11 research outputs found
Towards Efficient Hazard Identification in the Concept Phase of Driverless Vehicle Development
The complex functional structure of driverless vehicles induces a multitude
of potential malfunctions. Established approaches for a systematic hazard
identification generate individual potentially hazardous scenarios for each
identified malfunction. This leads to inefficiencies in a purely expert-based
hazard analysis process, as each of the many scenarios has to be examined
individually. In this contribution, we propose an adaptation of the strategy
for hazard identification for the development of automated vehicles. Instead of
focusing on malfunctions, we base our process on deviations from desired
vehicle behavior in selected operational scenarios analyzed in the concept
phase. By evaluating externally observable deviations from a desired behavior,
we encapsulate individual malfunctions and reduce the amount of generated
potentially hazardous scenarios. After introducing our hazard identification
strategy, we illustrate its application on one of the operational scenarios
used in the research project UNICAR.Comment: Published in 2020 IEEE Intelligent Vehicles Symposium (IV), Las
Vegas, NV, USA, October 19-November 13, 202
Designing an Automated Vehicle: Strategies for Handling Tasks of a Previously Required Accompanying Person
When using a conventional passenger car, several groups of people are reliant
on the assistance of an accompanying person, for example when getting in and
out of the car. For the independent use of an automatically driving vehicle by
those groups, the absence of a previously required accompanying person needs to
be compensated. During the design process of an autonomous family vehicle, we
found that a low-barrier vehicle design can only partly contribute to the
compensation for the absence of a required human companion. In this paper, we
present four strategies we identified for handling the tasks of a previously
required accompanying individual. The presented top-down approach supports
developers in identifying unresolved problems, in finding, structuring, and
selecting solutions as well as in uncovering upcoming problems at an early
stage in the development of novel concepts for driverless vehicles. As an
example, we consider the hypothetical exit of persons in need of assistance.
The application of the four strategies in this example demonstrates the
far-reaching impact of consistently considering users in need of support in the
development of automated vehicles
On Assumptions with Respect to Occlusions in Urban Environments for Automated Vehicle Speed Decisions
Automated driving systems are subject to various kinds of uncertainty during
design, development, and operation. These kinds of uncertainty lead to an
inherent risk of the technology that can be mitigated, but never fully
eliminated. Situations involving obscured traffic participants have become
popular examples in the field to illustrate a subset of these uncertainties
that developers must deal with during system design and implementation. In this
paper, we describe necessary assumptions for a speed choice in a situation in
which an ego-vehicle passes parked vehicles that generate occluded areas where
a human intending to cross the road could be obscured. We develop a calculation
formula for a dynamic speed limit that mitigates the collision risk in this
situation, and investigate the resulting speed profiles in simulation based on
example assumptions. This paper has two main results: First, we show that even
without worst-case assumptions, dramatically reduced speeds would be driven to
avoid collisions. Second, we highlight that design decisions regarding
occlusion treatment are directly related to the risk that automated vehicles
pose to pedestrians in urban environments. In this respect, we conclude that
there needs to be a broader discussion about acceptable assumptions.Comment: Accepted to be published in 2023 IEEE 26th International Conference
on Intelligent Transportation Systems (ITSC), Bilbao, Spain, September 24-28,
202
Functional Safety Concept Generation within the Process of Preliminary Design of Automated Driving Functions at the Example of an Unmanned Protective Vehicle
Structuring the early design phase of automotive systems is an important part of efficient and successful
development processes. Today, safety considerations (e.g., the safety life cycle of ISO 26262)
significantly affect the course of development. Preliminary designs are expressed in functional system
architectures, which are required to form safety concepts. Thus, mapping tasks and work products to a
reference process during early design stages is an important part of structuring the system development.
This contribution describes the systematic creation and notation of the functional safety concept within
the concept phase of development of an unmanned protective vehicle within the research project aFAS.
