Team-BHP > Technical Stuff


Reply
  Search this Thread
35,594 views
Old 29th November 2016, 17:53   #16
Distinguished - BHPian
 
audioholic's Avatar
 
Join Date: Jun 2012
Location: BengaLuru
Posts: 5,649
Thanked: 19,332 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by SS-Traveller View Post
So why do electronic control modules misbehave, and why do cars grow a mind of their own?
They arent supposed to misbehave. If it does, first you would have to check if it is actually related to a system in the car, or a physical factor. Like in the case of Toyota which was an external factor. Until artificial intelligence is introduced in cars, they cant grow a mind of their own, but follow the code what they are programmed with. The topic here is how safe are these systems designed to be.

Take the case of the Skoda accident where the cruise control was 'reportedly' stuck. The data from the car was recovered successfully, which meant that the system was functioning as normal. The brake of the car is still a mechanical device and is still under the drivers control. If the brakes were really applied, then it would have not shown a throttle input of 2/3, and a variation of throttle input and would have slowed down the car to some extent. Rather, they framed it as a cruise control 'stuck' in articles based on what the driver said. Its not a PC where it could have hung and stayed like that forever. Heck, not even todays computers exhibit such misbehavior. The controllers in the car are far more advanced and robust.

Most of the times, its driver error which leads to such misbehavior. System rarely fails, and even if it fails, it is designed to fail without causing any danger to the car or the occupant.

Quote:
Originally Posted by SS-Traveller View Post


Err... BMWs and Audis sold in India are primitive? GTO's BMW is primitive? All the cars mentioned in this thread are primitive?
For a layman, it looks like the same. But the kind of electronics(not bells and whistles) on a Merc, or BMW sold in Europe is different than what is sold for the Indian markets. Yes, it is primitive. At least when it comes to body electronics. The modularity in these cars by using a network of systems is exploited in this case. Indian variants will have it stripped down to whatever is minimum requirement in the car like say the ECM, TCM, ESP etc and the rest are removed, save for some fancy features just to have a bling factor.

The C-Class for European markets has around 40 ECUs present in it. The C-Class in India gets maybe half that number. Thats why I call it primitive. And the premium brands take a small share in our market, the rest is even primitive.

Last edited by audioholic : 29th November 2016 at 18:01.
audioholic is offline   (7) Thanks
Old 29th November 2016, 19:34   #17
Senior - BHPian
 
Mpower's Avatar
 
Join Date: Mar 2005
Location: Bangalore
Posts: 10,409
Thanked: 1,729 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by audioholic View Post
The C-Class for European markets has around 40 ECUs present in it. The C-Class in India gets maybe half that number. That's why I call it primitive. And the premium brands take a small share in our market, the rest is even primitive.
Totally incorrect !...and quite frankly ridiculous. Please show me the report that shows that Indian C-class of the same trim level is running on half the ECUs.

Adding more ECUs does not make a car more sophisticated or less primitive !

The Euro C-class probably has several options (like semi-autonomous drive features like Radar Cruise Control, Lane Departure warning & correction, Blind spot warning) etc etc that have been deleted for India, and therefore do not need the ECUs that control it

Even comparing several trim levels in Europe, the base version would have fewer ECUs compared to a fully loaded version

Last edited by Mpower : 29th November 2016 at 19:49.
Mpower is offline   (5) Thanks
Old 29th November 2016, 19:42   #18
Distinguished - BHPian
 
audioholic's Avatar
 
Join Date: Jun 2012
Location: BengaLuru
Posts: 5,649
Thanked: 19,332 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by Mpower View Post

The Euro C-class probably has several options (like semi-autonomous drive features like Radar Cruise Control, Lane Departure warning & correction, Blind spot warning) etc etc that have been deleted for India, and therefore do not need the ECU that controls it
Exactly. When you have all the features absent, the related ECUs are absent. Giving the exact number isnt possible, but thats how it is. If you would call that incorrect, I cant be providing documentary evidence, though I have the entire blow up diagrams with me. What India gets will be the base version available in Europe. At least you have an option in Europe, which isnt available in our country. These have simpler networks, lesser complex BCM, lesser number of sensors and stuff. Thats why I call them primitive - in terms of the electronics or the system complexity and not the car itself. Like I told before, if I have to share information to prove stuff, thats something I am bound not to. If you would like to dispute that, do provide the relevant proof and I would be happy to correct myself and check my facts.
audioholic is offline   (1) Thanks
Old 29th November 2016, 22:12   #19
Distinguished - BHPian
 
Join Date: Oct 2012
Location: Delhi
Posts: 8,034
Thanked: 49,745 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by Mpower View Post
Adding more ECUs does not make a car more sophisticated or less primitive !

