Functional Safety is the biggest reason and also the proof that cars can never be 4-wheeled mobile phones. If a mobile phone shuts down, an accident that you will pay for with your life will not occur. However, if cars or buses take all responsibility from the driver, even eliminating the driver, and claim to drive themselves, they are obliged to ensure driving safety at all times, regardless of the conditions. We are talking about such safety that even a 13-year-old child with no driver’s license can travel alone as a passenger.
This means that if any safety-critical malfunction occurs in the autonomous driving vehicle, there will be no one who can intervene in time. At this point, the expectation is that the vehicle will be able to drive autonomously and will take whole responsibility during the operation. This means it is the most difficult level of safety to achieve so far. That’s why AV (I’ll use this abbreviation for Autonomous Vehicles) Safety is the most difficult and critical one to ensure. In this series of articles, I will start a discussion on what the current state of AV safety is and what the future holds.
What is Safe AV? What makes an AV safe? By which criteria and what measurement results can we prove that it is safe? If there is a claim, evidence must be provided by the OEM. Often OEMs are advertising statements about AV include “It drives better than a human!”. So, is it enough for AV safety to drive better than an AV driver? Also, according to which criteria is a good driver qualified? Another claim is “Our AV travelled 1 million kilometres.”. So let’s ask: On which path, environment and speed did he travel? On the highway? In urban traffic? In which city? Under what traffic rules and order? Under which seasonal conditions? Is it in a place where traffic and pedestrian density is high, the roads are variable, and there are plenty of surprises (while waiting at a red light, you can come across a juggler who makes his/her show until it turns green, or even a little longer, or a paper collector pulls his car on the road, etc.)? Is it a Passenger buse that only carries passengers on a certain route and serve at the airport?
It is the most important criterion for AV safety under which operating conditions vehicle travelled 1 million kilometres autonomously. There is a significant difference in environment and conditions in terms of risk diversity between traveling 1 million kilometres on the university campus, which is almost completely closed to city traffic, and driving in heavy Istanbul traffic.
A Safety Case provides an evidence-based argument that any safety-critical system is safe. Conditions that can be neglected are also noted in this report. It is almost impossible to cover all events in the outside world, where not billions but quadrillions of different possibilities may occur. This brings us to the events that can be ignored in the Safety Report.
What should these events be? In addition, while functional safety indicates the inherent safety of a system, the state of safety in AV safety requires not only that the vehicle always drives safely, but also that the passengers in the vehicle have taken the necessary safety precautions. For example, it should always be monitored whether drivers are wearing their seat belts.
Additionally, the door should not be opened while the vehicle is driving. While ensuring safety, comfort should not be overlooked. In a place where AV is allowed to drive at 50 km/h in the city, constantly changing lanes at this speed will cause the passengers to experience the panic created by a driver who is constantly moving forward. Therefore, the issue involves much more complex factors than detecting objects in traffic, their positions and speeds with only 5 or 6 sensors.
Is Safety-Critical Fully Autonomous Driving Possible Only With Cameras?
Cameras are undoubtedly the most important sensors in detecting and interpreting the most important rules on the road, road and environmental changes. However, they are not as good as Lidars in extracting the 3D geometry of an object. Cameras can only interpret objects at a certain distance as a line. Thanks to lidars, the depths of objects can be detected. Thus, it can be used to determine whether a person is actually a living creature or a picture on a billboard. On the other hand, radars can not only detect objects in front, behind, on the side, or in the dead center, but also how far they are from the sensor and even at what speed they are heading in which direction. But of course, it is clear that high-resolution Lidar and radars will remain much more expensive than cameras. Therefore, we can say that each sensor and camera has its own weaknesses and strengths.
All sensors are vulnerable to dust, dirt, temperature fluctuations, and being hit by flying flies or insects, especially when traveling at high speeds. AV, which has a safety level beyond ASIL D, which is the highest level of safety criticality, must always have redundant sensors. Detection accuracy cannot reach 100 percent in any sensor alone. I wouldn’t want to be a pedestrian trying to cross the road in a scenario where there is a 1 percent margin of error! That’s why sensor diversity and redundancy are essential for safe OA. In addition to sensors, a full series of articles awaits you, from the meaning of perfect driving to the safety of artificial intelligence algorithms to the actual use of software in vehicles.
M.Eng.Can Acar
CEO – Mechatnom
Safety Manager (Certified by TÜV Rheinland)
Abbreviations
AV: Autonomous Vehicles
References
- “How Safe is Safe Enough?”, Philip Koopman