In-Depth Analysis of Intelligent Vehicle Operating Systems
In the context of software-defined vehicles, the operating system is the soul of the automotive ecosystem’s development. With the advancement of electrification, intelligence, and connectivity in vehicles, automotive operating systems have become one of the important components of vehicles, determining to some extent the safety, comfort, intelligence level, and overall performance of the vehicle.Introduction to Automotive Operating SystemsThe automotive operating system is a real-time safety platform software running on heterogeneous distributed hardware architectures, providing a functional framework for vehicle and component perception, planning, control, and supporting the intelligent connected driving ecosystem. It is an important foundation and core support for the safe, real-time, and efficient operation of automotive intelligent computing platforms.Automotive operating systems include safety in-vehicle operating systems, intelligent driving operating systems, and intelligent cockpit operating systems.① Safety In-Vehicle Operating SystemsSafety in-vehicle operating systems mainly target the classic vehicle control fields such as power systems, chassis systems, and body systems. These operating systems have extremely high requirements for real-time performance and safety, and their ecological development has matured.Safety in-vehicle operating systems are primarily real-time operating systems (RTOS), mainly applied to ECUs. The most basic requirement for safety in-vehicle operating systems from ECUs is high real-time performance. The system needs to complete resource allocation, task synchronization, and other specified actions within a specified time. Embedded real-time operating systems have advantages in reliability, real-time performance, interactivity, and multi-channel capability, with system responses typically at the millisecond or microsecond level, meeting high real-time requirements.Currently, mainstream safety in-vehicle operating systems are compatible with the OSEK/VDX and Classic AUTOSAR automotive electronic software standards. Among them, the Classic platform is based on the OSEK/VDX standard, defining the technical specifications for safety in-vehicle operating systems.② Intelligent Driving Operating SystemsWith the development of intelligent and connected technologies, the perception fusion, decision-making, planning, and control execution functions of intelligent vehicles have brought more complex algorithms and generated a large amount of data, requiring higher computing power and data communication capabilities. The safety in-vehicle operating systems based on OSEK/VDX and Classic AUTOSAR software architecture can no longer meet the future development needs of autonomous vehicles. The AUTOSAR organization has launched the Adaptive AUTOSAR platform aimed at more complex domain controllers and centralized computing platforms.Adaptive AUTOSAR defines an operating system based on the POSIX standard, providing standardized platform interfaces and application services for operating systems that support POSIX standards and different application requirements, mainly to adapt to the development needs of automotive intelligence. Adaptive AUTOSAR is still in its early development stage, and its ecological construction has yet to gain widespread recognition from Tier 1 suppliers and OEMs.Intelligent driving operating systems mainly target the intelligent driving field and are applied to intelligent driving domain controllers. These operating systems have high requirements for safety and reliability, as well as high demands for performance and computing power. Such operating systems are becoming increasingly mature worldwide, but their ecology is still incomplete.③ Intelligent Cockpit Operating SystemsIntelligent cockpit operating systems mainly provide control platforms for automotive infotainment services and human-computer interaction within vehicles, creating an operating environment for the intelligentization of the cockpit and multi-source information fusion, with less stringent requirements for real-time performance and reliability.Mainstream intelligent cockpit operating systems include QNX, Linux, and Android. Among traditional intelligent cockpit operating systems, QNX occupies a significant market share. In recent years, the entertainment and information service attributes of intelligent cockpits have become increasingly prominent, and open-source Linux and Android, which has a wealth of mature information service resources on mobile platforms, have been favored by many OEMs, becoming emerging competitors. Additionally, a few foreign models have also adopted Win CE as an intelligent cockpit operating system.As people’s demand for vehicles shifts from mere transportation tools to intelligent mobile terminals, intelligent cockpit operating systems need to support diverse applications and services, as well as have rich ecological resources.Overview of Mainstream Automotive Operating System Solutions at Home and AbroadWith the rapid development of autonomous driving technology, the demand for transformation in automotive software, especially operating systems, is increasing. OEMs, Tier 1 suppliers, and autonomous driving hardware and software technology solution providers are investing heavily in the research and development of automotive operating systems, hoping to secure a foothold in the era of software-defined vehicles. Below is a brief introduction to the current development and application of mainstream automotive operating systems at home and abroad.① Tesla Autopilot Autonomous Driving Software Architecture