The Euro C-class probably has several options (like semi-autonomous drive features like Radar Cruise Control, Lane Departure warning & correction, Blind spot warning) etc etc that have been deleted for India, and therefore do not need the ECUs that control it

Even comparing several trim levels in Europe, the base version would have fewer ECUs compared to a fully loaded version
Quote:
Originally Posted by audioholic View Post
Exactly. When you have all the features absent, the related ECUs are absent.
When I read this, I almost get the feeling that every feature requires it’s own ECU, that is definitely not the case. Maybe some advanced stuff as radar cruise control, lane departure.

I would say that when it comes to the correlation between number of ECUs and number of features/options you will find that the number of ECUs is pretty much fixed. Adding most features/options usually means adding sensors/switches, not messing around with the ECUs and or network as such, I thought.

Again, there are likely to be some advance features that might require an extra ECU, possibly even their own. I don’t know, but I would to know more.

The difference between many modern cars with and without cruise control is simply the stalk/switch on the steering column/wheel. Everything else is already present in terms of cabling, ECU etc. Just not activated.

When it comes to your statement:

Quote:
Like I told before, if I have to share information to prove stuff, thats something I am bound not to. If you would like to dispute that, do provide the relevant proof and I would be happy to correct myself and check my facts.
I am a little puzzled. There is a huge difference about sharing credible information and having to prove yourself. Apparently you are not prepared to do either. I don’t care about you proving something, but if you know something that is of interest to me and most likely others on this forum/thread, I would appreciate more details then a one liner along the lines of take of leave it.

Your call, but I don’t think it adds to the content of the forum or your credibility.
Only the first is relevant of course, really.

Especially as you claim to have access to the information. I would love to see some more details on this as it is really relevant to this particular thread. Not because I want you to prove something (I don’t even know you), but because I like to learn something new.

Jeroen
Jeroen is offline   (3) Thanks
Old 29th November 2016, 22:53   #20
Distinguished - BHPian
 
audioholic's Avatar
 
Join Date: Jun 2012
Location: BengaLuru
Posts: 5,649
Thanked: 19,332 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by Jeroen View Post
:



I am a little puzzled. There is a huge difference about sharing credible information and having to prove yourself. Apparently you are not prepared to do either. I don’t care about you proving something, but if you know something that is of interest to me and most likely others on this forum/thread, I would appreciate more details then a one liner along the lines of take of leave it.

Your call, but I don’t think it adds to the content of the forum or your credibility.
Only the first is relevant of course, really.

Especially as you claim to have access to the information. I would love to see some more details on this as it is really relevant to this particular thread. Not because I want you to prove something (I don’t even know you), but because I like to learn something new.

Jeroen
Apologies if that was harsh or it was never meant to be like 'take it or leave it'. Neither did I want to post a one liner and leave the rest. In the earlier posts I have explained as much as possible. But in case I need to explain to you how many ECUs are there, and what each does and how the network runs along a car,I have to post diagrams or content that is internal to an organization. Regarding sharing information, the reason I can't do so is I am not authorised to share such information on an open forum, or anywhere outside my organization. Thats the very reason I have clesrly stated in earlier posts that I might just give a brief or a generalized view on the topic. Guess I should have highlighted it. If I were allowed to share information, I would have happily done that as ever before like how I do it in other topics. If that sounds like saying take it or leave it, then I am helpless in this regard. The topic was how safe ECUs were, and I believe I have provided some amount of information to the extent possible. This topic of explaining the inner bits of car electronics is definitely much more detailed, and you wont find such manufacturer specific topics on the Internet as well. Hence I can understand your thirst to learn something new, but I am definitely not in a position to divulge greater detail
audioholic is offline   (1) Thanks
Old 29th November 2016, 23:12   #21
Team-BHP Support
 
SmartCat's Avatar
 
Join Date: Jun 2007
Location: Bangalore
Posts: 6,331
Thanked: 42,093 Times
Re: How safe are modern Engine Control Modules (ECM)?

Ugh. So along with the usual hazards that we might face while driving on our highways (tyre bursts, drunk drivers, animals/pedestrians, collapsing bridges etc), we have one more thing to watch out for - gremlins in the electronics. I'm guessing fatal unintended acceleration can happen only in automatic transmission cars. Driver of a manual car can always depress the clutch and cut power to the engine.

