Cha halleng nges in n archi hitecting ng fully y autom omated - - PowerPoint PPT Presentation

Cha halleng nges in n archi hitecting ng fully y autom

• mated drivi

ving ng;

with a h an n empha hasis on

• n Heav

avy Commercial al Veh ehicles es

Naveen Mohan et al. ; WASA 2016

1

Mai ain contrib ibutio ions

To

• the

he b best of

• f ou
• ur know

nowledge, this is paper is is uniq ique in in

➔Full r ll range of possib

ibil ilit itie ies o

• f

int ntegrating ng i int ntelligenc nce to

• an

n autom

• mot
• tive p

platfor

• rm

➔ Di Disc scussi ssion across ss a a broad ad sp spectrum of

• f asp

spects w.r .r.t. autonom

• nomy bot
• th func

nctiona nal an and extra-func nctiona nal

Autonom

• nomy mi

mindma map

2

: Case s study planned : KTH Res esea earch c concep ept veh ehicle, e, Scan ania t a truck

3

Results: Case 3 vs Case 4

1 2 3 4 5

Higher Platform Reuse Lower accidental Complexity(on reuse) Lower Variability(across platform) Lower Development Cost Upfront Lower Development Cost over time Higher Reliability/Availabilit y Reduced need for Diagnostics to ensure safety Higher Security Ease of Verifcation

• f Modified Pf

functionality Ease of Verification

• f ADI functionality

Lower Information flow needed and infrastructure

Case 3 Case 4

4

www. www.kth.s .se/ it itm/ autonom

• nomymind

ndmap

Join and collaborate. KTH: Mechatronics ITRL IC

5

Bio:

• : Naveen M

n Moha

• han

➔ Bachelor’s in Computer Science and Engineering (2009 009) ➔ 1 year; Defence Industry; Communication, Networks ➔ Master’s in Networks and Distributed Systems (2 (2012) ) Chalmers, Gothenburg

➔ 3 ye years; Automotive ve Indust stry; VCC; SW/ System responsible Hybrid, el drive ➔ PhD hD studies es a at M Mec echa hatroni nics KTH ( (Started ed end end of 2 2015); The he ARCHER ER proje ject: Vinno nnova fund nded ed

6

By Veronica538 (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons

What we are trying to do?

7

ADI = Autonomous Driving Intelligence

No Reuse Full Reuse

Case 1 Case 2 Case 3 Case 4 Case 5

Preserve legacy Optimize for functionality

9

Key Messages

➔ The e role o e of l leg egacy ➔“intel elligen ence( e(ADI) in integratio ion” ➔The he drive ver ha has to go! ➔Sa Safety need eeds to b be e proven en ➔Prototyp ype vs vs Pr Product

10

Ou Outline

➔ Ab About the e Author(s (s) ) and nd the he projec ect ➔ Bac Background

➔ Complexity an and Legac acy ➔ Advan antag ages of autonom

• nomou
• us HCVs vs

passen enger er veh ehicles es

➔ Case ses: s: ADI DI i integration. ➔ Conc

• nclusions
• ns, future w

wor

• rk a

and nd questions

• ns

11

By Andy Dingley (Own work) [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons

The he rol

• le of legacy in

n automot

• tive

sy syst stems s desi sign

➔ Accident ental vs es essent ential complexit ity ➔ Legac acy as as a s a source of accident ental c complex exity ➔ Modularit ity im implie ies that n no vehi ehicle i e is optimized ed i in t n ter erms

• f functionality.

y. ➔ Ther here e are e differ erent ent ways to achi hiev eve e the he same e functio ionalit ity ➔ The he impact of l leg egacy

12

?

