A spacecraft tool is now improving car safety by stress-testing many of the internal computer systems to be sure they work well when the car is on the road.
Designed to test how computers on spacecraft react to cosmic radiation, the Xception software used by ESA proved to be the right tool to check the tiny computer controlling a car dashboard display.
This rather advanced space technology is now being extended to help guarantee the faultless performance of safety-critical car systems, like the brakes.
Features like navigation, cruise control, parking sensors and engine and gearbox management, also driven by microcomputers, could be the next to be scrutinised.
“Your car is probably the most technologically advanced machine you own,” comments Luis Gargaté, from Critical Software, the Portuguese company that designed Xception.
“It has up to 60 tiny processors, little brains, squeezed under the bonnet, in the engine, the mirrors, wheel rims, petrol tank, seat cushions, headrests, bumpers. And the software controlling each system is complex.”
With the automotive industry needing to put safety first and reduce the number of recalls, the steady computerisation of cars makes it imperative that every processor works faultlessly.
“Just imagine a sensor in the engine malfunctions and tells both the dashboard and the computer controlling the engine the temperature is normal when the truth is that it is overheating,” suggests Luis.
“The computer needs to understand the sensor is misbehaving and switch on the temperature light nonetheless.“
To ensure the processor always runs smoothly even when things go wrong, teams use ‘fault injection’. They feed erroneous information to the software, pushing it almost to breaking point, to monitor how it behaves in unexpected situations. It’s a technique they refined for spacecraft.
Safety first in space
Testing the robustness of both hardware and software is nothing new for ESA, who always demands the highest quality standards.
“Once a spacecraft has left Earth, investigating and correcting an failure can be a lengthy and painful exercise, sometimes even impossible,” explains ESA’s Davide Moretti. “So, we have extremely rigorous procedures to make sure the software continues functioning reliably in the harshest conditions.”
“When radiation passes through a computer it can ruin your data, forcing the control software to misbehave momentarily. If that happens to software controlling a mission-critical function, it can really upset the behaviour of your satellite."
The company developed Xception to simulate unplanned scenarios and monitor how the spacecraft might react. Is the software robust enough to understand there was a glitch in the data and recover?
Since then, it has helped to qualify numerous satellites for space, including CryoSat to observe Earth’s ice and Swarm to monitor our magnetic field.
Under the ESA-funded National Technology Transfer Initiative in Portugal, Instituto Pedro Nunes (IPN) and Portugal’s Fundação para a Ciência e Tecnologia’ funding agency supporting science, technology and innovation helped the company to modify their fault injection technology for testing car parts.
“The initial work with ESA was incredibly important,” comments Inês Plácido from IPN, Portugal’s broker in ESA’s Technology Transfer Programme network supporting industry in using technologies developed for space programmes to improve terrestrial applications.
“It acted as a catalyst to Critical Software’s business growth because they understood the demanding quality standards and robust techniques required in ensuring safe and reliable systems in space could be directly transferred to resolve challenges in terrestrial applications.”
Driving from Mars
The company also developed the new ‘XLuna’ for a demonstration vehicle for ESA’s ExoMars rover. It allows both safety and non-safety-essential software to run alongside each other in the same processor, rather than each function requiring its own separate microcomputer.
A rover carries complex software, some of which controls science and some of which manages the vehicle’s basic operation.
“It’s vital the software taking a photo doesn’t interfere with the software controlling the rover, otherwise we could lose everything,” explains Luis.
By separating the functions so they can co-exist on the same processor, it is possible to reduce the number of onboard computers – vital in space where every gram counts.
This could be yet another spin-off from space to the automotive world. The company has already been requested to adapt XLuna for car applications such as eCall, an EU initiative to fit all new cars by 2018 with a wireless device that automatically sends a distress signal to emergency services in an accident, reducing response times and saving lives.
XLuna would allow the eCall software to share the same hardware as the entertainment system without compromising the safety function of eCall.
“You don’t want your music system to prevent your car from calling an ambulance in a crash,” says Luis.
Looking further ahead, as we prepare to ditch our steering wheels for the driverless road, we might find ourselves riding in a self-driving car using software perfected for a Mars rover.