This document summarizes a presentation on developing autonomous vehicle architectures. It discusses using a data-centric middleware approach like the Data Distribution Service (DDS) standard to integrate sensors, fusion software, and control systems. DDS provides a common data model, quality of service controls, security features, and other benefits to help lower development risks. It also advocates consolidating electronic control units using a hypervisor and safety-certified operating system like QNX to isolate functions with different safety requirements. The presentation argues this is a lower-risk path to autonomous vehicle architecture than point-to-point and client-server approaches.

1. Thomas Bloor, Automotive Business Development Manager,
QNX Software Systems
Bob Leigh, Director of Market Development, RTI
The Low-Risk Path to Building Autonomous Car Architectures
Moderator:
Curt Schwaderer, OpenSystems Media
Speakers:

2. Agenda
 Housekeeping
 Presentation
 Questions and Answers
 Wrap-up

3. The Low Risk Path to Developing Autonomous
Car Architectures
Thomas Bloor
Automotive Business Development

4. © 2016 BlackBerry. All Rights Reserved. 4
QNX : Automotive Market Leader

5. © 2016 BlackBerry. All Rights Reserved. 5
How Do You Architect an Autonomous Car?
Mapping + Sensor Data

6. © 2016 BlackBerry. All Rights Reserved. 6
How Do You Architect an Autonomous Car?

7. 7 Confidential
Automated
Drive
Controller
Sensor Fusion
Sensor Fusion Architectures
Camera, Radar,
Ultrasonic and Lidar
sensors for 360⁰
coverage
Bus
• Perception
• Path Planning
• Decision Making
• Safety Monitor
• CAN Gateway
Bus Vehicle
Actuators +
Sensors
Sensors
• Data Fusion
• Localization
• Object Detection

8. © 2016 BlackBerry. All Rights Reserved. 8
The ECU Consolidation Challenge
• 60-100 ECUs
• 6-8 operating systems
• Isolated operations
• Increasing cost & complexity
• Minimal upgradability
TODAY
• 6-10 Consolidated-controllers
• Consolidated software system
• Coordinated operations
• Reduced weight, cost, & complexity
• Future-proof with built in upgradability
TOMORROW
Handful of other ECUs
Autonomous
Drive
Controller
Cockpit Controller
Black Box
Controller
Powertrain
Controller
Body
Controller
Firewall & Comms
Controller

9. 9 Confidential
Sensor Fusion Architectures
Multiple Radar
and Lidar
sensors for
360⁰ coverage
Multiple
Cameras
Vision system
Radar Interface
Sensor
Fusion
Software
Ethernet
QNX OS for Safety
Fusion ECU
Redundant modules for fail over
“fail operational”
Redundant modules for fail over
“fail operational”
Automated Drive Controller ECU
Safety Micro
AUTOSAR
(Infineon AURIX, V850,
others)
• Perception
• Path Planning
• Decision Making
• LCLS
• AUTOSAR integration
• SOME/IP
• Safety Monitor
• CAN Gateway
CAN Bus
Actuators
AUTOSAR
Lidar Interface
Performance Processors
QNX OS for Safety
(Intel Denverton,
Renesas H3,
NVIDIA Parker)

10. 10 Confidential
Architecture Evolution
Raw Data Input to
Sensor Fusion ECU
Vision system
Radar Interface
Sensor
Fusion
Software
Ethernet
QNX OS for Safety
Fusion ECU Automated Drive Controller ECU
Safety Micro
AUTOSAR
(Infineon AURIX, V850,
others) CAN Bus
Actuators
AUTOSAR
Lidar Interface
Performance Processors
QNX OS for Safety
(Intel Denverton,
Renesas H3,
NVIDIA Parker)
Neutral Network Object
Detection
Deep Learning in the
Cloud
Distribution of Functionality

11. 11
© 2016 BlackBerry. All Rights Reserved. 11
The Low Risk Path to Developing Autonomous Car
Architectures
Modular Design Flexibility
Code Portability
Common Operating System Framework
Flexible, Predictable Communications Bus

12. © 2016 BlackBerry. All Rights Reserved. 12
Safety Requirements Challenge
Front-View
Camera System
ASIL B
Rear-View
Camera System
ASIL B
Instrument
Cluster
ASIL B
Sensor
Fusion
ASIL D
77 GHz
Radar ACC
ASIL C
Drive
Controller
ASIL D
Driving Lights
ASIL B
Braking and
Stability Systems
ASIL D
Black Box
Functionality
ASIL A
Airbag System
ASIL D
Safety
Watchdog
ASIL D
Brake Lights
ASIL B
Functions compiled into a Single
Consolidated Controller May Have
Different Safety Requirements
Requires Separation, Isolation, and
Full Security when different adjacent
functions and OSs are integrated into
a single Consolidated-Controller
Secure and Safety Certified
Type-1 Hypervisor Is the
Solution

