Towards Efficient Hazard Identification in the Concept Phase of Driverless Vehicle Development

The complex functional structure of driverless vehicles induces a multitude of potential malfunctions. Established approaches for a systematic hazard identification generate individual potentially hazardous scenarios for each identified malfunction. This leads to inefficiencies in a purely expert-based hazard analysis process, as each of the many scenarios has to be examined individually. In this contribution, we propose an adaptation of the strategy for hazard identification for the development of automated vehicles. Instead of focusing on malfunctions, we base our process on deviations from desired vehicle behavior in selected operational scenarios analyzed in the concept phase. By evaluating externally observable deviations from a desired behavior, we encapsulate individual malfunctions and reduce the amount of generated potentially hazardous scenarios. After introducing our hazard identification strategy, we illustrate its application on one of the operational scenarios used in the research project UNICAR$agil$.Comment: Published in 2020 IEEE Intelligent Vehicles Symposium (IV), Las Vegas, NV, USA, October 19-November 13, 202

Functional Safety Concept Generation within the Process of Preliminary Design of Automated Driving Functions at the Example of an Unmanned Protective Vehicle

Structuring the early design phase of automotive systems is an important part of efficient and successful development processes. Today, safety considerations (e.g., the safety life cycle of ISO 26262) significantly affect the course of development. Preliminary designs are expressed in functional system architectures, which are required to form safety concepts. Thus, mapping tasks and work products to a reference process during early design stages is an important part of structuring the system development. This contribution describes the systematic creation and notation of the functional safety concept within the concept phase of development of an unmanned protective vehicle within the research project aFAS. Different stages of preliminary design and dependencies between them are displayed by the work products created and used. The full set of functional safety requirements and an excerpt of the safety argument structure of the SAE level 4 application are presented

Designing an Automated Vehicle: Strategies for Handling Tasks of a Previously Required Accompanying Person

When using a conventional passenger car, several groups of people are reliant on the assistance of an accompanying person, for example when getting in and out of the car. For the independent use of an automatically driving vehicle by those groups, the absence of a previously required accompanying person needs to be compensated. During the design process of an autonomous family vehicle, we found that a low-barrier vehicle design can only partly contribute to the compensation for the absence of a required human companion. In this paper, we present four strategies we identified for handling the tasks of a previously required accompanying individual. The presented top-down approach supports developers in identifying unresolved problems, in finding, structuring, and selecting solutions as well as in uncovering upcoming problems at an early stage in the development of novel concepts for driverless vehicles. As an example, we consider the hypothetical exit of persons in need of assistance. The application of the four strategies in this example demonstrates the far-reaching impact of consistently considering users in need of support in the development of automated vehicles

On Assumptions with Respect to Occlusions in Urban Environments for Automated Vehicle Speed Decisions

Automated driving systems are subject to various kinds of uncertainty during design, development, and operation. These kinds of uncertainty lead to an inherent risk of the technology that can be mitigated, but never fully eliminated. Situations involving obscured traffic participants have become popular examples in the field to illustrate a subset of these uncertainties that developers must deal with during system design and implementation. In this paper, we describe necessary assumptions for a speed choice in a situation in which an ego-vehicle passes parked vehicles that generate occluded areas where a human intending to cross the road could be obscured. We develop a calculation formula for a dynamic speed limit that mitigates the collision risk in this situation, and investigate the resulting speed profiles in simulation based on example assumptions. This paper has two main results: First, we show that even without worst-case assumptions, dramatically reduced speeds would be driven to avoid collisions. Second, we highlight that design decisions regarding occlusion treatment are directly related to the risk that automated vehicles pose to pedestrians in urban environments. In this respect, we conclude that there needs to be a broader discussion about acceptable assumptions.Comment: Accepted to be published in 2023 IEEE 26th International Conference on Intelligent Transportation Systems (ITSC), Bilbao, Spain, September 24-28, 202

Risk Management Core -- Towards an Explicit Representation of Risk in Automated Driving

While current automotive safety standards provide implicit guidance on how unreasonable risk can be avoided, manufacturers are required to specify risk acceptance criteria for automated driving systems (SAE Level 3+). However, the 'unreasonable' level of risk of automated driving systems (SAE Level 3+) is not yet concisely defined. Solely applying current safety standards to such novel systems could potentially not be sufficient for their acceptance. As risk is managed with implicit knowledge about safety measures in existing automotive standards, an explicit alignment with risk acceptance criteria is challenging. Hence, we propose an approach for an explicit representation and management of risk, which we call the Risk Management Core. The proposal of this process framework is based on requirements elicited from current safety standards and apply the Risk Management Core to the task of specifying safe behavior for an automated driving system in an example scenario.Comment: 16 pages, 6 figure

Integration of a Vehicle Operating Mode Management into UNICARagil’s Automotive Service-oriented Software Architecture

Automated vehicles require a central decision unit in order to coordinate the responsibility for the driving task between multiple operating modes. Additionally, other nondriving related tasks such as operation of an automatic door system must be coordinated as well. In this paper, we will motivate the usefulness of such a central decision unit at the example of the operating mode management of the UNICARagil project. We will describe its integration with UNICARagil’s Automotive Service-oriented Software Architecture and how modularity of this service-oriented software architecture is ensured. An example from the project’s context will further illustrate the functioning principle of the operating mode management in combination with the service orchestration of the Automotive Service-oriented Software Architecture

Towards Safety Concepts for Automated Vehicles by the Example of the Project UNICARagil

