Contributed by Bob Chabot
Demystifying Vehicle Safety
Safety now begins earlier in design and development
Safe and secure transport has become the rage. It’s a top priority for those developing complex Advanced Driver Assistance Systems (ADAS) and other next-generation self-driving systems. Here’s a look at how regulators and automakers are tackling the task earlier than ever before.
ISO 21448 complements pre-existing standards, but it is primarily focused on the functional safety concerns of new emerging technologies. ISO defines SOTIF in the following terms: “The absence of unreasonable risk due to hazards resulting from functional insufficiencies of the intended functionality or by reasonably foreseeable misuse by persons is now referred to as the Safety of the Intended Functionality.” (Image — International Organization for Standardization)
Driving Toward Safety-Compliant Vehicles
The increasing complexity in the automotive industry has resulted in a drive toward the provision of safety-compliant systems. Modern cars can consist of hundreds of electronic control units (ECUs) and millions of lines of software code. Automobiles being developed will have even more.
Advanced Driver Assistance Systems (ADAS) are just a precursor to even more complex safety systems being developed. Equally cutting-edge simulation testing has become essential to their success.
At organizations such as the International Organization for Standardization (ISO), the complex development of functional safety has been a long-standing autonomous vehicle issue. The steps to manage the functional safety and regulate product development of Electrical/Engineering (E/E) systems were insufficient. They didn’t adequately address recent automotive technological developments, particularly those focused on functional safety.
Making Functional Safety Ethical: The ethical considerations of autonomous vehicles have become a hot topic. Various scenarios can be imagined where an AI system will have to choose a course of action where all of the options could result in a crash and potential injury. It is an extremely difficult conundrum for developers and engineers to grapple with when it comes to machine learning and teaching AI how to act. For more information, click on the image to read Everyday Ethics for Artificial Intelligence, IBM's 2019 study. (Source — IBM)
Functional Safety is Everybody’s Concern
In the past, functional safety requirements have traditionally been managed by manufacturers and system providers. But the increasing complexity of the electronics involved has resulted in the propagation of functional safety throughout the industry supply chain. That led to the development of ISO 21448, the new Safety of the Intended Functionality (SOTIF) standard.
SOTIF was developed to mitigate unreasonable risks for autonomous vehicles and ADAS. These systems encounter problems on the road, in some cases even where the relevant hardware or software hasn’t malfunctioned.
This has been found in certain real-world situations. Examples include inadequate sensor configurations, unexpected changes in the environment, misuse of functions by drivers, and the inability of artificial intelligence (AI) based systems to accurately interpret the situation and operate safely.
Functional safety in automotive development continues to broaden in scope. Given the complexity of today’s vehicle systems, functional safety is now controlled throughout the supply chain at both high level and component level.
Expect demands to increase going forward as autonomous vehicle development begins to rely ever more on AI. The functional safety of AI will open up more questions of an ethical nature, at a moral level as well as a technological level.
Virtual Testing Ramps Up
Automakers have reacted by beginning functional safety earlier, during vehicle design and development. In particular, their use of “virtual testing” has increased. Virtual testing provides a safe, efficient and cost-effective way to test automotive apps and other services. It is ideally suited to everything from service configurations to resource allocation.
Christoph Stadler is Audi AG’s Developer of Automated Driving Simulation. He has helped Audi develop virtual testing solutions to bring ADAS and autonomous driving onto public streets faster and more safely.
In an interview prior to the upcoming Testing ADAS and Self-Driving Cars Conference (hosted by Automotive IQ’s) he shared this:
- What is the role of virtual testing? — With the increasing complexity of ADAS being developed, a classic validation — with complete coverage of all situations by system tests in the laboratory and real test drives — is no longer possible due to pressure of time and cost aspects. As a consequence, the release of Highly Automated Driving (HAD) functions are only possible with great effort. Therefore, virtual testing is required to provide a tool to represent critical scenarios which occur rarely or are hardly reproducible by experiment. The role of virtual testing gets more and more important and will become a precondition for the development for HAD functions.
- What requirements do virtual test tracks need to fulfill? — As there are high requirements concerning quality and behavior for automated driving, virtual test tracks should approximate reality as accurately as possible. However, the more detailed the virtual environment, the more complex it gets to gather all information needed and keep these up to date. Nevertheless, there are some key requirements that must be met. For example, the evaluated test cases have to be applicable and reproducible in the early development process and shall be introduced in the current process of development. As well, the validity of the results generated by simulation have to be verified by a sufficient similarity between the virtual test track and the results of a corresponding sequence on the road.
- How Does Current Testing Validate Automated Driving Function? — There are many established driving assistance systems today that are validated and verified with appropriate testing methods and environments. But no single tested concept exists for an integral validation of autonomous vehicles. With an increasing complexity in the developed driving functions, the number of scenarios to be tested grows by a great measure. This can no longer be handled with state of art methods. It has to be defined which scenarios are critical for the functions to be tested for which parameter ranges and under which constraints. Test runs on the road will be part of the testing methodology for a long time, but a large percentage will be done in virtual environments.
- Would current methodology allow for scalability? — As most of today’s testing procedure is based on real-world test drives and HAD systems have to deal with many different situations, it is difficult to test exact situations on the road because it is too dangerous for test drivers or too expensive to reconstruct such traffic scenarios. Based on the current methodology, the components that still need to be tested on the road have to be reduced to a minimum. For the other steps of the process, mapping in the virtual world is necessary. Generally, the current development process is transferable with a strong focus on virtual testing.
It’s clear that ADAS systems and other new complex and interactive technologies are showing up more and more in vehicles every year. “Expect virtual testing to continue growing in use as automotive technologies continues to become more complex and interrelated,” Stadler urges. “For service professionals who will need to maintain and repair their automobiles, being aware of and familiar with what virtual testing does and doesn’t do will become increasingly important in the very near future.”