Enabling state of the art robustness and enhanced reliability by developing fail-operational architectures for highly automated safe driving

The successful cooperation of partners in PRYSTINE*, the highest ranked ECSEL Joint Undertaking project proposal in 2017, will realize Fail-operational Urban Surround perception based on a combination of robust Radar and LiDAR sensor fusion feeding control functions with high resolution data in order to enable safe automated driving in urban environments. TTTech Group and Infineon Technologies AG are closely cooperating in this project to build innovative embedded control solutions opening new market opportunities as enablers for highly automated vehicles and thus, valuably contributing to safe, efficient and clean mobility of the future.


In the presence of the ever-increasing connectivity inside and outside modern vehicles as well as of the large amount of sensor data to be processed, the complexity of E/E systems and their software functionality is growing exponentially. This development has shown that safe and secure communication is required for Advanced Driver Assistance Systems and that designing a sound safety approach is one of the most critical challenges in highly automated driving.  The presence of common cause failures, for instance, those that originate from systematic hardware and software faults are a critical problem to be solved in order to avoid catastrophic events. Depending on the level of autonomy, a vehicle must be fully/partially functional in case of occurrences of failures or of damage of the car’s environmental perception.

In this regard, the project’s main goals are to enhance the existing architectures, to address the huge complexity of the E/E systems and implement automated driving functions for future automated mobility while ensuring the highest automotive safety standards (ISO26262 up to ASIL D) and state-of-the-art high-speed connectivity. Implementing mixed-criticality modular architecture instead of federated architecture and deploying a fail-over mechanism developed to ensure non-compromised sensor fusion for automated driving was proposed by TTTech as an innovative solution to reply to the technological needs. Benefits from a modularity concept combining COTS elements such as SoCs, AURIX™ automotive microcontroller, power supply, Deterministic  backbone network for low-latency data exchange, multiple cameras, etc. allow flexibility of the developed solution and speed up the automotive market.

Such heterogeneous systems consist of two components. On the one hand, the systems need a lot of computing performance for sensor fusion, environment model calculation, etc. This cannot be fulfilled by classical automotive MCUs.  SoCs with GPU capabilities running a POSIX OS are a first choice for this. On the current market, available MPUs do not support hard-real-time, automotive quality, automotive interfaces and highest grade of availability, semper proof security and functional safety up to ASIL D.

For fail-operational systems in passenger vehicles, there is a need for a highly available “last man standing” solution. Consumer MPUs with a little AECQ-100 upgrade are not sufficient for this. A holistic approach with full automotive qualification is provided by the Infineon Microcontroller AURIX™ family, which has been developed, from scratch, according to ISO26262 is needed here. AURIX™ TC3x devices are even certified ASIL D by TÜV Saar based on ISO26262-18, as the first on the market. A safety power supply TLF35584 with watchdog capabilities for the MCU completes this offering. A product to system with a high value for the customers.

Automotive customers would like to see the dedicated capabilities of the MCU and MPU in one package. This would be possible, but then only limited to a few use cases per package. Full scalability would not be possible. For this reason, the solution for the next years is to have an effective cooperation between MCU and MPU.

Preliminary results of the partnership of TTTech Group and Infineon Technologies AG in PRYSTINE show the possibility to bring the hardware architectures to a next level of safety for highly automated driving. Usage of a sensor fusion failover mechanism enables the implementation of embedded control in a non-compromised way to advance safe technologies and improve human lives.

      

 

*PRYSTINE receives funding from the European H2020 research and innovation programme, ECSEL JU (grant agreement no 783190) and the participating national funding organizations in Austria and Germany.