Browse Topic: Safety critical systems

Items (483)
Automotive chassis components are considered as safety critical components and must meet the durability and strength requirements of customer usage. The cases such as the vehicle driving through a pothole or sliding into a curb make the design (mass efficient chassis components) challenging in terms of the physical testing and virtual simulation. Due to the cost and short vehicle development time requirement, it is impractical to conduct physical tests during the early stages of development. Therefore, virtual simulation plays the critical role in the vehicle development process. This paper focuses on virtual co-simulation of vehicle chassis components. Traditional virtual simulation of the chassis components is performed by applying the loads that are recovered from multi-body simulation (MBD) to the Finite Element (FE) models at some of the attachment locations and then apply constraints at other selected attachment locations. In this approach, the chassis components are assessed
Behera, DhirenLi, FanTasci, MineSeo, Young-JinSchulze, MartinKochucheruvil, Binu JoseYanni, TamerBhosale, KiranAluru, Phani
Several challenges remain in deploying Machine Learning (ML) into safety critical applications. We introduce a safe machine learning approach tailored for safety-critical industries including automotive, autonomous vehicles, defense and security, healthcare, pharmaceuticals, manufacturing and industrial robotics, warehouse distribution, and aerospace. Aiming to fill a perceived gap within Artificial Intelligence and ML standards, the described approach integrates ML best practices with the proven Process Failure Mode & Effects Analysis (PFMEA) approach to create a robust ML pipeline. The solution views ML development holistically as a value-add, feedback process rather than the resulting model itself. By applying PFMEA, the approach systematically identifies, prioritizes, and mitigates risks throughout the ML development pipeline. The paper outlines each step of a typical pipeline, highlighting potential failure points and tailoring known best practices to minimize identified risks. As
Schmitt, PaulSeifert, Heinz BodoBijelic, MarioPennar, KrzysztofLopez, JerryHeide, Felix
Safety Management Systems (SMSs) have been used in many safety-critical industries and are now being developed and deployed in the automated driving system (ADS)-equipped vehicle (AV) sector. Industries with decades of SMS deployment have established frameworks tailored to their specific context. Several frameworks for an AV industry SMS have been proposed or are currently under development. These frameworks borrow heavily from the aviation industry although the AV and aviation industries differ in many significant ways. In this context, there is a need to review the approach to develop an SMS that is tailored to the AV industry, building on generalized lessons learned from other safety-sensitive industries. A harmonized AV-industry SMS framework would establish a single set of SMS practices to address management of broad safety risks in an integrated manner and advance the establishment of a more mature regulatory framework. This paper outlines a proposed SMS framework for the AV
Wichner, DavidWishart, JeffreySergent, JasonSwaminathan, Sunder
Security flaws in automotive software have significant consequences. Modern automotive engineers must assess software not only for performance and reliability but also for safety and security. This paper presents a tool to verify software for safety and security. The tool was originally developed for the Department of Defense (DoD) to detect cybersecurity vulnerabilities in legacy safety-critical software with tight performance constraints and a small memory footprint. We show how the tool and techniques developed for verifying legacy safety-critical software can be applied to automotive and embedded software using real-world case studies. We also discuss how this tool can be extended for software comprehension.
Awadhutkar, PayasTamrawi, AhmedSauceda, Jeremias
The integration of artificial intelligence (AI) and machine learning (ML) into automotive safety-critical systems presents unique challenges, particularly the “changing anything changes everything” (CACE) property inherent in many AI/ML models. CACE highlights the high degree of interdependence within AI/ML systems, where even minor adjustments can have significant, unforeseen impacts on system behavior, posing risks in safety-critical applications. This paper examines the intricate nature of the CACE principle and its implications for the development cycle of AI/ML-based applications. Through case studies and theoretical analysis, we highlight CACE-related challenges and discuss strategies to mitigate these risks in safety-critical environments. Our analysis aims to raise awareness of this often-overlooked challenge, offering insights for safer, more robust AI/ML deployment in the automotive industry.
