This CRC Press News will describe advanced development in 77 GHz radar technology, enabling smaller and better collision avoidance systems. Then new development in functional safety chipset solution, MCU and analog, will be explained. The combination of these technologies forms a comprehensive safe solution for advanced driver assistance or autonomous driving. The development of these technologies is driven by the automotive market and can be redeployed to many other types of mobile machines.
Radar systems will become more and more prevalent in cars in the near future. They offer a number of comfort and safety applications.
Short range radar from a few centimeters up to 30 meters can be used for
blind spot detection,
backing aid or parking slot measurement to guide the car to self-park.
Long range radar up to 250 meters can be used to enable an adaptive cruise control aligned with the speed of the preceding car.
More critical functions can be enabled such as
pre-crash sensing that could trigger seat-belt tensiometer, or
other active and passive safety features.
With these later functions, it is obvious that the electronic control system needs to reach highest functional safety level as the system will eventually steer or brake the car without the driver intervention.
More and more applications and a steadily increasing market penetration are showing the success of radar based driver assistance systems. While in recent years most of those systems were focusing on the advance of the drivers' comfort, today many safety applications are offered. As those systems can directly influence the vehicle dynamics, functional safety in terms of normative requirements, such as the ISO 26262 is gaining more interest. A built-in self-test is able to monitor multiple receiver paths by measuring the amplitude and phase imbalance among all channels.
The advance in this radar technology development can be leveraged in other applications such as mobile industrial machine, cranes, factory safety equipment where an area needs to be closely protected. Coupling radar with machine vision can also create a powerful combination with both technologies supplementing each other in order to create more accurate and reliable systems. Radar works through rain, fog and dirt when vision does not. Radar also extends further in distance and event in non direct line of sight. A system combining vision and radar with some smart sensor fusion algorithm could leverage the benefits of both sensing technologies.
The performance of a radar system may be affected by failures of the system components and by environmental influences that can lead to a critical state. However in contrast to handling of E/E architecture failures there are no explicit requirements for avoidance or mitigation of environmental influences on the sensor detection performance given by ISO 26262.
In a collision warning system, a 77 GHz transmitter emits signals that is reflected from objects ahead and are captured by multiple receivers integrated throughout the vehicle. The transmitter emits a frequency modulated continuous wave signal, meaning that the frequency varies up and down over a fixed period of time by typically a triangle wave signal. Since radio waves propagate at constant speed of light, distance can be calculated by measuring the frequency difference between the transmitted and received waves knowing the frequency slope over time. Speed measurement uses the Doppler effect which uses the difference between the observed reflected signal frequency and the emitted frequency.
Radar systems are not new. What is new is that car makers want to include them in medium line kind of cars in a few years, so the system has to be really low cost and high quality. This is a big shift from specialized and costly radar systems to standard car equipment type. The challenge is then to reduce cost while actually improving quality and defect part per million.
Radar sensors use a limited frequency bandwidth and a limited measurement time to sense an environment which exhibits a very broad range of complexity, dynamics and parasitic effects:
The temperature can differ drastically between the cold start and after a multi-hour ride in summer
The environment fluctuates within short time
The environmental complexity differs drastically between city and highway traffic
The typical behavior of car drivers differs noticeably from country to country
Radar waves are attenuated to the fourth power from the distance to an object
The reflection coefficient of a target object differs by a factor of more than 100 between a person / motorbike and a lorry or in a multi-storey car park
Radar wave propagation is disturbed by dirt, heavy rain or snow
Parasitic Doppler frequency shifts due to rotating fans, vibrating parts, …
The road infrastructure like guard rails or tunnel walls reflect radar waves causing multipath propagation
Signals of different noise sources are superimposed to the actual measurement signal
The separation and object discrimination capability of a radar device is limited and thus may lead to the misinterpretation or wrong clustering of distributed targets
These effects are added to sensor-internal non-ideal effects like limited Variable Frequency Oscillator (VCO) phase noise or limited isolation between the transmitting and receiving path.
