extending automotive certification
play

Extending automotive certification processes to handle autonomous - PowerPoint PPT Presentation

Feb 18, 2024 •283 likes •750 views

Extending automotive certification processes to handle autonomous vehicles Dr Zeyn Saigol Principal Technologist | 14 th November 2019 Why is certifying AVs an important problem? "Startups", because All major car manufacturers are

  1. Extending automotive certification processes to handle autonomous vehicles Dr Zeyn Saigol Principal Technologist | 14 th November 2019

  2. Why is certifying AVs an important problem? "Startups", because All major car manufacturers are now, they've been thrust into somewhat to their surprise, actually developing products that they have no multi-billion-dollar robotics startups. history or knowledge of before around 2014. This creates a safety challenge • OEMs (car manufacturers) have limited experience of verifying complex robotics systems • They do have a lot of experience of verifying complex mechanical systems, and this experience doesn’t directly translate • Verification of AVs is just a really hard problem

  3. Outline AV (autonomous vehicle) challenges Traditional automotive safety assurance Why AVs, and regulating AVs, are different Shape of the technical solution for certification CPC work: MUSICC and VeriCAV Remaining challenges, and the future

  4. Our mission To help British businesses address the grand challenges of today in order to create connected places, fit for the future. Our vision For the UK to lead the world in creating cities, towns and places which thrive on their ability to connect people to resources, opportunities, ideas and each other. Where the smooth flow of people, goods, transportation and services, drives economic success, productivity and wellbeing. Delivering and growing • New market opportunities for businesses • Social and environmental benefits to places • Robust transportation networks and mobility strategies fit for the next generation

  5. Catapults – a force for innovation and growth A network of world leading centres designed to transform and accelerate the UKs capability for innovation and future economic growth. 9 Innovation Centres across the UK

  6. AV challenges

  7. AV interest and investment AVs promise: • Reduction in road casualties • Better mobility for the elderly and disabled • Freeing up unproductive time These have prompted $billions of R&D investment TechCrunch, 12 July 2019 The Guardian, 19 April 2019

  8. AVs are robots ≡ CC BY-SA 4.0 – Dllu (link) Same technical challenges Added safety concerns • Perception • Bigger • Decision making • Faster • Acting • Operate alongside the general public

  9. Why are AVs especially challenging? #1: Complex, diverse, and changeable environment

  10. Why are AVs especially challenging? #2: Complex rules + human interaction https://www.joe.co.uk/life/a-definitive-guide-to-britains-unofficial- CC BY-SA 3.0 – Nevermind2 (link) driver-hand-signals-116283

  11. Why are AVs especially challenging? #3: Perception challenges

  12. Traditional automotive safety assurance

  13. History of automotive safety Automotive industry safety processes are highly effective They are also well established and very prescriptive 1920 1930 1940 1950 1960 1970 1980 1990 2000 2010 2020 US fatality rate per 100 million vehicle miles travelled

  14. Traditional automotive safety assurance: V-cycle Systems engineering V-model Standard process for verification and validation • Designed to ensure nothing ‘slips through the gaps’

  15. Traditional automotive safety: ISO 26262 Risk-based functional safety methodology • Designed to apply to all electronic and software systems on a vehicle According to industry • ADAS systems (e.g. lane-keep assist), but also electronic stability control, ABS, and insiders, verification and validation can absorb even fuel injection systems 40% • Processes to be followed at all stages of V-cycle • Functional safety based: of the budget for – Consider all possible failures, and the likely severity of the consequences developing a – Use these to assign an Automotive Safety Integrity Level (ASIL) to the failure new model – Higher ASILs require more robust processes for specification, development, and V&V • Traceability of requirements, specification, and implementation, use of change control, use of safe coding standards such as MISRA C

  16. Traditional automotive safety: beyond failures SOTIF (safety of the intended functionality, ISO/PAS 21448) • ISO 26262 only considers failures of electrical/software systems • SOTIF fills in some of the gaps – focus on complex systems that use sensors to build up a situational awareness • “functional insufficiencies of the intended functionality”: spec bugs • Still a hazard-focused, process-based standard

