This week we discuss the sensor fusion and its EOTTI calculation, improvement between the 77GHz mmRadar and Camera.

77GHz mmRadar architecture please refer to article: https://www.linkedin.com/pulse/pmhf-improvement-77ghz-mmradar-samuel-weng/

And 77GHz mmRadar, Camera located in vehicle please refer to article:https://www.linkedin.com/pulse/item-definition-lka-lca-samuel-weng/

[First]: Camera description

Derived from Infenion, thecamera function architecture listed as following:

FIG1: Camera architecture

Source Website: www.infineon.com/multi-purpose-camera-configuration

Also Camera will share same communication with 77GHz mmRadar both in CAN or FlexRay communication, and after sensors itself draft self-check, the information will be transmitted intosensor for fusion.

FIG2: mmRadar and Camerainformation Communication

As from the FIG2, those Camera and 77GHz mmRadar information will be communicated into FlexRay and CAN.

[Second] Sensor Fusion process

From REF01, there are one sensorfusion process listed as following:

FIG3: fusion basic schematic

After we using Karlman filter methodology introduced from the REF01,

• the cycle time tC of a processis the time interval that this process requires for completion of its service while the start of two consecutive processes is tC apart

• the execution time tT of aprocess is the time interval in which this process completes its service wherethe start of two consecutive processes can be more than tT apart

• the phase tP of a process isdefined as the time interval between the start of this process relative to thestart of the first cycle of sensor 1

FIG04: fusion system schedule(sensor1 is camera, sensor2 is mmRadar)

i: Buffering way, considering all of the SW treatment, HW accuracy factors

ii: Advanced Algorithm, using algorithms to simulate

FIG05: Detection Errorsimulation result

Still, there are a very big gapbetween buffering way and Advanced algorithm, which is caused by time gapbetween real time and status time. And still, we have 2 ways to describe the maximum of interval tRT-tST as maximum of the series t_(RT-ST,lm)^BUFF

i: Buffering way

FIG06: t_(RT-ST,lm)^BUFF profile

And also calculation methodologylisted as following:

FIG08: Buffering way tocalculate RT-ST, lm

ii: Advanced Algorithm way

FIG9: t_(RT-ST,o)^ADVA profile

and final result listed in FIG10

And in the further chapters, we adoptthe ADVA result as input.

From the ADVA result upward:

(1) when in Camera samplingperiod t(camera, C)=130ms, t(camera, T)=10ms

t(mmRadar,C)=40ms, t(mmRadar, C)=10ms, the max(tRT-tST)=10ms

(2) More information listed asfollowing FIG11

FIG11 Camera and mmRadar timesequence profile in sensor fusion ADVA

[Third] fusion processfunctional safety analysis

According to upward, we can have following architecture:

FIG12: sensor fusion MCU architecture

Based on architecture from website: www.infineon.com/sensor-fusion

Here, the functional architecturelisted draftly as following:

FIG13: functional architecture

Here, we have each timeconstraints of Camera and mmRadar, also for sensor fusion process.

Here simplified the sensorfusion as Intended Functionality 01(IF01), First safety path from MCU as SM01, second safety path from Safety Watchdog as SM02, MCU state monitored by Automotive PMIC as SM03, then we have following fusion architecture design:

FIG14: Fusion systemarchitecture design

And the detail multi pointfailure in the architecture have following patterns:

FIG15: Multi point failurepatterns

And SM1: IF01 Monitored outputs,derived from ISO 26262-2018, D2.4.4, DC=99%

SM2: Watchdog with separate timebase without time-window, derived from ISO 26262-2018, D2.7.1, DC=60%

SM03: Watchdog with separatetime base without time-window, derived from ISO 26262-2018, D2.7.1, DC=60%

And here we can see that SM1monitor the data flow for fusion MCU, and SM2 monitor the logical flow forfusion MCU, they are covering different failure modes.

Under this circumstances, we cancombined SM1&SM2 into one integrated SM1.5:

And here SM03 cannot cover SM1.5 in the same way as it is covered in the SM1. Actually we have to detailidentify which failure mode can be covered of SM1.5 by SM03, but due to time limit and more easy to calculate, we make the SM03 value into this form:

So that the fusion system architecture can be simplified into:

FIG16: Fusion system architecture design

Under this condition, the dualpoint failure patterns listed as following, derived from ISO 26262-2018standard:

FIG17: Dual point failurepatterns

And then, the formula for calculationlisted as following:

So we can derive out EOTTI from ISO 26262:

FIG18: eotti one calculation methodology

FIG19: eotti second calculationmethodology due to second time

Still, we have two cases:

(1) Case1: Repair within emergency operation tolerance time interval, keep ASIL D, but shall need to berepaired

(2) Case2: Limited operation without time rest, when in limited condition, SM1 failure, SM1.5 degraded intoSM2. PMHF had to be in ASIL A

Detail FMEDA can be derived outfor FIG 20

FIG20: detail FMEDA

After preliminary evaluation, wecan get following two conclusion:

From the bottom, we have toderive out decent EOTTI for our Sensor fusion system, due to PMHF dependent on EOTTI

calculation results asfollowing:

FIG21: EOTTI matrix

Obviously, the system cannotassured the ASIL D in present IF01 protection Mechanism in case1, it requiredto be repaired ASAP.

and in case2, around 345h or so,the sensor fusion has to be repaired. before that state, ASIL D can be assured.

[Fourth] EOTTI improvement

We try to improvement thesystem, to make SM2 and SM3 improved as following way:

FIG22: SM2 & SM3 improvement

After that, we got the EOTTI conclusion as following:

FIG22: EOTTI matrix improvement

Obviously, the system can assurethe ASIL D in present IF01 protection Mechanism in case1, and EOTTI=299h.

and in case2, around 3450h or so, the sensor fusion has to be repaired. before that state, ASIL D cannot be assured, only ASIL C level can be assured.

Thanks for you all reading, andattached is the reference lists:

[REF01]

'Analysis of Sensor and FusionSchedules of a Time-Triggered Sensor Fusion System'

Author: Moritz Mauthner,Volkswagen AG, etc

[REF2]

Infenion documents listed inofficial website

[REF3]

ISO 26262-2018