The China Automotive Industry Association Software Branch (hereinafter referred to as the Software Branch) has released the open-source plan for automotive operating systems in China (hereinafter referred to as the open-source plan). PwC, in collaboration with members of the Software Branch including FAW, Dongfeng, Changan, China Automotive Innovation, China Electronics Technology Group 32nd Institute, West Intelligent Network, Horizon, Chipride, Advanced Operating System Innovation Center, and University of Electronic Science and Technology, has formed a partnership for open-source construction to implement the open-source plan. The release of this open-source plan marks a higher level of openness in the development model of intelligent connected vehicles in the Chinese automotive industry.
Introduction: In the context of software-defined vehicles, the operating system is the soul of automotive ecosystem development. With the development of electrification, intelligence, and connectivity in vehicles, automotive operating systems have become one of the important components of vehicles, determining to some extent the safety, comfort, intelligence level, and overall performance of vehicles.
1. Introduction to Automotive Operating Systems
Automotive operating systems are real-time safety platform software that runs on heterogeneous distributed hardware architectures, providing functional frameworks for vehicle and component perception, planning, and control, and supporting the intelligent connected driving ecosystem. They are the important foundation and core support for the safe, real-time, and efficient operation of automotive intelligent computing platforms.
Automotive operating systems include safety in-vehicle operating systems, intelligent driving operating systems, and intelligent cockpit operating systems.
① Safety In-Vehicle Operating Systems
Safety in-vehicle operating systems are mainly aimed at classic vehicle control fields, such as power systems, chassis systems, and body systems. These types of operating systems have very high requirements for real-time performance and safety, and their ecological development has matured.
Safety in-vehicle operating systems are mainly real-time operating systems (RTOS), primarily applied to ECUs. The most basic requirement for safety in-vehicle operating systems is high real-time performance, where the system needs to complete resource allocation, task synchronization, and other specified actions within a stipulated time. Embedded real-time operating systems have advantages such as high reliability, real-time performance, interactivity, and multi-channel capabilities, with system responses typically in the millisecond or microsecond range, meeting high real-time performance requirements.
Currently, mainstream safety in-vehicle operating systems are compatible with the two types of automotive electronic software standards: OSEK/VDX and Classic AUTOSAR. The Classic platform is based on the OSEK/VDX standard, which defines the technical specifications of safety in-vehicle operating systems.
② Intelligent Driving Operating Systems
With the development of intelligent and connected technologies, intelligent vehicles’ perception fusion, decision planning, and control execution functions have brought about more complex algorithms and generated large amounts of data, requiring higher computing power and data communication capabilities. The safety in-vehicle operating systems based on OSEK/VDX and Classic AUTOSAR software architectures can no longer meet the future development needs of autonomous vehicles. The AUTOSAR organization has introduced the Adaptive AUTOSAR platform to cater to more complex domain controllers and centralized computing platform architectures.
Adaptive AUTOSAR defines an operating system based on the POSIX standard, which can provide standardized platform interfaces and application services for POSIX-compliant operating systems and different application needs, primarily to adapt to the development needs of automotive intelligence. Adaptive AUTOSAR is still in its early stages of development, and its ecological construction is yet to gain widespread recognition from Tier 1 suppliers and OEMs.
Intelligent driving operating systems are mainly aimed at the intelligent driving domain and are applied to intelligent driving domain controllers. These types of operating systems have high requirements for safety and reliability, as well as for performance and computational power. Such operating systems are maturing globally, but their ecosystems are not yet complete.
③ Intelligent Cockpit Operating Systems
Intelligent cockpit operating systems primarily provide control platforms for automotive infotainment services and in-vehicle human-machine interaction, serving as the operating environment for achieving cockpit intelligence and multi-source information fusion. The real-time and reliability requirements for these operating systems are not particularly stringent.
Mainstream intelligent cockpit operating systems include QNX, Linux, and Android. Among traditional intelligent cockpit operating systems, QNX occupies a significant market share. In recent years, the entertainment and information service attributes of intelligent cockpits have become increasingly prominent, with open-source Linux and Android, which has a wealth of mature information service resources on mobile platforms, being favored by many OEMs, emerging as strong competitors. Additionally, a few foreign models have adopted Win CE as their intelligent cockpit operating system.
As people’s needs shift from vehicles being mere transportation tools to intelligent mobile terminals, intelligent cockpit operating systems need to support diversified applications and services and possess rich ecological resources.