Tong, WeiLi, GangS, RameshYang, TianbaoShuttlewood, BingMudalige, Pri
The recent advancements in fields such as sensors, AI, and IoT are majorly impacting the automotive industry. Automated Driving Systems (ADS) are developing rapidly, meaning that SAE J3016 Level 3 and above vehicles are quickly becoming a reality. As a result, maintenance of such systems becomes essential to ensure their safe and efficient operation. Prognostic techniques in particular are crucial to monitor the state of health and predicting the end of life for components. Prognostics engineering is being applied in many industries and for conventional automotive applications, but ADS is new technology, and the prognostics for these systems are still being developed and adapted. In this paper, we first present a review of the most used prognostic techniques across different safety-critical domains such as aerospace, power, and manufacturing. Then, we summarize the main challenges that must be faced to successfully develop novel approaches for prognostics of ADS components and provide
Merola, FrancescoHanif, AtharLami, GiuseppeAhmed, QadeerMonohon, Mark
This paper examines the challenges and mechanisms for ensuring Freedom from Interference in Adaptive AUTOSAR-based platforms, with a focus on managing Memory, Timing, and Execution challenges. It explores the robust safety mechanisms in Classic AUTOSAR that ensure Freedom from Interference and the significant challenges in achieving interference-free operation in Adaptive AUTOSAR environments while adhering to ISO26262 standards. The study emphasizes strategies for managing complexities and outlines the multifaceted landscape of achieving interference-free operation. Additionally, it discusses ASIL-compliant Hypervisor, memory partitioning, and Platform Health Management as mechanisms for ensuring safety execution. The paper also raises open questions regarding real-time problems in live projects that are not solved with existing safety mechanisms. Adaptive AUTOSAR plays a crucial role in the development of autonomous and connected vehicles, where functional safety is of utmost
Jain, Yesha
Modern vehicles contain tens of different Electronic Control Units (ECUs) from several vendors. These small computers are connected through several networking busses and protocols, potentially through gateways and converters. In addition, vehicle-to-vehicle and internet connectivity are now considered requirements, adding additional complexity to an already complex electronic system. Due to this complexity and the safety-critical nature of vehicles, automotive cyber-security is a difficult undertaking. One critical aspect of cyber-security is the robust software testing for potential bugs and vulnerabilities. Fuzz testing is an automated software testing method injecting large input sets into a system. It is an invaluable technique across many industries and has become increasingly popular since its conception. Its success relies highly on the “quality” of inputs injected. One shortcoming associated with fuzz testing is the expertise required in developing “smart” fuzz testing tools
McShane, JohnCelik, LeventAideyan, IwinosaBrooks, RichardPesé, Mert D.
The trends of intelligence and connectivity are continuously driving innovation in automotive technology. With the deployment of more safety-critical applications, the demand for communication reliability in in-vehicle networks (IVNs) has increased significantly. As a result, Time-Sensitive Networking (TSN) standards have been adopted in the automotive domain to ensure highly reliable and real-time data transmission. IEEE 802.1CB is one of the TSN standards that proposes a Frame Replication and Elimination for Reliability (FRER) mechanism. With FRER, streams requiring reliable transmission are duplicated and sent over disjoint paths in the network. FRER enhances reliability without sacrificing real-time data transmission through redundancy in both temporal and spatial dimensions, in contrast to the acknowledgment and retransmission mechanisms used in traditional Ethernet. However, previous studies have demonstrated that, under specific conditions, FRER can lead to traffic bursts and
Luo, FengRen, YiZhu, YianWang, ZitongGuo, YiYang, Zhenyu
This standard documents what is required to execute a System Theoretic Process Analysis (STPA) of safety-critical products or systems in all industries. This standard defines the terminology, the steps in using STPA, the activities flow, and the expected deliverables. This standard may be used when addressing compliance with contractual or regulatory requirements regarding risk assessments, safety assessments, development assurance, system security engineering, or other similar requirements as appropriate. In addition, this standard can be used to demonstrate that an effective STPA evaluation has been conducted when compliance is not of paramount concern. This standard is applicable to a broad set of uses including, but not limited to, corporate product development processes, organizational processes, regulatory groups, supplier processes, defense programs (e.g., government awards a contract to a company and the contract mandates STPA), defense program office (e.g., government safety
