A 'diff' approach for automotive OTA updates
In improving the performance of advanced driver-assistance systems (ADAS) and autonomous vehicles (AVs), more powerful compute engines and high-definition sensors are critical. Hardware matters.
But to guarantee safer vehicles, many more advancements must happen in software. Today, a plethora of automotive startups is popping up to develop this software in such areas as AV stacks, high-precision maps, precise positioning, over-the-air (OTA) updates, and leveraging data deeply buried inside a vehicle to enhance safety.
EE Times enlisted Egil Juliussen, director of research for Infotainment and ADAS for Automotive at IHS Markit, to share a list of automotive software startups that caught his eye in recent weeks.
EE Times talked to each startup’s top management. In profiles of each company and its technology, we focus on safety implications for AV and ADAS vehicles.
Aurora Labs (Tel Aviv, Israel), an Israeli startup, describes itself as a source of “self-healing software.” Its mission is enabling software updates for connected vehicles — safely, securely, and cost-effectively.
Zohar Fox, co-founder and CEO, told EE Times, “Software update is a capability every car maker will need for future-proofing their vehicles so that cars can add new functions, close security gaps, and fix bugs.”
The flip side of this worthy goal is a host of previous real-world software update schemes that have gone terribly wrong.
When OTA goes wrong…
Fox cited Fiat Chrysler Automobiles’s software update fiasco. FCA pushed an OTA update about a year ago that ended up spiraling customers’ infotainment screens into an endless loop of reboots.
The incident illustrated that sending OTA software updates is one thing, but doing it safely and reliably is not exactly a Sunday drive.
Just last month in China, another OTA disaster posed a serious safety issue. One of EV startup NIO’s cars got stuck on the highway in Beijing after the driver triggered an OTA software update. The driver, who was testing the car, and a NIO representative were in a traffic jam when the update launched. The driver and the passenger got locked up inside the car for “more than an hour” after the process began. The NIO representative wrote on China’s social media Weibo, “Police officers came, one group after another, yet we could not even wind the window down.”
While apologizing for the incident, NIO belatedly warned customers that they should accept an update only when the car is parked in a safe place. Maybe so, but this doesn’t explain why the NIO passengers couldn’t get out of the car.
Asked about the incident, Aurora Labs’s Fox noted, “It is absolutely important to get the handoff right — from the old to new functionalities” in updating a vehicle.
During the handoff, he said, always consider that something could go wrong. The vehicle should not erase the older version of software; it should always be able to default back to it, he explained.
Aurora Labs describes the company’s business as “line-of-code maintenance.” Fox takes pride in that everything it does “starts with line of code and ends with line of code.”
Among the software that it offers, Aurora Labs’s “Auto Detect” runs in the background of the operational ECU. It’s designed to check code behavior “to identify faults at the code level and predict the probability for a downtime event,” according to the company. This piece of software, which requires less than 3% of ECU overhead, can help “OEMs to be proactive to a potential disaster.”
Aurora Labs also offers “Auto Fix.” When a downtime event is recognized, “Auto Fix enables the ECU software to roll back in real time to the last safe version” — a kind of feature that NIO probably wishes it had.
The advantage of Auto Fix is that such an instant rollback enables “zero downtime.”
But Aurora Labs also claims that the rollback can be done “without doubling memory.” Traditionally, car OEMs must integrate two memory banks, keeping the older version in one so that a new version can be installed in another memory.
In “Auto Update,” Aurora Labs has developed a “DIFF OTA Update,” Fox explained. He calls it “revolutionary” because “we only send differences” in updated software. According to Aurora Labs, Diff files are significantly smaller than bsdiff (an open-source utility to generate a patch between two binary files) and other Diff technologies. Such “delta updates” can be done without memory reprogramming or dual memory, the company explained.
>> Continue reading this article on our sister site, EE Times: "AV Safety Quest: Vehicle Software Updates."