2. Overview of Mainstream Automotive Operating System Solutions at Home and Abroad
With the rapid development of autonomous driving technology, the demand for transformation in automotive software, especially operating systems, has increased significantly. OEMs, Tier 1 suppliers, and autonomous driving hardware and software solution providers have invested substantial human, material, and financial resources into the research and development of automotive operating systems, hoping to secure a place in the era of software-defined vehicles. Below is a brief introduction to the current development and application status of mainstream automotive operating systems at home and abroad.
① Tesla Autopilot Autonomous Driving Software Architecture
As we all know, Tesla is a leader in autonomous driving technology and its industrialization. Its advantage lies in its core computing platform, self-developed and leading in chip hardware, operating systems, platform software, etc. The Tesla autonomous driving software architecture, as shown in the figure above, is characterized by its operating system being based on a single Linux kernel, creating a complete set of autonomous driving software solutions that implement the entire process from perception, positioning, fusion, decision-making, planning to control.
According to publicly available information, the system is based on a customized version of Ubuntu, with real-time modifications made to the Linux kernel, which is also open-sourced on GitHub. The deep learning framework is based on PyTorch, and real-time data processing is based on the open-source stream processing platform Kafka, featuring 48 independent neural networks for multidimensional data processing, as well as powerful OTA upgrade capabilities. Its FSD (Full Self-Driving) computing platform hardware integrates the intelligent cockpit domain and autonomous driving domain, and the operating system utilizes OTA software upgrades, fully leveraging data and cloud computing ecosystems to create new models of automotive product value and services.
② Volkswagen Centralized Software Architecture
Volkswagen has formed a large team to develop the automotive operating system vw.OS independently to accelerate the application of autonomous driving technology. vw.OS adopts a service-oriented software architecture based on Adaptive AUTOSAR, with the centralized software architecture depicted in the figure above.
The design features of Volkswagen’s new generation EE architecture mainly include:
• High-performance processors and high-speed networks
• POSIX-compatible kernels (Linux/QNX, etc.) + Adaptive AUTOSAR
• Decoupling of application software and I/O functions, reducing the complexity of the entire system and dependencies between applications
• Efficient and rapid development of user functions
• Service-oriented communication
③ Huawei MDC Intelligent Driving Computing Platform Architecture
Huawei MDC (Mobile Data Center) is positioned as a computing platform for intelligent driving. The platform integrates Huawei’s 30 years of R&D and manufacturing experience in the ICT field, based on CPU and AI processor chips, equipped with intelligent driving OS, compatible with AUTOSAR, and supports smooth evolution from L2 to L5, allowing customers or ecological partners to develop intelligent driving applications for different application scenarios with a complete toolchain.
The main features of Huawei’s MDC intelligent driving computing platform architecture include:
• Provides hardware and software solutions that are highly decoupled and can be independently upgraded; the hardware upgrade path and software upgrade path are independent of each other;
• Good adaptability to mainstream sensors, supporting data access from mainstream GNSS, IMU, cameras, LiDAR, and millimeter-wave radar, and supporting the front fusion of camera and LiDAR point clouds;
• Excellent compatibility with mainstream middleware software, supporting core components of commonly used deep learning frameworks such as Caffe and TensorFlow (chips, operating system kernels) being controllable;
• Huawei is the only manufacturer in the industry that possesses both CPU and AI chip R&D capabilities. The MDC platform hardware integrates powerful SoC chips with CPU and AI computing capabilities, providing scalable heterogeneous computing power for intelligent driving;
• Functional software is based on SOA architecture, following AUTOSAR specifications, defining the calling framework for basic algorithm components of intelligent driving and the software interfaces between components; upper-layer scenario applications can flexibly choose different algorithm component combinations to achieve specific application functions.
④ NVIDIA Autonomous Driving Platform Architecture
NVIDIA is a leading global artificial intelligence computing company, leveraging its advanced hardware chip development advantages, providing a complete hardware platform and basic software platform centered on industry-leading high-performance safety chips, as shown in the figure above. The NVIDIA computing platform hardware is currently at the Xavier stage, with the next-generation platform Orin already announced but not yet on the market. Xavier is the first automotive-grade system-on-chip produced by NVIDIA, featuring six different types of processors.
