-
A Prototypical Expert-Driven Approach Towards Capability-Based Monitoring of Automated Driving Systems
Authors:
Richard Schubert,
Cedrik Kaufmann,
Marcus Nolte,
Markus Maurer
Abstract:
Supervising the safe operation of automated vehicles is a key requirement in order to unleash their full potential in future transportation systems. In particular, previous publications have argued that SAE Level 4 vehicles should be aware of their capabilities at runtime to make appropriate behavioral decisions. In this paper, we present a framework that enables the implementation of an online ca…
▽ More
Supervising the safe operation of automated vehicles is a key requirement in order to unleash their full potential in future transportation systems. In particular, previous publications have argued that SAE Level 4 vehicles should be aware of their capabilities at runtime to make appropriate behavioral decisions. In this paper, we present a framework that enables the implementation of an online capability monitor. We derive a graphical system model that captures the relationships between the quality of system elements across different architectural views. In an expert-driven approach, we parameterize Bayesian Networks based on this structure using Fuzzy Logic. Using the online monitor, we infer the quality of the system's capabilities based on technical measurements acquired at runtime. Our approach is demonstrated in the context of the UNICAR.agil research project in an urban example scenario.
△ Less
Submitted 25 April, 2024;
originally announced April 2024.
-
Identifikation auslösender Umstände von SOTIF-Gefährdungen durch systemtheoretische Prozessanalyse
Authors:
Robert Graubohm,
Marvin Loba,
Marcus Nolte,
Markus Maurer
Abstract:
Developers have to obtain a sound understanding of existing risk potentials already in the concept phase of driverless vehicles. Deductive as well as inductive SOTIF analyses of potential triggering conditions for hazardous behavior help to achieve this goal. In this regard, ISO 21448 suggests conducting a System-Theoretic Process Analysis (STPA). In this article, we introduce German terminology f…
▽ More
Developers have to obtain a sound understanding of existing risk potentials already in the concept phase of driverless vehicles. Deductive as well as inductive SOTIF analyses of potential triggering conditions for hazardous behavior help to achieve this goal. In this regard, ISO 21448 suggests conducting a System-Theoretic Process Analysis (STPA). In this article, we introduce German terminology for SOTIF considerations and critically discuss STPA theory in the course of an example application, while also proposing methodological additions. -- --
Um bereits in der Konzeptphase autonomer Fahrzeuge einen fundierten Eindruck bestehender Risikopotenziale zu erhalten, werden im Zuge von deduktiven und induktiven SOTIF-Analysen mögliche auslösende Umstände für gefährliches Verhalten untersucht. In diesem Zusammenhang wird in der ISO 21448 die Durchführung einer systemtheoretischen Prozessanalyse (STPA) vorgeschlagen. In diesem Beitrag führen wir deutsche Terminologie für SOTIF-Betrachtungen ein und setzen uns im Zuge einer Anwendung kritisch mit der STPA-Theorie auseinander, wobei wir begleitend methodische Ergänzungen anregen.
△ Less
Submitted 11 March, 2024;
originally announced March 2024.
-
On Assumptions with Respect to Occlusions in Urban Environments for Automated Vehicle Speed Decisions
Authors:
Robert Graubohm,
Nayel Fabian Salem,
Marcus Nolte,
Markus Maurer
Abstract:
Automated driving systems are subject to various kinds of uncertainty during design, development, and operation. These kinds of uncertainty lead to an inherent risk of the technology that can be mitigated, but never fully eliminated. Situations involving obscured traffic participants have become popular examples in the field to illustrate a subset of these uncertainties that developers must deal w…
▽ More
Automated driving systems are subject to various kinds of uncertainty during design, development, and operation. These kinds of uncertainty lead to an inherent risk of the technology that can be mitigated, but never fully eliminated. Situations involving obscured traffic participants have become popular examples in the field to illustrate a subset of these uncertainties that developers must deal with during system design and implementation. In this paper, we describe necessary assumptions for a speed choice in a situation in which an ego-vehicle passes parked vehicles that generate occluded areas where a human intending to cross the road could be obscured. We develop a calculation formula for a dynamic speed limit that mitigates the collision risk in this situation, and investigate the resulting speed profiles in simulation based on example assumptions. This paper has two main results: First, we show that even without worst-case assumptions, dramatically reduced speeds would be driven to avoid collisions. Second, we highlight that design decisions regarding occlusion treatment are directly related to the risk that automated vehicles pose to pedestrians in urban environments. In this respect, we conclude that there needs to be a broader discussion about acceptable assumptions.
