Architectural Standardization in Safety-Critical Embedded Software
Nippon Seiki – Automotive Head-Up Display Systems
Problem & Complexity
Before the redesign, numerous modules accessed CAN data and diagnostic services directly via AUTOSAR/MCAL. Even small changes forced new DaVinci configuration, full recompilation, and extended system integration. Tight coupling increased effort, fragility, and cost — especially under ASPICE/ISO 26262.
Additionally, topics like the stepper motor serial mode, DMA-based communication, and PWM backlight required special procedures (registers, interrupts, synchronization) that the team tended to avoid — further increasing overall complexity.
Approach
Instead of patching isolated bugs, I established an architectural abstraction: forbidding direct AUTOSAR access, introducing well-scoped components and type-safe C templates, and applying proven patterns (Proxy, Observer-Provider, State Machine, RingBuffer, LinkedList, Facade).
Core Components
- ParameterManager / EventProvider: centralized NvM access by parameter ID only, RAM buffering (RingBuffer/LinkedList), automatic notifications.
- InputDataManager / SystemInfoService: centralized CAN data store; modules decoupled from AUTOSAR.
- SystemErrorManager / EventProvider: unified fault handling (incl. DTC/lock logic).
- Facade Layer: abstracted access for execution/MCAL/diagnostics; enables PC runs without AUTOSAR via simulation → early integration testing.
- Strict layering discipline: top-down access; lower layers registered only as observers.
Results
- Maintenance/testing significantly reduced: centralized, validated implementations reusable without re-testing everything or triggering global re-configuration.
- Simulation: firmware runs on PC without AUTOSAR → faster debugging & earlier integration.
- ASPICE success: layered architecture with bidirectional traceability defended in audits.
- Team productivity: onboarding junior engineers without deep AUTOSAR expertise became feasible.
- Low-level breakthroughs: oscilloscope analyses, register re-configuration (SPI/DMA/IRQs), and systematic debugging stabilized stepper/DMA/PWM/error handling as reference implementations.
Lessons Learned
- Strong abstraction + design patterns lower coupling, complexity, and cost.
- A Facade layer and shielding from AUTOSAR make the firmware portable & simulation-ready.
- Persistence at the hardware level is decisive when nobody wants to touch the topic.
- Knowledge transfer (guidelines, webinars, wiki) is as important as the code itself.
- Architecture empowers teams to work consistently and efficiently.
“Architecture is not only about technical correctness — it’s about enabling teams so that quality becomes reproducible.”