  17. Traditional automotive safety: testing Testing is exhaustive and manual • Proceeds through simulation, hardware-in-the-loop, VeHIL, private track tests and public road tests • Final testing with multiple vehicles and continents (ensure cover all weather conditions) • Test drivers working in shifts, and still takes many months

  18. Why AVs, and regulating AVs, are different

  19. Why doesn’t this map to AVs? Certification of Automated Driving Systems Vehicles are driven safely on roads Infrastructure / roads Vehicles are driven Vehicles are ‘safe’ ‘safely’ are ‘safe’ Type approval, MOT Driving test + Road design + tests, vehicle recalls Highway code management UK processes for assuring road safety

  20. Why doesn’t this map to AVs? Certification of Automated Driving Systems Vehicles are driven safely on roads Fully autonomous vehicles require a Infrastructure / roads Vehicles are driven Vehicles are ‘safe’ ‘safely’ are ‘safe’ completely new type of testing to be included in type approval • Partial autonomy Driving test + Type approval, MOT Road design + Highway code tests, vehicle recalls management (e.g. Teslas) is different Type approval UK processes for assuring road safety

  21. Why doesn’t this map to AVs? Certification of Automated Driving Systems Can’t achieve coverage needed by just testing on public roads: “To demonstrate that fully autonomous vehicles have a fatality rate of 1.09 fatalities per 100 million miles [...] with a fleet of 100 autonomous vehicles being test-driven 24 h a day, 365 days a year at an average speed of 25 miles per hour, this would take about 12.5 years.” 1 • The dynamic driving task has an input space too large and complex to test using traditional methods – Not possible to write a comprehensive specification for the task • 26262 and the V-cycle apply to simpler systems – Random hardware failures are a major consideration – ASIL categories assume a human driver is present to mitigate any failure • Spec errors and complex system interaction failures are key for AVs 1 “Driving to safety: How many miles of driving would it take to demonstrate autonomous vehicle reliability?” Nidhi Kalra & Susan M. Paddock, RAND Corporation 2016. https://www.rand.org/pubs/research_reports/RR1478.html

  22. Requirements for regulation Architecture and fairness • Test process must work with any ADS architecture • Must be seen as fair: cannot advantage any specific developer or technology • Should not constrain innovation Test rigour • OEMs should not be able to design-to-test • Randomisation of test cases would help prevent this • At the same time, tests should be repeatable Fit • Must work internationally • Must work within existing regulatory regime

  23. Regulatory challenge Independent certification testing Context for type approval • In Europe, regulators strive to provide independent assurance of the safety of products System Test • This implies certification tests should be conducted by an behaviour inputs impartial organisation System-under-test is a black box Black box testing • Likely to be necessary, given independent testing, architecture neutrality, and (current) reluctance of OEMs Novelty to provide access within their systems • Prevents testing individual components – in particular, • Very different to existing regulations • Even concept of regulations that apply to unable to test perception separately • Prevents application of code and model checking methods software is fraught

  24. Shape of the technical solution for certification

  25. Solution 1: Simulation automotive safety: testing Real- world testing can’t provide the coverage Simulation means you can: • Cheaply run many tests in parallel • Potentially run tests faster than real-time • Avoid danger to participants • Control test parameters precisely CARLA simulator http://carla.org/

  26. Simulation – what’s the challenge? Need to simulate the whole environment • This is much harder than previous simulations used in automotive Modelling challenges include: 1. The physical environment, ideally in sub-mm detail 2. Sensors, corresponding exactly to sensor models used on the AV 3. Weather 4. Actions of other road users 1 4 2 3

  27. Solution 2: Scenarios Simulation alone doesn’t boost coverage enough Instead, test against defined scenarios • Test far more edge cases than would be encountered in everyday driving 2 1 Actor vehicle performs emergency braking A lot of testing is uninformative • Unlikely to find failure cases Ego vehicle

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Day 1 Summary 1 Extending the Web Platform to Automotive What considerations need to be

Day 1 Summary 1 Extending the Web Platform to Automotive What considerations need to be

Day 1 Summary 1 Extending the Web Platform to Automotive What considerations need to be addressed? Safety, liability, legislation, and technical considerations Situational awareness and safer driving Privacy of user data (and

153 views • 4 slides
Automotive Regulations and Certification Processes: Global Manufacturers Perspective U.S.

