View
0
Download
0
Category
Preview:
Citation preview
October 23, 2018
TTTech Auto AG
The importance of Safety on the way to
Automated DrivingEric Schmidt
Teamleader ‘Lead Engineering & Safety’
eric.schmidt@tttech-auto.com
Manufacturing
Off-Highway
Energy
Automotive
The technology leader in robust
networked safety controls
Transfers proven aerospace network
technology to mass markets like
automotive and manufacturing
Aerospace & Space
The innovator of Deterministic Ethernet
and the driving force behind the IEEE
TSN standard and SAE Time-Triggered
Ethernet standard
TTTech Group
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information 2
Why are we heading for Autonomous Driving?
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information 3
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
is something we want to have
in all aspects of life
especially when thinking
about transportation
and even more when thinking
about our beloved ones
SAFETY
4
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
safety needs to cover all potential
risks
✓
✓
✓to save lives / prevent physical harm to
humans
to minimize risk
to receive customer / public acceptance
but…
faults can always happen
safety needs to be designed into the
product from the very beginning and
needs to be proven
!
!
!
Why Safety is so important
5
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
What is Safety?
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
✓ Safety = absence of unreasonable risk(Source: Definition from ISO 26262, Part 1)
Disciplines of Safety:
✓ Safety of use
✓ Functional Safety (FuSa)
✓ Safety of the Intended Functionality (SOTIF)
✓ Security
misuse
malfunction
misperception
deliberate
manipulation
6
ISO 26262
From Fail-silent to Fail-operational Systems
Fail-operational = continue operation after a fault
Design assurance standards are similar across various industries
DO 178C / 254EN/ISO 13849IEC 61508
Fail-operational
Fail-silent
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information 7
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
Levels of automation and system architectures
L1driver
assistance
L2partial
automation
L3conditional
automation
L4high
automation
L5high
automation
Control Driver Vehicle Vehicle Vehicle Vehicle
Monitoring Driver Driver Vehicle Vehicle Vehicle
FallbackDriver Driver
Driver (after take-over time)
Vehicle (in defined use case)
Vehicle
B
Fail-silent system designs Fail-operational system design options
B
D
B B B
D
B B
D
B
D
B B
D
BCSystem Layout
and
ASILs
8
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
The Challenges for Automated Driving
Complexity Customer Acceptance Legislation
Cost Compute Performance Safety
9
23.10.2018
Non-functional Requirements towards Automated Driving – Software and Safety Architecture
ISO 26262 - ASIL D Safety
Combing high-performance
computing SoC’s with automotive
µC’s to achieve ASIL-D.
Fail-Operational
Keep up safe operation for
Level 3-5 automated driving
even after failure of a
component.
Scalability
Scale architecture from basic
functionality to high-end.
Scale autonomy from Level 2
to Level 5.
Real-Time
Ensure end-to-end timing
requirements for all critical
processing paths
(e.g., emergency braking).
TTTech Auto AG – Confidential and Proprietary Information 10
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
The Automated Driving Challenge Heatmap
Feasibility of Safety vs. Complexity /
Performance / Requirements
SensorsPre-Processing
ClassificationFusion
Trajectory
PlanningActuators
Actuator
Control
Cameras
Radars
Ultrasonics
Nano Radars
Lidars Map Fusion
Object Fusion
Road-Graph
Parking
Traffic Jam
Highway
Parkhouse
Suburban
City (Multi-Agent
Planning)
Longitudinal
Lateral
Vertical
Powertrain
Braking
Steering
Suspension
Safety Architecture, safe computation (random HW faults, design faults @ SW & HW)
How to safeguard complex (AI) algorithms? Fail-Operational Approach
11
The safety mastermind for
automated driving and beyond.
Series-proven. Open. Scalable.
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information 12
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
AD Domain ECU Reference Architecture
Control(ASIL C/D)
Sensor Processing / Fusion(ASIL B/C)
HD Vision(ASIL A/B, QM)
Safety
µC
Performance
SoC
Performance
SoC
(GPU)
Vision SoC
(GPU, NPU)
Fle
xR
ay
CA
N
Eth
ern
et
Eth
ern
et
Deterministic Ethernet SwitchCommunication Synchronization
Safety Software Platform
13
01Integration of platform without configuring
execution frames.
02Applications are integrated and tested
individually by APP suppliers without any
timing restrictions.
03All applications are integrated by the SW-
integrator on the platform; conflicts start
immediately as it is not clear who is causing
problems and why.
23.10.2018
Software Integration of Complex Real-Time Systems
04Conflicts are reported back to function SW suppliers, applications have to be modified
to meet the system‘s timing restrictions
TTTech Auto AG – Confidential and Proprietary Information 14
01Platform configuration includes execution
boundaries for the applications.
02Applications are integrated and tested
individually by the APP suppliers into their
respective execution boundaries.
03All applications are integrated and are
immediately able to run together; violations
by APPs are detected easily.
23.10.2018
MotionWise: Robust Parallel Integration Process
Robustness
through clear allocation and
monitoring of resources (memory,
CPU, comm.)
Complete software integrated
for functional testing
Parallel Integration
to speed-up software
development of multiple-
software suppliers
TTTech Auto AG – Confidential and Proprietary Information 15
www.tttech.com
What is already possible? Example Nissan
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information 16Source: https://www.youtube.com/watch?v=cfRqNAhAe6c
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
Why aren‘t there so many autonomously drivingcars out yet?
The technology is not reliable enough and quite expensive Answer
17
Source: https://www.youtube.com/watch?v=-2ml6sjk_8c
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
Unusual and complex situations must be mastered
18
23.10.2018
Artificial Intelligence (AI) to the rescue?
TTTech Auto AG – Confidential and Proprietary Information 19
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
Scene segmentation based on „Deep Learning“
Source: Motovis
20
23.10.2018
AI usage in general system architecture
Sensors Preprocessing Actuation
Power Train
Brake
Steering
Data Fusion Path Planning Control
Prediction
Behaviour
Trajectory
Cluster
PP
PP
PP
PP
PP
Object Fusion
Localization
Road Graph
Grid Fusion
Motion
Control
HMI
Sensors Preprocessing Actuation
Power Train
Brake
Steering
Data Fusion Path Planning Control
Prediction
Behaviour
Trajectory
Cluster
PP
PP
PP
PP
PP
Object Fusion
Localization
Road Graph
Grid Fusion
Motion
Control
HMI
Approach #1:
Use AI for specific parts of the
problem
• E.g. object detection and classification
• Widely accepted
• Modular verification approach possible
Approach #2:
AI as an end-to-end algorithm
• Requires end-to-end validation approach→ Massive simulation and testing unavoidable
• Corner cases (algorithm failures) are
inherently unpredictable and never ruled
out→ Parallel safety supervision needed
TTTech Auto AG – Confidential and Proprietary Information 21
Automated Driving will become a reality soon …
starting with limited use cases (evolutionary approach) …
for full autonomy in all scenarios there is a lot to solve.
Diversity (in sensors/algorithms/chips) helps
to make it safe.
23.10.2018 TTTech Auto AG – Confidential and Proprietary Information
Recommended