△ Less
Submitted 14 February, 2024; v1 submitted 15 May, 2023;
originally announced May 2023.
-
Robust LSTM-based Vehicle Velocity Observer for Regular and Near-limits Applications
Authors:
Agapius Bou Ghosn,
Marcus Nolte,
Philip Polack,
Arnaud de La Fortelle,
Markus Maurer
Abstract:
Accurate velocity estimation is key to vehicle control. While the literature describes how model-based and learning-based observers are able to estimate a vehicle's velocity in normal driving conditions, the challenge remains to estimate the velocity in near-limits maneuvers while using only conventional in-car sensors. In this paper, we introduce a novel neural network architecture based on Long…
▽ More
Accurate velocity estimation is key to vehicle control. While the literature describes how model-based and learning-based observers are able to estimate a vehicle's velocity in normal driving conditions, the challenge remains to estimate the velocity in near-limits maneuvers while using only conventional in-car sensors. In this paper, we introduce a novel neural network architecture based on Long Short-Term Memory (LSTM) networks to accurately estimate the vehicle's velocity in different driving conditions, including maneuvers at the limits of handling. The approach has been tested on real vehicle data and it provides more accurate estimations than state-of-the-art model-based and learning-based methods, for both regular and near-limits driving scenarios. Our approach is robust since the performance of the state-of-the-art observers deteriorates with higher dynamics, while our method adapts to different maneuvers, providing accurate estimations even at the vehicle's limits of handling.
△ Less
Submitted 31 March, 2023;
originally announced March 2023.
-
Risk Management Core -- Towards an Explicit Representation of Risk in Automated Driving
Authors:
Nayel Fabian Salem,
Thomas Kirschbaum,
Marcus Nolte,
Christian Lalitsch-Schneider,
Robert Graubohm,
Jan Reich,
Markus Maurer
Abstract:
While current automotive safety standards provide implicit guidance on how unreasonable risk can be avoided, manufacturers are required to specify risk acceptance criteria for Automated Driving Systems (SAE Level 3 and higher). However, the 'unreasonable' level of risk of Automated Driving Systems is not yet concisely defined. Solely applying current safety standards to such novel systems could po…
▽ More
While current automotive safety standards provide implicit guidance on how unreasonable risk can be avoided, manufacturers are required to specify risk acceptance criteria for Automated Driving Systems (SAE Level 3 and higher). However, the 'unreasonable' level of risk of Automated Driving Systems is not yet concisely defined. Solely applying current safety standards to such novel systems could potentially not be sufficient for their acceptance. As risk is managed with implicit knowledge about safety measures in existing automotive standards, an explicit alignment with risk acceptance criteria is challenging. Hence, we propose an approach for an explicit representation and management of risk, which we call the Risk Management Core. The proposal of this process framework is based on requirements elicited from current safety standards and is applied to the task of specifying safe behavior for an Automated Driving System in an example scenario.
△ Less
Submitted 8 March, 2024; v1 submitted 15 February, 2023;
originally announced February 2023.
-
ODD-Centric Contextual Sensitivity Analysis Applied To A Non-Linear Vehicle Dynamics Model
Authors:
Richard Schubert,
Marcus Nolte,
Arnaud de La Fortelle,
Markus Maurer
Abstract:
Advanced driving functions, for assistance or full automation, require strong guarantees to be deployed. This means that such functions may not be available all the time, like now commercially available SAE Level 3 modes that are made available only on some roads and at law speeds. The specification of such restriction is described technically in the Operational Design Domain (ODD) which is a fund…
▽ More
Advanced driving functions, for assistance or full automation, require strong guarantees to be deployed. This means that such functions may not be available all the time, like now commercially available SAE Level 3 modes that are made available only on some roads and at law speeds. The specification of such restriction is described technically in the Operational Design Domain (ODD) which is a fundamental concept for the design of automated driving systems (ADS). In this work, we focus on the example of trajectory planning and control which are crucial functions for SAE level 4+ vehicles and often rely on model-based methods. Hence, the quality of the underlying models has to be evaluated with respect to the ODD. Mathematical analyses such as uncertainty and sensitivity analysis support the quantitative assessment of model quality in general. In this paper, we present a new approach to assess the quality of vehicle dynamics models using an ODD-centric sensitivity analysis. The sensitivity analysis framework is implemented for a 10-DoF nonlinear double-track vehicle dynamics model used inside a model-predictive trajectory controller. The model sensitivity is evaluated with respect to given ODD and maneuver parameters. Based on the results, ODD-compliant behavior generation strategies with the goal of minimizing model sensitivity are outlined.
