The development of fully automated vehicles imposes new challenges in the development process and during the operation of such vehicles. As traditional design methods are not sufficient to account for the huge variety of scenarios which will be encountered by (fully) automated vehicles, approaches for designing safe systems must be extended in order to allow for an ISO 26262 compliant development process. During operation of vehicles implementing SAE Levels 3+ safe behavior must always be guaranteed, as the human driver is not or not immediately available as a fall-back. Thus, the vehicle must be aware of its current performance and remaining abilities at all times. In this paper we combine insights from two research projects for showing how a skill-and ability-based approach can provide a basis for the development phase and operation of self-aware automated road vehicles.
Self-awareness has been used in many research fields in order to add autonomy to computing systems. In automotive systems, we face several system layers that must be enriched with self-awareness to build truly autonomous vehicles. This includes functional aspects like autonomous driving itself, its integration on the hardware/software platform, and among others dependability, real-time, and security aspects. However, self-awareness mechanisms of all layers must be considered in combination in order to build a coherent vehicle self-awareness that does not cause conflicting decisions or even catastrophic effects. In this paper, we summarize current approaches for establishing self-awareness on those layers and elaborate why self-awareness needs to be addressed as a cross-layer problem, which we illustrate by practical examples.
This paper presents a taxonomy that allows to define the fault tolerance regimes fail-operational, fail-degraded, and failsafe in the context of automotive systems. Fault tolerance regimes such as these are widely used in recent publications related to automated driving, yet without definitions, which largely holds true for automotive safety standards, too. Moreover, we show that fault tolerance regimes defined in scientific publications related to the automotive domain are partially ambiguous as well as taxonomically unrelated. The presented taxonomy is based on terminology stemming from ISO 26262 as well as from systems engineering and uses four criteria to distinguish fault tolerance regimes. In addition to fail-operational, fail-degraded, and fail-safe, the core terminology consists of operational and fail-unsafe. These terms are supported by definitions of available performance, nominal performance, and a novel definition of the safe state. For verification, we show by means of two examples from the automotive domain that the taxonomy can be applied to hierarchical systems of different complexity. Finally, we relate the definitions to the recently published technical report ISO/TR 4804, which also presents definitions of fault tolerance regimes.
The increasing complexity of automotive software systems and the desire for more frequent software and even feature updates require new approaches to the design, integration and testing of these systems. Ideally, those approaches enable an in-field updatability of automotive software systems that provides the same degree of safety guarantees as the traditionally labbased deployment. In this paper, we present a layered modelling approach that formalises the integration procedure of automotive software systems using graph-based models and formal analyses.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.