Safety of the Intended Functionality / edited by Juan R. Pimentel.

Format:

Book

Contributor:

Pimentel, Juan R., editor.

Series:

Automated vehicle safety series.

Automated vehicle safety series

Language:

English

Subjects (All):

Automated guided vehicle systems--Safety measures.

Automated guided vehicle systems.

Physical Description:

1 online resource (210 pages).

Edition:

1st ed.

Place of Publication:

Warrendale, PA : SAE International, 2019.

Summary:

Safety has been ranked as the number one concern for the acceptance and adoption of automated vehicles since safety has driven some of the most complex requirements in the development of self-driving vehicles. Recent fatal accidents involving self-driving vehicles have uncovered issues in the way some automated vehicle companies approach the design, testing, verification, and validation of their products. Traditionally, automotive safety follows functional safety concepts as detailed in the standard ISO 26262. However, automated driving safety goes beyond this standard and includes other safety concepts such as safety of the intended functionality (SOTIF) and multi-agent safety. Safety of the Intended Functionality (SOTIF) addresses the concept of safety for self-driving vehicles through the inclusion of 10 recent and highly relevent SAE technical papers. Topics that these papers feature include the system engineering management approach and redundancy technical approach to safety. As the third title in a series on automated vehicle safety, this contains introductory content by the Editor with 10 SAE technical papers specifically chosen to illuminate the specific safety topic of that book.

Contents:

Cover

Table of Contents

Introduction

CHAPTER 1 Fault-Tolerant Ability Testing for Automotive Ethernet

Physical Layer Analysis

Fault Tolerance Testing

Wire Short or Open Testing

Resistance Testing

Capacitance Testing

Ground Shift Testing

Result Analysis

Summary/Conclusions

Contact Information

Acknowledgments

Definitions/Abbreviations

References

CHAPTER 2 An Analysis of ISO 26262: Machine Learning and Safety in Automotive Software

Background

ISO 26262

Machine Learning

Analysis of ISO 26262

Identifying Hazards

Faults and Failure Modes

Specification and Verification

Level of ML Usage

Required Software Techniques

Summary and Conclusion

Acknowledgment

CHAPTER 3 The Development of Safety Cases for an Autonomous Vehicle: A Comparative Study on Different Methods

Vehicle Layout and ISO26262

Vehicle Control System and Propulsion System

ISO26262 Road Vehicle Functional Safety Standard

Failure Model and Effects Analysis Method

Goal Structuring Notation Method

Safety Case Development

Case Study

Conclusions

CHAPTER 4 Autonomous Vehicle Sensor Suite Data with Ground Truth Trajectories for Algorithm Development and Evaluation

Location

Experimental Design

Autonomous Vehicle Sensors

Cameras

Radar

Lidar

Ground Truth Collection - AV Trajectories

Ground Truth Collection - Pedestrian and Cyclist Tracks

Traffic Light Phase Data

Aerial Observation

A Note about Coordinate Frames

Summary

CHAPTER 5 Integrating STPA into ISO 26262 Process for Requirement Development

Introduction.

Process Map for STPA Integration

STPA

Process Map for Creating Functional Safety Requirement

Modeling and Tool Support

Intro to SysML

Meta-Model for Hazard Analysis &amp

Requirement Generation

System Engineering Foundations Based on Item Definition

Integration of STPA Step 1 for Evaluating Existing Safety Goals

Integration of STPA Step 2 for Creating Functional Safety Requirements

Consideration for Integration with Cyber Security Analysis

Definition/Abbreviations

CHAPTER 6 Hazard Analysis and Risk Assessment beyond ISO 26262: Management of Complexity via Restructuring of Risk-Generating Process

SOTIF HARA and State Space Explosion

HARA Composition

Hazards

Use Cases

HARA and the Hidden Semi-Markov Chain

Restructuring of Risk-Generating Process

Automatic Emergency Braking (AEB) Example

Markov Chain Solution

Regions of the Transition Matrix

Is There Another Way to Do It?

Outlook

CHAPTER 7 Toward a Framework for Highly Automated Vehicle Safety Validation

Approach

Terminology

The Role of Vehicle Test and Simulation

Beyond ISO 26262

System Test/Debug/Patch as a Baseline Strategy

Limitations of Vehicle-Level Testing and Simulation

Simulation Realism for Its Own Sake Is Inefficient

Clarifying the Goals of Testing

HAV Requirements Will Be Incomplete

Vehicle Testing for Debugging Can Be Ineffective

Vehicle Testing as Requirements Discovery

Separating Requirements Discovery and Design Testing

Vehicle Testing to Mitigate Residual Risks

A Layered Residual Risk Approach

Validation According to Safety Requirements

Basing Validation on Residual Risks

Managing Residual Risks.

An Example of Residual Risks

Improving Observability

Controllability and Observability

Software Test Points

Passing Tests for the Right Reason

Coping with Uncertainty

Knowns and Unknowns

Dealing with Unknown Defects

HAV Maturity

HAV Probation: Monitoring Assumptions

Deploying with Residual Risks

CHAPTER 8 Bayesian Test Design for Reliability Assessments of Safety-Relevant Environment Sensors Considering Dependent Failures

Background: Reliability Assessment of Automotive Environment Perception

Null Hypothesis Significance Testing for Sensor Reliability Assessment

Performance Evaluation of NHST

Alternatives to NHST for Reliability Assessments

Bayesian Methodology for Empirical Perception Reliability Assessments of Environment Sensors

Statistical Model

Mathematical Representation of Dependent Errors

Considering a Non-Stationary Error Rate

Bayesian Reliability Assessment and Test Effort Estimation

Assessing the Reliability of a Multi-Sensor System

Case study: Empirically Demonstrating the Perception Reliability of Environment Sensors

Estimating the Necessary Test Drive Effort

Evaluating Hypothetical Test Results

Influence of Error Dependence on Multi-Sensor Based Machine Vision

Discussion

Appendix

CHAPTER 9 Challenges in Autonomous Vehicle Testing and Validation

Infeasibility of Complete Testing

The V Model as a Starting Point

Driver Out of the Loop

Controllability Challenges

Autonomy Architecture Approaches

Complex Requirements

Requirements Challenges

Operational Concept Approaches

Safety Requirements and Invariants

Non-Deterministic and Statistical Algorithms.

Challenges of Stochastic Systems

Non-Determinism in Testing

Machine Learning Systems

Challenges of Validating Inductive Learning

Solutions to Inductive Learning

Mission Critical Operational Requirements

Challenges of Fail-Operational System Design

Failover Missions

Non-Technical Factors

Fault Injection

Phased Deployment

Monitor/Actuator Architecture

Future Work

CHAPTER 10 RV-ECU: Maximum Assurance In-Vehicle Safety Monitoring

Limitations of Current Approaches

Enabling Safety Standardization

Runtime Verification

RV-ECU: A Vehicle Safety Architecture

Global and Local Monitoring

Certifiable Correctness

RV-ECU Compared: Other RV Efforts

Recalls and RV-ECU, a Case Study

A Practical Demonstration

Future Work and Applications

Technical Limitations and Drawbacks

Conclusion

Acknowledgements

Epilogue.

Notes:

Description based on online resource; title from PDF title page (SAE International, viewed March 16, 2023).

ISBN:

9781523140381

1523140380

9780768002683

0768002680

9780768002447

0768002443

OCLC:

1302010764