-
Conformal Prediction of Motion Control Performance for an Automated Vehicle in Presence of Actuator Degradations and Failures
Authors:
Richard Schubert,
Marvin Loba,
Jasper Sünnemann,
Torben Stolte,
Markus Maurer
Abstract:
Automated driving systems require monitoring mechanisms to ensure safe operation, especially if system components degrade or fail. Their runtime self-representation plays a key role as it provides a-priori knowledge about the system's capabilities and limitations. In this paper, we propose a data-driven approach for deriving such a self-representation model for the motion controller of an automate…
▽ More
Automated driving systems require monitoring mechanisms to ensure safe operation, especially if system components degrade or fail. Their runtime self-representation plays a key role as it provides a-priori knowledge about the system's capabilities and limitations. In this paper, we propose a data-driven approach for deriving such a self-representation model for the motion controller of an automated vehicle. A conformalized prediction model is learned and allows estimating how operational conditions as well as potential degradations and failures of the vehicle's actuators impact motion control performance. During runtime behavior generation, our predictor can provide a heuristic for determining the admissible action space.
△ Less
Submitted 25 April, 2024;
originally announced April 2024.
-
Ein Beitrag zur durchgängigen, formalen Verhaltensspezifikation automatisierter Straßenfahrzeuge
Authors:
Nayel Fabian Salem,
Veronica Haber,
Matthias Rauschenbach,
Marcus Nolte,
Jan Reich,
Torben Stolte,
Robert Graubohm,
Markus Maurer
Abstract:
Assuring safety of automated vehicles (SAE Level 3+) requires specifying and validating the behavior of such a vehicle in its operational environment. In order to argue and support assumptions that are made during the behavior specification within scenarios, a traceable documentation of design decisions is required. With the introduction of the \textit{semantic norm behavior analysis} a method is…
▽ More
Assuring safety of automated vehicles (SAE Level 3+) requires specifying and validating the behavior of such a vehicle in its operational environment. In order to argue and support assumptions that are made during the behavior specification within scenarios, a traceable documentation of design decisions is required. With the introduction of the \textit{semantic norm behavior analysis} a method is proposed, which contributes to a traceable map** of concerns towards the behavior of an automated vehicle in its operational environment to a formal rule system of semantic concepts for considered scenarios. In this work, a semantic norm behavior analysis is conducted in two selected example scenarios. Thereby, an example of the formalization of behavioral rules from an excerpt of the German traffic code is given.
--
Die Absicherung automatisierter Straßenfahrzeuge (SAE Level 3+) setzt die Spezifikation und Überprüfung des Verhaltens eines Fahrzeugs in seiner Betriebsumgebung voraus. Um Annahmen, welche bei der Verhaltensspezifikation innerhalb von Szenarien getroffen werden, begründen und belegen zu können, ist eine durchgängige Dokumentation dieser Entwurfsentscheidungen erforderlich. Mit der Einführung der \textit{semantischen Normverhaltensanalyse} wird eine Methode vorgeschlagen, mithilfe derer Ansprüche an das Verhalten eines automatisierten Fahrzeugs in seiner Betriebsumgebung durchgängig auf ein formales Regelsystem aus semantischen Konzepten für ausgewählte Szenarien abgebildet werden können. Eine semantische Normverhaltensanalyse wird in dieser Arbeit in zwei ausgewählten Szenarien durchgeführt. Hierfür werden Verhaltensregeln aus einem Auszug der Straßenverkehrsordnung exemplarisch formalisiert.
△ Less
Submitted 15 September, 2022;
originally announced September 2022.