(Exagger erated ed ex example) e) Design c n cons

• nsiderations
• ns

CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=342457 By Andy Dingley (Own work) [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)] via Wikimedia Commons

13

One Com

• mmon
• n Electrical Platfor
• rm

1.2

14

1500 00 logical al nodes es

A Scania production vehicle from 2013

15

14000 000 conne nnections ns

A Scania production vehicle from 2013

16

Dealin ing w wit ith complexi xity

➔We e compensate.. .. ➔Arch chitect ctur ural mechanism sms. s. ➔Pl Platforms ➔Process m ss measu sures ➔Stan andar ards ➔Stan andar ardizat ation

17

Heav avy C Commercial al Veh ehicles es vs s Passe ssenger Ca Cars

➔ TOOL: part of b

broader er ec ecosystem em Trans nspor

• rt sol
• lution
• n – mov
• ving

ng p peop

• ple

an and good

• ods

Gen ener erating busi siness ss val alue an and profit it for

• r ow
• wne

ners - cust stomiza zable ➔ Long

• ng l

life span; n; Second

nd l life; r

res esale e val alue ➔ High mileag age ➔ High h depend ndability; empha hasis on

• n

de degrade ded d mode des. ➔ Highl hly m mod

• dular:

➔ Low

• w prod
• duction
• n vol
• lumes; hi

high h variability / Emphasi sis s on D& D&D D cost sts

18

Advan antag ages of

• f autonom
• nomou
• us HCV

CVs

➔ Logist stics. s. Trucks currently limited in speed. ➔ Env nvironm

• nment

ntal. Air resistance – convoying - Fuel savings ➔ Chauffer er r rel elated ed. Shortage of qualified drivers Truck dri river > r >33% 3% in in cost st ➔ Sim implif ific icatio ion ( (eventual) Stressful job and environment regulations to help drivers Design to help the driver: ergonomics, ➔ Ne New busi siness m ss models s possible if “C” drivers license is not

• essential. Lower cost of entry for more

people. Source: Sveriges Åkeriföretag

33 % 33 %

19

Sa Safety cons nsiderations ns specif ific ic t to HCVs

ALARP; ISO26262

• Are

re curre rrently dri riven by pr prof

• fessiona
• nal drivers.
• Coul
• uld c

carry Haz azMat at

• The

e size o e of H HCV, num number of

• f pe

peopl

• ple

trans nspor ported i inc ncreases the p possib ibilit ility a and s scale le

• f d

dam amag age.

20

Ou Outline

➔ Ab About the e Author(s (s) ) and nd the he projec ect ➔ Bac Background ➔ Complexity an and Legac acy impac act ➔ Advant ntages of

• f a

autonom

• nomou
• us H

HCVs vs passen enger er veh ehicles es

➔ Cases: A ADI i int ntegration.

• n.

➔ Conc

• nclusions
• ns, future wor
• rk

and nd questions

• ns

21

Foc

• cus on
• n

per erspec ectives es o

• f

➔ Busi siness A ss Asp spects ➔ Sa Safety ➔ Dependabil ilit ity ➔ Verif ific icatio ion ➔ Real alizat ation

23

So Sources of

• f ou
• ur

challen enges es

➔Drastic increase in essential complexity ➔Socio technical implications that arise due to the potentially disruptive nature

• f autonomy

➔The absence of a driver to deal with unexpected failures. ➔Saf afety av avai ailab ability trad adeoff

24

Why cases at all?

➔ Man any skew ewed ed disc scussi ssions ➔ Exper ertise a e and differ eren ent cons

• nsiderations
• ns i

in n play. ➔ Legac acy i is a a moving t tar arget ➔ Prot

• tot
• type v

vs prod

• duct

SO SOTA: mor

• re or
• r l

less prot

• tot
• types;

OEM EM IP IP ➔ Reluct ctance ce, c cos

• st to
• cha

hang nge legacy : ne needs m mot

• tivation.
• n.

➔ All cas ases ar are cap apab able of L5 au automat ation

25

Sc Scope and delim imit itatio ions

➔ Issu ssues s common to all c case ses s e.g. col

• llabor
• ration
• n with

h ot

• the

her entit itie ies, l legal is issues, lia iabil ilit ity ➔ Foc

• cus is on
• n how

how the he ADI can n inte tegrate te with th th the platf tform ➔ Enabling reu euse e (wher ere e fea easible, e, r rea easonable, e, practic ical) is is a prio iorit ity.