△ Less
Submitted 13 April, 2023; v1 submitted 9 February, 2023;
originally announced February 2023.
-
Ein Beitrag zur durchgängigen, formalen Verhaltensspezifikation automatisierter Straßenfahrzeuge
Authors:
Nayel Fabian Salem,
Veronica Haber,
Matthias Rauschenbach,
Marcus Nolte,
Jan Reich,
Torben Stolte,
Robert Graubohm,
Markus Maurer
Abstract:
Assuring safety of automated vehicles (SAE Level 3+) requires specifying and validating the behavior of such a vehicle in its operational environment. In order to argue and support assumptions that are made during the behavior specification within scenarios, a traceable documentation of design decisions is required. With the introduction of the \textit{semantic norm behavior analysis} a method is…
▽ More
Assuring safety of automated vehicles (SAE Level 3+) requires specifying and validating the behavior of such a vehicle in its operational environment. In order to argue and support assumptions that are made during the behavior specification within scenarios, a traceable documentation of design decisions is required. With the introduction of the \textit{semantic norm behavior analysis} a method is proposed, which contributes to a traceable map** of concerns towards the behavior of an automated vehicle in its operational environment to a formal rule system of semantic concepts for considered scenarios. In this work, a semantic norm behavior analysis is conducted in two selected example scenarios. Thereby, an example of the formalization of behavioral rules from an excerpt of the German traffic code is given.
--
Die Absicherung automatisierter Straßenfahrzeuge (SAE Level 3+) setzt die Spezifikation und Überprüfung des Verhaltens eines Fahrzeugs in seiner Betriebsumgebung voraus. Um Annahmen, welche bei der Verhaltensspezifikation innerhalb von Szenarien getroffen werden, begründen und belegen zu können, ist eine durchgängige Dokumentation dieser Entwurfsentscheidungen erforderlich. Mit der Einführung der \textit{semantischen Normverhaltensanalyse} wird eine Methode vorgeschlagen, mithilfe derer Ansprüche an das Verhalten eines automatisierten Fahrzeugs in seiner Betriebsumgebung durchgängig auf ein formales Regelsystem aus semantischen Konzepten für ausgewählte Szenarien abgebildet werden können. Eine semantische Normverhaltensanalyse wird in dieser Arbeit in zwei ausgewählten Szenarien durchgeführt. Hierfür werden Verhaltensregeln aus einem Auszug der Straßenverkehrsordnung exemplarisch formalisiert.
△ Less
Submitted 15 September, 2022;
originally announced September 2022.
-
Supporting Safe Decision Making Through Holistic System-Level Representations & Monitoring -- A Summary and Taxonomy of Self-Representation Concepts for Automated Vehicles
Authors:
Marcus Nolte,
Inga Jatzkowski,
Susanne Ernst,
Markus Maurer
Abstract:
The market introduction of automated vehicles has motivated intense research efforts into the safety of automated vehicle systems. Unlike driver assistance systems, SAE Level 3+ systems are not only responsible for executing (parts of) the dynamic driving task (DDT), but also for monitoring the automation system's performance at all times. Key components to fulfill these surveillance tasks are sys…
▽ More
The market introduction of automated vehicles has motivated intense research efforts into the safety of automated vehicle systems. Unlike driver assistance systems, SAE Level 3+ systems are not only responsible for executing (parts of) the dynamic driving task (DDT), but also for monitoring the automation system's performance at all times. Key components to fulfill these surveillance tasks are system monitors which can assess the system's performance at runtime, e.g. to activate fallback modules in case of partial system failures. In order to implement reasonable monitoring strategies for an automated vehicle, holistic system-level approaches are required, which make use of sophisticated internal system models. In this paper we present definitions and an according taxonomy, subsuming such models as a vehicle's self-representation and highlight the terms' roles in a scene and situation representation. Holistic system-level monitoring does not only provide the possibility to use monitors for the activation of fallbacks. In this paper we argue, why holistic system-level monitoring is a crucial step towards higher levels of automation, and give an example how it also enables the system to react to performance loss at a tactical level by providing input for decision making.