-
Compensating for the Absence of a Required Accompanying Person: A Draft of a Functional System Architecture for an Automated Vehicle
Authors:
Tobias Schräder,
Torben Stolte,
Inga Jatzkowski,
Robert Graubohm,
Marcus Nolte,
Markus Maurer
Abstract:
A major challenge in the development of a fully automated vehicle is to enable a large variety of users to use the vehicle independently and safely. Particular demands arise from user groups who rely on human assistance when using conventional cars. For the independent use of a vehicle by such groups, the vehicle must compensate for the absence of an accompanying person, whose actions and decision…
▽ More
A major challenge in the development of a fully automated vehicle is to enable a large variety of users to use the vehicle independently and safely. Particular demands arise from user groups who rely on human assistance when using conventional cars. For the independent use of a vehicle by such groups, the vehicle must compensate for the absence of an accompanying person, whose actions and decisions ensure the accompanied person's safety even in unknown situations. The resulting requirements cannot be fulfilled only by the geometric design of the vehicle and the nature of its control elements. Special user needs must be taken into account in the entire automation of the vehicle. In this paper, we describe requirements for compensating for the absence of an accompanying person and show how required functions can be located in a hierarchical functional system architecture of an automated vehicle. In addition, we outline the relevance of the vehicle's operational design domain in this context and present a use case for the described functionalities.
△ Less
Submitted 30 August, 2022;
originally announced August 2022.
-
A Taxonomy to Unify Fault Tolerance Regimes for Automotive Systems: Defining Fail-Operational, Fail-Degraded, and Fail-Safe
Authors:
Torben Stolte,
Stefan Ackermann,
Robert Graubohm,
Inga Jatzkowski,
Björn Klamann,
Hermann Winner,
Markus Maurer
Abstract:
This paper presents a taxonomy that allows defining the fault tolerance regimes fail-operational, fail-degraded, and fail-safe in the context of automotive systems. Fault tolerance regimes such as these are widely used in recent publications related to automated driving, yet without definitions. This largely holds true for automotive safety standards, too. We show that fault tolerance regimes defi…
▽ More
This paper presents a taxonomy that allows defining the fault tolerance regimes fail-operational, fail-degraded, and fail-safe in the context of automotive systems. Fault tolerance regimes such as these are widely used in recent publications related to automated driving, yet without definitions. This largely holds true for automotive safety standards, too. We show that fault tolerance regimes defined in scientific publications related to the automotive domain are partially ambiguous as well as taxonomically unrelated. The presented taxonomy is based on terminology stemming from ISO 26262 as well as from systems engineering. It uses four criteria to distinguish fault tolerance regimes. In addition to fail-operational, fail-degraded, and fail-safe, the core terminology consists of operational and fail-unsafe. These terms are supported by definitions of available performance, nominal performance, functionality, and a concise definition of the safe state. For verification, we show by means of two examples from the automotive domain that the taxonomy can be applied to hierarchical systems of different complexity.
△ Less
Submitted 12 July, 2022; v1 submitted 21 June, 2021;
originally announced June 2021.
-
Actuator Fault-Tolerant Vehicle Motion Control: A Survey
Authors:
Torben Stolte
Abstract:
The advent of automated vehicles operating at SAE levels 4 and 5 poses high fault tolerance demands for all functions contributing to the driving task. At the actuator level, fault-tolerant vehicle motion control, which exploits functional redundancies among the actuators, is one means to achieve the required degree of fault tolerance. Therefore, we give a comprehensive overview of the state of th…
▽ More
The advent of automated vehicles operating at SAE levels 4 and 5 poses high fault tolerance demands for all functions contributing to the driving task. At the actuator level, fault-tolerant vehicle motion control, which exploits functional redundancies among the actuators, is one means to achieve the required degree of fault tolerance. Therefore, we give a comprehensive overview of the state of the art in actuator fault-tolerant vehicle motion control with a focus on drive, brake, and steering degradations, as well as tire blowouts. This review shows that actuator fault-tolerant vehicle motion is a widely studied field; yet, the presented approaches differ with respect to many aspects. To provide a starting point for future research, we survey the employed actuator topologies, the tolerated degradations, the presented control approaches, as well as the experiments conducted for validation. Overall, and despite the large number of different approaches, the covered literature reveals the potential of increasing fault tolerance by fault-tolerant vehicle motion control. Thus, besides develo** novel approaches or demonstrating real-time applicability, future research should aim at investigating limitations and enabling comparison of fault-tolerant motion control approaches in order to allow for a thorough safety argumentation.
