Standards and Certifications Offer Guardrails for ADAS Development
Members can download this article in PDF format.
In the forward march of advanced driver-assistance systems (ADAS), progress has been immense. However, as the challenges come into focus, their magnitude has seemed to intensify.
When it comes to computing, the road to Level 5, SAE’s description of autonomous driving, is strewn with obstacles, and even lower SAE ADAS levels can be difficult to reach.
Think about speeds and feeds, for example. ADAS systems at every level demand a high level of data input and data transfer. Multiple sensors can easily generate 40 Gb/s and even fairly simple systems often funnel 4 Gb/s to microprocessors for their immediate use and decision-making.
In the case of the higher figure, it adds up to 18 TB of data each hour of operation. Some of that must be stored, even if only for short periods of time. That itself is a design challenge, especially when one considers the limited space available in a vehicle.
In ADAS, latency is undesirable and, in fact, dangerous. And speed is an absolute requirement, which means computing response must always be nearly instantaneous.
Reliability Above All Else
But the greatest challenge may well be achieving flawless reliability. An Aviation Week article from 2023, “Aircraft Reliability: Theory Versus Reality, Part 3,” laid out the similar challenges for avionics, noting, “...reliability is often hard to predict because we are doing things with airplanes we’ve never done before and because the software cannot be fully tested except in actual operational practice [and] because the real world is too complicated to fully predict in a research and development environment.”
The situation is similar for ADAS. The most exhausting simulation or testing environment still won’t catch every possible encounter faced by a vehicle in the real world.
The standards that help to broadly guide designers in this quest include ISO 26262, which describes the characteristics needed to achieve functionality and safety. It also provides further definitions such as Automotive Safety Integrity Level (ASIL) classifications starting with ASIL QM, the least stringent, up to ASIL D, which defines the highest requirements.
“SAE J3016 Recommended Practice: Taxonomy and Definitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles,” also referred to more concisely as SAE Levels of Driving Automation, is perhaps the most extensively referenced starting point for defining and implementing automated driving (see figure). This document has established the widely referenced six-level structure of driving automation ranging from Level 0, which is simply a vehicle completely dependent on human skills, to Level 5, which describes complete driving automation. The levels embrace both the operation of the vehicle itself and its operation on roadways.
According to the SAE website, the document includes more clarification on the distinction between Level 3 and 4, terms and definitions for remote assistance and remote driving, the use of "driver support systems" in Levels 1 and 2, classifying sustained driver automation, and, crucially, "defining and clarifying the concept of failure mitigation strategy.
Other Challenges: From HPC to Heat to Ingress Protection
The challenge of delivering high-performance computing (HPC) within the space, power, and environmental constraints of the automotive environment will be occupying engineers for the foreseeable future. It’s because the readily available ruggedized systems don’t generally offer the kind of performance that’s demanded. But ruggedized systems do provide good mean time between failure (MTBF) numbers.
Certifications, such as E-Mark, ECE ONU R10, ISO 16750, and IEC 60068-2-6/60068-2-27, can be useful in considering system or component reliability.
Another complication is heat. Generally, the higher the performance of the computing system, the greater its heat output. Given that simple fans and vents can potentially admit moisture, dust, etc., liquid cooling should be a top consideration. While adding weight and complexity, it can also help move heat to a location where its dissipation is easier to achieve.
Ingress protection, for which the International Electrotechnical Commission (IEC) has developed ingress-protection (IP) ratings, can be useful in evaluating or considering enclosure options. For example, IEC 60529 rates resistance of enclosures of electric and electronic devices against the intrusion of dust and liquids as well as for potential hazards to personnel. The standard also defines the tests to ensure an enclosure meets these requirements.
The impact of the power source on ADAS must be carefully considered, too. Will there be an AC charging cycle or high-current-demand cranking duty—either of which could produce voltage and current irregularities?
Unlike some ruggedized applications, such as in plant automation, the automotive system needs to be a jack of all trades, able to interface with serial port, CAN, CAN FD, FlexRay, LIN, and Ethernet. It must also provide USB 2.0 and 3.0 ports for cameras and both Mini PCIe and PCIe slots for different kinds of hardware.
Finally, there’s the regulatory environment to consider. While there are generally accepted best practices regarding various levels of ADAS, regional and national peculiarities still must be recognized and accommodated.
And the competition in ADAS is fierce. Though some gearheads may bemoan the demise of the heart-pounding untamed cars of the past, consumers are voting for the convenience and security promised by continued advances in ADAS technology.