26

Mai ain contrib ibutio ions

To

• the

he b best of

• f ou
• ur know

nowledge, this is paper is is uniq ique in in ➔ int ntegrating ng i int ntelligenc nce to

• an

n autom

• mot
• tive p

platfor

• rm

➔ Di Disc scussi ssion across ss su such a a broad ad sp spectrum of

• f asp

spects w.r .r.t. autonom

• nomy

Autonom

• nomy mi

mindma map

27

ADI d defin init itio ion

➔OODA loop

• op; O

Obs bserve, Orient nt, Decide de a and A nd Act. ➔Orien ent and D nd Decide de di directly mapped d to t

• the

he ADI DI ➔Obs bserve a and A nd Act m mapped d to bot

• both

h the he p platfor

• rm and

nd the he A ADI, sens nsor

• rs ne

need t d to

• be r

e reu eused ed 28

Con

• ndition
• ns f

for

• r

reuse se

➔ Safety a ana nalysis depe pend nds on

• n

conf

• nfigur

uration,

• n, coul
• uld cha

hang nge pe per case a and nd c cont

• ntext.

➔ It cannot nnot be avoi

• ided, how

however the e need eeded ed analysis could be e min inim imiz ized. ➔ Legacy c com

• mpone

ponent nts can n be reus used onl

• nly if

Usage age still m meets de design de n decisions

• ns bot

both h timing ng, and da nd data l limitations

• ns.

29

Assu ssumptions

➔ Com

• mpone
• nent

nts can b n be t turne ned

• ff i

if need eeded ed ➔ Fai ail Saf afe vs Fai ail Operat ational al. ➔ Actu tuato tors limite ted to to th the plat atform ➔ New ew Sen ensors can b be a e added ed to the e ADI freel eely ➔ ADI c can an ac access al all inf nfor

• rmation
• n available to
• the

he com

• mpone
• nent

nt it c cont

• ntrol
• ls

30

Key Go Goals

➔Hig ighly ly S Safe, de dependa ndabl ble p platfor

• rm.

➔Ea Ease of

• f te

testi ting ➔Low v varia iabilit ility ➔Re Reuse of

• f lega

gacy is a s a prio iorit ity

31

Ca Case 1 1

Extrem eme; e; Ridiculous; Nec eces essary d del elimiter er

Source: By Humanrobo (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons

32

No Reuse Full Reuse

Case 1 Case 2 Case 3 Case 4 Case 5

Preserve legacy Optimize functionality

Ca Case 2 2

Prot

• tot
• type

pes; Easi siest st

33

No Reuse Full Reuse

Case 1 Case 2 Case 3 Case 4 Case 5

Preserve legacy Optimize functionality

Ca Case 3

Prot

• tot
• type

pes; Refine ned c cont

• ntrol
• l

34

No Reuse Full Reuse

Case 1 Case 2 Case 3 Case 4 Case 5

Preserve legacy Optimize functionality

Ca Case 4 4

Traditiona

• nal method

hods, conc

• ncrete s

sol

• lution
• n

35

No Reuse Full Reuse

Case 1 Case 2 Case 3 Case 4 Case 5

Preserve legacy Optimize functionality

Ca Case 5 5

The e other er ex extrem eme; e; Delim imiter

Int ntent ntiona nally le left bla lank!

36

No Reuse Full Reuse

Case 1 Case 2 Case 3 Case 4 Case 5

Preserve legacy Optimize functionality

Resu sults: s: Pres eser erve L e Leg egacy ap approac aches

1 2 3 4 5

Higher Platform Reuse Lower accidental Complexity(on reuse) Lower Variability(acro ss platform) Lower Development Cost Upfront Lower Development Cost over time Higher Reliability/Avail ability Reduced need for Diagnostics to ensure f t Higher Security Ease of Verifcation of Modified Pf functionality Ease of Verification of ADI functionality Lower Information flow needed and…

Case 1 Case 2 Case 3

Platform Re Reuse Lim imit ited a accid idental Complex exity o

• n

n reu euse Lower V Varia iabil ilit ity Lower er D Dev evel elopment ent Cos

• st U

Upfron

• nt

Lower er D Dev evel elopment ent Cos

• st ov
• ver t

time Higher her Relia iabil ility/ Avail ilabil ilit y Min inim imal D Dia iagnostic ics Higher her S Sec ecurity Ea Ease o

• f Verif

ifcatio ion of

• f

Modif ifie ied Pf Pf functio ionalit ity Ease of V Verif ific icatio ion

• f A

ADI f functio ionalit ity lower er I Inf nformation n flow need needed ed and nd infra rastru ructure re

