FUnctional Safety and Evolvable
architectures for autonomy
–
Final Seminar 2016-09-23
The Problem – Project Challenge
Today, most common accident cause :
Driver misjudgments
Tomorrow: Autonomous driving
Make sure that autonomous driving is safe
2FUSE Final Seminar 2Rolf Johansson2016-09-23
But, what does it mean?And, what does it imply?
Driving is Safe?
Safe Driver & Safe Vehicle
Each one fulfilling its Responsibility
FUSE Final Seminar 3Rolf Johansson2016-09-23
versus
Manual Driver Vehicle functionality
General responsible
Dividing the safety responsibility today
may assume thatResponsible to safely
fulfil what it claims
Functional safety
FUSE Final Seminar 4Rolf Johansson2016-09-23
Manual Driver
Vehicle base
functionality
Introducing an Autopilot
Hand over of responsibility
Automated Driver
Still general
responsible
may assume that
Responsible to safely
fulfil what it claims
Responsible to
safely fulfil what is needed(!)
FUSE Final Seminar 5Rolf Johansson2016-09-23
Functional safety
HMIResponsible to
implement safe transition
Arguing Safety of Autonomous Vehicle
Show all of:
� Base functionality
proven safe
� Automated Driver
functionality proven safe
� Agreement between
manual driver and
automated driver proven
safe
FUSE Final Seminar 6Rolf Johansson2016-09-23
7
Three Dimensions of Autonomy
Fully automated
Driver only
Highly automated
Assisted Driver
Semi-automated
Autonomy in how much?
How much autonomy?
The ITS environment (source: ETSI)
Autonomy of how much?
One function Set of related functions All functions (no driver)
City SafetyAutopilot
ACC CMbB
FUSE Final SeminarRolf Johansson2016-09-23
Autonomous Driving?
8
Towards More Autonomy in More
What happens to Functional Safety when passing the dotted line?
- How to define it? (Lacking definitions in ISO 26262)
- How to achieve it? (Demand for architectural patterns, and division of responsibility)
- How to prove it? (Demand for new compositional safety arguing)8FUSE Final Seminar
Rolf Johansson2016-09-23
Summarizing FUSE10:45:
• Safe Transitions of
Responsibility in highly
automated Driving
9FUSE Final Seminar 9Rolf Johansson2016-09-23
Make the responsibility
explicit!
11:00:
• How to make a complete risk assessment of autonomous vehicles
Make the responsibility
implementable!
12:45:
• Evolving or disruptive E/E
architectures for
autonomous vehicles
Divide overall responsibility!
14:20:
• A functional safety
concept for
autonomous carsMake sure all safety
requirements are there! 15:10:
• Correctness and Completeness in Requirement engineering
But what if?
15:25:
• Don’t believe what
you read on
Internet: Why self-
driving cars don’t
have to choose
whom to kill
Activities and Results
10FUSE Final Seminar 10Rolf Johansson2016-09-23
High focus on interaction
• co-organized workshops
• invited talks
• peer-reviewed punblications
Interface to many disciplines
• Legal
• HMI design
• Robotics
• ADL (architecture domain languages)
• Requirements engineering
• Agile methodology
• Formal logic
• ….
•Architectures for Autonomous Machines, in cooperation with ICES - KTH, January 14th 2014, Stockholm.
•Joint Project Workshop with EU FP7 project KARYON , May 7th 2014, Göteborg.
•Joint Project Workshop with FFI project SYNLIGARE, May 15th 2015, Göteborg.
•Safety and Automated Driving, in cooperation with IQPC, November 26th 2015, Düsseldorf.
•Winter Workshop, in cooperation with ICES - KTH, January 22nd 2016, Stockholm.
•Joint Project Workshop with European space research project CATSY, March 15th 2016, Stockholm.
•Joint Project Workshop with FFI projects SYNLIGARE and HEAVY ROAD, May 18th 2016, Göteborg.
Activities and Results
11FUSE Final Seminar 11Rolf Johansson2016-09-23
publications•Architecture challenges for intelligent autonomous machines: An industrial perspective. IAS 2014.
•A Functional Architecture for Autonomous Driving. WASA 2015.
•How to Reach Complete Safety Requirement Refinement for Autonomous Vehicles. CARS 2015.
•The Importance of Active Choices in Hazard Analysis and Risk Assessment. CARS 2015.
•Reference Architectures for Highly Automated Driving. Doctoral thesis 2016.
•Efficient Identification of Safety Goals in the Automotive E/E Domain. ERTS2 2016.
•A Functional Brake Architecture for Autonomous Heavy Commercial Vehicles. SAE World Congress 2016.
•Challenges in architecting fully automated driving; with an emphasis on heavy commercial vehicles. WASA 2016.
•The Need for an Environment Perception Block to Address all ASIL Levels Simultaneously. IV 2016.
•Safe Transitions of Responsibility in Highly Automated Driving. Depend 2016.
•Disarming the Trolley Problem – Why Self-driving Cars do not Need to Choose Whom to Kill. CARS 2016.
•Functional Safety and Evolvable Architectures for Autonomy. Book chapter 2016 (to appear).
•Systems engineering and architecting for autonomous driving. Book chapter 2016 (to appear).
•Defining Autonomous Functions Using Iterative Hazard Analysis and Requirements Refinement. SASSUR 2016.
•Functional Safety for Self-Driving Cars. Safetronic 2016 (to appear).
•A functional reference architecture for autonomous driving. Journal of Information and Software Technology (to appear).
12FUSE Final Seminar 12Rolf Johansson2016-09-23
http://www.fuse-project.se/ [email protected]