I'm not a techie or an expert in automobile/mechanical engineering - but to me, solution for unintended acceleration problem in an AT vehicle is to force the car into neutral.

If the gear lever is moved to N by the driver, a master ECU should over-ride all other controls/ECUs and put the car in neutral

OR

Some sort of mechanical lever/pedal which disengages all gears and removes the connection between transmission and driven wheels.

Last edited by SmartCat : 29th November 2016 at 23:18.
SmartCat is online now   (1) Thanks
Old 30th November 2016, 00:00   #22
Senior - BHPian
 
Mpower's Avatar
 
Join Date: Mar 2005
Location: Bangalore
Posts: 10,409
Thanked: 1,729 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by audioholic View Post
Exactly. When you have all the features absent, the related ECUs are absent. Giving the exact number isnt possible, but thats how it is. If you would call that incorrect, I cant be providing documentary evidence, though I have the entire blow up diagrams with me. What India gets will be the base version available in Europe. At least you have an option in Europe, which isnt available in our country. These have simpler networks, lesser complex BCM, lesser number of sensors and stuff. Thats why I call them primitive - in terms of the electronics or the system complexity and not the car itself. Like I told before, if I have to share information to prove stuff, thats something I am bound not to. If you would like to dispute that, do provide the relevant proof and I would be happy to correct myself and check my facts.
So basically you are saying that a base model C-class is primitive compared to a full loaded C-class because it is missing some gadgets !!

Firstly its not even an apples to apples comparison. Secondly that's not even what we are discussing here.

Last edited by GTO : 30th November 2016 at 14:39.
Mpower is offline  
Old 30th November 2016, 00:48   #23
BHPian
 
PratikPatel's Avatar
 
Join Date: Sep 2010
Location: Mumbai
Posts: 283
Thanked: 1,237 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by audioholic View Post
The topic was how safe ECUs were, and I believe I have provided some amount of information to the extent possible. This topic of explaining the inner bits of car electronics is definitely much more detailed, and you wont find such manufacturer specific topics on the Internet as well. Hence I can understand your thirst to learn something new, but I am definitely not in a position to divulge greater detail
Interesting read. Can you tell us what language is used to code? Is it Ada, Smalltalk, or another high level language or is it done with low level language?

While not wanting to ruffle any feathers, I would like to point out that the basic principles of programming and hardware setup and communications are the same irrespective of the application. Be it the Space Shuttle or the FADEC & fly by wire systems for Boeing 787, Airbus A380, A350, F16 and every 4th generation fighter or to a lesser extent a car. This is mission critical coding and has to go through very sringent testing before it's deployed. If people are so concerned with ECUs and coding for cars, (which is child's play in comparison, no offence) I wonder if they have given any thought to all that hardware and literally million lines of coding that keeps an aircraft in the air?

Last edited by PratikPatel : 30th November 2016 at 00:49.
PratikPatel is offline   (1) Thanks
Old 30th November 2016, 01:34   #24
Distinguished - BHPian
 
audioholic's Avatar
 
Join Date: Jun 2012
Location: BengaLuru
Posts: 5,649
Thanked: 19,332 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by PratikPatel View Post
Interesting read. Can you tell us what language is used to code? Is it Ada, Smalltalk, or another high level language or is it done with low level language?

While not wanting to ruffle any feathers, I would like to point out that the basic principles of programming and hardware setup and communications are the same irrespective of the application. Be it the Space Shuttle or the FADEC & fly by wire systems for Boeing 787, Airbus A380, A350, F16 and every 4th generation fighter or to a lesser extent a car. This is mission critical coding and has to go through very sringent testing before it's deployed. If people are so concerned with ECUs and coding for cars, (which is child's play in comparison, no offence) I wonder if they have given any thought to all that hardware and literally million lines of coding that keeps an aircraft in the air?
For most of the embedded applications we still use C(in my organisation). However the sensors which is supplied by various vendors do use high level language especially in the field of image processing inside the various cameras present in the car. Some of our code is hand code, while the crucial functions which take decisions such as actuator control and final decision making (function Co ordination etc) are done by autocode generated by various code generation tools starting from MATLAB.

Every time I fly in an airplane I do give a thought about the amount of efforts and measures that would have gone in building an airplane. I believe there is a greater amount of complexity and redundancy involved in that. And that does come at a higher price as well.
audioholic is offline   (1) Thanks
Old 30th November 2016, 03:10   #25
Senior - BHPian
 
ecenandu's Avatar
 
Join Date: Oct 2008
Location: Stockholm
Posts: 1,318
Thanked: 2,455 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by audioholic View Post
Most of the times, its driver error which leads to such misbehavior. System rarely fails, and even if it fails, it is designed to fail without causing any danger to the car or the occupant.
Not always, right. As you mentioned earlier, there may be bugs in the software.