Functional Safety Committee
This report explores the move from traditional industry practices to emerging technologies, specifically the integration of artificial intelligence (AI) solutions in engineering service sectors. It highlights the increasing problem of “technology washing,” when organizations overstate (sometimes deceivingly) their technology abilities and ethics, posing challenges to accountability, transparency, and trust in various fields. The rise of AI-based solutions in sectors like autonomous mobility, manufacturing, and aerospace has exposed a contrast between ambitious future aspirations and current technological barriers. With this, the role of human knowledge in guaranteeing ethical, efficient, and clear technology incorporation becomes essential. Starting with an examination of today’s technological scene, this report tackles topics such as the buzz around autonomous systems and the difficulties of standardizing fresh innovations. It also points out the problem of organizations exaggerating
Khan, Samir
In the context of advancing automotive electronic systems, ensuring functional safety as per ISO 26262 standards has become of primary importance. This paper presents the development of an AUTOSAR-compliant Software Component (SWC) applied to ISO 26262 applications. Using MATLAB/Simulink, we design and simulate a SWC that operates within the AUTOSAR architecture, focusing on fault detection and activation of safety mechanisms. The SWC is built to monitor specific system parameters and operational anomalies. Upon detecting a fault, it triggers predefined safety mechanisms to mitigate risks and ensure system integrity. The simulation focus on capability to accurately identify faults and execute safety measures effectively, thus demonstrating a practical approach to enhance automotive system safety implementation and its reuse. This paper not only highlights the importance of ISO 26262 in the automotive industry but also illustrates the feasibility of developing and integrating safety
Santiago, Frederico Victor Scoralickdos Santos Machado, ClebersonImbasciati, HenriqueCosta, Silvio Romero Alves
Original equipment manufacturers, Tier 1 suppliers, and the rest of the value chain, including the semiconductor industry, are reshaping their product portfolios, development processes, and business models to support this transformation to software-defined vehicles (SDVs). The focus on software is rippling out through the automotive sector, forcing the industry to rethink organization, leadership, processes, and future roadmaps. The Software-defined Vehicle: Its Current Trajectory and Execution Challenges assesses the state of SDVs and explores the potential hurdles to execution and examines the work being done in the industry. The goal is to evaluate whether the implementation of SDVs will encounter the same fate as electrification or autonomous technologies, which after some level of disillusionment, are expected to pick up momentum in a more mature way. Click here to access the full SAE EDGETM Research Report portfolio.
Goswami, Partha
In recent years, battery electric vehicles (BEVs) have experienced significant sales growth, marked by advancements in features and market delivery. This evolution intersects with innovative software-defined vehicles, which have transformed automotive supply chains, introducing new BEV brands from both emerging and mature markets. The critical role of software in software-defined battery electric vehicles (SD-BEVs) is pivotal for enhancing user experience and ensuring adherence to rigorous safety, performance, and quality standards. Effective governance and management are crucial, as failures can mar corporate reputations and jeopardize safety-critical systems like advanced driver assistance systems. Product Governance and Management for Software-defined Battery Electric Vehicles addresses the complexities of SD-BEV product governance and management to facilitate safer vehicle deployments. By exploring these challenges, it aims to enhance internal processes and foster cross
Abdul Hamid, Umar Zakir
Aerospace manufacturers are leveraging multicore processors and modularity to design smarter cockpit displays and avionic computers that are smaller and capable of supporting more applications from a single line replaceable unit (LRU). Some are also starting to embed more of the processing required to enable cockpit display applications within the display itself, rather than having it enabled by an associated LRU. The development of new electric vertical takeoff and landing (eVTOL) aircraft and avionics companies changing their approach to the development of safety critical computers and aircraft networking technologies are some of the aerospace industry factors driving this design trend. In the U.S., the Department of Defense (DoD) embracing the Modular Open Systems Approach (MOSA) across the purchase of all new aircraft technologies is influencing design changes in cockpit displays and aircraft computers as well.