As we all know, Tesla is a leader in autonomous driving technology and industrialization, with its advantage being centered around its computing platform, self-developed and leading chip hardware, operating systems, platform software, etc. The Tesla autonomous driving software architecture is shown in the above image, characterized by its operating system based on a single Linux kernel, creating a complete autonomous driving software solution that implements the full process from perception, positioning, fusion, decision-making, planning to control.From publicly available information, the system is based on a customized version of Ubuntu, with real-time modifications to the Linux kernel, which is also open-sourced on GitHub. The deep learning framework is based on PyTorch, and real-time data processing relies on the open-source stream processing platform Kafka, with 48 independent neural networks for multi-dimensional data processing, and it possesses strong OTA upgrade capabilities. Its FSD (Full Self-Driving) computing platform hardware integrates both the intelligent cockpit domain and the autonomous driving domain, and the operating system utilizes OTA software upgrades, fully leveraging data and cloud computing ecosystems to create new models of automotive product value and services.② Volkswagen Centralized Software Architecture
Volkswagen has established a large team to independently develop the automotive operating system vw.OS to accelerate the application of autonomous driving technology. vw.OS adopts a service-oriented software architecture based on Adaptive AUTOSAR, as shown in the above image of the centralized software architecture.The design features of Volkswagen’s new generation EE architecture include:• Use of high-performance processors and high-speed networks• Kernel compatible with POSIX (Linux/QNX, etc.) + Adaptive AUTOSAR• Decoupling of application software and I/O functions, reducing the overall system complexity and dependencies between applications• Efficient and rapid development of user functions• Adoption of service-oriented communication③ Huawei MDC Intelligent Driving Computing Platform Architecture
Huawei MDC (Mobile Data Center) is positioned as the computing platform for intelligent driving. The platform integrates Huawei’s over 30 years of R&D and manufacturing experience in the ICT field, based on CPU and AI processor chips, equipped with intelligent driving OS, compatible with AUTOSAR, and supports smooth evolution from L2 to L5, allowing customers or ecological partners to develop intelligent driving applications tailored to different application scenarios with a complete toolchain.The main features of Huawei’s MDC intelligent driving computing platform architecture include:• Providing hardware and software solutions that are highly decoupled and can be independently upgraded, with separate upgrade paths for hardware and software;• Good adaptability to mainstream sensors, supporting data access from mainstream GNSS, IMU, cameras, LiDAR, and millimeter-wave radar, as well as front fusion of camera and LiDAR point clouds;• Good compatibility with mainstream middleware, supporting core components of commonly used deep learning frameworks such as Caffe and TensorFlow (chip, operating system kernel) that are independently controllable;• Huawei is the only manufacturer in the industry with both CPU and AI chip R&D capabilities, and the MDC platform hardware integrates a powerful SoC chip with CPU and AI computing capabilities, providing scalable heterogeneous computing power for intelligent driving;• Functional software is based on SOA architecture, following AUTOSAR specifications, defining the calling framework and software interfaces for basic algorithm components of intelligent driving; upper-layer application scenarios can flexibly choose different combinations of algorithm components to achieve specific application functionalities.④ NVIDIA Autonomous Driving Platform Architecture
NVIDIA is a global leader in artificial intelligence computing, leveraging its advanced hardware chip development advantages to provide a complete hardware platform and basic software platform centered around its leading high-performance safety chips, as shown in the above architecture. The NVIDIA computing platform hardware is currently at the Xavier stage, with the next-generation platform Orin announced but not yet on the market. Xavier is NVIDIA’s first automotive-grade system-on-chip, utilizing six different types of processors.Based on the Xavier chip, NVIDIA provides DRIVE AGX Xavier for autonomous driving development, achieving 30 TOPS of computing power, targeting L2+ and L3 autonomous driving; the provided DRIVE AGX Pegasus uses two Xavier system-on-chips and two Turing GPUs, achieving 320 TOPS of computing power, targeting L4 and L5 autonomous driving. The NVIDIA Drive system software layer integrates third-party RTOS + AUTOSAR, with a Hypervisor layer, and third-party mass-produced RTOS solutions have passed ASIL D certification.⑤ Baidu Apollo Open Platform Architecture
