As the level of automation is increasing, there is more sensing, processing of complex algorithms and actuation in the system. The Safety of intended functionality (SOTIF) becomes more and more relevant that address the functional insufficiencies or performance limitations of Autonomous functions.
The functional insufficiencies/performance limitations can lead to undesired behaviors of the vehicle function for e.g., the system intervenes when there are no critical situations due to False positive scenarios which may lead to undesired braking, or the system does not react in a critical situation due to false negative scenarios which may lead to no braking when it is required to brake. To address these situations in the operational system, we develop SOTIF compliant system by identifying SOTIF risks and developing suitable measures to mitigate the identified risks. It is also necessary to Validate the system in right vehicle environment to confirm all the mitigation measures are effective and there is no unreasonable risk due to undesired behaviors.
The validation target is generally specified in terms of the number of false positives that is acceptable during the endurance run for function being tested. In a Level 2 automated system, the focus is mainly to address and fix the false positives. Fixing the false positives is mostly at the cost of true positives (system intervenes in a critical situation). When the level of automation increases, the system becomes more responsible than the driver, then False negatives becomes increasingly relevant.
In this paper, we describe how the false positives scenarios has been addressed as part of SOTIF, what are the challenges here, the challenges in addressing the False negative and the bigger and future challenge to design an ideal system with no/minimum false positive, no/minimum false negative and more true positives.