A Detailed Overview of Automotive Operating System Status

The automotive operating system is a real-time safety platform software running on a heterogeneous distributed hardware architecture. It provides a functional framework for vehicle and component perception, planning, and control, supporting the intelligent connected driving ecosystem. It is an essential foundation and core support for the safe, real-time, and efficient operation of the automotive intelligent computing platform.

The automotive operating system includes safety vehicle operating systems, intelligent driving operating systems, and intelligent cockpit operating systems.

① Safety Vehicle Operating System

The safety vehicle operating system primarily targets the classic vehicle control fields, such as power systems, chassis systems, and body systems. These operating systems have very high requirements for real-time performance and safety, and their ecosystem development has matured.

The safety vehicle operating system is mainly a real-time operating system (RTOS), with its primary application being the ECU. The most basic requirement for the safety vehicle operating system from the ECU is high real-time performance, where the system must complete resource allocation, task synchronization, and other specified actions within a defined timeframe. Embedded real-time operating systems have advantages of high reliability, real-time performance, interactivity, and multi-channel capabilities, with extremely high system responsiveness, typically at the millisecond or microsecond level, meeting high real-time requirements.

Currently, mainstream safety vehicle operating systems are compatible with OSEK/VDX and Classic AUTOSAR, two automotive electronic software standards. The Classic platform is based on the OSEK/VDX standard, which defines the technical specifications for safety vehicle operating systems.

② Intelligent Driving Operating System

With the development of intelligent and connected technologies, the perception fusion, decision planning, and control execution functions of intelligent vehicles have brought about more complex algorithms and generated massive amounts of data, requiring higher computing and data communication capabilities. The safety vehicle operating systems based on OSEK/VDX and Classic AUTOSAR software architectures can no longer meet the future development needs of autonomous driving vehicles. The AUTOSAR organization has launched the Adaptive AUTOSAR platform aimed at more complex domain controllers and centralized computing platforms.

The Adaptive AUTOSAR definition adopts an operating system based on the POSIX standard, providing standardized platform interfaces and application services for POSIX-compliant operating systems and different application needs, mainly to meet the development needs of automotive intelligence. The Adaptive AUTOSAR is still in its early development stage, and its ecosystem construction has yet to gain widespread recognition from Tier1 and OEMs.

The intelligent driving operating system primarily targets the intelligent driving domain, applied in intelligent driving domain controllers. This type of operating system has high requirements for safety and reliability, as well as for performance and computing capacity. Such operating systems are increasingly maturing globally, but the ecosystem is not yet complete.

③ Intelligent Cockpit Operating System

The intelligent cockpit operating system mainly provides a control platform for automotive infotainment services and in-vehicle human-machine interaction, serving as the operating environment for the smart cockpit and multi-source information fusion. The requirements for real-time performance and reliability of this operating system are not stringent.

The intelligent cockpit operating systems of mainstream models mainly include QNX, Linux, and Android. Among traditional intelligent cockpit operating systems, QNX occupies the vast majority of the market share. In recent years, the entertainment and information service attributes of intelligent cockpits have become increasingly prominent, and open-source Linux, along with Android—which has a wealth of mature information service resources on mobile devices—has been favored by many OEMs, becoming a rising star. Additionally, a few foreign models have also adopted Win CE as their intelligent cockpit operating system.

As people’s demand for vehicles shifts from mere transportation tools to intelligent mobile terminals, intelligent cockpit operating systems need to support diverse applications and services, with rich ecological resources.

With the rapid development of autonomous driving technology, the demand for transformation in automotive software, especially operating systems, is increasing. OEMs, Tier1 suppliers, and autonomous driving software and hardware solution providers are investing significant manpower, material resources, and financial resources into the research and development of automotive operating systems, hoping to secure a place in the era of software-defined vehicles. Below is a brief introduction to the current development and application status of mainstream automotive operating systems at home and abroad.

① Tesla Autopilot Autonomous Driving Software Architecture

As we all know, Tesla is a leader in autonomous driving technology and industrialization, with its advantage lying in its core computing platform, self-developed and leading chip hardware, operating systems, platform software, etc. The Tesla autonomous driving software architecture, as shown in the figure above, is characterized by its operating system based on a single Linux kernel, creating a complete autonomous driving software solution that realizes the full process from perception, positioning, fusion, decision-making, planning to control.