13. © 2016 BlackBerry. All Rights Reserved. 13
TRUST ANCHOR
MANAGED PKI
Built in Security features to
prevent unauthorized access
and prevent attacks
SECURE OPERATING SYSTEM
Certificate management for
telematics, IVI, ECUs, domain
controllers, V2X, OTA &
anything that connects
Root of trust and certificate
chain to secure networked
ECUs & domain controllers
Security For the Autonomous Car
Secures manufacturing
supply chain to prevent
cloning and inject security
keys
ASSET MANAGEMENT SYSTEM

14. 14
© 2016 BlackBerry. All Rights Reserved. 14
The Trusted Solution Foundation
SAFE SECURE RELIABLE ADAPTABLE
QNX Certified
Hypervisor
QNX
Other
Guests
DEPENDABLE
Automotive
Engineering Services
100% SOP success rate
World-class automotive
expertise
Powering your brand for the future

15. © 2016 BlackBerry. All Rights Reserved. 15
QNX Software Development Platform 7.0
QNX
Operating System
• Maximize design flexibility
• Accelerate development cycles
• Build in quality
• Optimize system resources
• Mission critical reliability
• Advanced security
• Scalable and standards conforming
• Support for a wide range of 64-bit ARM
and x86 hardware
QNX
Momentics IDE

16. 16 Proprietary
ISO 26262 Certified RTOS
• First real-time operating system certified for use in
ISO 26262 ASIL D items
• Certified by TUV Rheinland (certificate stored in
TUV public repository)
• Scope of certification includes:
• QNX Neutrino kernel with multicore and adaptive
partitioning
• Tool chain and libc
– C compiler, linker, and assembler classified as
Tools Confidence Level 3 according to ISO 26262

17. © 2016 BlackBerry. All Rights Reserved. 17
Infotainment /
3rd party apps
Informational
ADAS
Digital
Instrument
Cluster
Firewall
• Type-1 Hypervisor
• Foundation for ECU consolidation
• Complete separation and isolation
of guests
• Hardware device assignment or
controlled device sharing
• Temporal separation with
guaranteed CPU budget
• Spatial separation of memory,
cores, hardware devices
• ISO 26262 ASIL D certification
• Full ARM and x86 integration
QNX Certified Hypervisor
Hardware
(ARMv7, ARMv8, x86_64)
QNX Hypervisor
…

18. © 2016 BlackBerry. All Rights Reserved. 18
QNX Platform for ADAS
• Improve time to market for camera based
ADAS systems
• Pre-integrated reference implementation
including:
• Low latency camera input with
support for a variety of camera
types
• Support for hardware accelerated
vision processing systems
• 3rd party ADAS algorithms
• AUTOSAR integration and
communication for automated drive
domain controllers
Foundation for ADAS, active safety systems
and automated driving applications, built
upon an ISO 26262 safety certified operating
system

19. 19
© 2016 BlackBerry. All Rights Reserved. 19
Summary – Lowering Risk
Design for Flexibility & Portability
Build Secure Code
Common Operating System Framework
Flexible, Predictable Communications Bus

20. The Secret to Low-Risk Architecture in
Autonomous Cars
Bob Leigh, Director of Market Development

21. The Future is Intelligent Distributed Machines
©2016 Real-Time Innovations, Inc.

22. RTI’s Experience
• ~1000 Projects
– Healthcare
– Transportation
– Communications
– Energy
– Industrial
– Defense
• 15+ Standards & Consortia Efforts
– Interoperability
– Multi-vendor ecosystems
©2016 Real-Time Innovations, Inc.

23. RTI’s Deep Expertise in Autonomy
• Founders from Stanford
Aerospace Robotics Lab
• RTI middleware powers
unmanned systems on land,
sea, air, and space
• RTI led the US UAS ground
station architecture
• RTI-based system will soon
allow drones in class-A
National Air Space
• RTI Connext DDS was
developed for advanced
reactive vehicles
©2016 Real-Time Innovations,

24. The IIoT Disruption
The real value is a common architecture that
connects sensor to cloud, interoperates
between vendors, and spans industries
Common technology that spans
industries brings bold new approaches
and enables fast change
©2016 Real-Time Innovations, Inc.

25. ©2016 Real-Time Innovations, Inc. Status Feb 2016
Data Considerations
Security
Safety
Scale

26. • Ensure reliable data availability
• Guarantee real-time response
• Manage complex data flow and state
• Ease system integration
• Build security in from the start
• Make deployment flexible
• Ease safety certification
How Does DDS Help Autonomy Development?
©2016 Real-Time Innovations, Inc.

