The Design and Development of a Dana Custom ECU for an Autonomous Vehicle

Challenge:

Dana engaged with a large vehicle OEM to develop a custom ECU to be used on an autonomous vehicle demonstration fleet. All the OEM’s traditional suppliers refused to support the project due to the very aggressive timeframes.  The ECU played a critical role in the overall vehicle positioning system and had to meet the following requirements:

• ISO 26262 ASIL-D
  • Full redundant ASIL-D
  • Fail-operational robustness to single-point failures (internal redundancy)
• Data transmission using 100BASE-T1 automotive ethernet (2-wire)
• Measurement and processing of high-resolution wheel position encoders
• 6-axis Inertial Measurement Unit (IMU) for vehicle attitude control
  • High precision
  • High stability
  • Low thermal drift
• Data timestamping asynchronous sensor readings, based on the vehicle’s master clock module
• Compliance with the OEM’s internal processes and standards, including automotive cybersecurity requirements

Solution: Custom ECU Development

With a stringent timeframe of 9-10 months and limited requirements defined at the start, Dana compressed execution and delivery of the Custom ECU by paralleling hardware and software development. This was accomplished by highly leveraging the OpenECU platform for hardware and software development to meet:

• Functional safety (ISO 26262)
  • Full redundant ASIL-D
• Customer cyber security requirements
• OEM ECU application requirements

This required full ECU hardware customization, OpenECU software customization, and ECU Application Software leveraging Dana’s Model Based Controls Development expertise using Simulink.

V-Model Process

Dana utilized the V-Model process while accommodating customer defined processes to develop the Custom Embedded Controller based on the OpenECU platform.  Because requirements had not been established, Dana performed requirements solicitation for functional and safety requirements with a very large organization composed of a broad diversity of stakeholders.  Dana’s extensive experience in requirements capture and analysis was leveraged in a multiple workshops involving all customer stakeholders to ensure transfer of design intent and information. Dana developed the specification for the module based on the following:

• System level safety analysis in conformance with ISO 26262
• Failure mode analysis (DFMEA)
• Fault tree (FTA) analysis

All unique system information and interfaces were taken into consideration to ensure that the hardware, underlying platform, and application software were designed to the elicited specification.

Hardware development

Based on the hardware requirements, Dana performed the following high-level tasks:

• Developed a conceptual CAD model to address mechanical and electronic packaging needs as well as heat transfer.
• Generated a new electrical design schematic using industry standard tools along with Dana’s own library of components.
• Developed a PCB layout following the schematic, while accounting for EMC requirements, heat dissipation, size, cost and functionality.

Dana’s hardware engineering team also used key techniques for hardware development to determine validation workflow early on and reduce the number of PCB spins. These include the following:

• Design for Excellence (DFX)
• Design for Manufacturing (DFM) and
• Design for DV

OpenECU software

Concurrently, software engineers at Dana developed the platform software incorporating the customization needed for compatibility with:

• Inertial sensors
• Magnetic incremental encoders
• Ethernet data transmission
• Cybersecurity

Specific OpenECU platform software builds covering all software and firmware requirements were developed and underwent static code analysis using PC-lint to ensure compliance with MISRA standards, OEM standards, and ISO26262 guidance.

Application software

The software architecture was decomposed to work on two separate CPUs within the same module following safety analysis, DAR and ASIL decomposition.

The control engineers were able to leverage the OpenECU rapid control prototyping (RCP) platform in Simulink to develop the main application software for one of the CPUs of the custom autonomous vehicle ECU. Redundant rationality diagnostics were contained in a separate CPU using a different application written in C language.

Since this was a high-integrity ECU solution, additional verification and validation (V&V) was also performed for model-based application software through Software-in-Loop (SIL) testing using VectorCAST environment. Dana also executed black box and DV testing of the new ECU in parallel to prototype testing of A-sample ECU’s in-vehicle, enabling the OEM to conduct integration testing early in the program.

A rapid turnaround of concept design to first prototype was ensured using close partners and key suppliers. Dana ensured that the custom hardware and software designs were integrated in an efficient manner while ensuring full traceability and compliance to all applicable standards.

Results and Impact

The project resulted in a custom ECU, a high-integrity sensor module, that met customer specific requirements and automotive standards. By leveraging the OpenECU rapid control prototyping platform along with expertise in design, development and manufacturing of ECUs, Dana was able to successfully deliver the prototype module to the customer in the required highly compressed timeframe. This was accomplished while incorporating customer driven processes, standards, and adhering to the highest level of functional safety requirements, critical in applications like autonomous vehicles.

Project Features

Keywords: Autonomous Vehicles, Custom ECU, Custom Embedded Controller, Functional Safety, ISO26262, Hardware design and manufacture, Custom software development, Rapid Controls Prototyping, Demonstration Fleet, Validation Testing