Towards a System-Wide Functional Safety

Concept for Automated Road Vehicles

Abstract 

In this chapter, a process to derive a system-wide functional safety concept for automated road vehicles is presented and a short introduction of Skill and Ability Graphs for a functional safety concept is given. 

The process to develop a functional safety concept contains an extension to the ISO 26262 standard’s Driver Assistance System development process. 

This extension is a Skill Graph to model system skills in the concept phase. The Skill Graph improves the Hazard Analysis and Risk Assessment by modeling driving skills early in the development process. Additionally, the Skill Graph is transferred to an Ability Graph, used to design a self-perception and self-representation, which enables monitoring of the system’s operation and functional capabilities online. This self-representation can be part of a technical safety concept. Based on the ability levels, safety actions can be derived which maintain or reach a safe state of operation.

As a result, a self- monitoring system is possible, in which humans, either aboard the vehicle or external, do not have to monitor the system.

Road Vehicle Automation

Definition ofan Automated Road Vehicle

Definition ofa Safe State

Process to Develop a Functional Safety Concept

Ability Graphs as Part of a Functional Safety Concept

Summary

This chapter described the process to derive a functional safety concept for auto- mated road vehicles. Additionally we presented the introduction of the Skill Graph in the concept phase and the later transfer and utilization as an Ability Graph in the operation of the vehicle. We expect this concept to work for automated vehicles of SAE Levels 3–5 and will investigate it further in the aFAS project and the Stadtpilot project. 

Considering functional safety according to the ISO 26262 standard, the components implementing the functional safety concept will gain high ASIL determinations, because of the criticality of automated driving. The Skill Graph enables a safety analysis in the concept phase, which could control complexity by using necessary driving maneuvers as top-level skills and derive the subordinate skills from human tasks.

For the development phase of hardware products, the methods and metrics proposed in the ISO 26262 standard can be applied. For software it is still subject of ongoing research, how correctness of software of control units can be achieved, especially without an extensive testing of the vehicle.