Technology companies TTTech Auto and Infineon Technologies say that together they have developed the key components for a fail-operational electronic architecture, intended for highly automated driving at SAE Levels 3 and 4. This will, they say, enable the safe and reliable processing of, for example, radar or lidar camera sensor data. The fail-operational architectural concept and its key components ensure the safe operation of elements such as highway pilot functions, valet parking and autonomous truck driving even if individual functions fail.
The joint research contributed to the successful completion of the European PRYSTINE (Programmable Systems for Intelligence in Automobiles) project, which aimed to realize safe automated driving by fail-operational urban surround perception. For three years, approximately 60 partners worked together in the areas of sensor-fusion, electronic architectures and artificial intelligence coordinated by Infineon.
“With a fail-operational system design, car manufacturers lift the safety of their highly automated vehicle to aviation standard in a cost-efficient manner”, says Stefan Poledna, CTO of TTTech Auto. “This system architecture takes the high safety and reliability requirements of global car manufacturers’ mass-production programs into account. Furthermore, based on a centralized computer architecture, it forms the foundation for the future software-based car.”
“We are developing multicore microprocessors to offer a high-performant, safe and cost-efficient solution for highly automated vehicles,” added Thomas Boehm, SVP for automotive microcontroller at Infineon. “Multicore processors provide the necessary processing power, sufficient memory and meet the increasing safety requirements due to the electrification of the car and the advancement of automated driving.”
According to the companies, a mixed critical approach allows the use of computer hardware and software that run applications of different Automotive Safety Integrity Levels (ASIL). A specially developed failover mechanism consisting of a primary (‘Doer’ node) and a fallback ECU (‘Fallback’ node) ensures the necessary fail-operationality for vehicles. In case the ‘Doer’ fails, the ‘Fallback’ promptly takes over in a matter of milliseconds. This mechanism ensures the fail operationality of the system, for example, sensor fusion, trajectory planning and object recognition tasks of SAE Level 3 and 4 functions.
The companies claim that their modular concept offers the highly flexible and fast development of automated driving systems (ADS) by enabling the combination of various off-the-shelf elements such as SoCs (System on a Chip), automotive microcontrollers and power supplies, with the deterministic backbone network as well as multiple cameras.