From Coursera, Introduction to Self-Driving Cars by University of Toronto
https://www.coursera.org/specializations/self-driving-cars?action=enroll
Safety Assurance for Autonomous Vehicles
Safety Assurance for Self-Driving Vehicles
- Autonomous driving crashes
- Formal definitions
- Safety: absence of unreasonable risk of harm
- Hazard: potential source of unreasonable risk of harm
- Major hazard sources
- Mechanical
- Electrical
- Hardware
- Software
- Sensors
- Bahavior
- Fallback
- Cyber
- Safety requirements
- NHTSA: safety framework
- Systems engineering approach to safety
- Autonomy design: ODD, OEDR, Fallback, Traffic laws, cybersecurity, HMI
- Testing & Crash mitigation: crashworthiness, post crash, data recording, consumer education
- NHTSA: safety framework
Industry Methods for Safety Assurance and Testing
Industry perspectives on self driving safety
- Waymo:
- Behavior safety, Functional safety, Crash safety, Operational safety, Non collision safety, Approaches to demonstrating autonomy safety
- Safety process:
- Identify hazard scenarios & potential mitigations
- Use hazard assessment methods to define safety requirements
- Preliminary analysis
- Fault tree
- Design Failure Modes & Effects Analyses
- Levels of testing to ensure safety
- Simulation testing: Test rigorously with simulation,thousands of variations,fuzzing of neighbouring vehicles
- Closed-course testing:
- Follow 28 core + 19 additional scenario competencies on private test tracks
- Focus on four most common crashes: Rear-end,intersection,road departure,lane change
- Real-world driving
- GM:
- Address all 12 elements of NHTSA Safety Framework
- Iterative Design: Analyze, build, simulate, drive
- Safety through Comprehensive Risk Management and Deep Integration:
- identify and address risks,validate solutions
- prioritize elimination of risks,not just mitigation
- All hardware,software systems meet self-set standards for performance,crash protection, reliability,serviceability,security,safety
- Safety process:
- Deductive Analysis: fault tree analysis
- Inductive Analysis: Design &Process FMEA
- Exploratory Analysis: HAZOP:Hazard & Operability Study
- Safety Thresholds
- All GM vehicles are equipped with two key safety thresholds
- Fail safes: There is redundant functionality(second controllers,backup systems etc)such that even if primary systems fail,the vehicle can stop normally
- SOTIF: All critical functionalities are evaluated for unpredictable scenarios
- Testing:
- Performance testing at different levels
- Requirements validation of components, levels
- Fault injection testing of safety critical functionality
- Intrusive testing such as electromagnetic interference, etc.
- Durability testing and simulation based testing
Approaches to demonstrating autonomy safety
- Analytical vs Data Driven: Definitions
- Analytical Safety: Ensuring the system works in theory and meets safety requirements found by hazard assessment
- Data driven safety
- Safety guarantee due to the fact that the system has performed autonomously without fail on the roads for a very large number of kms
Safety Frameworks for Self-Driving
Generic Safety Frameworks
- Fault Tree Analysis
- Top down deductive failure analysis
- Boolean logic
- Probabilistic Fault Tree Analysis
- Assign probabilities to fault “leaves”
- Use logic gates to construct failure tree
- Failure Mode and Effects Analyses(FMEA)
- Bottom up process to identify all the effects of faults in a system
- Failure Mode:
- Modes or ways in which a component of the system may fail
- Effects Analysis:
- Analyzing effects of the failure modes on the operation of the system
- HAZOP - a variation on FMEA
- Hazard and operability study(HAZOP)
- Qualitative brainstorming process, needs “imagination”
- Uses guide words to trigger brainstorming(not, more, less etc.)
- Applied to complex’ processes’
- Sufficient design information is available, and not likely to change significantly
Functional safety frameworks
- FuSa HARA: safety requirements through risk analysis
- SOTIF: behavior risk assessment