According to public information, the system is based on Ubuntu, which has been tailored, and the Linux kernel has been modified for real-time performance. This kernel is also open-sourced on GitHub. The deep learning framework is based on PyTorch, and real-time data processing is based on the open-source stream processing platform Kafka, with 48 independent neural networks for multi-dimensional data processing and strong OTA upgrade capabilities. Its FSD (Full Self-Driving) computing platform hardware integrates the intelligent cockpit domain and the autonomous driving domain. The operating system leverages OTA software upgrades and fully utilizes data and cloud computing ecosystems, creating new models of product value and service for automotive products.

② Volkswagen Centralized Software Architecture

Volkswagen has formed a large team to independently develop the automotive operating system vw.OS to accelerate the application of autonomous driving technology. vw.OS adopts a service-oriented software architecture based on Adaptive AUTOSAR, and the centralized software architecture is shown in the figure above.

③ Huawei MDC Intelligent Driving Computing Platform Architecture

Huawei MDC (Mobile Data Center) is positioned as a computing platform for intelligent driving. The platform integrates Huawei’s over 30 years of R&D and manufacturing experience in the ICT field, based on CPU and AI processor chips, equipped with intelligent driving OS, compatible with AUTOSAR, and supports smooth evolution from L2 to L5, combined with a complete toolchain, enabling customers or ecological partners to develop intelligent driving applications for different scenarios.

The main features of Huawei’s MDC intelligent driving computing platform architecture include:

• Providing software and hardware solutions that are highly decoupled and can be upgraded independently, with separate upgrade paths for hardware and software;

• Good adaptability to mainstream sensors, supporting data access for mainstream GNSS, IMU, cameras, LiDAR, and millimeter-wave radar, and supporting pre-fusion of camera and LiDAR point clouds;

• Good compatibility with mainstream middleware software, supporting core components of commonly used deep learning frameworks such as Caffe and TensorFlow (chips, operating system kernels) that are independently controllable;

• Huawei is the only vendor in the industry with the capability to develop both CPU and AI chips. The MDC platform hardware integrates powerful SoC chips with CPU and AI computing capabilities, providing scalable heterogeneous computing power for intelligent driving;

• The functional software is based on a SOA architecture, following AUTOSAR specifications, defining the invocation framework and software interfaces for the basic algorithm components of intelligent driving; upper-layer scenario applications can flexibly choose different algorithm component combinations to achieve specific scenario application functions.

④ NVIDIA Autonomous Driving Platform Architecture

NVIDIA is a global leader in artificial intelligence computing, utilizing its advanced hardware chip development advantages to provide a complete hardware platform and basic software platform centered around its industry-leading high-performance safety chips, as shown in the figure above. The NVIDIA computing platform hardware is currently at the Xavier stage, with the next-generation platform Orin released but not yet on the market. Xavier is NVIDIA’s first automotive-grade system-on-chip, which employs six different types of processors.

Based on the Xavier chip, NVIDIA provides the DRIVE AGX Xavier for autonomous driving development, with computing power reaching 30 TOPS, aimed at L2+ and L3 level autonomous driving; the provided DRIVE AGX Pegasus uses two Xavier system-on-chips and two Turing GPUs, with computing power reaching 320 TOPS, aimed at L4 and L5 level autonomous driving. The NVIDIA Drive system software layer integrates third-party RTOS + AUTOSAR, with a hypervisor layer, and the third-party mass-produced RTOS solutions have passed ASIL D certification.

⑤ Baidu Apollo Open Platform Architecture

Baidu Apollo is a software platform that relies on third-party IPC for its computing platform hardware. The Apollo open platform architecture is shown in the figure above. Baidu has independently developed two auxiliary hardware units: ASU (Apollo Sensor Unit) and AXU (Apollo Expansion Unit). The ASU is used to collect data from various sensors and transmit it to the IPC via PCIe. Additionally, the IPC’s control commands for the vehicle must also be sent to the CAN via the ASU; the AXU is used to meet additional computing and storage needs, connecting to existing hardware platforms in the form of GPUs and FPGAs.

