This week we discuss the sensorfusion and its EOTTI calculation, improvement between the 77GHz mmRadar andCamera.
77GHz mmRadar architectureplease refer to article: https://www.linkedin.com/pulse/pmhf-improvement-77ghz-mmradar-samuel-weng/
And 77GHz mmRadar, Cameralocated in vehicle please refer to article:https://www.linkedin.com/pulse/item-definition-lka-lca-samuel-weng/
[First]: Camera description
Derived from Infenion, thecamera function architecture listed as following:
FIG1: Camera architecture
Source Website:www.infineon.com/multi-purpose-camera-configuration
Also Camera will share samecommunication with 77GHz mmRadar both in CAN or FlexRay communication, andafter sensors itself draft self-check, the information will be transmitted intosensor for fusion.
FIG2: mmRadar and Camerainformation Communication
As from the FIG2, those Cameraand 77GHz mmRadar information will be communicated into FlexRay and CAN.
[Second] Sensor Fusion process
From REF01, there are one sensorfusion process listed as following:
FIG3: fusion basic schematic
After we using Karlman filtermethodology introduced from the REF01,
• the cycle time tC of a processis the time interval that this process requires for completion of its servicewhile the start of two consecutive processes is tC apart
• the execution time tT of aprocess is the time interval in which this process completes its service wherethe start of two consecutive processes can be more than tT apart
• the phase tP of a process isdefined as the time interval between the start of this process relative to thestart of the first cycle of sensor 1
FIG04: fusion system schedule(sensor1is camera, sensor2 is mmRadar)
After improvementOOSM<Out-Of-Sequence Measurement> treatment and Kalman filterconvergence, we have two ways to simulate and derive out Trt and Tst<rt isreal time, st is state time>:
i: Buffering way, consideringall of the SW treatment, HW accuracy factors
ii: Advanced Algorithm, usingalgorithms to simulate
FIG05: Detection Errorsimulation result
Still, there are a very big gapbetween buffering way and Advanced algorithm, which is caused by time gapbetween real time and status time. And still, we have 2 ways to describe themaximum of interval tRT-tST as maximum of the series t_(RT-ST,lm)^BUFF
i: Buffering way
FIG06: t_(RT-ST,lm)^BUFF profile
And also calculation methodologylisted as following:
FIG08: Buffering way tocalculate RT-ST, lm
ii: Advanced Algorithm way
FIG9: t_(RT-ST,o)^ADVA profile
and final result listed in FIG10
And in the further chapters, we adoptthe ADVA result as input.
From the ADVA result upward:
(1) when in Camera samplingperiod t(camera, C)=130ms, t(camera, T)=10ms
t(mmRadar,C)=40ms, t(mmRadar, C)=10ms, the max(tRT-tST)=10ms
(2) More information listed asfollowing FIG11
FIG11 Camera and mmRadar timesequence profile in sensor fusion ADVA
[Third] fusion processfunctional safety analysis
According to upward, we can havefollowing architecture:
FIG12: sensor fusion MCUarchitecture
Based on architecture fromwebsite: www.infineon.com/sensor-fusion
Here, the functional architecturelisted draftly as following:
FIG13: functional architecture
Here, we have each timeconstraints of Camera and mmRadar, also for sensor fusion process.
Here simplified the sensorfusion as Intended Functionality 01(IF01), First safety path from MCU as SM01,second safety path from Safety Watchdog as SM02, MCU state monitored byAutomotive PMIC as SM03, then we have following fusion architecture design:
FIG14: Fusion systemarchitecture design
And the detail multi pointfailure in the architecture have following patterns:
FIG15: Multi point failurepatterns
And SM1: IF01 Monitored outputs,derived from ISO 26262-2018, D2.4.4, DC=99%
SM2: Watchdog with separate timebase without time-window, derived from ISO 26262-2018, D2.7.1, DC=60%
SM03: Watchdog with separatetime base without time-window, derived from ISO 26262-2018, D2.7.1, DC=60%
And here we can see that SM1monitor the data flow for fusion MCU, and SM2 monitor the logical flow forfusion MCU, they are covering different failure modes.
Under this circumstances, we cancombined SM1&SM2 into one integrated SM1.5:
And here SM03 cannot cover SM1.5in the same way as it is covered in the SM1. Actually we have to detailidentify which failure mode can be covered of SM1.5 by SM03, but due to timelimit and more easy to calculate, we make the SM03 value into this form:
So that the fusion system architecturecan be simplified into:
FIG16: Fusion systemarchitecture design
Under this condition, the dualpoint failure patterns listed as following, derived from ISO 26262-2018standard:
FIG17: Dual point failurepatterns
And then, the formula for calculationlisted as following:
So we can derive out EOTTI fromISO 26262:
FIG18: eotti one calculationmethodology
FIG19: eotti second calculationmethodology due to second time
Still, we have two cases:
(1) Case1: Repair withinemergency operation tolerance time interval, keep ASIL D, but shall need to berepaired
(2) Case2: Limited operationwithout time rest, when in limited condition, SM1 failure, SM1.5 degraded intoSM2. PMHF had to be in ASIL A
Detail FMEDA can be derived outfor FIG 20
FIG20: detail FMEDA
After preliminary evaluation, wecan get following two conclusion:
From the bottom, we have toderive out decent EOTTI for our Sensor fusion system, due to PMHF dependent onEOTTI
calculation results asfollowing:
FIG21: EOTTI matrix
Obviously, the system cannotassured the ASIL D in present IF01 protection Mechanism in case1, it requiredto be repaired ASAP.
and in case2, around 345h or so,the sensor fusion has to be repaired. before that state, ASIL D can be assured.
[Fourth] EOTTI improvement
We try to improvement thesystem, to make SM2 and SM3 improved as following way:
FIG22: SM2 & SM3 improvement
After that, we got the EOTTIconclusion as following:
FIG22: EOTTI matrix improvement
Obviously, the system can assurethe ASIL D in present IF01 protection Mechanism in case1, and EOTTI=299h.
and in case2, around 3450h orso, the sensor fusion has to be repaired. before that state, ASIL D cannot beassured, only ASIL C level can be assured.
Thanks for you all reading, andattached is the reference lists:
[REF01]
'Analysis of Sensor and FusionSchedules of a Time-Triggered Sensor Fusion System'
Author: Moritz Mauthner,Volkswagen AG, etc
[REF2]
Infenion documents listed inofficial website
[REF3]
ISO 26262-2018