Automotive Regulations and Certification Processes: Global Manufacturers Perspective U.S.

Automotive Regulations and Certification Processes: Global Manufacturers Perspective U.S. Automotive Industry Coalition Meeting Andean/Mexico Delegation December 7, 2016 World Without Regulatory Borders We live in an increasingly

422 views • 25 slides
MEMBERSHIP OPPORTUNITIES & ENGAGEMENTS Working Groups Certification Policy

MEMBERSHIP OPPORTUNITIES & ENGAGEMENTS Working Groups Certification Policy

MEMBERSHIP OPPORTUNITIES & ENGAGEMENTS Working Groups Certification Policy Automotive Cybersecurity Connected Vehicle Certification Tolling Certification Emerging Technologies Events Plugfests

681 views • 17 slides
Automotive Regulations & Certification Processes A global manufacturers perspective Dennis

Automotive Regulations & Certification Processes A global manufacturers perspective Dennis

Automotive Regulations & Certification Processes A global manufacturers perspective Dennis Curry Global Regulatory Strategist Navistar, Inc. April 22, 2016 COPANT General Assembly 2016 Guayaquil, Ecuador For more than 185 years,

364 views • 35 slides
Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Outline Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns Directory Structure Extending ns in OTcl ns-allinone If you dont want to compile source your changes in your sim Tcl8.3 TK8.3

303 views • 9 slides
KEY BENEFITS sustainability put the automotive industry under WHEN USING OUR pressure to develop

KEY BENEFITS sustainability put the automotive industry under WHEN USING OUR pressure to develop

Twaron drives Automotive hoses and belts AUTOMOTIVE DEVELOPMENTS Manufacturers in the automotive industry are constantly looking for ways to maintain their competitiveness by getting innovative products to market fast. Safety issues, performance

772 views • 18 slides
1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training Inspection/Audit Establish MoC Status of Operator/ Maintainer Manual, Function Identify CRB Record and Interfaces Result of Form Ground/

618 views • 24 slides
Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded

Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded

Extending the GC hardware Rob Reilink Extending the GC hardware Why? GC can be an embedded computer Home automation Cinema set Car Infotainment system ... But: Essential hardware lacks: Data storage (harddisk and/or flash)

221 views • 9 slides
CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO APPLY TO WRITE Once you have logged into the Then under Certification The Certification committee Application Forms may be CAPLA website using

687 views • 37 slides
Extending ns Padma Haldar USC/ISI 1 Outline Extending ns In OTcl In C++

Extending ns Padma Haldar USC/ISI 1 Outline Extending ns In OTcl In C++

Extending ns Padma Haldar USC/ISI 1 Outline Extending ns In OTcl In C++ Debugging 2 ns Directory Structure ns-allinone Tcl8.3 TK8.3 OTcl tclcl ns-2 nam-1 ... tcl C+ + code ex test mcast ... lib examples

965 views • 52 slides
1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA Certification is based on Dr. As Habits of Health Transformational System and is available to all Coaches who want to apply and reinforce their knowledge of

613 views • 19 slides
Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

ASHA Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the CFCC Presentation Overview What is Certification? CCC-A Certification Standards CCC-A Application Process FAQs Keep your

209 views • 19 slides
Extending a Compiler Backend for Complete Memory Error Detection Norman A. Rink and Jeronimo

Extending a Compiler Backend for Complete Memory Error Detection Norman A. Rink and Jeronimo

Extending a Compiler Backend for Complete Memory Error Detection Norman A. Rink and Jeronimo Castrillon Technische Universitt Dresden Automotive Safety & Security 2017 30 May 2017 Stuttgart Outline 1. Motivation 2. Error detection,

573 views • 23 slides
Extending CSP with tests for availability Gavin Lowe Extending CSP with tests for availability

Extending CSP with tests for availability Gavin Lowe Extending CSP with tests for availability

