European Commission logo
English English
CORDIS - EU research results

Advancing fail-aware, fail-safe, and fail-operational electronic components, systems, and architectures for fully automated driving to make future mobility safer, affordable, and end-user acceptable.

Periodic Reporting for period 3 - AutoDrive (Advancing fail-aware, fail-safe, and fail-operational electronic components, systems, and architectures for fully automated driving to make future mobility safer, affordable, and end-user acceptable.)

Reporting period: 2019-05-01 to 2020-10-31

Automated driving is a disruptive technology, opening the door to future multi-billion markets, and providing enormous business opportunities to value chains in the automotive and semiconductor industry. In order to keep the leading competitive strength, and to respond to the global challenge, the ECSEL-JU project AutoDrive has gathered Europe’s leading semiconductor companies, suppliers, OEMs, and research institutes to create a pan-European eco-system, which has the critical mass to initiate standards and to provide relevant components and subsystems for automated driving. Currently, even the most sophisticated vehicle automation technologies are not able to surpass human driving capabilities – especially considering context awareness in any situation. Moreover, there is no common agreement on quantifiable dependability measures to allow safe automated driving for SAE Levels 3-5 (ref. Figure_Scope). AutoDrive aims for the design of fail-aware (self-diagnostics), fail-safe and fail-operational (HW and SW redundancy) electronic components and systems architectures, that enable the introduction of automated driving in all car categories. The project results will significantly contribute to safer and more efficient mobility. It will raise end-user acceptance and comfort by supporting drivers in highly challenging situations (active safety) as well as in regular driving situations. The goal is to reduce the number of road fatalities, especially in rural scenarios and under adverse weather conditions. AutoDrive will contribute to Europe’s Vision Zero and to improved efficiency. This will sustain Leadership and even grow the market position of all AutoDrive partners.
The third period was characterized by the implementation of components (sensors, actuators etc.) and subsystems suiting AutoDrive needs, with special focus on fail-oparability. Components were realised, tested and integrated into the supply chain demonstrator systems. Validation of the initially defined use cases and KPIs was performed and lead to excellent results. Prototypes were handed over to product development for industrialisation. Due to strongly interconnected developments in the different use cases, the large consortium and the manifold of technical objectives and views, also during the third period an excessive amount of communication was needed. This includes the organization and moderation of vision, mission meetings as well as technical workshops, phone conferences etc. Communication was hindered by the restrictions that resulted from COVID-19 pandemic. The project internal data exchange server is in operation since the start of the project. The public project website is up and running and regularly updated. After the very successful final review, we conclude that the high amount of communication effort was really valuable.
The ambition of AutoDrive was to enable highly and fully automated driving to step out of alpha and beta status with a mature, fail-aware, fail-safe and fail-operational hardware basis qualified to automotive standards and even setting the ISO standards for to SAE Level 4-5. Thus, AutoDrive strived to make automated and fully automated driving as safe and affordable as flying in a plane with autopilot with the difference that cars will drive on highways, rural roads as well as in cities with much higher environmental complexity.

The main and first innovation of the AutoDrive project was the design of a hardware architecture, which allows safe highly and fully automated driving under any conditions, ref to Figure_Ambition. To enable highly and fully automated driving according to SAE Level 4-5 more complex semiconductor-based systems were needed with much higher:
1. Computing power and architecture (More than Moore). The challenges were to achieve up to 100 times higher computational power with 28 nm technologies (automotive qualified of course), to develop and refine a fail-aware, fail-safe and fail-operational hardware architecture based on domain controller concepts with reduced single point of failures and improved communication capabilities and to develop methods to make semiconductor-based systems aware of functional and parametric untreated weaknesses.
2. Communication speed, availability and security. The ambitions were:
- car internal communication needed new approaches enabling shared real-time computation and the exchange of huge data streams (necessary for 3D-awareness and vision systems)
- car external communication needed to be able to be able to perform time critical communication to ensure collision prevention becomes possible, thus heavily reducing fatalities and injuries severity
- smart sensors as well as sensor fusions concepts for environmental perception needed further developments to ensure with fail-aware, -safe and -operation capabilities at any condition including cloud computing checks in case of uncertainty
- sensors with higher integrated computing power as well as high speed bus connection are needed to enable more precise perception as well as to share the workload intelligently
- an optimal ratio between HW and SW redundancy had to be derived in order to have an adequate power to cost ratio with a maximum reliability
- powertrain components and architectures needed to be revised in order to enable a smart reconfiguration in case of a component failure

In addition, AutoDrive innovation concerned the data collection and algorithm generation of highly and fully automated driving. This included the technologies for live scenario monitoring and validation, decision making for global and local path planning, control of the lateral and longitudinal driving, data acquisition and perception of multiple sources, collection of lifetime relevant tests, analysis of reliability relevant failure mode part combinations as well as determination of coverage of failure modes in the fleet operation compared to customer usage, which are needed and will be researched. By addressing both the needs in Hardware and Software developments AutoDrive achieved a new level of system availability with fail operational capabilities. Another aspect covered is the time to market for new automated driving algorithms. This time needed to be reduced without compromising safety. By closely monitoring and virtualising critical situations as well as virtualizing the whole control platform virtual testing capabilities could be largely improved in order to reduce the time to market of new control algorithms. Since end-user acceptance becomes crucial for cars capable of SAE level 3-5 the driver will remain key in using such systems. AutoDrive derived the necessary general rules and standards for optimal system development regarding a high end-user acceptance by gathering currently existing and emerging knowledge from the project. AutoDrive used the possibility to test highly automated driving in the City of Malaga as well as fully automated driving on the Campus Renningen to showcase the claimed advances beyond the state of the art.
Present absence of fail aware and operational system could become a major issue
AutoDrive’s vision of advancing HW and SW redundancy on component, system and system-of-system level