Characterization and Mitigation of Insufficiencies in Automated Driving Systems
0
📉
Sign in to get full access
Overview
- Automated Driving (AD) systems have the potential to improve safety, comfort, and energy efficiency
- Major automotive companies are testing and validating AD systems on public roads
- However, commercial deployment and adoption of AD systems has been moderate due to system functional insufficiencies (FIs) that can undermine passenger safety
- FIs are defined in ISO 21448 Safety Of The Intended Functionality (SOTIF) and can occur in sensors, actuators, and algorithm implementations
Plain English Explanation
Automated driving (AD) systems, like those being developed by major car companies, have the potential to make driving safer, more comfortable, and more efficient. However, these systems have not been widely adopted yet, partly because they sometimes have issues that can put passengers at risk.
These issues, called "functional insufficiencies" (FIs), can happen in the sensors, motors, and software algorithms that make up the AD systems. For example, an AD system might not accurately know where the car is located on the road, or it might incorrectly predict a cyclist's movements, or it might fail to reliably detect a pedestrian.
The researchers in this study wanted to find a way to help fix these FI problems and allow AD systems to be deployed more quickly and widely. [link to https://aimodels.fyi/papers/arxiv/statistical-modelling-driving-scenarios-road-traffic-using]
Technical Explanation
The researchers first analyzed data on disengagements (times when a human driver had to take over) from autonomous vehicle road tests in California. They found that FIs were five times more often the cause of disengagements than actual system faults.
The researchers then closely examined over 10 hours of publicly available road test videos to identify different types of FIs. They categorized the FIs into four main areas: issues with the vehicle's understanding of the world around it, problems with its motion planning, failures to properly follow traffic rules, and limitations in its operating domain.
Based on this characterization of FIs, the researchers defined a new architectural design pattern called "Daruma" that can dynamically select the "channel" (sensor, algorithm, etc.) that is least likely to have an FI at any given moment. [link to https://aimodels.fyi/papers/arxiv/enhancing-functional-safety-automotive-ams-circuits-through, https://aimodels.fyi/papers/arxiv/human-machine-interaction-automated-vehicles-reducing-voluntary, https://aimodels.fyi/papers/arxiv/anomaly-behavior-analysis-framework-securing-autonomous-vehicle, https://aimodels.fyi/papers/arxiv/towards-completeness-argumentation-scenario-concepts]
Critical Analysis
The researchers provide a comprehensive characterization of the different types of FIs that can occur in AD systems, which is a valuable contribution. However, they do not go into detail on the specific simulation experiments they conducted to evaluate the Daruma architecture.
Additionally, the paper does not address potential limitations or drawbacks of the Daruma approach, such as the computational overhead required to dynamically switch between channels or the risk of incorrect channel selection. Further research would be needed to fully understand the tradeoffs and viability of this design pattern.
Conclusion
This study takes an important step in identifying and categorizing the functional insufficiencies that have hindered the commercial deployment of automated driving systems. By proposing the Daruma architectural design pattern, the researchers aim to mitigate these issues and accelerate the adoption of AD technology, which could lead to significant improvements in safety, comfort, and efficiency for drivers and passengers.
This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!
Related Papers
📉
0
Characterization and Mitigation of Insufficiencies in Automated Driving Systems
Yuting Fu, Jochen Seemann, Caspar Hanselaar, Tim Beurskens, Andrei Terechko, Emilia Silvas, Maurice Heemels
Automated Driving (AD) systems have the potential to increase safety, comfort and energy efficiency. Recently, major automotive companies have started testing and validating AD systems (ADS) on public roads. Nevertheless, the commercial deployment and wide adoption of ADS have been moderate, partially due to system functional insufficiencies (FI) that undermine passenger safety and lead to hazardous situations on the road. FIs are defined in ISO 21448 Safety Of The Intended Functionality (SOTIF). FIs are insufficiencies in sensors, actuators and algorithm implementations, including neural networks and probabilistic calculations. Examples of FIs in ADS include inaccurate ego-vehicle localization on the road, incorrect prediction of a cyclist maneuver, unreliable detection of a pedestrian, etc. The main goal of our study is to formulate a generic architectural design pattern, which is compatible with existing methods and ADS, to improve FI mitigation and enable faster commercial deployment of ADS. First, we studied the 2021 autonomous vehicles disengagement reports published by the California Department of Motor Vehicles (DMV). The data clearly show that disengagements are five times more often caused by FIs rather than by system faults. We then made a comprehensive list of insufficiencies and their characteristics by analyzing over 10 hours of publicly available road test videos. In particular, we identified insufficiency types in four major categories: world model, motion plan, traffic rule, and operational design domain. The insufficiency characterization helps making the SOTIF analyses of triggering conditions more systematic and comprehensive. Based on our FI characterization, simulation experiments and literature survey, we define a novel generic architectural design pattern Daruma to dynamically select the channel that is least likely to have a FI at the moment.