Just consider those bugs as seriously as one would do so, to a mechanical failure due to design flaw.

Quote:
Originally Posted by Jeroen View Post
because I like to learn something new.
Jeroen
This might be trivial to you, but these ECU's are working as real-time systems. So it has to make functionally correct decisions in a time bound manner. Certain functions missing the deadline(time bound) is as bad as making an incorrect decision. I think audioholic can add more to this. The CAN messages will be having priorities to ensure the critical messages aren't missing the deadlines(time bound).

Last edited by ecenandu : 30th November 2016 at 03:32.
ecenandu is offline   (1) Thanks
Old 30th November 2016, 03:45   #26
BHPian
 
gopi_rm's Avatar
 
Join Date: Jan 2016
Location: Deutschland
Posts: 235
Thanked: 511 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by audioholic View Post
Every time I fly in an airplane I do give a thought about the amount of efforts and measures that would have gone in building an airplane. I believe there is a greater amount of complexity and redundancy involved in that. And that does come at a higher price as well.
Yes that's right. The fight control system is entirely electronic but still the no of systematic electronic failures are very less due to the design with more redundant systems. Even automotive electronic systems are also moving in the same direction compared to the time when it was introduced. With stringent ISO26262 functional safety standard which puts the liability directly on the manufacturer for any systematic electronic failure, there are lot of redundancies involved now a days. I work exactly on the 3 level concept for Engine Control Module for different OEMs ranging from mass market cars to exclusive sports cars. I would say the current gen ECUs are not simple consumer electronic gadgets. Every critical sensor/actuator/component is closely monitored by atleast one additional redundant system. Critical components like accelerator pedal, brake pedal, throttle valve, etc. have atleast two independent sensors to detect even a small contradiction between the two signal sources. In case of fault, the fault reaction ranges from simple SW reset to cutting off the power supply for injector/ignition/throttle valve.

Yes there are room for SW errors since the quality of code going inside the ECU depends on the individual developer and tester but there are lot of quality gates before it goes for series production. Nevertheless even with pure mechanical system there is room for design flaws in series vehicle which may lead to catastrophic scenarios.

Quote:
Originally Posted by ecenandu View Post
Certain functions missing the deadline(time bound) is as bad as making an incorrect decision. I think audioholic can add more to this. The CAN messages will be having priorities to ensure the critical messages aren't missing the deadlines(time bound).
Yes there are plausibility checks in different layers (for same message) for the safety critical CAN/Flexray/Ethernet/LIN messages to ensure each message is transmitted/received with in its time bound limit as well as there is not even a single bit data corruption. Some ECUs use additional HW apart from main processor to handle this operation. In addition to that the redundant SW runs on a special HW which has additional protection compared to the HW which runs the main SW. This safety HW has the ability to independently shut off the injector/ignition/throttle valve in case if it finds discrepancies in its operation.

Last edited by gopi_rm : 30th November 2016 at 03:56.
gopi_rm is offline   (3) Thanks
Old 30th November 2016, 07:25   #27
BHPian
 
Join Date: Sep 2015
Location: Pune
Posts: 467
Thanked: 482 Times

Quote:
Originally Posted by smartcat View Post
If the gear lever is moved to N by the driver, a master ECU should over-ride all other controls/ECUs and put the car in neutral
Correct.


Toyota owners in US have reported they couldn't get the car into N. I find this very hard to believe. Some of the 911 calls wrt unintended acceleration problem were fake. Some cases were due to floor mats keeping the A pedal depressed.
In both cases, I am not sure how and why drivers couldn't move to N.

In Prius and even some VW/German cars a fully depressed brake pedal will override a fully depressed A pedal even when the car is at highway speeds.
Each car is different, drivers should acclimatise themselves with new cars and check how ABS kicks in etc. Also, each AT GB has N at a different position (gates). So knowing where is N wrt D will help without looking down.
freedom is offline   (2) Thanks
Old 30th November 2016, 10:14   #28
BHPian
 
Teesh@BHP's Avatar
 
Join Date: Dec 2014
Location: Frankfurt
Posts: 48
Thanked: 153 Times
Re: How safe are modern Engine Control Modules (ECM)?