△ Less
Submitted 24 July, 2021; v1 submitted 25 March, 2021;
originally announced March 2021.
-
Towards Efficient Hazard Identification in the Concept Phase of Driverless Vehicle Development
Authors:
Robert Graubohm,
Torben Stolte,
Gerrit Bagschik,
Markus Maurer
Abstract:
The complex functional structure of driverless vehicles induces a multitude of potential malfunctions. Established approaches for a systematic hazard identification generate individual potentially hazardous scenarios for each identified malfunction. This leads to inefficiencies in a purely expert-based hazard analysis process, as each of the many scenarios has to be examined individually. In this…
▽ More
The complex functional structure of driverless vehicles induces a multitude of potential malfunctions. Established approaches for a systematic hazard identification generate individual potentially hazardous scenarios for each identified malfunction. This leads to inefficiencies in a purely expert-based hazard analysis process, as each of the many scenarios has to be examined individually. In this contribution, we propose an adaptation of the strategy for hazard identification for the development of automated vehicles. Instead of focusing on malfunctions, we base our process on deviations from desired vehicle behavior in selected operational scenarios analyzed in the concept phase. By evaluating externally observable deviations from a desired behavior, we encapsulate individual malfunctions and reduce the amount of generated potentially hazardous scenarios. After introducing our hazard identification strategy, we illustrate its application on one of the operational scenarios used in the research project UNICAR$agil$.
△ Less
Submitted 13 January, 2021; v1 submitted 22 April, 2020;
originally announced April 2020.
-
Investigating Functional Redundancies in the Context of Vehicle Automation - A Trajectory Tracking Perspective
Authors:
Torben Stolte,
Tianyu Liao,
Matthias Nee,
Marcus Nolte,
Markus Maurer
Abstract:
Level 3+ automated driving implies highest safety demands for the entire vehicle automation functionality. For the part of trajectory tracking, functional redundancies among all available actuators provide an opportunity to reduce safety requirements for single actuators. Yet, the exploitation of functional redundancies must be well argued if employed in a safety concept as physical limits can be…
▽ More
Level 3+ automated driving implies highest safety demands for the entire vehicle automation functionality. For the part of trajectory tracking, functional redundancies among all available actuators provide an opportunity to reduce safety requirements for single actuators. Yet, the exploitation of functional redundancies must be well argued if employed in a safety concept as physical limits can be reached. In this paper, we want to examine from a trajectory tracking perspective whether such a concept can be used. For this, we present a model predictive fault-tolerant trajectory tracking approach for over-actuated vehicles featuring wheel individual all-wheel drive, brakes, and steering. Applying this approach exemplarily demonstrates for a selected reference trajectory that degradations such as missing or undesired wheel torques as well as reduced steering dynamics can be compensated. Degradations at the physical actuator limits lead to significant deviations from the reference trajectory while small constant steering angles are partially critical.
△ Less
Submitted 25 December, 2018; v1 submitted 5 May, 2018;
originally announced May 2018.
-
Identification of Potential Hazardous Events for an Unmanned Protective Vehicle
Authors:
Gerrit Bagschik,
Andreas Reschka,
Torben Stolte,
Markus Maurer
Abstract:
The project Automated Unmanned Protective Vehicle for Highway Hard Shoulder Road Works (aFAS) aims to develop an unmanned protective vehicle to reduce the risk of injuries due to crashes for road workers. To ensure functional safety during operation in public traffic the system shall be developed following the ISO 26262 standard. After defining the functional range in the item definition, a hazard…
▽ More
The project Automated Unmanned Protective Vehicle for Highway Hard Shoulder Road Works (aFAS) aims to develop an unmanned protective vehicle to reduce the risk of injuries due to crashes for road workers. To ensure functional safety during operation in public traffic the system shall be developed following the ISO 26262 standard. After defining the functional range in the item definition, a hazard analysis and risk assessment has to be done. The ISO 26262 standard gives hints how to process this step and demands a systematic way to identify system hazards. Best practice standards provide systematic ways for hazard identification, but lack applicability for automated vehicles due to the high variety and number of different driving situations even with a reduced functional range. This contribution proposes a new method to identify hazardous events for a system with a given functional description. The method utilizes a skill graph as a functional model of the system and an overall definition of a scene for automated vehicles to identify potential hazardous events. An adapted Hazard and Operability Analysis approach is used to identify system malfunctions. A combination of all methods results in operating scenes with potential hazardous events. These can be assessed afterwards towards their criticality. A use case example is taken from the current development phase of the project aFAS.