The main features of Baidu Apollo include:

• End-to-end development for connected cloud control (V2X)

• Well-integrated cloud services, including many other Baidu products, such as basic Baidu cloud services, online simulation products, high-precision maps, and Duer OS, benefiting each product mutually

• Due to its open-source nature, the core algorithm modules have undergone long-term optimization on GitHub and have been fully productized

• Mainly focused on the development of system software, including customized optimized operating systems, system middleware, and algorithm functional modules, while most hardware adopts third-party solutions

• The product does not involve additional development adaptation for the AUTOSAR architecture and does not require changes to the existing vehicle ECUs/MCUs.

① Safety Vehicle Operating System

The safety vehicle operating system has developed earlier abroad, and a series of standardization efforts have been initiated. Currently, domestically, it is mainly in a following state.

Europe developed the open system standard OSEK/VDX for distributed real-time control systems in automotive electronics in the 1990s, which mainly includes four parts: operating system specifications, communication specifications, network management specifications, and OSEK implementation language. However, with the upgrade of technology, products, and customer demands, the OSEK standard gradually cannot support new hardware platforms.

In 2003, nine companies, including BMW, Bosch, Continental, Daimler, General Motors, Ford, Peugeot Citroën, Toyota, and Volkswagen, as core members, established an Automotive Open System Architecture organization (referred to as the AUTOSAR organization) to create a standardized platform with a layered software architecture independent of hardware, formulating various vehicle application interface specifications and integration standards to provide methodological guidance for application development, reduce the complexity of automotive software design, improve the flexibility and development efficiency of automotive software, and enhance the reusability across different automotive platforms. AUTOSAR is based on OSEK/VDX but covers a wider range.

As of now, the AUTOSAR organization has released specifications for Classic and Adaptive platforms, corresponding to safety control and high-performance classes for autonomous driving. The Classic platform is based on the OSEK/VDX standard, defining the technical specifications for safety vehicle operating systems. The software architecture of Classic AUTOSAR is shown in the figure below, characterized by a function-oriented architecture (FOA), employing a layered design that decouples the application layer, basic software layer, and hardware layer.

Classic AUTOSAR Layered Software Architecture (R20-11)

The AUTOSAR standard platform, due to its open architecture and vertical layering and horizontal modular architecture, not only improves development efficiency and reduces development costs but also ensures vehicle safety and consistency. The AUTOSAR organization has developed to date, gaining recognition from an increasing number of industries, with over 280 members from the fields of complete vehicles, components, software, and hardware. AUTOSAR has now become the mainstream international standard software architecture, with companies such as Vector, KPIT, ETAS, DS, and others owning complete automotive software solutions based on the AUTOSAR standard platform, including Elektrobit acquired by Continental and Mentor Graphics acquired by Siemens. Additionally, automotive manufacturers such as BMW and Volvo have successively launched models based on the AUTOSAR standard platform.

The Japan Automotive Software Platform Architecture organization, JasPar, was established in 2004, aiming to unite companies for horizontal customization of communication standards for automotive software and hardware, achieving the generalization of automotive operating systems and improving the reusability of basic software. Members of JasPar include most Japanese automotive and supporting software and hardware manufacturers.

Japan Automotive Software Platform Architecture Organization JasPar

Currently, domestic OEMs and component suppliers mainly use the Classic AUTOSAR standard for software development. OEMs such as FAW Group and Changan Group began using tools based on the Classic AUTOSAR standard for ECU design, development, and verification in 2009. In April 2011, SAIC Group, FAW Group, Changan Group, and Chery Group, along with some universities, established the CASA Alliance, aiming to promote and develop the AUTOSAR architecture in China. Currently, Jianghuai Automobile is also primarily based on the Classic AUTOSAR standard for software and product development.

In terms of products, Puhua Software is the domestic operating system strategic platform of China Electronics Technology Group, leading a major project on automotive electronic operating systems during the 11th and 12th Five-Year Plans. The automotive operating system developed has been mass-produced and applied in key components such as body control modules (BCM), new energy vehicle controllers (VCU/HCU), and electronic steering systems (EPS), and has been used in the advanced driver assistance systems (ADAS) of Bosch in Germany.