Interesting thread. Here are my thoughts on the ECU safety as I am a ECM software developer.


Whatever the safety critical systems or features that we are talking about are usually what we call as the "Legacy code" which are generally untouched unless absolutely necessary. These algorithms and logic were developed over years, tried and tested for thousands of hours on test bench to validate each and every flow of logic imaginable and are considered absolutely robust to handle any outcome. Any new features/optimizations are added on top of these legacy software layers. The underlying logic remain untouched and is fail-proof. ECUs are therefore extremely safe.


OT, there is however one more major safety concern which will probably be the biggest challenge for the OEMs and suppliers (over the intended logic failing) in the coming years, Cyber security. With the world moving towards IoT and autonomous driving, safeguarding the internal ECU network from the external world will be a major challenge. I am sure most of you have heard of the Jeep Cherokee hacking incident:

https://www.wired.com/2015/07/hacker...-jeep-highway/

A lot of investment and R&D is currently being done on safeguarding the ECUs from hackers. Suppliers/OEMs are coming up with new hardware and software encryption techniques for their ECUs. The ECUs once exposed to the internet in the future not only need to have realistic behavior as a real-time system, but they should also at the same time need to be fail-proof against hacking. Quite a challenge honestly.

The consequences if they fail to do so will be devastating.
Teesh@BHP is offline   (2) Thanks
Old 30th November 2016, 10:21   #29
Distinguished - BHPian
 
Join Date: Oct 2012
Location: Delhi
Posts: 8,034
Thanked: 49,745 Times
Re: How safe are modern Engine Control Modules (ECM)?

Of course,there is a Wiki page:

https://en.wikipedia.org/wiki/Sudden...d_acceleration

Makes for interesting reading. Note that there have been problems with ECM, and of course, they got covered up by management, according to this article.

What is also interesting to note is the various reference to hardware and platform design errors. Nothing to do with coding, but it still got people killed.

As stated by various member, by and large, Electronic systems have a very high degree of safety build in. Never the less, problems have existed in the past and towards the future we will see more problems. But again, in the greater scheme of things I would say, as a driver, its probably one of the least aspects one would worry about. The chances of meeting with an accident due to other reasons is much, much more likely.

Personally, I think a lot what gets reported as problems with electronics is either driver error or at best/worst something else, such as a stuck doormat. I have stated many times on this forum in countless threads that problems with a car electronics are rare. They are often perceived as electronic problems, but can often be traced to simple mechanical and or electrical stuff. E.g. a stuck switch, a chaffed wire.

Face it guys, time to put away the spanners and get familiar with a laptop and some fancy software to work on your car. Here’s how any job on my Jaguar starts. Laptop on which I’m running various scan- and performance tools. Now, if the automotive industry could start developing these programs for Macs I would be really happy. I still need to borrow my wife’s Window based laptop if I want to work on my cars.

How safe are modern Engine Control Modules (ECM)?-img_1269.jpg


Jeroen

Last edited by Jeroen : 30th November 2016 at 10:45.
Jeroen is offline   (1) Thanks
Old 30th November 2016, 11:25   #30
Team-BHP Support
 
Akshay1234's Avatar
 
Join Date: Dec 2006
Location: Mumbai
Posts: 10,264
Thanked: 12,302 Times
Re: How safe are modern Engine Control Modules (ECM)?

Quote:
Originally Posted by Mpower View Post
Totally incorrect !...and quite frankly ridiculous. Please show me the report that shows that Indian C-class of the same trim level is running on half the ECUs.

Adding more ECUs does not make a car more sophisticated or less primitive !
For someone who is in the field of programming autonomous driving ecu's, I think he can get away with the primitive statement, purely in terms of the autonomous driving features. I mean we don't get any radar assisted stuff, nor do most cars have detection cameras (save for a few). Only now do some Volvos come with the radars, and lane change warning, etc.

Quote:
Originally Posted by Jeroen View Post
When I read this, I almost get the feeling that every feature requires it’s own ECU, that is definitely not the case. Maybe some advanced stuff as radar cruise control, lane departure.
Based on whatever little I know, they do add ECUs for most features. Lets take BMW for example, its got 3-4 master ECUs, and then slave (?) ECUs. Like an automatic tail gate has its own ECU on the can network, if a seat is powered or heated it gets its own ECU. Similarly a reverse camera will get its own ECU, and so will keyless entry.
Akshay1234 is offline   (4) Thanks
Reply

Most Viewed
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Copyright ©2000 - 2024, Team-BHP.com
Proudly powered by E2E Networks