Baidu Apollo is a software platform that relies on third-party IPC for its computing platform hardware. The architecture of the Apollo open platform is shown in the above image. Baidu has independently developed two auxiliary hardware units, ASU (Apollo Sensor Unit) and AXU (Apollo Expansion Unit). The ASU is used to collect data from various sensors and transmit it to the IPC via PCIe. Additionally, the IPC’s control commands for the vehicle must also be sent to the CAN through the ASU; the AXU is used to meet additional computing power and storage needs, interfacing with existing hardware platforms in the form of GPUs and FPGAs.The main features of Baidu Apollo include:• End-to-end development for V2X (Vehicle-to-Everything) with hardware and software;• Seamless integration with cloud services, including many of Baidu’s other products, such as basic Baidu cloud services, online simulation products, high-precision maps, and Xiaodu Assistant (Duer OS), benefiting each product;• Due to being open-source, core algorithm modules have been fully productized after long-term optimization on GitHub;• Mainly focuses on the development of system software, including custom-optimized operating systems, system middleware, and algorithm functional modules, with most hardware utilizing third-party solutions;• The product does not involve additional development adaptation for the AUTOSAR architecture and does not require changes to the existing ECUs/MCUs of vehicles.Current Status of Automotive Operating Systems① Safety In-Vehicle Operating SystemsSafety in-vehicle operating systems have developed earlier abroad and have already conducted a series of standardization efforts, while domestically, the situation is mainly one of following.Europe developed the open system standard OSEK/VDX for distributed real-time control systems in automotive electronics in the 1990s, which primarily includes four parts: operating system specifications, communication specifications, network management specifications, and OSEK implementation language. However, with the upgrades in technology, products, and customer needs, the OSEK standard gradually fails to support new hardware platforms.In 2003, nine core members, including BMW, Bosch, Continental, Daimler, General Motors, Ford, Peugeot Citroën, Toyota, and Volkswagen, established the AUTOSAR organization to create a standardized platform independent of hardware with a layered software architecture, formulating various vehicle application interface specifications and integration standards. This organization provides methodological guidance for application development to reduce the complexity of automotive software design, enhance the flexibility and development efficiency of automotive software, and improve the reusability across different automotive platforms. AUTOSAR is based on OSEK/VDX but covers a broader scope.As of now, the AUTOSAR organization has released specifications for both Classic and Adaptive platforms, corresponding to safety control and high-performance autonomous driving categories, respectively. The Classic platform is based on the OSEK/VDX standard and defines the technical specifications for safety in-vehicle operating systems. The software architecture of Classic AUTOSAR is shown in the image below, characterized by a function-oriented architecture (FOA) that employs a layered design to decouple the application layer, basic software layer, and hardware layer.
Classic AUTOSAR layered software architecture (R20-11)The AUTOSAR standard platform, due to its open architecture and vertical layering and horizontal modular architecture, not only improves development efficiency and reduces development costs but also ensures the safety and consistency of vehicles. The AUTOSAR organization has gained increasing recognition in the industry, with over 280 members from various fields such as complete vehicles, parts, software, and hardware. AUTOSAR has now become the mainstream international standard software architecture, with companies like Vector, KPIT, ETAS, DS, and others that have complete automotive software solutions based on the AUTOSAR standard platform. Additionally, automotive manufacturers like BMW and Volvo have launched models based on the AUTOSAR standard platform.The Japan Automotive Software Platform Architecture (JasPar) organization was established in 2004 to unify companies in horizontally customizing communication standards that consider both automotive software and hardware, achieving the generalization of automotive operating systems and improving the reusability of basic software. Members of the JasPar organization include most Japanese automotive and supporting software and hardware product manufacturers.
Japan Automotive Software Platform Architecture Organization JasParCurrently, domestic OEMs and parts suppliers mainly use the Classic AUTOSAR standard for software development. FAW Group, Changan Group, and others began using Classic AUTOSAR standard tools for ECU design, development, and verification in 2009. In April 2011, SAIC Group, FAW Group, Changan Group, Chery Group, and some universities established the CASA alliance to promote and develop the AUTOSAR architecture in China. Currently, Jianghuai Automobile is also mainly developing software and products based on the Classic AUTOSAR standard.In terms of products, Puhua Software is the domestic operating system strategic platform of the China Electronics Technology Group, leading the 11th and 12th Five-Year Plan major projects on automotive electronic operating systems. The automotive operating system developed has been mass-produced in key components such as body control modules (BCM), new energy vehicle controllers (VCU/HCU), and electronic steering systems (EPS), and has been used in the advanced driver-assistance systems (ADAS) of Bosch, Germany.Neusoft Ruichi has released the NeuSAR product, which is developed based on AUTOSAR, providing system platforms aimed at next-generation automotive communication and computing architecture for OEMs developing autonomous driving systems and parts suppliers, including Classic AUTOSAR, Adaptive AUTOSAR, and a series of development system tools.② Intelligent Driving Operating SystemsIntelligent driving operating systems are poised to become one of the core competitive advantages in the development of autonomous vehicles. The trend and characteristics of intelligent driving operating systems are vertically layered to achieve decoupling between layers, facilitating rapid development and porting, as shown in the image below.