27. The DDS Databus is Different!
©2016 Real-Time Innovations, Inc.
Data-Centric
DDS
Shared Data Model
DataBus
Point-to-Point
TCP
Sockets
Client/Server
MQTT
XMPP
OPC
CORBA
Brokered
ESB
Daemon
Publish/Subscribe
Fieldbus
CANbus
ZeroMQ
JMS
Queuing
AMQP
Active MQ

28. Systems are About the Data
Data Centricity Definition
a) The interface is the data.
b) The infrastructure understands that data.
c) The system manages the data and imposes
rules on how applications exchange data.
©2016 Real-Time Innovations, Inc.
Database Databus
Data centric storage and
search of old data
Data centric sharing and
filtering of future data
Application
Application
Message centric
Remote Objects
SOAs
Application
Application
Data

29. IDL 3.5
 IDL 4.0
I
2014
RPC over DDS 2014
DDS
Security
2015
DDS
Implementation
Network / TCP / UDP / IP
DDS Spec 2004
DDS
X-
Types
2010
App
DDS-API-C++
DDS-API-JAVA
2012
DDS-WEB
2013
DDSI-RTPS-TCP 2015
DDSI-RTPS
Wire Protocol 2006
DDS Specification Family
©2016 Real-Time Innovations, Inc.
• Replaces TCP with 1-to-many
QoS-controlled type-aware
datagram stream
• Layers 4-5 of ISO Network
Model (facilities layer)
• Transport independent
• Architecture or industry
defines the data model

30. Why a Databus?
• Reduce risk
– Proven, reusable, powerful, 100% standard
• Build elegant architecture
– Data-centric design eliminates coupling & speeds development
– QoS control simplifies integration
– Sensor-to-cloud connectivity builds systems
• Tap advanced capability
– Transport, OS, language transparency
– Enterprise scalability & performance
– Extreme reliability
– Practical, facile security
©2016 Real-Time Innovations, Inc.
Shared Data Model
DataBus

31. Cloud Services
DDS Integrates All Components
©2016 Real-Time Innovations, Inc.
Sensing
Planning
Radar, LIDAR Vehicle Platform Navigation
Error
Management
Visualization
Situation Analysis
Situation Awareness
Vision Fusion
Cameras, LIDAR,
Radar
…
Data Fusion
LoggingVehicle Control
Localization
DDS Bus
Traffic Maps
DDS Bus

32. QoS: Quality of Service
©2016 Real-Time Innovations, Inc.
Permission to distribute unmodified
Volatility
UserQoS
Delivery
PresentationRedundancy
Infrastructure
Transport

33. Take it to Massive Scale
©2016 Real-Time Innovations, Inc.
Unit DataBus
Unit DataBus
Cloud DataBus
Site DataBus
Unit DataBus
Sense Act
Think HMI
Machine DataBus
• Each level of the hierarchy
has
– Data model
– Discovery
– Security domain
• System-of-systems require
– Subsystem export control
– Data model translation
– Discovery control
Intelligent
Machines
Intelligent
Systems
Intelligent
Industrial
Internet
Intelligent
System of
Systems

34. Security Must Protect Dataflow
System
Transport
Unit
Data
©2016 Real-Time Innovations, Inc.

35. DDS Secure
• OMG Security DDS standard
• Requires trivial or no change
to existing DDS apps and
adapters
• Plugin architecture
• Runs over any transport
• Completely decentralized
Secure DDS
library
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Any Transport
(e.g., TCP, UDP, multicast,
shared memory, )
©2016 Real-Time Innovations, Inc.

36. Tenets Of Safety-Critical Software
• Reduce code size
• Consider testability in design
• Design code to be deterministic
©2016 Real-Time Innovations, Inc.
Certification Evidence Ships!
Certification Evidence Ships!

37. Reduced Application Code
Message Centric Data Centric (DDS)
Message Centric Middleware
Application
Application Logic
Message Parsing and
Filtering
Message Caching
Send/Receive Packets
Addressing, Marshaling
Data Centric Middleware (DDS)
Send/Receive Packets
Discovery, Presence
Marshaling, 32/64
Message Caching & State
Management
Message Parsing and
Filtering
Application
Application Logic
Savings
©2016 Real-Time Innovations, Inc.

38. Certified Middleware Greatly Eases Safety Cert
• Provides non-stop availability
– Decentralized architecture
– No single point of failure
– Support for redundant networks
– Automatic failover between redundant publishers
– Dynamic upgrades
• No central server or services
• Version-independent interoperability protocol
• Supports subsystem isolation and incremental certification
• Controls real-time Quality of Service
• Makes missed deadlines and presence visible
• Proven in thousands of mission critical systems
©2016 Real-Time Innovations,
Use Certicom
Encryption
with Plug-ins!

39. DDS Standards: Layered View

40. Hardware
(ARMv7, ARMv8, x86_64)
QNX Hypervisor
Infotainment / 3rd
party apps
Informational ADASDigital Instrument
Cluster
Firewall
…
Works with QNX
©2016 Real-Time Innovations, Inc.
DDS DataBus

41. Build the Right Future
©2016 Real-Time Innovations, Inc.

42. Audience Q & A
Thomas Bloor,
Automotive Business
Development Manager,
QNX Software Systems
Bob Leigh,
Director of Market
Development,
RTI

43. Thanks for joining us
Event archive available at:
http://ecast.opensystemsmedia.com/
E-mail us at: jgilmore@opensystemsmedia.com