ISO 26262-1:2018 defines the fault tolerant time interval (FTTI) as the minimum time span from the occurrence of a fault within an electrical / electronic system to a possible occurrence of a hazardous event. FTTI provides a time limit within which compliant vehicle safety mechanisms must detect and react to faults capable of posing risk of harm to persons. This makes FTTI a vital safety characteristic for system design. Common automotive industry practice accommodates recording fault times of occurrence definitively. However, current practice for defining the time of hazardous event onset relies upon subjective judgements.
This paper presents a novel method to define hazardous event onset more objectively. The method introduces the Streetscope Collision Hazard Measure (SHMTM) and a refined approach to hazardous event classification. SHM inputs kinematic factors such as proximity, relative speed, and acceleration as well as environmental characteristics like traffic patterns, visibility, and road conditions. SHM utilizes these inputs to calculate a time-stamped, 0-to-100 normalized, hazard metric for the subject, or ego, vehicle. SAE J2980 exemplifies the industry standard practice for hazard and operability analysis (HAZOP) and hazard analysis and risk assessment (HARA). This paper adds an extensive operational situations (OpSit) catalog and hazard effect descriptors to further objectify definition of applicable, vehicle-level hazardous events. The OpSit catalog describes numerous driving scenarios that span the road vehicle operational design domain (ODD). Hazard effect descriptors like side collision, pedestrian impact, and strike stationary object support refined onset determinations.
This method allows stakeholders to assign a SHM threshold for hazardous event onset for every applicable combination of malfunction, hazard, operational situation, and hazard effect. Test vehicle dash cameras and simulation data sets demonstrate robust measurement of the time interval between fault injection and exceeding the SHM threshold. The minimum time intervals identified for each hazard becomes its FTTI. Incorporating novel SHM, OpSit catalog, and hazard effect descriptors into industry standard recommended practices improves FTTI determinations.