Vertical Layering Diagram of Intelligent Driving Operating SystemsEach layer has its own responsibilities and different roles:
Operating System: Responsible for providing services such as thread creation to the hardware;
Middleware/Development Framework: Responsible for interfacing with different operating systems and providing communication, resource management, and other services to upper-layer applications;
Application/Functional Software: The rest is its responsibility.
Currently, the commonly used intelligent driving operating systems in the industry are mainly Linux, QNX, and other RTOS (such as FreeRTOS, ThreadX, VxWorks, etc.).The main characteristics of the three are compared in the image below:
Comparison of Intelligent Driving Operating SystemsLinux was originally designed and developed as a general-purpose operating system but provides some real-time processing support, including real-time functions in most POSIX standards, supporting multitasking, multithreading, and having rich communication mechanisms. In addition, the Linux community has real-time enhancement patches that add features such as interrupt threadization and priority inheritance to the original RT functionality of the Linux kernel. Linux also provides POSIX-compliant scheduling policies, including FIFO scheduling policy, time-slice round-robin scheduling policy, and static priority preemptive scheduling policy. Additionally, Linux offers memory locking features to prevent stored pages from being swapped out during real-time processing while providing POSIX-compliant real-time signal mechanisms.QNX is a commercial POSIX-compliant real-time operating system, primarily characterized as a distributed, embedded, and scalable hard real-time operating system. QNX adheres to POSIX.1 (program interface) and POSIX.2 (Shell and tools), partially adheres to POSIX.1b (real-time extensions). The microkernel structure of QNX is a significant distinguishing feature from other operating systems. The microkernel structure of QNX keeps the kernel in a protected address space; drivers, network protocols, and applications operate in user space.Above the underlying operating system, software middleware is also of great concern in the intelligent driving field. The main goal of middleware is to provide common functions such as data communication, protocol alignment, computational scheduling, and modular encapsulation for upper-layer applications, offering a standardized and modular development framework to achieve module decoupling and code reuse.Next, two middleware solutions for autonomous driving will be introduced: Adaptive AUTOSAR and ROS.Adaptive AUTOSAR
The Adaptive AUTOSAR architecture logical view (R20-11)The AUTOSAR organization launched the Adaptive AUTOSAR (AP) architecture to address the development of autonomous driving technology, as shown in the above image. Its main features include a service-oriented architecture (SOA), where services can be dynamically loaded based on application requirements, configured via configuration files, and updated independently. Compared to Classic AUTOSAR (CP), it can meet stronger computing power requirements, is more secure, has good compatibility, and allows for agile development.The Adaptive AUTOSAR system is primarily suited for new centralized high-performance computing platforms, meeting the high-speed communication needs between vehicle components and the high computing power requirements of intelligent driving. The AP platform adopts a service-oriented architecture, composed of a series of services, where applications and other software modules can call one or more services based on demand, with services being provided by the platform or remotely from other components, allowing OEMs to define their own service combinations according to functional design requirements.The AP platform does not design a new operating system kernel; all operating system kernels that comply with POSIX PSE51 interfaces can be used. The AP platform focuses on the system service middleware above the operating system kernel, mainly divided into platform basic functions and platform service functions. The three main support and evolution directions of the AP platform are: safety (including information security and functional safety), connectivity (including various new communication mechanisms inside and outside the vehicle), and upgradability (including OTA, flexible software design and management, etc.). The AP platform continues to adopt traditional standard design practices, releasing new functionalities in concentrated versions each year.ROS