△ Less
Submitted 29 July, 2020; v1 submitted 27 July, 2020;
originally announced July 2020.
-
Sensitivity Analysis for Vehicle Dynamics Models -- An Approach to Model Quality Assessment for Automated Vehicles
Authors:
Marcus Nolte,
Richard Schubert,
Cordula Reisch,
Markus Maurer
Abstract:
Model-based approaches have become increasingly popular in the domain of automated driving. This includes runtime algorithms, such as Model Predictive Control, as well as formal and simulative approaches for the verification of automated vehicle functions. With this trend, the quality of models becomes crucial for automated vehicle safety. Established tools from model theory which can be applied t…
▽ More
Model-based approaches have become increasingly popular in the domain of automated driving. This includes runtime algorithms, such as Model Predictive Control, as well as formal and simulative approaches for the verification of automated vehicle functions. With this trend, the quality of models becomes crucial for automated vehicle safety. Established tools from model theory which can be applied to assure model quality are uncertainty and sensitivity analysis [1]. In this paper, we conduct sensitivity analyses for a single and double track vehicle dynamics model to gain insights about the models' behavior under different operating conditions. We compare the models, point out the most important findings regarding the obtained parameters sensitivities, and provide examples of possible applications of the gained insights.
△ Less
Submitted 11 May, 2020; v1 submitted 8 May, 2020;
originally announced May 2020.
-
Investigating Functional Redundancies in the Context of Vehicle Automation - A Trajectory Tracking Perspective
Authors:
Torben Stolte,
Tianyu Liao,
Matthias Nee,
Marcus Nolte,
Markus Maurer
Abstract:
Level 3+ automated driving implies highest safety demands for the entire vehicle automation functionality. For the part of trajectory tracking, functional redundancies among all available actuators provide an opportunity to reduce safety requirements for single actuators. Yet, the exploitation of functional redundancies must be well argued if employed in a safety concept as physical limits can be…
▽ More
Level 3+ automated driving implies highest safety demands for the entire vehicle automation functionality. For the part of trajectory tracking, functional redundancies among all available actuators provide an opportunity to reduce safety requirements for single actuators. Yet, the exploitation of functional redundancies must be well argued if employed in a safety concept as physical limits can be reached. In this paper, we want to examine from a trajectory tracking perspective whether such a concept can be used. For this, we present a model predictive fault-tolerant trajectory tracking approach for over-actuated vehicles featuring wheel individual all-wheel drive, brakes, and steering. Applying this approach exemplarily demonstrates for a selected reference trajectory that degradations such as missing or undesired wheel torques as well as reduced steering dynamics can be compensated. Degradations at the physical actuator limits lead to significant deviations from the reference trajectory while small constant steering angles are partially critical.
△ Less
Submitted 25 December, 2018; v1 submitted 5 May, 2018;
originally announced May 2018.
-
Representing the Unknown - Impact of Uncertainty on the Interaction between Decision Making and Trajectory Generation
Authors:
Marcus Nolte,
Susanne Ernst,
Jan Richelmann,
Markus Maurer
Abstract:
Even though motion planning for automated vehicles has been extensively discussed for more than two decades, it is still a highly active field of research with a variety of different approaches having been published in the recent years. When considering the market introduction of SAE Level 3+ vehicles, the topic of motion planning will most likely be subject to even more detailed discussions betwe…
▽ More
Even though motion planning for automated vehicles has been extensively discussed for more than two decades, it is still a highly active field of research with a variety of different approaches having been published in the recent years. When considering the market introduction of SAE Level 3+ vehicles, the topic of motion planning will most likely be subject to even more detailed discussions between safety and user acceptance. This paper shall discuss parameters of the motion planning problem and requirements to an environment model. The focus is put on the representation of different types of uncertainty at the example of sensor occlusion, arguing the importance of a well-defined interface between decision making and trajectory generation.
△ Less
Submitted 7 August, 2018; v1 submitted 24 April, 2018;
originally announced April 2018.