37

Results: Optim imiz ize for functio ionalit ity approaches

1 2 3 4 5 Higher Platform Reuse Lower accidental Complexity(on reuse) Lower Variability(across platform) Lower Development Cost Upfront Lower Development Cost

• ver time

Higher Reliability/Availabi lity Reduced need for Diagnostics to ensure safety Higher Security Ease of Verifcation of Modified Pf… Ease of Verification of ADI functionality Lower Information flow needed and infrastructure Case 4 Case 5 Platform Re Reuse Lim imit ited a accid idental Complex exity o

• n

n reu euse Lower V Varia iabil ilit ity Lower er D Dev evel elopment ent Cos

• st U

Upfron

• nt

Lower er D Dev evel elopment ent Cos

• st ov
• ver t

time Higher her Relia iabil ility/ Avail ilabil ilit y Min inim imal D Dia iagnostic ics Higher her S Sec ecurity Ea Ease o

• f Verif

ifcatio ion

• fModif

ifie ied Pf Pf functio ionalit ity Ease of V Verif ific icatio ion

• f A

ADI f functio ionalit ity Lo Lower Inf nformation n flow need needed ed and nd infra rastru ructure re

38

Results: Case 3 vs Case 4

1 2 3 4 5

Higher Platform Reuse Lower accidental Complexity(on reuse) Lower Variability(across platform) Lower Development Cost Upfront Lower Development Cost over time Higher Reliability/Availabilit y Reduced need for Diagnostics to ensure safety Higher Security Ease of Verifcation

• f Modified Pf

functionality Ease of Verification

• f ADI functionality

Lower Information flow needed and infrastructure

Case 3 Case 4

39

Fin indin ings an and Conc nclusions ns

➔ High variant p platforms & & ISO 26262 26262 = Cha halleng nge ➔ Com

• mpone

ponent nt reus use is not not trivial w whe hen n sa safety i is c s consi sidered ➔ ADI => mor

• re featur

ure int nteraction.

• n.

Caref eful m managem emen ent req equired ed. ➔ ADI and nd pl platfor

• rm ne

need to

• evol
• lve

toget ether er

Or risk Fail s safe be beha havior

• r a

and nd low

• w

de dependa ndabi bility

➔ Need for

• r com
• mpa

partment ntalization

• n and

nd pa partition

• n the

he ADI in n all cases. For

• r

saf afety an and v verificat ation. ➔ Redund undanc ncy is key for

• r hi

highe her de dependa dabi bility

40

Fut utur ure wor

• rk an

and proje jects started

For

• rmalization/
• n/ r

remov

• ving

ng ambigui uity

• Ont

ntol

• log
• gy of
• f terms in

n our

• ur spe

pecific cont

• ntext
• Use

e of an ea earlier er architec ecture e rec ecover ery pr proj

• ject t

to r

• refine

ne d defini nitions

• ns of
• f the

he layers in t n the he pl platfor

• rm, the

he c cases, rul ules for

• r reus

use Grand nd Coope

• operative D

Driving ng C Cha halleng nge case se st study, STPA bas ased ap approac ach; C Cas ase 2. Systems thi hink nking ng ICES ind ndus ustrial ne networ

• rk ASAP wor
• rkgroup
• up

wor

• rkshop

hop is being ng pl planne nned.

41

Ta Take aw away ays

Other than REA EAD THE E PAPER ER FOR MORE DETAILS!

• Aut

utonom

• nomy is e

essent ntial f for

• r HCVs.
• Prot
• tot
• type

pe vs pr prod

• duc

uct

• Sa

Safe state trans nsition

• n ha

has to

• be

guaranteed, id ideally lly w wit ith formal l verif ific icatio ion

• Deg

egraded ed modes es are e critical in the e absenc nce of

• f the

he hum human. n.

• Deep

p int ntegration

• n of
• f ADI with

h pl platfor

• rm

is n need eeded ed.

• High variant p

platforms & & ISO 26262 26262 = Cha halleng nge

Cont

• ntact: Naveen

eenm@ kth.se KT KTH- MECHATRONICS -ARCHER

ER

42