Neusoft Ruichi has released the NeuSAR product, which is developed based on AUTOSAR and provides a system platform for next-generation automotive communication and computing architecture for OEMs developing autonomous driving systems and component suppliers, including Classic AUTOSAR, Adaptive AUTOSAR, and a series of development system tools.

② Intelligent Driving Operating System

The intelligent driving operating system will become one of the core competitive advantages for the development of autonomous driving vehicles. The development trends and characteristics of intelligent driving operating systems are vertically layered to achieve decoupling between layers, facilitating rapid development and migration, as shown in the figure below.

Illustration of Vertical Layering of Intelligent Driving Operating Systems

Each layer has its own responsibilities and different roles:

Operating System: Responsible for providing services such as thread creation to the hardware;

Middleware/Development Framework: Responsible for interfacing with different operating systems and providing communication, resource management, and other services to the applications above;

Application/Function Software: The remaining tasks are its responsibility.

The intelligent driving operating systems commonly used in the industry currently are mainly Linux, QNX, and other RTOS (such as FreeRTOS, ThreadX, VxWorks, etc.).

The main characteristics of the three are compared in the figure below:

Comparison of Intelligent Driving Operating Systems

Linux was initially designed and developed as a general-purpose operating system, but it provides some support for real-time processing, including most real-time features in the POSIX standard, supporting multitasking, multithreading, and rich communication mechanisms. In addition, the Linux community has real-time enhancement patches that add features such as interrupt threadization and default priority inheritance to the original RT capabilities of the Linux kernel. Linux also provides scheduling policies that comply with POSIX standards, including FIFO scheduling, time-slice round-robin scheduling, and static priority preemptive scheduling. Additionally, Linux offers memory locking features to prevent memory pages from being swapped out during real-time processing, along with POSIX-compliant real-time signal mechanisms.

QNX is a commercial POSIX-compliant real-time operating system, characterized by being distributed, embedded, and scalable, with a focus on hard real-time performance. QNX adheres to POSIX.1 (programming interfaces) and POSIX.2 (shell and utilities), and partially follows POSIX.1b (real-time extensions). Its microkernel architecture is a significant feature that distinguishes QNX from other operating systems. The QNX microkernel operates independently within a protected address space, while drivers, network protocols, and applications reside in user space.

Above the underlying operating system, software middleware is also gaining attention in the intelligent driving field. The main goal of middleware is to provide common functionalities such as data communication, protocol alignment, computational scheduling, and modular encapsulation for upper-layer applications, offering a standardized and modular development framework to achieve module decoupling and code reuse.

Next, we introduce two middleware solutions for autonomous driving: Adaptive AUTOSAR and ROS.

Adaptive AUTOSAR

The AUTOSAR organization launched the Adaptive AUTOSAR (AP) architecture to respond to the development of autonomous driving technology, as shown in the figure above. Its main characteristics include a service-oriented architecture (SOA), where services can be dynamically loaded based on application needs, configuration files can be dynamically loaded, and individual updates can be performed. Compared to Classic AUTOSAR (CP), it can meet stronger computing power requirements, is more secure, has good compatibility, and allows for agile development.

The Adaptive AUTOSAR system is mainly suited for new centralized high-performance computing platforms, meeting the high-speed communication needs between automotive components and the high computing power requirements of intelligent driving. The AP platform adopts a service-oriented architecture, consisting of a series of services, where applications and other software modules can call one or more services as needed. Services can be provided by the platform or by remote components, and OEMs can define their own service combinations based on functional design requirements.

The AP platform does not design a new operating system kernel; any operating system kernel that complies with the POSIX PSE51 interface can be used. The AP platform focuses on the system service middleware above the operating system kernel, divided into platform basic functions and platform service functions. The three main support and evolution directions of the AP platform are: safety (including information security and functional safety), connectivity (including various new communication mechanisms inside and outside the vehicle), and upgradability (including OTA, flexible software design, and management, etc.). The AP platform continues to adopt traditional standard design methods, with a new version released each year to concentrate on new feature releases.

