Go to SAFECOMP 2022 homepageA Statistical View on Automated Driving System Safety Architectures
Abstract: This paper discusses the challenges involved in meeting tolerable risk targets for automated driving (AD) functions of SAE L3 and above with current sense-plan-act safety architectures, including sensors. The evaluation is performed for classes of safety-related driving scenarios. Illustration by fault-trees is used to facilitate understanding by Functional Safety practitioners. It is intended to contribute to the discussion on how much diverse redundancy of sensors and algorithms is necessary, since diverse redundancy is costly and may increase complexity depending on the fusion strategy. Based on the evaluation of exemplary low and high frequency safety-critical traffic scenarios, this paper provides evidence that a diverse redundant system consisting of two channels will most likely not meet the tolerable risk target. It shows two consequences. First, the correlation or common cause failures between sensor measurements needs to be better understood and quantified. Second, extension of the AD architecture by a warning subsystem, as practiced in other industries, may decrease the risk of injury. The quantitative advantage and safety objectives are elaborated.
0 Replies
Loading