ABSTRACT
In the next decade, most features of a car will be supported by an electronic embedded system. This strategy is already used for functions such as light management, window management, door management, etc., as well as for the control of traditional functions, such as braking, steering, etc. Moreover, the planned deployment of X-by-Wire technologies is leading the automotive industry in the world of safety-critical applications. Therefore, such systems must, obviously, respect their functional requirements, obey the properties of performance and cost and furthermore, guarantee their dependability despite the possible faults (physical or design) that may occur. More precisely, the design of such systems must take into account the dependability of two kinds of requirements. On the one hand, safety, the absence of catastrophic consequences, for the driver, the passengers, and the environment, has to be ensured and on the other hand, the system has to provide reliable service and be available for the request of its users. This section introduces the emerging standards that are likely to influence the certification process for in-vehicle embedded systems and describes the general concepts of dependability and the means by which dependability can be attained. The communication system is a key point for an application: it is
ZURA: “2824_C042” — 2005/6/21 — 20:06 — page 2 — #2
in charge of the transmission of critical information or events between functions that are deployed on distant stations (Electronic Control Units — ECUs) and it is a means for the OEM (car-makers) to integrate functions provided by different suppliers. So, in this chapter, we pay special attention to in-vehicle embedded networks and to the services that enhance the dependability of the exchanges and the dependability of the embedded applications. Note that a classical means, that is sometimes imposed by the regulatory policies in domains close to those in automotives, consists of introducing mechanisms that enable a system to tolerate faults. The purpose of Section 42.2 is to present the main services, provided by a protocol, that allow an application to tolerate certain faults. These services generally provide fault detection and, for some of them, are able to mask fault occurrences from upper layer and to prevent the propagation of faults. In Section 42.3, we compare some classes of protocols with respect to their ability to ensure services for increasing the dependability of an application. For each class, we will discuss the effort needed at the middleware level or application level for reaching the same quality of system.
