ADAS: functional safety and freedom from unacceptable risk

RSS_Auto_Poster

Well-known member
Written by Stuart Birch
9776.jpg

"When it comes to safety in cars, there are two main considerations: firstly, reducing dependency on driver skill and awareness and secondly, functional safety," said Tim Mace, Senior Manager of Business Development at MIPS, which is self-described as one of the most-prolific, longest-living industry-standard microprocessor architectures, created by Dr. John Hennessy at Stanford University in 1981. "Functional safety depends on the system or equipment operating correctly in response to its inputs, including the safe management of likely operator errors, hardware failures and environmental changes," added Mace, who holds a degree in physics with electronics. "Functional safety describes the overall requirement for fault tolerance in a system or piece of equipment," he added. "The objective of functional safety is freedom from unacceptable risk of physical injury or of damage to the health of people either directly or indirectly through damage to property or to the environment." Exponential "edge"-processing Driver-support systems including automatic emergency braking, lane-departure warning and pedestrian detection are helping to reduce the frighteningly high number of accidents that have a human causal element; that figure currently is 94%, according to the National Highway Traffic Safety Administration (NHTSA). But systems" reliability, efficacy and integration are of course vital: "As we move towards fully autonomous driving as part of a fully-integrated transport system, the need for processing at the edge" will increase up to 1,000 times in the next 10 years. Many people in the auto industry are saying that much can be offloaded to the cloud. However, such a system requires an always on, always available" approach, with no bandwidth limitations. This is not what 5G (cellular connectivity) will be able to deliver in the short-to-medium term." Artificial intelligence (AI) will be at the heart of this requirement. In semi-autonomous and fully-autonomous cars, there will be a massive need for computer "vision" to make sense of what comes into the view of a car"s cameras and other sensors, with up to 20 cameras being the current recommendation for car manufacturers. Machine Learning (ML) will be important for the processing demands of sensor fusion and AI in the cloud, for transport planning and prognostic/diagnostic information. But Mace warns: "As a consequence of adding in all of this electronics functionality much of it aimed at reducing driver error there is a need to have a functional-safety approach across the design process of the entire system. Functional safety is not a test of the actual function of a device or system, but whether it has integrity. For example, checking the silicon part to be sure that there are no stuck at" or transient faults. ASIL and critical standards "The ISO 26262 Functional Safety Standard looks at several factors to consider should there be a device or system malfunction. It looks at the exposure, the potential severity of an accident and the controllability of it. This then gives a broad measure of the criticality of the part. ASIL (Automotive Safety Integrity Level) A is low on the scale, while ASIL D is the highest on the scale." For example, an OEM building a vehicle safety plan would want the elements in its braking system to be ASIL D compliant, but with a failure in the electric window control system, there would be a low to no likelihood of a serious accident occurring so that may only need to be ASIL A compliant. A close liaison between OEM and Tier 1 and Tier 2 suppliers, processing-chip vendors and IP suppliers working to deliver solutions to the initial safety plan would be crucial. Adds Mace: "The high-level safety requirements can be broken down into parts of the device that are required to support the ASIL level and those that are not, or can deliver a lesser ASIL level but allow the upper-level part to maintain its defined ASIL level." At the silicon-chip IP level, it is necessary to provide products that allow the chip manufacturer and the Tier 1 suppliers to meet their safety plan goals: "During operation of an ISO 26262-compliant system, tests occur multiple times per second to ensure this chip is working OK." The test of what the device actually does, be it pedestrian detection or lane-departure warning, for example, is not tested to comply with this standard." Mace cites one of the key early players in the ADAS market as Mobileye (now part of Intel) via its EyeQ line of vision processors: "Mobileye has designed-in MIPS microprocessors for a variety of functions within their processor family since the EyeQ2. Mobileye"s System on Chips (SoCs) leverage hardware multi-threading in the MIPS Central Processing Units (CPUs) to help increase efficiency of the image accelerators, which extract the meaningful information from the camera sensor data." In the MIPS I6500-F CPU, Mace states that MIPS has created a CPU that not only provides the performance needed for ADAS and autonomous driving, it also meets the functional-safety needs of the automotive and industrial robotics segments, designed for compliance to the ISO 26262 ASIL B (D) and IEC 61508 standards. "As an industry, we are moving to a fundamental change in car-electronics architecture. Given that the car is increasingly becoming a software platform, the underlying architecture is morphing towards centralized computing functions connected by gigabit Ethernet offering up a rich set of Application Programing Interfaces (APIs) that will be the basis for delivering new features and services. "With the movement towards an autonomous driving future and the safety critical systems involved, having a functional safety culture, processes and solutions is absolutely fundamental." And with evolving vehicle electronics" architecture and the need for a dramatic increase in computer performance, it also will be key to the move to centralized and virtualized 64-bit microprocessor architectures, Mace asserted.<br />



Date written: 31-Oct-2017 12:32 EDT

More of this article on the SAE International Website

ID: 9776
 
Back
Top