The rise of AI models across diverse domains includes promising advancements, but also poses critical challenges. In particular, establishing trust in AI-based systems for mission-critical applications is challenging for most domains. For the automotive domain, embedded systems are operating in real-time and undertaking mission-critical tasks. Ensuring dependability attributes, especially safety, of these systems remains a predominant challenge. This article focuses on the application of AI-based systems in safety-critical contexts within automotive domains. Drawing from current standardization methodologies and established patterns for safe application, this work offers a reflective analysis, emphasizing overlaps and potential avenues to put AI-based systems into practice within the automotive landscape. The core focus lies in incorporating pattern concepts, fostering the safe integration of AI in automotive systems, with requirements described in standardization and topics discussed
Blazevic, RomanaVeledar, OmarStolz, MichaelMacher, Georg
The global time that is propagated and synchronized in the vehicle E/E architecture is used in safety-critical, security-critical, and time-critical applications (e.g., driver assistance functions, intrusion detection system, vehicle diagnostics, external device authentication during vehicle diagnostics, vehicle-to-grid and so on). The cybersecurity attacks targeting the global time result in false time, accuracy degradation, and denial of service as stated in IETF RFC 7384 [2]. These failures reduce the vehicle availability, robustness, and safety of the road user. IEEE 1588 [3] lists four mechanisms (integrated security mechanism, external security mechanism, architectural solution, and monitoring & management) to secure the global time. AUTOSAR defines the architecture and detailed specifications for the integrated security mechanism “Secured Global Time Synchronization (SGTS)” to secure the global time on automotive networks (CAN, FlexRay, Ethernet). However, there are also
Kumaraswamy, PavithraRus, Andrei
The automotive PowerNet is in the middle of a major transformation. The main drivers are steadily increasing power demand, availability requirements, and complexity and cost. These factors result in a wide variety of possible future PowerNet topologies. The increasing power demand is, among other factors, caused by the progressive electrification of formerly mechanical components and a constantly increasing number of comfort and safety loads. This leads to a steady increase in installed electrical power. X-by-wire systems1 and autonomous driving functions result in higher availability requirements. As a result, the power supply of all safety-critical loads must always be kept sufficiently stable. To reduce costs and increase reliability, the car manufacturers aim to reduce the complexity of the PowerNet system, including the wiring harness and the controller network. The wiring harness e.g., is currently one of the most expensive parts of modern cars. These challenges are met with a
Jagfeld, Sebastian Michael PeterWeldle, RichardKnorr, RainerFill, AlexanderBirke, Kai Peter
Deep learning algorithms are being widely used in autonomous driving (AD) and advanced driver assistance systems (ADAS) due to their impressive capabilities in visual perception of the environment of a car. However, the reliability of these algorithms is known to be challenging due to their data-driven and black-box nature. This holds especially true when it comes to accurate and reliable perception of objects in edge case scenarios. So far, the focus has been on normal driving situations and there is little research on evaluating these systems in a safety-critical context like pre-crash scenarios. This article describes a project that addresses this problem and provides a publicly available dataset along with key performance indicators (KPIs) for evaluating visual perception systems under pre-crash conditions.