A micro-controller is used to control the RF radar transmitter and to process the data coming from the receiver. Given the critical safety nature of the application, a functional safety MCU is used. The challenge for safety engineers is to architect their system in a way that prevents dangerous failures or at least sufficiently controls them when they occur.
Dangerous failures may arise from:
Random hardware failures
Systematic hardware failures
Systematic software failures
The functional safety standard IEC 61508 and its automotive adaptation ISO 26262 are applied to ensure that electronic systems in general industry and automotive applications are acceptably safe.
The IEC 61508 document defines four general Safety Integrity Levels (SILs) with SIL 4 denoting the most stringent safety level.
The ISO document defines four Automotive Safety Integrity Levels (ASILs) with ASIL D denoting the most stringent safety level.
Each level corresponds to a range of target likelihood of failures of a safety function.
There is no direct correlation between the SIL and ASIL levels. The ISO 26262 takes the safety process and requirements to a deeper level. From the beginning of the design process, evidence must be collected to show that the product has been developed according to regulation standards. Any potential deviations that have been identified must be documented to ensure that adequate mitigation is in place. They are different ways to implement safe MCUs.
The traditional technique is to use two separate MCUs to duplicate the software on physically different controllers. The same software can be run identically on each MCU and then the results are compared. If they are the same all is good, if not then the system knows there is an error and either solves it and/or puts the system into a safe state.
Another option is that one MCU only runs safe software and monitor the other MCU which is running the application software.
The most important challenge in radar signal processing, when evaluating the signal spectra in the frequency domain, is the selection of the best threshold level in the presence of thermal noise fluctuations and clutter effects. Moving the threshold level too high above the thermal noise floor reduces the target detection probability, especially for weak target reflections that are only a few dB above the noise level. On the other hand, when setting the threshold level too close to the noise floor, random noise peaks may trigger false alarms by surpassing the threshold level. With the Neyman-Pearson criterion, a decision rule is constructed that has a maximum probability of detection while not allowing the probability of false alarm to exceed a certain value. In [FPR], a relation between probability of detection, Signal-to-Noise Ratio (SNR) and false alarm rate for a sinusoidal signal can be derived with the following assumptions:
There are only thermal, Gaussian noise fluctuations in the radar signal.
There are no other radar interferers or environmental clutter present.
Radar signal processing using the polar coordinates with Rayleigh distributed noise yields valid results.
The target detection probability is a function of the reflected signal strength and the threshold level.
The false alarm rate is a function of noise statistics and the threshold level.
A 1 MHz victim receiver bandwidth (i.e. 106 noise pulses per second may cause a false alarm rate) is assumed.
Ideal transmitter and receiver components (no non-linearity, VCO phase noise, receiver noise figure,…) are assumed.
An ideal target (not distributed, i.e. all reflected energy in a single sinusoidal waveform) is assumed.
Monte Carlo Simulations reveal that for a lower false alarm rate the SNR has to be higher and that this holds also true for the probability of detection. Broadband interference in the radar signal spectrum decreases the SNR.
To support a total system solution for functional safety applications, a class of companion power System Basis Chips (SBCs) combining both safety monitor role for the MCU and power supply generation are needed.
These SBC devices provide power to MCUs and other system loads and optimize energy consumption through lowpower saving modes. They also typically integrate physical layers interfaces and a serial peripheral interface to allow control and diagnostic with the MCU. The combination of the MCU and analog system basis chip, designed as a Safety Element out of Context (SEooC), facilitates the assessment of the safety of a system. This architecture enables the number of components at the system level to be reduced, addresses the functional safety requirements and increases reliability. Four safety measures are implemented to secure the interaction between the MCU and SBC:
fail-safe inputs to monitor critical signals
fail-safe outputs to drive fail-safe state and
watchdog for advanced clock monitoring
Functional safety compliance is achieved at system-level which is the responsibility of the system designer. The MCU and SBC chip set are designed independently of its final application which can be a barking car system, Advanced Driver Assistance System or a moving crane. The chip set is thus developed by treating it as a Safety Element out of Context (SeooC). An SEooC is a safety-related element which is not developed in the context of a particular vehicle function or end application, following the Industrial Design Engineering guideline for developing SeooC components from the ISO26262 specification.