-
A System's Perspective Towards an Architecture Framework for Safe Automated Vehicles
Authors:
Gerrit Bagschik,
Marcus Nolte,
Susanne Ernst,
Markus Maurer
Abstract:
With an increasing degree of automation, automated vehicle systems become more complex in terms of functional components as well as interconnected hardware and software components. Thus, holistic systems engineering becomes a severe challenge. Emergent properties like system safety are not solely arguable in singular viewpoints such as structural representations of software or electrical wiring (e…
▽ More
With an increasing degree of automation, automated vehicle systems become more complex in terms of functional components as well as interconnected hardware and software components. Thus, holistic systems engineering becomes a severe challenge. Emergent properties like system safety are not solely arguable in singular viewpoints such as structural representations of software or electrical wiring (e.g. fault tolerant). This states the need to get several viewpoints on a system and describe correspondences between these views in order to enable traceability of emergent system properties. Today, the most abstract view found in architecture frameworks is a logical description of system functions which structures the system in terms of information flow and functional components. In this article we extend established system viewpoints towards a capability-based assessment of an automated vehicle and conduct an exemplary safety analysis to derive behavioral safety requirements. These requirements can afterwards be attributed to different viewpoints in an architecture frameworks and thus be integrated into a development process for automated vehicles.
△ Less
Submitted 23 April, 2018; v1 submitted 19 April, 2018;
originally announced April 2018.
-
Towards a Skill- And Ability-Based Development Process for Self-Aware Automated Road Vehicles
Authors:
Marcus Nolte,
Gerrit Bagschik,
Inga Jatzkowski,
Torben Stolte,
Andreas Reschka,
Markus Maurer
Abstract:
The development of fully automated vehicles imposes new challenges in the development process and during the operation of such vehicles. As traditional design methods are not sufficient to account for the huge variety of scenarios which will be encountered by (fully) automated vehicles, approaches for designing safe systems must be extended in order to allow for an ISO~26262 compliant development…
▽ More
The development of fully automated vehicles imposes new challenges in the development process and during the operation of such vehicles. As traditional design methods are not sufficient to account for the huge variety of scenarios which will be encountered by (fully) automated vehicles, approaches for designing safe systems must be extended in order to allow for an ISO~26262 compliant development process. During operation of vehicles implementing SAE Levels 3+ safe behavior must always be guaranteed, as the human driver is not or not immediately available as a fall-back. Thus, the vehicle must be aware of its current performance and remaining abilities at all times. In this paper we combine insights from two research projects for showing how a skill- and ability-based approach can provide a basis for the development phase and operation of self-aware automated road vehicles.
△ Less
Submitted 9 August, 2017; v1 submitted 8 August, 2017;
originally announced August 2017.
-
Model Predictive Control Based Trajectory Generation for Autonomous Vehicles - An Architectural Approach
Authors:
Marcus Nolte,
Marcel Rose,
Torben Stolte,
Markus Maurer
Abstract:
Research in the field of automated driving has created promising results in the last years. Some research groups have shown perception systems which are able to capture even complicated urban scenarios in great detail. Yet, what is often missing are general-purpose path- or trajectory planners which are not designed for a specific purpose. In this paper we look at path- and trajectory planning fro…
▽ More
Research in the field of automated driving has created promising results in the last years. Some research groups have shown perception systems which are able to capture even complicated urban scenarios in great detail. Yet, what is often missing are general-purpose path- or trajectory planners which are not designed for a specific purpose. In this paper we look at path- and trajectory planning from an architectural point of view and show how model predictive frameworks can contribute to generalized path- and trajectory generation approaches for generating safe trajectories even in cases of system failures.
△ Less
Submitted 10 August, 2017; v1 submitted 8 August, 2017;
originally announced August 2017.
-
Towards a Functional System Architecture for Automated Vehicles
Authors:
Simon Ulbrich,
Andreas Reschka,
Jens Rieken,
Susanne Ernst,
Gerrit Bagschik,
Frank Dierkes,
Marcus Nolte,
Markus Maurer
Abstract:
This paper presents a functional system architecture for an automated vehicle. It provides an overall, generic structure that is independent of a specific implementation of a particular vehicle project. Yet, it has been inspired and cross-checked with a real world automated driving implementation in the Stadtpilot project at the Technische Universität Braunschweig. The architecture entails aspects…
▽ More
This paper presents a functional system architecture for an automated vehicle. It provides an overall, generic structure that is independent of a specific implementation of a particular vehicle project. Yet, it has been inspired and cross-checked with a real world automated driving implementation in the Stadtpilot project at the Technische Universität Braunschweig. The architecture entails aspects like environment and self perception, planning and control, localization, map provision, Vehicle-To-X-communication, and interaction with human operators.
△ Less
Submitted 30 March, 2017; v1 submitted 24 March, 2017;
originally announced March 2017.