Bakker, Jörg
Faults if not detected and processed will create catastrophe in closed loop system for safety critical applications in automotive, space, medical, nuclear, and aerospace domains. In aerospace applications such as stall warning and protection/prevention system (SWPS), algorithms detect stall condition and provide protection by deploying the elevator stick pusher. Failure to detect and prevent stall leads to loss of lives and aircraft. Traditional Functional Hazard and Fault Tree analyses are inadequate to capture all failures due to the complex hardware-software interactions for stall warning and protection system. Hence, an improved methodology for failure detection and identification is proposed. This paper discusses a hybrid formal method and model-based technique using System Theoretic Process Analysis (STPA) to identify and diagnose faults and provide monitors to process the identified faults to ensure robust design of the indigenous stall warning and protection system (SWPS). The
Kale, AlexanderMadhuranath, GaneshShanmugham, ViswanathanNanda, ManjuSingh, GireshDurak, Umut
RTCA DO-178C, guideline in the aviation industry for the development of airworthiness of aviation software mandates the analysis of data and control coupling using requirement-based testing for safety-critical avionics software (Refer the Table 1). DO-178C defines Control Coupling as the manner or degree by which one software component influences the execution of another software component. Data Coupling as the dependence of a software component on data not exclusively under the control of that software component. The intent of the analysis of data coupling and control coupling is to ensure that each module/component are interacting with each other as expected. That is, the intent is to show that the software modules/components affect one another in the ways in which the software designer intended and do not affect one another in ways in which they were not intended, thus resulting in unplanned, anomalous, or erroneous behavior. The measurements and assurance should be conducted using
Ramegowda, Yogesha Aralakuppe
In a study, published in the Journal Waves in Random and Complex Media, researchers from the University of Bristol have derived a formula that can inform the design boundaries for a given component’s geometry and material microstructure.
A new industry-first open platform for developing the software-defined vehicle (SDV) combines processing, vehicle networking and system power management with integrated software. NXP Semiconductors' new S32 CoreRide Platform was designed to run “multiple time-critical, safety-critical, security-critical applications in parallel,” Henri Ardevol, executive vice president and general manager of Automotive Embedded Systems for NXP Semiconductors, told SAE Media. NXP's new foundation platform for SDVs differs from the traditional approach of using multiple electronic control units (ECUs), each designed to handle specific vehicle system control tasks. Since each unit requires its own integration work, the integration workload exponentially increases with each additional ECU on a vehicle.
Buchholz, Kami
This paper explores the role and challenges of Artificial Intelligence (AI) algorithms, specifically AI-based software elements, in autonomous driving systems. These AI systems are fundamental in executing real-time critical functions in complex and high-dimensional environments. They handle vital tasks like multi-modal perception, cognition, and decision-making tasks such as motion planning, lane keeping, and emergency braking. A primary concern relates to the ability (and necessity) of AI models to generalize beyond their initial training data. This generalization issue becomes evident in real-time scenarios, where models frequently encounter inputs not represented in their training or validation data. In such cases, AI systems must still function effectively despite facing distributional or domain shifts. This paper investigates the risk associated with overconfident AI models in safety-critical applications like autonomous driving. To mitigate these risks, methods for training AI
Pitale, Mandar ManoharAbbaspour, AlirezaUpadhyay, Devesh
The development of highly automated driving functions (AD) recently rises the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is increasing rapidly and especially in vehicles with highly automated functions, there is a high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who should no longer occupied with driving tasks. But the connectivity is accompanied by potential cyber security risks, eventually
Schmidt, KarstenDannebaum, UdoSchneider, RolfAmbekar, Abhijit
Kognic's advanced interpretation of sensor data helps artificial intelligence and machine learning recognize the human thing to do. In December 2023, Kognic, the Gothenburg, Sweden-based developer of a software platform to analyze and optimize the massively complex datasets behind ADAS and automated-driving systems, was in Dearborn, Michigan to accept the Tech.AD USA award for Sensor Perception solution of the year. The company doesn't make sensors, but one might say it makes sense of the data that comes from sensors. Kognic, established in 2018, is well-known in the ADAS/AV software sector for its work to help developers extract better performance from and enhance the robustness of safety-critical “ground-truth” information gleaned from petabytes-upon-petabytes of sensor-fusion datasets. Kognic CEO and co-founder Daniel Langkilde espoused a path for improving artificial intelligence-reliant systems based on “programming with data instead of programming with code.”
