongoing specification of Adaptive-AUTOSAR.