Extending CSP with tests for availability 01 Extending CSP with tests for availability Gavin Lowe Extending CSP with tests for availability 02 Testing for availability Many languages for message-passing concurrency allow programs to test

541 views • 19 slides
Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in all other positions (Descriptions in some of the following slides are as indicated in the rules, although it is not unusual for the referee to

378 views • 10 slides
North West Automotive Companies Marketing Case Studies About Us: Automotive Comms Strategic

North West Automotive Companies Marketing Case Studies About Us: Automotive Comms Strategic

North West Automotive Companies Marketing Case Studies About Us: Automotive Comms Strategic marketing and communication consultancy for the automotive industry About Us: Automotive Comms About Us: Green-Car-Guide.com The Original UK

497 views • 49 slides
Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim

Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim

Inception: System-Wide Security Testing of Real- World Embedded Systems Software Nassim Corteggiani (Maxim Integrated / EURECOM) Giovanni Camurati (EURECOM) Aurlien Francillon (EURECOM) 08/15/18 Embedded Systems Are Everywhere [1]

911 views • 65 slides
Toxicology Testing: Being a Detective Eddie Garcia MD Medical Toxicology Fellow University of

Toxicology Testing: Being a Detective Eddie Garcia MD Medical Toxicology Fellow University of

2/20/2020 Toxicology Testing: Being a Detective Eddie Garcia MD Medical Toxicology Fellow University of California San Francisco 1 Disclosures None 2 Topics Provoked urine testing Acetylcholinesterase testing 3 1 2/20/2020

569 views • 13 slides
FROM REQUIREMENTS TO TESTING, VALIDATION AND VERIFICATION Patricia Derler, National Instruments

FROM REQUIREMENTS TO TESTING, VALIDATION AND VERIFICATION Patricia Derler, National Instruments

FROM REQUIREMENTS TO TESTING, VALIDATION AND VERIFICATION Patricia Derler, National Instruments CPS V&V I&F Workshop 2017 April 2017 State of the Art Systems are becoming more complex, distributed, heterogeneous Tighter

386 views • 28 slides
Learning objectives Understand the purpose of integration testing Distinguish

Learning objectives Understand the purpose of integration testing Distinguish

Learning objectives Understand the purpose of integration testing Distinguish typical integration faults from faults that Integration and Component-based should be eliminated in unit testing Understand the nature of

260 views • 10 slides
Functional Testing we design tests? And we ll start with functional testing. Software

Functional Testing we design tests? And we ll start with functional testing. Software

From Pressman, Software Engineering a practitioner s approach, Chapter 14 and Pezze + Young, Software Testing and Analysis, Chapters 10-11 Today, we ll talk about testing how to test software. The question is: How do

574 views • 20 slides
Computers in Ramsey Theory testing, constructions and nonexistence Stanisaw Radziszowski

Computers in Ramsey Theory testing, constructions and nonexistence Stanisaw Radziszowski

Computers in Ramsey Theory testing, constructions and nonexistence Stanisaw Radziszowski Department of Computer Science Rochester Institute of Technology, NY, USA Computers in Scientific Discovery 8 Mons, Belgium, August 24, 2017 1/33

820 views • 33 slides
Metrics, Statistics, Tests Tetsuya Sakai Microsoft Research Asia, P. R. China @tetsuyasakai

Metrics, Statistics, Tests Tetsuya Sakai Microsoft Research Asia, P. R. China @tetsuyasakai

Metrics, Statistics, Tests Tetsuya Sakai Microsoft Research Asia, P. R. China @tetsuyasakai February 6, 2013@PROMISE Winter School 2013 in Bressanone, Italy Why measure? IR researchers goal: build systems that satisfy the users system

723 views • 60 slides
Meeting the FCC Mobility II Challenge New Hampshire Perspective What is the challenge supposed to

Meeting the FCC Mobility II Challenge New Hampshire Perspective What is the challenge supposed to

Meeting the FCC Mobility II Challenge New Hampshire Perspective What is the challenge supposed to accomplish? FCC will spend ~$4.5 billion over 10 years to bring 4G LTE mobile service across the US Many towns and regions in New Hampshire

176 views • 16 slides

More recommend