Based on the Xavier chip, NVIDIA provides DRIVE AGX Xavier for autonomous driving development, achieving 30 TOPS of computing power, aimed at L2+ and L3 level autonomous driving; the provided DRIVE AGX Pegasus uses two Xavier system-on-chips and two Turing GPUs, achieving 320 TOPS of computing power, aimed at L4 and L5 level autonomous driving. The NVIDIA Drive system software layer integrates third-party RTOS + AUTOSAR, with a hypervisor layer. Third-party mass-produced RTOS solutions have passed ASIL D certification.
⑤ Baidu Apollo Open Platform Architecture
Baidu Apollo is a software platform that relies on third-party IPC for its computing platform hardware, as shown in the figure above. Baidu has self-developed two auxiliary hardware units: ASU (Apollo Sensor Unit) and AXU (Apollo Expansion Unit). The ASU is used to collect data from various sensors and transmit it to the IPC via PCIe. Additionally, the IPC’s control commands for the vehicle also need to be sent to the CAN via ASU; the AXU is used to meet additional computing power and storage needs, connecting to existing hardware platforms in the form of GPUs and FPGAs.
The main features of Baidu Apollo include:
• End-to-end development for V2X (Vehicle-to-Everything) with hardware and software;
• Seamlessly integrates with cloud services, including many of Baidu’s other products, such as basic Baidu cloud services, online simulation products, high-precision maps, and Xiaodu Assistant (Duer OS), with mutual benefits among various products;
• Due to being open-source, the core algorithm modules have been sufficiently productized after long-term optimization on GitHub;
• Primarily focuses on the development of system software, including customized optimized operating systems, system middleware, and algorithm function modules, with most hardware adopting third-party solutions;
• The product does not involve additional development adaptation for the AUTOSAR architecture and does not require changes to existing ECUs/MCUs in vehicles.
3. Current Status of Automotive Operating Systems
① Safety In-Vehicle Operating Systems
Safety in-vehicle operating systems have developed earlier abroad, and a series of standardization efforts have already been initiated, while domestically, the situation is mainly one of following.
Europe developed the open system standard OSEK/VDX for distributed real-time control systems for automotive electronics in the 1990s, which includes four parts: operating system specifications, communication specifications, network management specifications, and OSEK implementation languages. However, as technology, products, and customer demands have evolved, the OSEK standard has gradually been unable to support new hardware platforms.
In 2003, nine core members, including BMW, Bosch, Continental, Daimler, General Motors, Ford, Peugeot Citroën, Toyota, and Volkswagen, established an Automotive Open System Architecture organization (referred to as the AUTOSAR organization) to create a standardized platform that is independent of hardware with a layered software architecture, developing various vehicle application interface specifications and integration standards to provide methodological guidance for application development, thereby reducing the complexity of automotive software design, improving the flexibility and development efficiency of automotive software, and enhancing its reusability across different automotive platforms. AUTOSAR is based on OSEK/VDX but covers a broader scope.
As of now, the AUTOSAR organization has released specifications for both Classic and Adaptive platforms, corresponding to safety control and high-performance autonomous driving, respectively. The Classic platform is based on the OSEK/VDX standard, defining the technical specifications for safety in-vehicle operating systems. The software architecture of Classic AUTOSAR is illustrated in the figure below, characterized by a function-oriented architecture (FOA) that employs a layered design, achieving decoupling of the application layer, basic software layer, and hardware layer.
Classic AUTOSAR Layered Software Architecture (R20-11)
Due to its open architecture and vertical layering, and horizontal modular architecture, the AUTOSAR standard platform has not only improved development efficiency and reduced development costs but also ensured the safety and consistency of vehicles. The AUTOSAR organization has developed over time, gaining increasing recognition from the industry, with more than 280 members from various fields including complete vehicles, components, software, and hardware. AUTOSAR has become the mainstream international standard software architecture, with companies that have complete automotive software solutions based on the AUTOSAR standard platform, including Vector, KPIT, ETAS, DS, as well as Elektrobit acquired by Continental and Mentor Graphics acquired by Siemens. Additionally, automotive manufacturers such as BMW and Volvo have successively launched models based on the AUTOSAR standard platform.
The Japan Automotive Software Platform Architecture organization, JasPar, was established in 2004 to unite enterprises in horizontally customizing communication standards for automotive software and hardware, achieving the generalization of automotive operating systems and improving the reusability of basic software. JasPar’s members include the vast majority of Japanese automotive and supporting software and hardware manufacturers.