Different stages of preliminary design and dependencies between them are displayed by the work
products created and used. The full set of functional safety requirements and an excerpt of the safety
argument structure of the SAE level 4 application are presented
Risk Management Core -- Towards an Explicit Representation of Risk in Automated Driving
While current automotive safety standards provide implicit guidance on how
unreasonable risk can be avoided, manufacturers are required to specify risk
acceptance criteria for automated driving systems (SAE Level 3+). However, the
'unreasonable' level of risk of automated driving systems (SAE Level 3+) is not
yet concisely defined. Solely applying current safety standards to such novel
systems could potentially not be sufficient for their acceptance. As risk is
managed with implicit knowledge about safety measures in existing automotive
standards, an explicit alignment with risk acceptance criteria is challenging.
Hence, we propose an approach for an explicit representation and management of
risk, which we call the Risk Management Core. The proposal of this process
framework is based on requirements elicited from current safety standards and
apply the Risk Management Core to the task of specifying safe behavior for an
automated driving system in an example scenario.Comment: 16 pages, 6 figure
Integration of a Vehicle Operating Mode Management into UNICARagil’s Automotive Service-oriented Software Architecture
Automated vehicles require a central decision unit in order to coordinate the responsibility for the driving task between multiple operating modes. Additionally, other nondriving related tasks such as operation of an automatic door system must be coordinated as well. In this paper, we will motivate the usefulness of such a central decision unit at the example of the operating mode management of the UNICARagil project. We will describe its integration with UNICARagil’s Automotive Service-oriented Software Architecture and how modularity of this service-oriented software architecture is ensured. An example from the project’s context will further illustrate the functioning principle of the operating mode management in combination with the service orchestration of the Automotive Service-oriented Software Architecture
Towards Safety Concepts for Automated Vehicles by the Example of the Project UNICARagil
Striving towards deployment of SAE level 4+ vehicles in public traffic, researchers and
developers face several challenges due to the targeted operation in an open environment.
Due to the absence of a human supervisor, ensuring and validating safety while
driving automatically is one of the key challenges. The arising complexity of the technical
system must be handled during the entire research and development process. In
this contribution, we outline the coherence of different safety-activities in the research
project UNICARagi/. We derive high-level safety requirements and present the central
safety mechanisms applied to automated diriving. Moreover, we outline the approaches
of the project UNICARagi/ to address the validation challenge for automated vehicles.
In order to demonstrate the overall approach towards a coherent safety argumentation,
the connection of high-level safety requirements, safety mechanisms, as weil as validation
approaches is illustrated by means of a selected example scenario
A Taxonomy to Unify Fault Tolerance Regimes for Automotive Systems: Defining Fail-Operational, Fail-Degraded, and Fail-Safe
This paper presents a taxonomy that allows defining the fault tolerance
regimes fail-operational, fail-degraded, and fail-safe in the context of
automotive systems. Fault tolerance regimes such as these are widely used in
recent publications related to automated driving, yet without definitions. This
largely holds true for automotive safety standards, too. We show that fault
tolerance regimes defined in scientific publications related to the automotive
domain are partially ambiguous as well as taxonomically unrelated. The
presented taxonomy is based on terminology stemming from ISO 26262 as well as
from systems engineering. It uses four criteria to distinguish fault tolerance
regimes. In addition to fail-operational, fail-degraded, and fail-safe, the
core terminology consists of operational and fail-unsafe. These terms are
supported by definitions of available performance, nominal performance,
functionality, and a concise definition of the safe state. For verification, we
show by means of two examples from the automotive domain that the taxonomy can
be applied to hierarchical systems of different complexity.Comment: 12 pages, 4 figures, 1 table, accepted to appear in IEEE Transactions
on Intelligent Vehicle
Development of an Autonomous Family Vehicle using a Scenario-Based Design Approach
One major challenge when designing autonomous vehicles is to enable independent and safe use by a wide range of users, including those who are reliant on an accompanying person when using a conventional car. In this paper, we present the use of a scenario-based design approach for the development of a novel autonomous vehicle, which is intended for the use within a multigenerational family. With the help of hypothetical scenarios that describe the use of a driverless vehicle by different user types, we concretize requirements that were previously formulated at a higher level of abstraction. Moreover, the presentation of proposed solutions in concrete scenarios helps to identify weaknesses of the intended concepts and challenges that arise from the independent use of autonomous vehicles by certain user groups. The resulting requirements, which significantly depend on assumptions regarding potential user restrictions, have a far-reaching influence on the entire vehicle design