Visnic, Bill
Wheel rims and wheel hub bearings are critical components of Heavy Commercial Vehicle (HCV) suspension systems and are subjected to extensive fatigue loading throughout their operational life. Actual loading conditions on wheels are a combination of radial loads (vertical loads) and cornering loads (lateral loads) acting simultaneously and are directly influenced by payload and road conditions. Currently for Indian usage, there are test guidelines [1] only for separate uniaxial Radial Fatigue Test (RFT) and Cornering Fatigue Test (CFT) for wheel rims which might not represent realistic combined loading conditions, and no generic guidelines are available for testing of wheel hub bearings. There is a biaxial test guideline defined for European usage scenario, but no guidelines defined for Indian usage scenario [5] Thus, there was a need to define test guidelines for biaxial fatigue testing of wheel rims and wheel hub bearings, based on data acquired for Indian roads and usage conditions
Bakal, Nikhil R.Kuwar, Virendra S.Shinde, Vikram V.Thorat, Omkar A.Pawar, Prashant R.
Battery is one of the safety critical systems in EV. As the number of EVs increases, battery safety becomes an important task to avoid any mishap during its use, as even small accidents may slow down the adaptation of EVs. Automotive environment being one of the harshest operating environments, it is important to ensure both mechanical and electrical safety of the battery pack. Li-Ion batteries are most popular among traction batteries, due to their high energy density, long life, and fast charging capabilities. But mechanical damage, over temperature, short-circuit, etc. may lead to battery thermal runaway, causing a major accident. Mechanical abuse of battery can be one of the reasons that may lead to the damages mentioned above, eventually causing thermal runaway in batteries. That’s why all major battery safety standards have requirements for vibration and mechanical shock tests. In this paper, we have developed a methodology to evaluate the structural integrity of a battery pack
Dandge, SunilMahamuni, AmeyaSevda, GauravH, RajeshKumar, RavindraMahajan, Rahul
Recent rapid advancement in machine learning (ML) technologies have unlocked the potential for realizing advanced vehicle functions that were previously not feasible using traditional approaches to software development. One prominent example is the area of automated driving. However, there is much discussion regarding whether ML-based vehicle functions can be engineered to be acceptably safe, with concerns related to the inherent difficulty and ambiguity of the tasks to which the technology is applied. This leads to challenges in defining adequately safe responses for all possible situations and an acceptable level of residual risk, which is then compounded by the reliance on training data. The Path to Safe Machine Learning for Automotive Applications discusses the challenges involved in the application of ML to safety-critical vehicle functions and provides a set of recommendations within the context of current and upcoming safety standards. In summary, the potential of ML will only
Burton, Simon
Developing embedded application software is an expensive business, especially when the software is to be used in a critical application. Composable modularity can streamline development through the reuse of software modules, making it a highly desirable attribute in the architecture of embedded software. The U.S. Department of Defense (DoD) has embraced this concept with the Modular Open Systems Approach (MOSA). This strategic standardization initiative highlights how interoperable modular components built by different companies across different programs or procurements can perform together. The Future Airborne Capability Environment (FACE™) Consortium, a collaboration between government and industry entities, has developed the FACE technical standard to fulfil the requirements of a MOSA for military aviation software development. However, there is nothing about the principles of the FACE technical standard and MOSA that makes them applicable only to military systems. They therefore
This document provides recommended practices regarding how System Theoretic Process Analysis (STPA) may be applied to safety-critical systems in any industry in the area of Safety of the Intended Functionality (SOTIF) evaluations.
Functional Safety Committee
This document provides recommended practices regarding how System Theoretic Process Analysis (STPA) may be applied to safety-critical systems in any industry in the area of model-based systems engineering (MBSE) evaluations.
Functional Safety Committee
This document describes System Theoretic Process Analysis (STPA) approaches to evaluate human-machine interaction (HMI) found effective when conducting STPA human factors and/or a system safety evaluation.
