ISO 21448 and ISO TR 4804 latest status
[Author]
RAMSS developer...
First: ISO 21448 status
2019, PAS version coming out
2020.04, CD version coming out
2021. Jan, DIS version coming out.
P.S Competitive standard UL coming out, however, it is not competitive, there are following difference between UL and 21448:
UL4600:
2019.04 Participated in as stakeholder,
2020.04 first official version coming out
2020.06 start up 2nd edition of UL 4600 preparation
| ID | UL ED1 | SOTIF |
| 1 | not including external human drivers or not direct matched passengers | including all of the vehicle and itself related human beings involved |
| 2 | focus 90% on automated driving system itself, first edition based on ISO26262, ISO PAS 21448, main target on design guidelines and base lines... | Focus on new methodology, compliant with ISO26262 |
| 3 | Introduction Safety Performance Indicator factors | introduction: - insufficient functionality - performance limitation - resonable foreseeable misuse |
Second: SOTIF application introduction
SOTIF still is one methodology but for the detail applications, here I posted out some applications:
1. microchip aging effect not leading to failure, only the performance limitation like NPU for neural network calculation will downsize, so that the algorithm or machine learning speed lower down, leading perception longer time or camera cannot have good sight or evaluation on object velocity or classification.
And in system level, it is directly the sensor performance limitation
2. microchip aging effect not leading to failure, only the specification insufficiency like aging will lead to NPU untimely loose function or causing unavailability sometimes, however for this it is randon. Then at this moment neural networks sometimes cannot good perception or camera side cannot perform good object classification.
3.All above cannot by FTA or FMEA, due to some weakness cannot addressed by chain events, but safety argument still need, and GSN come out in ISO PAS 21448 support this topic.
4. Software side still the same for weakness not in failure but functionality insufficiency:
if there are other threads not change your target threads contexts but to have more routes or idle more cycles than expected, then performance limitation coming out
Third: BMW HW architecture
If we want to discuss 4804, first we have to go back to BMW HW architecture:
The scalability and reusability of software and hardware are very important concerns for BMW.
The basic module of BMW is
- L1 level using EyeQ4 plus Infineon's Aurix MCU.
- L2 uses Intel’s denverton dual-core CPU plus EyeQ5 plus two Infineon’s Aurix MCUs.
- Generally speaking, the L3 system does not have a Fallback, but BMW still adds a set of Fallback (completely independent, including the power supply and the wire control executive system), BMW's L3 Fallback system is the L2 system. The same is true for L4 systems.
- The main system of L3 is a CV version of EyeQ5 and an open version of high-end EyeQ5, plus two Intel denverton 8-core CPUs. Of course, Infineon's Aurix MCU is still there. For the sensor, a forward-facing lidar is added, which should be the second generation of Valeo Scala. L4 replaces L3's two 8-core processors with a 24-core Xeon processor, and adds an open version of the high-end EyeQ5. The sensor side and rear lidar are added.
- The L2 system is called mPAD, L3 is hPAD, and L4 is uPAD. At the end of 2018, BMW once publicly displayed these controller boxes. Both L3 and L4 systems are water cooled, following is APTIV developing for BMW L2 mPAD.
mPAD internal structures:
- Safety architecture in BMW side:
- functional safety architecture (coming from 佐思汽车研究)
For trajectory planning, BMW mainly relies on lidar to estimate the curvature of the road, and maps made by lidar can also provide curvature. This is the case with Cadillac’s super cruise. Lidar high-precision maps also help positioning. Simon Fürst's vision of Mobileye's respected positioning REM didn't mention a word.
For sensor fusion, BMW believes that sensor fusion is currently only a scientific research stage and is far from a practical stage. This is consistent with Tesla’s view that Tesla is a pure vision system without sensor fusion. The industry still needs to build a fundamental understanding on how different algorithms should apply to different sensor modalities. Sensor fusion currently has minimal performance improvement, and sometimes there may be more false negatives, but security is reduced, but the cost and complexity are greatly increased.
Forth: ISO TR4804
and it is BMW and Germany companies strongly discuss and push ahead ISO TR4804, then it coming into being...
ISO TR4804 mainly coming from 2019 SAFETY FIRST WHITE PAPER, it gives out overall best practise of:
- high automation level safety architecture
- high automation level safety logic
- overall safety, iso 21448, iso 21434 guidelines
Weakness:
- only best practise, not methodology
- only for reference, setting as somehow state of art especially for Germany companies
New status:
ISO TR 4804 will begin as ISO TS AWI 5803
Thanks for your reading, hope it make sense.
[Reference]
https://www.sohu.com/a/393576621_391994
- 用户评论