Grasping Causality for the Explanation of Criticality for Automated Driving

The verification and validation of automated driving systems at SAE levels 4 and 5 is a multi-faceted challenge for which classical statistical considerations become infeasible. For this, contemporary approaches suggest a decomposition into scenario classes combined with statistical analysis thereof regarding the emergence of criticality. Unfortunately, these associational approaches may yield spurious inferences, or worse, fail to recognize the causalities leading to critical scenarios, which are, in turn, prerequisite for the development and safeguarding of automated driving systems. As to incorporate causal knowledge within these processes, this work introduces a formalization of causal queries whose answers facilitate a causal understanding of safety-relevant influencing factors for automated driving. This formalized causal knowledge can be used to specify and implement abstract safety principles that provably reduce the criticality associated with these influencing factors. Based on Judea Pearl's causal theory, we define a causal relation as a causal structure together with a context, both related to a domain ontology, where the focus lies on modeling the effect of such influencing factors on criticality as measured by a suitable metric. As to assess modeling quality, we suggest various quantities and evaluate them on a small example. As availability and quality of data are imperative for validly estimating answers to the causal queries, we also discuss requirements on real-world and synthetic data acquisition. We thereby contribute to establishing causal considerations at the heart of the safety processes that are urgently needed as to ensure the safe operation of automated driving systems

Criticality Metrics for Automated Driving: A Review and Suitability Analysis of the State of the Art

The large-scale deployment of automated vehicles on public roads has the potential to vastly change the transportation modalities of today's society. Although this pursuit has been initiated decades ago, there still exist open challenges in reliably ensuring that such vehicles operate safely in open contexts. While functional safety is a well-established concept, the question of measuring the behavioral safety of a vehicle remains subject to research. One way to both objectively and computationally analyze traffic conflicts is the development and utilization of so-called criticality metrics. Contemporary approaches have leveraged the potential of criticality metrics in various applications related to automated driving, e.g. for computationally assessing the dynamic risk or filtering large data sets to build scenario catalogs. As a prerequisite to systematically choose adequate criticality metrics for such applications, we extensively review the state of the art of criticality metrics, their properties, and their applications in the context of automated driving. Based on this review, we propose a suitability analysis as a methodical tool to be used by practitioners. Both the proposed method and the state of the art review can then be harnessed to select well-suited measurement tools that cover an application's requirements, as demonstrated by an exemplary execution of the analysis. Ultimately, efficient, valid, and reliable measurements of an automated vehicle's safety performance are a key requirement for demonstrating its trustworthiness

Simulation of Abstract Scenarios: Towards Automated Tooling in Criticality Analysis

While the introduction of automated vehicles to public roads promises various ecological, economical and societal benefits, reliable verification & validation processes that guarantee safe operation of automated vehicles are subject to ongoing research. As automated vehicles are safety-critical complex systems, operating in an open context, the uncountable infinite set of potentially critical situations renders traditional, distance-based approaches to verification & validation infeasible. Leveraging the power of abstraction, current scenario-based approaches aim at reducing this complexity by elic-itation of representative scenario classes while simultaneously shifting significant analysis and testing efforts to virtual environments. In this work we bridge the gap between high-level, abstract scenario specifications and state-of-the-art detailed vehicle and traffic simulators. While the first allow for coverage argumentation with the definition of finite and well manageable sets of scenario classes the latter is necessary for a in-depth assessment of the vehicle implementation and its interaction with the physical environment. We present a method and prototypical implementation based on constraint solving techniques to generate (sets of) concrete simulation tasks defined in the well established OpenDRIVE/OpenSCENARIO formats from abstract scenarios specified as Traffic Sequence Charts. The feasibility is demonstrated using a highway parallel overtaking scenario as a running example

Determining the Validity of Simulation Models for the Verification of Automated Driving Systems

As the verification of automated driving systems poses an immense challenge, recent approaches aim for a virtualization of such efforts using computer simulations. This goal, however, motivates a strong need for trustworthy simulation environments and models. As to assess the modeling quality, this work proposes a process to measure the difference between the behaviors of several models. To achieve this, we consider sets of discretized simulation runs to be modeled by time-homogenous Markov chains and under this assumption derive a computable distance measure between sets of simulation traces. If it can be assured that all relevant variables may be observed and no crucial hidden factors are left out, the method can be extended to compare real-world traces with their simulated counterparts

On Quantification for SOTIF Validation of Automated Driving Systems

Automated driving systems are safety-critical cyber-physical systems whose safety of the intended functionality (SOTIF) can not be assumed without proper argumentation based on appropriate evidences. Recent advances in standards and regulations on the safety of driving automation are therefore intensely concerned with demonstrating that the intended functionality of these systems does not introduce unreasonable risks to stakeholders. In this work, we critically analyze the ISO 21448 standard which contains requirements and guidance on how the SOTIF can be provably validated. Emphasis lies on developing a consistent terminology as a basis for the subsequent definition of a validation strategy when using quantitative acceptance criteria. In the broad picture, we aim to achieve a well-defined risk decomposition that enables rigorous, quantitative validation approaches for the SOTIF of automated driving systems