Functional Safety Committee
The power of advanced driver assistance systems (ADAS) continues to increase alongside vehicle code and software complexity. To ensure ADAS functionality and maximize safety, cost efficiency, and customer satisfaction, original equipment manufacturers (OEMs) must adopt a solution that allows them to mine data, extract meaningful information, send remote software updates and bug fixes, and manage software complexity. All of this is possible with an embedded telematics-based software and data management solution. Event-based logging enables OEMs to actively measure ADAS effectiveness and performance. It allows them to analyze driver behaviors, such as whether response times increase after a certain time of day, and adjust the ADAS settings to increase functionality, such as providing an earlier warning or automated response. A vertically integrated solution also enables the identification and correction of software and calibration defects for the entire vehicle life cycle through over
Parle, AmberSchwinke, SteveSikaria, MayankSawant, Amol
ABSTRACT System and software requirements provide a definition of what the system implementation is required to do, and are a necessary component to independent requirement based testing for safety critical systems. However as vital as these requirements are, the requirements often are not analyzed until a safety assessment is performed, or the system fails during testing. Automating the system analysis and testing can be used to help to shift left the software life cycle, particularly when the automation augments, rather than replaces, human test developers. This paper presents a method to convert textual requirements into a logical model of the system. This logical model can be used for various automated system analysis procedures, as well as automated test generation. We show this automation can provide significant insight into possible issues in the system, as well as significantly accelerating the time required for test development. Citation: M. Lingg, H. Paul, S. Kushwaha, J
Lingg, MichaelPaul, HowardKushwaha, SachinOrtiz, Jaiden
While machine-learning-based methods suffer from a lack of transparency, rule-based (RB) methods dominate safety-critical systems. Yet the RB approaches cannot compete with the first ones in robustness to multiple system requirements, for instance, simultaneously addressing safety, comfort, and efficiency. Hence, this article proposes a decision-making and control framework which profits from the advantages of both the RB and machine-learning-based techniques while compensating for their disadvantages. The proposed method embodies two controllers operating in parallel, called Safety and Learned. An RB switching logic selects one of the actions transmitted from both controllers. The Safety controller is prioritized whenever the Learned one does not meet the safety constraint, and also directly participates in the Learned controller training. Decision-making and control in autonomous driving are chosen as the system case study, where an autonomous vehicle (AV) learns a multitask policy
Aksjonov, AndreiKyrki, Ville
This document provides recommended practices regarding how System Theoretic Process Analysis (STPA) may be applied to safety-critical systems in any industry.
Functional Safety Committee
This SAE Aerospace Recommended Practice (ARP) provides guidance when creating integrated vehicle health management (IVHM) system architecture. IVHM covers a vehicle’s monitoring and data processing functions inherent within its sub-systems, and the tools and processes used to manage and restore the vehicle health. These guidelines are drawn from experience within both defense and commercial IVHM initiatives and implementations. The document identifies a step-by-step methodology to expose functional and non-functional requirements, mature the architecture and support organizational business goals and objectives.