Japan Automotive Software Platform Architecture Organization JasPar
Currently, domestic OEMs and parts suppliers mainly use the Classic AUTOSAR standard for software development. FAW Group and Changan Group began using Classic AUTOSAR standard tools for ECU design, development, and verification in 2009. In April 2011, SAIC Group, FAW Group, Changan Group, Chery Group, and some universities established the CASA Alliance to promote and develop the AUTOSAR architecture in China. Currently, JAC Motors also primarily develops software and products based on the Classic AUTOSAR standard.
In terms of products, PwC Software is the domestic operating system strategic platform of China Electronics Technology Group and has taken the lead in the major special projects for automotive electronic operating systems during the 11th and 12th Five-Year Plans, with the resulting automotive operating systems being mass-produced in key components such as body control modules (BCM), new energy vehicle controllers (VCU/HCU), and electronic steering systems (EPS), and have been used in mass production by Bosch’s advanced driver assistance systems (ADAS).
Neusoft Ruichi has released the NeuSAR product, which is developed based on AUTOSAR, providing a system platform for next-generation automotive communication and computing architecture for OEMs developing autonomous driving systems and parts suppliers, including Classic AUTOSAR, Adaptive AUTOSAR, and a series of development system tools.
② Intelligent Driving Operating Systems
Intelligent driving operating systems are expected to become one of the core competitive advantages in the development of autonomous vehicles. The development trends and characteristics of intelligent driving operating systems are vertical layering to achieve decoupling between layers, facilitating rapid development and transplantation, as shown in the figure below.
Diagram of Vertical Layering of Intelligent Driving Operating Systems
Each layer has its own responsibilities and functions:
Operating System: Responsible for providing thread creation services for hardware;
Middleware/Development Framework: Responsible for interfacing with different operating systems and providing communication, resource management, and other services to upper applications;
Application/Functional Software: The remaining tasks are its responsibility.
Currently, the intelligent driving operating systems commonly adopted in the industry are mainly Linux, QNX, and other RTOS (such as FreeRTOS, ThreadX, VxWorks, etc.).
The main characteristics of the three are compared in the figure below:
Comparison of Intelligent Driving Operating Systems
Linux was initially designed as a general-purpose operating system but provides some real-time processing support, including most real-time functions in the POSIX standard, supporting multitasking, multi-threading, and offering a rich communication mechanism. Additionally, the Linux community has real-time enhancement patches that add features such as interrupt threadization and priority inheritance to the original RT capabilities of the Linux kernel. Linux also provides scheduling policies compliant with POSIX standards, including FIFO scheduling, time-slice round-robin scheduling, and static priority preemptive scheduling. Furthermore, Linux provides memory locking functions to avoid page swapping during real-time processing and offers real-time signal mechanisms compliant with POSIX standards.
QNX is a commercial POSIX-compliant real-time operating system, characterized by being distributed, embedded, and scalable for real-time operations. QNX adheres to POSIX.1 (programming interfaces) and POSIX.2 (shell and utilities), and partially complies with POSIX.1b (real-time extensions). The microkernel architecture of QNX is a significant feature that distinguishes it from other operating systems. The QNX microkernel operates independently in a protected address space, while drivers, network protocols, and applications operate in user space.
Above the underlying operating systems, software middleware is also receiving significant attention in the intelligent driving field. The primary goal of middleware is to provide common functions such as data communication, protocol alignment, computational scheduling, and modular encapsulation for upper-layer applications, offering standardized and modular development frameworks to achieve module decoupling and code reuse.
The following introduces two middleware solutions for autonomous driving: Adaptive AUTOSAR and ROS.
Adaptive AUTOSAR
Logical View of Adaptive AUTOSAR Architecture (R20-11)
The AUTOSAR organization has introduced the Adaptive AUTOSAR (AP) architecture to address the development of autonomous driving technology, as shown in the figure above. Its main features include a service-oriented architecture (SOA), where services can be dynamically loaded based on application needs, configuration files can be dynamically loaded, and services can be updated individually. Compared to Classic AUTOSAR (CP), it can meet more powerful computing power demands, is safer, has good compatibility, and allows for agile development.
The Adaptive AUTOSAR system is mainly suited for new centralized high-performance computing platforms, meeting the needs for high-speed communication between vehicle components and high computational power for intelligent driving. The AP platform employs a service-oriented architecture, consisting of a series of services, where applications and other software modules can call one or more services based on demand, and the services can be provided by the platform or remotely by other components. OEMs can define their service combinations according to functional design requirements.