△ Less
Submitted 23 April, 2018;
originally announced April 2018.
-
Towards a Skill- And Ability-Based Development Process for Self-Aware Automated Road Vehicles
Authors:
Marcus Nolte,
Gerrit Bagschik,
Inga Jatzkowski,
Torben Stolte,
Andreas Reschka,
Markus Maurer
Abstract:
The development of fully automated vehicles imposes new challenges in the development process and during the operation of such vehicles. As traditional design methods are not sufficient to account for the huge variety of scenarios which will be encountered by (fully) automated vehicles, approaches for designing safe systems must be extended in order to allow for an ISO~26262 compliant development…
▽ More
The development of fully automated vehicles imposes new challenges in the development process and during the operation of such vehicles. As traditional design methods are not sufficient to account for the huge variety of scenarios which will be encountered by (fully) automated vehicles, approaches for designing safe systems must be extended in order to allow for an ISO~26262 compliant development process. During operation of vehicles implementing SAE Levels 3+ safe behavior must always be guaranteed, as the human driver is not or not immediately available as a fall-back. Thus, the vehicle must be aware of its current performance and remaining abilities at all times. In this paper we combine insights from two research projects for showing how a skill- and ability-based approach can provide a basis for the development phase and operation of self-aware automated road vehicles.
△ Less
Submitted 9 August, 2017; v1 submitted 8 August, 2017;
originally announced August 2017.
-
Model Predictive Control Based Trajectory Generation for Autonomous Vehicles - An Architectural Approach
Authors:
Marcus Nolte,
Marcel Rose,
Torben Stolte,
Markus Maurer
Abstract:
Research in the field of automated driving has created promising results in the last years. Some research groups have shown perception systems which are able to capture even complicated urban scenarios in great detail. Yet, what is often missing are general-purpose path- or trajectory planners which are not designed for a specific purpose. In this paper we look at path- and trajectory planning fro…
▽ More
Research in the field of automated driving has created promising results in the last years. Some research groups have shown perception systems which are able to capture even complicated urban scenarios in great detail. Yet, what is often missing are general-purpose path- or trajectory planners which are not designed for a specific purpose. In this paper we look at path- and trajectory planning from an architectural point of view and show how model predictive frameworks can contribute to generalized path- and trajectory generation approaches for generating safe trajectories even in cases of system failures.
△ Less
Submitted 10 August, 2017; v1 submitted 8 August, 2017;
originally announced August 2017.
-
Hazard Analysis and Risk Assessment for an Automated Unmanned Protective Vehicle
Authors:
Torben Stolte,
Gerrit Bagschik,
Andreas Reschka,
Markus Maurer
Abstract:
For future application of automated vehicles in public traffic, ensuring functional safety is essential. In this context, a hazard analysis and risk assessment is an important input for designing functionally vehicle automation systems. In this contribution, we present a detailed hazard analysis and risk assessment (HARA) according to the ISO 26262 standard for a specific Level 4 application, name…
▽ More
For future application of automated vehicles in public traffic, ensuring functional safety is essential. In this context, a hazard analysis and risk assessment is an important input for designing functionally vehicle automation systems. In this contribution, we present a detailed hazard analysis and risk assessment (HARA) according to the ISO 26262 standard for a specific Level 4 application, namely an unmanned protective vehicle operated without human supervision for motorway hard shoulder roadworks.
△ Less
Submitted 5 May, 2018; v1 submitted 19 April, 2017;
originally announced April 2017.