HM-1 Integrated Vehicle Health Management Committee
Dry dust testing of vehicles on unpaved dust roads plays a crucial role in the development process of automotive manufacturers. One of the central aspects of the test procedure is ensuring the functionality of locking systems in the case of dust ingress and keeping the dust below a certain concentration level inside the vehicle. Another aspect is the customer comfort because of dust deposited on the surface of the car body. This also poses a safety risk to customers when the dust settles on safety-critical parts such as windshields and obstructs the driver’s view. Dust deposition on sensors is also safety critical and is becoming more important because of the increasing amount of sensors for autonomous driving. Nowadays, dust tests are conducted experimentally at dust proving grounds. To gain early insights and avoid costly physical testing, numerical simulations are considered a promising approach. Simulations of vehicle contamination by dry dust have been studied in the past. However
Yigci, IbrahimStrohbücker, VeithSchatz, Markus
Autonomous vehicle (AV) algorithms need to be tested extensively in order to make sure the vehicle and the passengers will be safe while using it after the implementation. Testing these algorithms in real world create another important safety critical point. Real world testing is also subjected to limitations such as logistic limitations to carry or drive the vehicle to a certain location. For this purpose, hardware in the loop (HIL) simulations as well as virtual environments such as CARLA and LG SVL are used widely. This paper discusses a method that combines the real vehicle with the virtual world, called vehicle in virtual environment (VVE). This method projects the vehicle location and heading into a virtual world for desired testing, and transfers back the information from sensors in the virtual world to the vehicle. As a result, while vehicle is moving in the real world, it simultaneously moves in the virtual world and obtains the situational awareness via multiple virtual
Gelbal, Sukru YarenAksun Guvenc, BilinGuvenc, Levent
The software architecture behind modern autonomous vehicles (AV) is becoming more complex steadily. Safety verification is now an imminent task prior to the large-scale deployment of such convoluted models. For safety-critical tasks in navigation, it becomes imperative to perform a verification procedure on the trajectories proposed by the planning algorithm prior to deployment. Signal Temporal Logic (STL) constraints can dictate the safety requirements for an AV. A combination of STL constraints is called a specification. A key difference between STL and other logic constraints is that STL allows us to work on continuous signals. We verify the satisfaction of the STL specifications by calculating the robustness value for each signal within the specification. Higher robustness values indicate a safer system. Model Predictive Control (MPC) is one of the most widely used methods to control the navigation of an AV, with an underlying set of state and input constraints. Our research aims
Parameshwaran, AdityaWang, Yue
High-speed vehicles in low illumination environments severely blur the images used in object detectors, which poses a potential threat to object detector-based advanced driver assistance systems (ADAS) and autonomous driving systems. Augmenting the training images for object detectors is an efficient way to mitigate the threat from motion blur. However, little attention has been paid to the motion of the vehicle and the position of objects in the traffic scene, which limits the consistence between the resulting augmented images and traffic scenes. In this paper, we present a vehicle kinematics-based image augmentation algorithm by modeling and analyzing the traffic scenes to generate more realistic augmented images and achieve higher robustness improvement on object detectors against motion blur. Firstly, we propose a traffic scene model considering vehicle motion and the relationship between the vehicle and the object in the traffic scene. Simulations based on typical ADAS test scenes
Zhang, ZhuangZhang, LijunMeng, DejianHuang, LuyingXiao, WeiTian, Wei
Image corruptions due to noise, blur, contrast change, etc., could lead to a significant performance decline of Deep Neural Networks (DNN), which poses a potential threat to DNN-based autonomous vehicles. Previous works attempted to explain corruption from a Fourier perspective. By comparing the absolute Fourier spectrum difference between corrupted images and clean images in the RGB color space, they regard the noise from some corruptions (Gaussian noise, defocus blur, etc.) as concentrating on the high-frequency components while others (contrast, fog, etc.) concentrate on the low-frequency components. In this work, we present a new perspective that unifies corruptions as noise from high frequency and thus propose an image augmentation algorithm to achieve a more robust performance against common corruptions. First, we notice the 1/fα statistical rule of the natural image's spectrum and the channels-wise differential sensitivity on the YCbCr color space of the Human Visual System
Zhang, ZhuangZhang, LijunMeng, DejianTian, WeiXiao, Wei
Formal verification plays an important role in proving the safety of autonomous vehicles (AV). It is crucial to find errors in the AV system model to ensure safety critical features are not compromised. Model checking is a formal verification method which checks if the finite state machine (FSM) model meets system requirements. These requirements can be expressed as linear Temporal logic (LTL) formulae to describe a sequence of states with linear Temporal properties to be satisfied. NuSMV is a dedicated software for performing model checking based on Temporal logic formulae on FSM models. However, NuSMV does not provide model-based design. On the other hand, Stateflow in MATLAB/SIMULINK is a powerful tool for designing the model and offers an interactive Graphical User Interface (GUI) for the user/verifier but is not as efficient as NuSMV in model checking. Hence, model transformation becomes vital to convert the AV model in Stateflow to an input language of model checking software
Rao, AnanyaWang, Yue
Items per page:
1 – 50 of 483