Disclosed embodiments relate to perform operations for receiving and integrating a delta file in a vehicle. Operations may include receiving, at an Electronic Control Unit (ECU) in the vehicle, a delta file, the delta file comprising a plurality of deltas corresponding to a software update for software on the ECU and startup code for executing the delta file in the ECU; executing the delta file, based on the startup code, in the ECU; and updating memory addresses in the ECU to correspond to the plurality of deltas from the delta file.

Disclosed embodiments relate to adjusting vehicle Electronic Control Unit (ECU) software versions. Operations may include receiving a prompt to adjust an ECU of a vehicle from executing a first version of ECU software to a second version of ECU software; configuring, in response to the prompt and based on a delta file corresponding to the second version of ECU software, the second version of ECU software on the ECU in the vehicle for execution; and configuring, in response to the prompt, the first version of ECU software on the ECU in the vehicle to become non-executable.

Disclosed embodiments relate to generating an update package for updating software on an Electronic Control Unit (ECU) in a vehicle. Operations may include accessing a plurality of attributes of a software update to be stored on the ECU in the vehicle; accessing a corresponding plurality of attributes of current software stored on the ECU in the vehicle; comparing the plurality of attributes with the corresponding plurality of attributes; generating a delta file representing differences between the plurality of attributes and the corresponding plurality of attributes determined in the comparison; and providing the delta file to the ECU, wherein the delta file is configured to be processed by startup code in the ECU that enables the delta file to execute in the ECU in the vehicle.

Disclosed embodiments relate to performing updates to Electronic Control Unit (ECU) software while an ECU of a vehicle is operating. Operations may include receiving, at the vehicle while the ECU of the vehicle is operating, a software update file for the ECU software; writing, while the ECU is operating, the software update file into a first memory location in a memory of the ECU while simultaneously executing a code segment of existing code in a second memory location in the memory of the ECU; and updating a plurality of memory addresses associated with the memory of the ECU based on the software update file and without interrupting the execution of the code segment currently being executed in the second memory location in the memory of the ECU.

Disclosed embodiments relate to opportunistically updating Electronic Control Unit (ECU) software in a vehicle. Operations may include receiving, at a controller in a vehicle, a wireless transmission indicating a need to update software running on at least one ECU in the vehicle; monitoring an operational status of the vehicle to determine whether the vehicle is in a first mode of operation in which an ECU software update is prohibited; delaying the ECU software update when the operational status is prohibited; continuing to monitor the operational status of the vehicle to determine whether the vehicle is in a second mode of operation in which the ECU software update is permitted; and enabling updating of the at least one ECU with the delayed ECU software update when it is determined that the vehicle is in the second mode of operations.

Disclosed embodiments relate to reporting Electronic Control Unit (ECU) errors or faults to a remote monitoring server. Operations may include receiving operational data from a plurality of ECUs in the vehicle, the operational data being indicative of a plurality of runtime attributes of the plurality of ECUs; generating, through a machine learning process, a statistical model of the operational data; receiving live, runtime updates from the plurality of ECUs in the communications network of the vehicle; identifying an ECU error associated with an ECU in the communications network of the vehicle, the ECU error being determined by a comparison of the live, runtime updates with the statistical model of the operational data to identify at least one deviation from the operational data; and wirelessly sending a report to the remote monitoring server based on the live, runtime updates, the report identifying the ECU and the identified ECU error.

Disclosed embodiments relate to automatically providing updates to at least one vehicle, Operations may include receiving, at a server remote from the at least one vehicle, Electronic Control Unit (ECU) activity data from the at least one vehicle, the ECU activity data corresponding to actual operation of the ECU in the at least one vehicle; determining, at the server and based on the ECU activity data, a software vulnerability affecting the at least one vehicle, the software vulnerability being determined based on a deviation between the received ECU activity data and expected ECU activity data; identifying, at the server, an ECU software update based on the determined software vulnerability; and sending, from the server, a delta file configured to update software on tree ECU with a software update corresponding to the identified ECU software update.

A method for active failure recovery of a single node improved based on PBFT algorithm is disclosed. The abnormal node first initiates a view change request, if (2f+1) view change requests containing the same view value cannot be received within a specified period of time, the abnormal node enters a state to be recovered, and the node to be recovered initiates a recovery request to all nodes of the whole network, waits for replies from normal nodes and counts the number of replies, calculates a height of stable checkpoint of the whole network after receiving replies contain the same view value from (2f+1) nodes, and update the state thereof to finally complete the recovery. This method solves an inherent problem in the PBFT algorithm that a failure in a single node cannot be recovered autonomously, so that a practicability of the PBFT algorithm is greatly improved.

A multi-processor architecture for automated driving systems can be used to improve performance and provide design flexibility. For example, a multi-processor architecture can be used to implement command generation and safety functionality in different processors. The command generation processor can be a high performing processor compared with the safety processor. The safety processor can verify the safety of commands output from the command generation processor and provide additional I/O channels that are typically absent on high performing processors. Additionally, processing of some sensor data can be moved to expansion modules with additional processors to reduce bottlenecks and provide design flexibility for systems with different sensing requirements.

In the invention, a problem is solved in which, in order to achieve high performance and high reliability with the conventional multi-core and lockstep core, a redundant lockstep core is necessarily prepared to execute a multi-core program in which an error has occurred, a circuit area increases, and a cost and a power consumption increase. In the invention, a safe operation of a control system is secured by operating a software program operating on a multi-core in which an error has occurred as degenerate software on a core switched from a lockstep operation to a multi-core operation.