ROS Architecture

ROS, as the earliest open-source robot software middleware, has been used in the robotics industry for a long time. The primary design goal of ROS is to improve code reuse in the field of robot development. ROS is a distributed process (or “node”) framework, where these processes are encapsulated in easily shareable and publishable packages and functional packages. The entire intelligent driving system has strong similarities with robotic systems, and the open-source nature of ROS, along with its rich libraries and toolchains, has led to its widespread application in intelligent driving research. Many autonomous driving prototype systems can be seen using ROS, such as AUTOWARE. Baidu Apollo initially also used ROS until version 3.5, when it switched to its self-developed in-vehicle middleware CyberRT.

ROS has mainly two versions in its development: ROS1 and ROS2. The communication in ROS1 relies on a central node, which cannot solve reliability issues such as single points of failure. To better meet industrial-grade operational standards, the most significant change in ROS2 is the cancellation of the Master central node, achieving distributed discovery of nodes and publish/subscribe, request/response mechanisms. The underlying communication mechanism is based on DDS (Data Distribution Service), an industrial-grade communication middleware, supporting multiple operating systems, including Linux, Windows, Mac, and RTOS.

Although ROS2 has made significant improvements over ROS1, it still has a long way to go before achieving full automotive-grade applications. Some companies, such as APEX.AI, are also attempting to adapt ROS for automotive-grade applications.

③ Intelligent Cockpit Operating System

Currently, there is no unified international standard in the field of intelligent cockpit operating systems. The intelligent cockpit operating system is primarily controlled by several foreign software companies, including BlackBerry’s QNX, various custom operating systems based on Linux, and operating systems based on the Android open-source project (which is also based on Linux).

QNX CAR Application Platform

QNX is a commercial POSIX-compliant real-time operating system, primarily targeting embedded systems, characterized by high operational efficiency and reliability, with nearly 40 years of experience in industrial control fields. It is widely used in automotive, rail transit, aerospace, and other fields with high safety and real-time requirements. QNX is the world’s first intelligent cockpit operating system to pass ISO 26262 ASIL D safety certification, matching over 40 global automotive brands and applied in more than 60 million vehicles, making it the leading intelligent cockpit operating system in terms of market share, with over 75% of the global market share.

AGL (Automotive Grade Linux)

Linux has more powerful functions than QNX and more complex components, thus Linux is often used in infotainment systems that support more applications and interfaces. Associations or alliances are dedicated to promoting the open-source Linux operating system in the automotive field, with typical representatives like AGL and GENIVI. For example, Tesla developed an operating system fully compatible with its vehicles based on Linux; Alibaba’s AliOS is also developed based on Linux and is currently applied in multiple models from SAIC Roewe and SAIC MG. In 2016, the open-source in-vehicle system AGL (Automotive Grade Linux) project, sponsored by the Linux Foundation, released version 2.0, aimed at providing new intelligent cockpit system support for the automotive software industry.

Android, leveraging its rich application ecosystem in China, has penetrated the automotive IVI system. Although it lacks safety and stability, Android still occupies a mainstream position in the domestic automotive infotainment system field due to its advantages mentioned above, especially as major internet giants, independent brands, and new car-making forces have customized their automotive operating systems based on Android, such as Alibaba’s AliOS, Baidu’s Duer Car OS, BYD’s DiLink, NIO OS, and XPeng’s Xmart OS.

The development of intelligent cockpits and autonomous driving, along with Tesla’s rapid progress, has led major OEMs to increasingly value automotive operating systems. However, the software-defined vehicles that automakers are currently developing mostly focus on decoupling software and hardware to reduce manufacturing costs and enrich new vehicle functionalities, while at the operating system level, they remain largely in the stages of market research and learning from others.

Given the ongoing blockade and suppression of Chinese high-tech enterprises by the United States, having independently controllable automotive chips and operating systems is a necessary requirement from a national level. However, do we have sufficient time, manpower, financial resources, and technical capabilities to develop a new operating system? What if the development fails? Is it just for self-use once developed? How to profit? Can it secure a place in the market? These are all questions that need to be considered.