Top Banner
1 Fredrik Warg How to make a complete hazard analysis and risk assessment for autonomous vehicles? FUSE Final Seminar 2016-09-23
15

How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

Sep 02, 2019

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

1

Fredrik Warg

How to make a complete hazard

analysis and risk assessment for

autonomous vehicles?

FUSE Final Seminar 2016-09-23

Page 2: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

2

Fredrik Warg

ACC

Lane

keeping

assist

Driving on highway - AD

From driver assistance to driver replacement

ACC

Lane

departure

warning

Driving on highway - ADAS

Automated Function

Human driver

Emer-

gency

break

Automated

overtake

• AD in complete control of the vehicle and

has to handle all situations that may arise…

• But how do we know we’ve found them all?

Page 3: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

3

Fredrik Warg

Problem: Completeness of items for AD

� ISO 26262 HA&RA - item definition is input

� Risk: Specification of function is too narrow

� Proposal: Use HA&RA to help define scope

� Iteratively refine HA&RA and function

� HA&RA objective: set of items for AD is complete within its known limitations

� Item definition and safety goals are outputs

Page 4: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

4

Fredrik Warg

Iterative HA&RA and function refinement process

Page 5: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

5

Fredrik Warg

Preliminary feature description

� Input to iterative HA&RA and function refinement

� Describes end-user benefit…

� …and known limitations

Page 6: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

6

Fredrik Warg

Situation analysis:Generic operational situation tree

� Properties of a situation classified in

a tree structure

� Combine tree leaves to find relevant

operational situations

Situation: ”Automatic drive on highway

or rural road with animal obstacle”Implicit: Valid in all physical environments,

road layouts, and speeds.

Page 7: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

7

Fredrik Warg

Hazard identification:Generic hazard tree

� Potential hazards classified

in tree structure

� Tactical level hazards new

challenge for AD

Hazardous event:

Hazard ”Undetected object” in

situation ”Automatic drive on

highway or rural road with

animal obstacle”

Page 8: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

8

Fredrik Warg

Why the trees?

� Escape the focusing effect

� Forced to consider situations that might be less obvious

� Find potential gaps in analysis

� Possible to keep track of which properties have been considered

� Structured knowledge base that can be continuously improved

� Reduce risk for ambiguities in situation and hazard definitions

Page 9: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

9

Fredrik Warg

Dimensioning hazardous events*

� Remove HEs that will not make

unique safety goal

� Identify missing candidates

* R. Johansson, “Efficient identification of safety goals in the automotive E/E domain”, ERTS2, 2016.

Rule D1:

HE3

dominates

HE4

Page 10: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

10

Fredrik Warg

Function refinement

� Input

� Existing requirements

� New provisional list of hazardous events

� Actions

� Refine HEs, function requirements and trees

Page 11: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

11

Fredrik Warg

Function refinement - AEB

� Break down HEs too abstract or general to use for requirements and safety goals

� Difficult to handle small and fast animals → AEB handles only heavy land animals

� Identify HEs where restricting the scope of the function is necessary

� AEB feasible only on highways → Tricycles very rare and becomes QM

� Identify HEs that will increase the scope of the function and add new requirements

� Expand scope to stationary objects

Page 12: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

12

Fredrik Warg

Refined function:

User story format

Page 13: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

13

Fredrik Warg

Updated situation tree

Page 14: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

14

Fredrik Warg

When to stop iterating?

� Sufficient situation and hazard coverage

� Trees fully covered - rationale if not relevant

� Clear which HEs are within or outside scope

� Clarity for continued design process

� HEs have right level of abstraction to create useful safety goal

� Function defined in enough detail to support next steps in design process

� Final set of hazardous events used to create safety goals

� Function requirements used to finalize item definition

Page 15: How to make a complete hazard analysis and risk assessment ... · 2 Fredrik Warg ACC Lane keeping assist Driving on highway-AD From driver assistance to driver replacement ACC Lane

15

Fredrik Warg

Questions?

Fredrik Warg, Martin Gassilewski, Jörgen Tryggvesson, Viacheslav Izosimov,

Anders Werneman, and Rolf Johansson. Defining Autonomous Functions

Using Iterative Hazard Analysis and Requirements Refinement. 5th

International Workshop on Next Generation of System Assurance

Approaches for Safety-Critical Systems (SASSUR), September 2016.

Reference:


Related Documents
17MDSI Series Stepper Motor/Driver/ · PDF fileL010473 February 2016 17MDSI Series Stepper Motor/Driver/Controller User’s Guide 910 East Orangefair Lane, Anaheim, CA 92801 e-mail:

17MDSI Series Stepper Motor/Driver/ · PDF fileL010473...

Category: Documents
Advanced Driver Assistance Systems (ADAS) · Assist, Blind Spot Detection, Lane De-parture Warning, Traffic Sign Recogni-Advanced Driver Assistance Systems . ADAS ...

Advanced Driver Assistance Systems (ADAS) · Assist, Blind....

Category: Documents
CRUISE CONTROL & DRIVER ASSISTANCE DAS Ainfiniti-club.org/manual/2011_QX/DAS.pdf · DAS-6 LANE DEPARTURE WARNING (LDW) SYSTEM : Fail-safe (ADAS Control Unit) .....279 LANE DEPARTURE

CRUISE CONTROL & DRIVER ASSISTANCE DAS...

Category: Documents
DPY50611 Programmable Driver Pack - Anaheim Automation · 2020. 11. 24. · #L010196 1 September 2005 DPY50611 Programmable Driver Pack User’s Guide 910 East Orangefair Lane, Anaheim,

DPY50611 Programmable Driver Pack - Anaheim Automation ·.....

Category: Documents
2012 GMC Savana Owner Manual M...B. Driver Information Center (DIC) Buttons. See Driver Information Center (DIC) on page 5‑28. C. Turn and Lane‐Change Lever. See Turn and Lane-Change

2012 GMC Savana Owner Manual M...B. Driver Information...

Category: Documents
Advanced Driver Assistant System 2. - Stanford University · 3.1 Lane Detection Lane deviation detection includes the functions of lane detection and stability determination. The

Advanced Driver Assistant System 2. - Stanford...

Category: Documents
sensor fusion-based lane detection for lks+acc system

sensor fusion-based lane detection for lks+acc system

Category: Documents
FCW & LDW · 2013-08-22 · o LDW – Lane Departure Warning – when the driver unintentionally departs from the lane (without signaling) o FCW – Forward Collision Warning –

FCW & LDW · 2013-08-22 · o LDW – Lane Departure...

Category: Documents
Modeling driver work-zone speed on 4 lane divided highways

Modeling driver work-zone speed on 4 lane divided highways

Category: Documents
Driver Assistance System - UNECE · Driver Assistance System (Lane Keep Assist System) Akira Iihoshi Vice-Chairman of JAMA ITS Technical Committee (Honda Motor Corporation) Presentation

Driver Assistance System - UNECE · Driver Assistance...

Category: Documents
Lane Code CHAPTER 15 CONTENTS Chapter 15 · Lane Code CHAPTER 15 CONTENTS . January 11, 2018 15-i Chapter 15 ROADS ... Channelization provides maximum convenience, and instills driver

Lane Code CHAPTER 15 CONTENTS Chapter 15 · Lane Code...

Category: Documents
effects of nonplanar driver-side mirrors on lane change crashes

effects of nonplanar driver-side mirrors on lane change...

Category: Documents