Highly automated road vehicles need the capability of stopping safely in a situation that disrupts continued normal operation, e.g. due to internal system faults. Motion planning for safe stop differs from nominal motion planning, since there is not a specific goal location. Rather, the desired behavior is that the vehicle should reach a stopped state, preferably outside of active lanes. Also, the functionality to stop safely needs to be of high integrity. The first contribution of this paper is to formulate the safe stop problem as a benchmark optimal control problem, which can be solved by dynamic programming. However, this solution method cannot be used in real-time. The second contribution is to develop a real-time safe stop trajectory planning algorithm, based on selection from a precomputed set of trajectories. By exploiting the particular properties of the safe stop problem, the cardinality of the set is decreased, making the algorithm computationally efficient. Furthermore, a monitoring based architecture concept is proposed, that ensures dependability of the safe stop function. Finally, a proof of concept simulation using the proposed architecture and the safe stop trajectory planner is presented.
Scenario-based approaches have been receiving a huge amount of attention in research and engineering of automated driving systems. Due to the complexity and uncertainty of the driving environment, and the complexity of the driving task itself, the number of possible driving scenarios that an Automated Driving System or Advanced Driving-Assistance System may encounter is virtually infinite. Therefore it is essential to be able to reason about the identification of scenarios and in particular critical ones that may impose unacceptable risk if not considered. Critical scenarios are particularly important to support design, verification and validation efforts, and as a basis for a safety case. In this paper, we present the results of a systematic mapping study in the context of autonomous driving. The main contributions are: (i) introducing a comprehensive taxonomy for critical scenario identification methods; (ii) giving an overview of the state-of-the-art research based on the taxonomy encompassing 86 papers between 2017 and 2020; and (iii) identifying open issues and directions for further research. The provided taxonomy comprises three main perspectives encompassing the problem definition (the why), the solution (the methods to derive scenarios), and the assessment of the established scenarios. In addition, we discuss open research issues considering the perspectives of coverage, practicability, and scenario space explosion.
The complexity of automated driving poses challenges for providing safety assurance. Focusing on the architecting of an Autonomous Driving Intelligence (ADI), i.e. the computational intelligence, sensors and communication needed for high levels of automated driving, we investigate so called safety supervisors that complement the nominal functionality. We present a problem formulation and a functional architecture of a fault-tolerant ADI that encompasses a nominal and a safety supervisor channel. We then discuss the sources of hazardous events, the division of responsibilities among the channels, and when the supervisor should take over. We conclude with identified directions for further work.
Fully automated vehicles will require new functionalities for perception, navigation and decision making -an Autonomous Driving Intelligence (ADI). We consider architectural cases for such functionalities and investigate how they integrate with legacy platforms. The cases range from a robot replacing the driver -with entire reuse of existing vehicle platforms, to a cleanslate design. Focusing on Heavy Commercial Vehicles (HCVs), we assess these cases from the perspectives of business, safety, dependability, verification, and realization.The original contributions of this paper are the classification of the architectural cases themselves and the analysis that follows. The analysis reveals that although full reuse of vehicle platforms is appealing, it will require explicitly dealing with the accidental complexity of the legacy platforms, including adding corresponding diagnostics and error handling to the ADI. The current fail-safe design of the platform will also tend to limit availability. Allowing changes to the platforms, will enable more optimized designs and fault-operational behaviour, but will require initial higher development cost and specific emphasis on partitioning and control to limit the influences of safety requirements. For all cases, the design and verification of the ADI will pose a grand challenge and relate to the evolution of the regulatory framework including safety standards.
A large body of work can be found in literature on Design Space Exploration (DSE) methods for distributed embedded system architecting (DESA). However, almost none of these methods is successfully adopted in automotive industry. To clarify the reasons, this paper 1) analyzes the current state of the art (SOTA) on DSE methods for DESA through a systematic literature study, focusing on the assumed architecting process and concerns; 2) investigates the state of practice (SOP) on DESA in the automotive industry through a literature study and interviews with experienced system architects from five different automotive manufacturers; and 3) analyzes the gap between SOTA and SOP, and thereby discusses potential improvements of DSE methods.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.