The AP platform does not design a new operating system kernel; any operating system kernel that complies with the POSIX PSE51 interface can be used. The AP platform focuses on the system service middleware above the operating system kernel, mainly divided into platform basic functions and platform service functions. The three main support and evolution directions of the AP platform are: safety (including information security and functional safety), connectivity (including new communication mechanisms inside and outside the vehicle), and upgradability (including OTA, flexible software design, and management). The AP platform still adopts the traditional standard design approach, releasing new functions annually.
ROS
ROS Architecture
ROS, as the earliest open-source robot software middleware, has been widely used in the robotics industry for a long time. The primary design goal of ROS is to improve code reuse in the field of robotics research and development. ROS is a distributed process (or “node”) framework, where these processes are encapsulated in easily shareable and publishable packages and function packages. The entire intelligent driving system has a strong similarity to robotic systems, and ROS’s open-source nature, along with its rich open-source libraries and toolchains, has led to its extensive application in intelligent driving research, with many autonomous driving prototype systems featuring ROS, such as AUTOWARE. Baidu Apollo initially used ROS until version 3.5 when it switched to its self-developed in-vehicle middleware CyberRT.
ROS has had two main versions during its development: ROS1 and ROS2. ROS1 relies on a central node for communication, which cannot resolve reliability issues such as single point failures. To better meet industrial-grade operational standards, ROS2 made significant changes by eliminating the central Master node, allowing for distributed discovery of nodes, publish/subscribe, and request/response communication mechanisms based on DDS (Data Distribution Service), an industrial-grade communication middleware, supporting multiple operating systems, including Linux, Windows, Mac, and RTOS.
Although ROS2 has made significant improvements over ROS1, it still has a long way to go before fully meeting automotive standards. Some companies, such as APEX.AI, are also attempting to adapt ROS for automotive applications.
③ Intelligent Cockpit Operating Systems
In the field of intelligent cockpit operating systems, there are currently no unified international standards. Intelligent cockpit operating systems are primarily dominated by a few foreign software companies, including BlackBerry’s QNX, various customized operating systems based on Linux, and operating systems based on the Android open-source project (which itself is also based on Linux).
QNX CAR Application Platform
QNX is a commercial POSIX-compliant real-time operating system, primarily targeting embedded systems, known for its high operational efficiency and reliability, with nearly 40 years of experience in industrial control, and is widely used in automotive, rail transportation, aerospace, and other fields requiring high safety and real-time performance. QNX is the first intelligent cockpit operating system globally to pass ISO 26262 ASIL D safety certification, compatible with over 40 automotive brands, and applied in more than 60 million vehicles, making it currently the market leader in intelligent cockpit operating systems with over 75% global market share.
AGL (Automotive Grade Linux)
Linux, being more powerful and complex than QNX, is often used in infotainment systems that support more applications and interfaces. Associations or alliances are dedicated to promoting open-source Linux operating systems in the automotive sector, with typical representatives such as AGL and GENIVI. For example, Tesla has developed a fully compatible operating system for its vehicles based on Linux; Alibaba’s AliOS is also based on Linux and is now applied in several models from SAIC Roewe and SAIC MG. In 2016, the open-source automotive system AGL (Automotive Grade Linux) project, sponsored by the Linux Foundation, released version 2.0, aiming to provide a new intelligent cockpit system support for the automotive software industry.
Android has entered the automotive IVI system market due to its rich application ecology in China. Although its safety and stability are lacking, Android still occupies a mainstream position in the domestic automotive infotainment system field due to the relatively low safety requirements of such systems. Particularly, major internet giants, independent brands, and new automotive forces have customized and modified Android to launch their own automotive operating systems, such as Alibaba’s AliOS, Baidu’s Xiaodu in-car OS, BYD’s DiLink, NIO OS from NIO, and Xiaopeng’s Xmart OS.
Conclusion
The development of intelligent cockpits and autonomous driving, along with Tesla’s rapid advancements, have made major OEMs increasingly aware of automotive operating systems. However, the software-defined vehicles currently being developed by automakers mostly focus on decoupling hardware and software to reduce manufacturing costs and enrich new vehicle functions, while they remain largely at the stage of market research and learning.
Given the continuous blockade and suppression of Chinese high-tech enterprises by the United States, it is an inevitable requirement at the national level to possess controllable in-vehicle chips and operating systems. However, do we have sufficient time, manpower, financial resources, and technical capabilities to develop a new operating system? What if the development fails? After it is developed, will it only be used for self-supply? How to profit? Can it secure a place in the market? These are all questions that need to be considered.
Click Here “Read the Original Text”, directly reach Electronic Technology Application Official Website