Read more4/16/2024
0
A Survey on Failure Analysis and Fault Injection in AI Systems
Guangba Yu, Gou Tan, Haojia Huang, Zhenyu Zhang, Pengfei Chen, Roberto Natella, Zibin Zheng
The rapid advancement of Artificial Intelligence (AI) has led to its integration into various areas, especially with Large Language Models (LLMs) significantly enhancing capabilities in Artificial Intelligence Generated Content (AIGC). However, the complexity of AI systems has also exposed their vulnerabilities, necessitating robust methods for failure analysis (FA) and fault injection (FI) to ensure resilience and reliability. Despite the importance of these techniques, there lacks a comprehensive review of FA and FI methodologies in AI systems. This study fills this gap by presenting a detailed survey of existing FA and FI approaches across six layers of AI systems. We systematically analyze 160 papers and repositories to answer three research questions including (1) what are the prevalent failures in AI systems, (2) what types of faults can current FI tools simulate, (3) what gaps exist between the simulated faults and real-world failures. Our findings reveal a taxonomy of AI system failures, assess the capabilities of existing FI tools, and highlight discrepancies between real-world and simulated failures. Moreover, this survey contributes to the field by providing a framework for fault diagnosis, evaluating the state-of-the-art in FI, and identifying areas for improvement in FI techniques to enhance the resilience of AI systems.
Read more7/2/2024
0
Dance of the ADS: Orchestrating Failures through Historically-Informed Scenario Fuzzing
Tong Wang, Taotao Gu, Huan Deng, Hu Li, Xiaohui Kuang, Gang Zhao
As autonomous driving systems (ADS) advance towards higher levels of autonomy, orchestrating their safety verification becomes increasingly intricate. This paper unveils ScenarioFuzz, a pioneering scenario-based fuzz testing methodology. Designed like a choreographer who understands the past performances, it uncovers vulnerabilities in ADS without the crutch of predefined scenarios. Leveraging map road networks, such as OPENDRIVE, we extract essential data to form a foundational scenario seed corpus. This corpus, enriched with pertinent information, provides the necessary boundaries for fuzz testing in the absence of starting scenarios. Our approach integrates specialized mutators and mutation techniques, combined with a graph neural network model, to predict and filter out high-risk scenario seeds, optimizing the fuzzing process using historical test data. Compared to other methods, our approach reduces the time cost by an average of 60.3%, while the number of error scenarios discovered per unit of time increases by 103%. Furthermore, we propose a self-supervised collision trajectory clustering method, which aids in identifying and summarizing 54 high-risk scenario categories prone to inducing ADS faults. Our experiments have successfully uncovered 58 bugs across six tested systems, emphasizing the critical safety concerns of ADS.
Read more7/8/2024
0
Analysis of Functional Insufficiencies and Triggering Conditions to Improve the SOTIF of an MPC-based Trajectory Planner
Mirko Conrad, Georg Schildbach
Automated and autonomous driving has made a significant technological leap over the past decade. In this process, the complexity of algorithms used for vehicle control has grown significantly. Model Predictive Control (MPC) is a prominent example, which has gained enormous popularity and is now widely used for vehicle motion planning and control. However, safety concerns constrain its practical application, especially since traditional procedures of functional safety (FS), with its universal standard ISO26262, reach their limits. Concomitantly, the new aspect of safety-of-the-intended-function (SOTIF) has moved into the center of attention, whose standard, ISO21448, has only been released in 2022. Thus, experience with SOTIF is low and few case studies are available in industry and research. Hence this paper aims to make two main contributions: (1) an analysis of the SOTIF for a generic MPC-based trajectory planner and (2) an interpretation and concrete application of the generic procedures described in ISO21448 for determining functional insufficiencies (FIs) and triggering conditions (TCs). Particular novelties of the paper include an approach for the out-of-context development of SOTIF-related elements (SOTIF-EooC), a compilation of important FIs and TCs for a MPC-based trajectory planner, and an optimized safety concept based on the identified FIs and TCs for the MPC-based trajectory planner.
Read more8/2/2024