Striving towards deployment of SAE level 4+ vehicles in public traffic, researchers and developers face several challenges due to the targeted operation in an open environment. Due to the absence of a human supervisor, ensuring and validating safety while driving automatically is one of the key challenges. The arising complexity of the technical system must be handled during the entire research and development process. In this contribution, we outline the coherence of different safety-activities in the research project UNICARagi/. We derive high-level safety requirements and present the central safety mechanisms applied to automated diriving. Moreover, we outline the approaches of the project UNICARagi/ to address the validation challenge for automated vehicles. In order to demonstrate the overall approach towards a coherent safety argumentation, the connection of high-level safety requirements, safety mechanisms, as weil as validation approaches is illustrated by means of a selected example scenario

Einfluss des Kontakts zwischen Mauerstein und Mauermörtel auf das Drucktragverhalten von Mauerwerk

At first, as part of a literature review, the state of knowledge on the load bearing behaviour of masonry under compressive load was comprehensively presented. It has been shown that the stress-strain curves of the materials significantly differ, and, particularly concerning the multiaxial behaviour, only few studies are available so far. With regard to the properties of the mortar in the joint, the suction behaviour of the masonry units was identified as an important influencing parameter. While the effect on the compressive strength of the joint mortar has already been subject of various investigations, there is little information about the influence of water abstraction on the deformation properties of the mortar in the joint. However, these investigations indicate that the modulus of elasticity of the joint mortar is only a fraction of the value determined on the unaffected mortar. After explaining the stress conditions prevailing in masonry under compressive load, the procedure used for deriving compressive strength values based on compression test on masonry walls was described. Furthermore, empirical approaches and theoretical models for the determination of the masonry compressive strength were presented and discussed. Based on the knowledge gained from the literature research, investigations were carried out on masonry units, masonry mortar and masonry pillars. It was found that in case of the masonry pillars made of autoclaved aerated concrete units the joint compressive strength increased significantly compared to the compressive strength of the mortar prisms hardened in steel formworks, whereas in case of the masonry pillars made of calcium silicate units, it fell due to the different capillary suction. In addition, the influence of the joint thickness on the compressive strength could be shown. The investigation of the bonding properties showed that the adhesive shear strength between units and mortar was comparatively low and the experimental values were strongly scattered within the test series. In addition, the larger joint thickness led to a significant degradation of the bonding properties. Also, numerous deformation measurements were carried out on the masonry pillars. It was found that the behaviour of the mortar in the joint, not only in terms of compressive strength, but also modulus of elasticity, strongly deviates from the values determined on the mortar prisms hardened in steel formworks. Also, in the compressive tests the deformation behaviour of the masonry pillars differed significantly. For further analysis of the load bearing behaviour under compressive load, a numerical model was developed and calibrated on the basis of the experimental tests. Both the load-bearing capacity and the deformation behaviour of the pillars could be accurately described. As material parameters, the actual characteristics of the mortar with contact to the masonry unit were used. Comparatively, numerical calculations were carried out with the characteristics of the unaffected mortar. It could be shown that the consideration of modulus of elasticity and compressive strength of the joint mortar mainly led to a good consistency between experimental tests and numerical calculations. On the other hand, considering the characteristics of the unaffected mortar values led to significantly overestimated stiffness and strength values. Also the strongly varying fracture pattern could be described with the used model. Finally, stress conditions in the masonry cross section were presented by non-linear FE calculations. Based on the investigations, it could be shown that the suction behaviour of the units and the degree of the resulting influence on the examined properties of the joint mortar and the masonry clearly depend on the initial moisture content of the masonry units during placing. It can be stated that the strength properties of the joint mortar, and hence also of the masonry, improve with increasing moisture content of the masonry units. To which extent, however, the masonry is eventually influenced by the water absorption of the units varies strongly, depending on the chosen material combination. The test results prove that, within the determination of masonry compressive strength, it makes sense to consider the properties of the mortar in the joint depending on the absorption behaviour of the units, as the strength of the mortar prisms hardened in steel formworks used in the empirical model does not reflect the actual conditions in masonry. Deformations occuring under compressive load in unit and joint can be recorded and analysed by photogrammetric measurements with the analysis system ARAMIS in detail. By using this optical measuring system, it could be shown that at the edge of the joint, in principle, smaller lateral strain occurs than in the center of the joint. On the basis of the axial strain evaluation of the joint mortar, it was also possible to identify areas of different stiffness and strength respectively over the joint thickness. As a result of the water abstraction by the masonry unit, the joint mortar in the immediate contact zone with the unit has a significantly lower stiffness compared to the joint center and thus has a higher axial deformation in this area. In the area immediately below head joints very high deformations occur in vertical direction, which decrease with increasing distance from the head joint. In the middle of the joint thickness, however, these deformations are comparatively small and more evenly distributed. In the lower levels of the joints, the axial strain is again significantly larger than in the middle of the joint due to the direct contact to the units, but here the influence of the head joints can not be seen as clearly as in the upper levels. It is concluded that the mortar, which is more stiff in the center of the joint, acts as a buffer layer, so that the high axial deformations are not transferred over the entire joint thickness, but are limited largely to the areas located directly below the head joint. Also in the area of voids, elevated deformations occur in the upper contact zone of the joint. In addition, varying joint thicknesses lead to a very non-uniform strain distribution. Above all, in areas with clear deviations from the nominal value, increased strains are to be expected. Both head joints as well as incomplete or irregular mortar bedding, thus represent weak points in the masonry which lead to increased lateral and axial strains in the joint and, as the case may be, to cracking of the units at an early stage