ROS ArchitectureROS, as the first open-source robotic software middleware, has been used in the robotics industry for a long time. The primary design goal of ROS is to improve code reuse in the field of robotics R&D. ROS is a distributed process (or “node”) framework, encapsulating these processes in packages and functionality packages that are easy to share and publish. The entire intelligent driving system and robotic system share strong similarities, and the open-source nature of ROS, along with its rich open-source libraries and toolchains, has led to its widespread application in intelligent driving research. Many prototype systems for autonomous driving, such as AUTOWARE, initially used ROS, but switched to their self-developed onboard middleware CyberRT starting from Apollo version 3.5.ROS has mainly two versions in its development, ROS1 and ROS2. The communication of ROS1 relies on a central node, which cannot solve reliability issues such as single-point failure. To better meet industrial-grade operational standards, the most significant change in ROS2 is the removal of the Master central node, achieving distributed discovery of nodes, publish/subscribe, and request/response; it is based on DDS (Data Distribution Service), an industrial-grade communication middleware mechanism, supporting multiple operating systems including Linux, Windows, Mac, RTOS, and more.Although ROS2 has made significant improvements over ROS1, it still has a long way to go before being fully applicable to automotive standards. Some companies, such as APEX.AI, are also attempting to adapt ROS for automotive-grade applications.③ Intelligent Cockpit Operating SystemsIn the field of intelligent cockpit operating systems, there is currently no unified international standard, and intelligent cockpit operating systems are mainly controlled by a few foreign software companies, including BlackBerry’s QNX, various custom operating systems based on Linux, and operating systems based on the Android open-source project (which is also based on Linux).
QNX CAR Application PlatformQNX is a commercial POSIX-compliant real-time operating system, primarily targeting embedded systems, characterized by high operational efficiency and high reliability, and has nearly 40 years of use experience in industrial control fields, widely applied in automotive, rail transportation, aerospace, and other fields with high safety and real-time requirements. QNX is the world’s first intelligent cockpit operating system to pass ISO 26262 ASIL D safety certification, matching over 40 global automotive brands and being used in more than 60 million vehicles, making it the market leader in intelligent cockpit operating systems with a global market share exceeding 75%.
AGL (Automotive Grade Linux)Linux has more powerful features than QNX and more complex components, making it commonly used in infotainment systems that support more applications and interfaces. Associations or alliances are dedicated to promoting the open-source Linux operating system in the automotive field, with typical representatives like AGL and GENIVI. For instance, Tesla has developed an operating system fully adapted to its vehicles based on Linux; Alibaba’s AliOS is also based on Linux and is currently applied in several models from SAIC Roewe and SAIC MG. In 2016, the open-source automotive system AGL (Automotive Grade Linux) project, sponsored by the Linux Foundation, released version 2.0, aimed at providing new intelligent cockpit system support for the automotive software industry.Android has entered the automotive IVI system due to its rich application ecology in China. Although it lacks safety and stability, Android still occupies a dominant position in the domestic automotive infotainment system field due to its aforementioned advantages, especially as major internet giants, independent brands, and new automotive forces have customized their automotive operating systems based on Android, such as Alibaba’s AliOS, Baidu’s Xiaodu In-Vehicle OS, BYD’s DiLink, NIO OS, Xpeng’s Xmart OS, and others.ConclusionThe development of intelligent cockpits and autonomous driving, along with Tesla’s rapid progress, has led major OEMs to pay increasing attention to automotive operating systems. However, most of the current efforts by automakers in software-defined vehicles are focused on decoupling hardware and software to reduce manufacturing costs and enrich new vehicle functionalities, while they remain at the market research and learning stages at the operating system level.Given the continuous blockade and suppression of Chinese high-tech enterprises by the United States, having independently controllable vehicle-mounted chips and operating systems is an inevitable requirement from a national perspective. However, do we have enough time, manpower, financial resources, and technical capabilities to develop a new operating system? What if the development fails? Is the system developed only for self-use? How to profit from it? Can it secure a place in the market? These are all questions that need to be considered.Welcome to all angel round and A round enterprises in the entire automotive industry chain (including the power battery industry chain) to join the group(We will recommend to include top investment institutions among 800 automotive investment institutions);There are communication groups for leaders of technology innovation companies and dozens of groups covering the entire automotive industry, including complete vehicles, automotive semiconductors, key components, new energy vehicles, intelligent connected vehicles, aftermarket, automotive investment, autonomous driving, vehicle networking, etc. Please scan the administrator’s WeChat to join the group (Please indicate your company name)
