Upload
haquynh
View
218
Download
0
Embed Size (px)
Citation preview
Chal lenges in architect ing ful ly automated driving; w ith an emphasis on Heavy Commercial Vehicles
Naveen Mohan et al. ; WASA 2016 1
Main contribut ions
To the best of our knowledge, this paper is unique in
➔Ful l range of possibil it ies of integrat ing intel l igence to an automot ive plat form
➔ Discussion across a broad spectrum of aspects w.r.t . autonomy both funct ional and extra-funct ional
Autonomy mindmap
2
Results: Case 3 vs Case 4
0
1
2
3
4
5
Higher PlatformReuse
Lower accidentalComplexity(on
reuse)
LowerVariability(across
platform)
Lower DevelopmentCost Upfront
Lower DevelopmentCost over time
HigherReliability/Availabilit
y
Reduced need forDiagnostics toensure safety
Higher Security
Ease of Verifcationof Modified Pffunctionality
Ease of Verificationof ADI functionality
Lower Informationflow needed and
infrastructure
Case 3Case 4
4
Bio: Naveen Mohan ➔ Bachelor’s in Computer Science and
Engineering (2009) ➔ 1 year; Defence Industry;
Communication, Networks ➔ Master’s in Networks and Distributed
Systems (2012) Chalmers, Gothenburg
➔ 3 years; Automot ive Industry; VCC; SW/ System responsible Hybrid, el drive
➔ PhD studies at Mechatronics KTH (Started end of 2015); The ARCHER project : Vinnova funded
6
By Veronica538 (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons
What we are trying to do?
7
ADI = Autonomous Driving Intelligence
No Reuse
Full Reuse
Case 1
Case 2
Case 3
Case 4
Case 5
Pres
erve
le
gacy
O
ptim
ize
for
func
tiona
lity
9
Key Messages
➔ The role of legacy ➔“ intel l igence(ADI)
integrat ion” ➔The driver has to go! ➔Safety needs to be
proven ➔Prototype vs
Product
10
Out l ine
➔ About the Author(s) and the project ➔ Background
➔ Complexity and Legacy ➔ Advantages of
autonomous HCVs vs passenger vehicles
➔ Cases: ADI integrat ion. ➔ Conclusions, future work and
quest ions
11
By Andy Dingley (Own work) [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons
The role of legacy in automot ive systems design
➔ Accidental vs essent ial complexity
➔ Legacy as a source of accidental complexity
➔ Modularity impl ies that no vehicle is opt imized in terms of funct ional ity.
➔ There are dif ferent ways to achieve the same funct ional ity
➔ The impact of legacy
12
?
(Exaggerated example) Design considerat ions
CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=342457 By Andy Dingley (Own work) [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)] via Wikimedia Commons 13
Dealing w ith complexity
➔We compensate.. ➔Architectural
mechanisms. ➔Plat forms ➔Process measures ➔Standards ➔Standardizat ion
17
Heavy Commercial Vehicles vs Passenger Cars
➔ TOOL: part of broader ecosystem Transport solut ion – moving people and goods Generat ing business value and profit for owners - customizable
➔ Long l ife span; Second l ife; resale value
➔ High mileage
➔ High dependabil ity; emphasis on degraded modes.
➔ Highly modular:
➔ Low product ion volumes; high variabil ity / Emphasis on D&D costs
18
Advantages of autonomous HCVs ➔ Logist ics.
Trucks currently limited in speed.
➔ Environmental. Air resistance – convoying - Fuel savings
➔ Chauffer related. Shortage of qualified drivers Truck driver >33% in cost
➔ Simplif icat ion (eventual) Stressful job and environment regulations to help drivers Design to help the driver: ergonomics,
➔ New business models possible if “C” drivers license is not essential. Lower cost of entry for more people.
Source: Sveriges Åkeriföretag
33 %
19
Safety considerat ions specif ic to HCVs
ALARP; ISO26262
• Are current ly driven by professional drivers.
• Could carry HazMat
• The size of HCV, number of people t ransported increases the possibility and scale of damage.
20
Out l ine
➔ About the Author(s) and the project ➔ Background
➔ Complexity and Legacy impact ➔ Advantages of autonomous HCVs vs
passenger vehicles
➔ Cases: ADI integrat ion. ➔ Conclusions, future work
and quest ions
21
Focus on perspect ives of ➔ Business Aspects
➔ Safety
➔ Dependabil ity
➔ Verif icat ion
➔ Real izat ion
23
Sources of our chal lenges
➔Drast ic increase in essent ial complexity
➔Socio technical implicat ions that arise due to the potent ially disrupt ive nature of autonomy
➔The absence of a driver to deal with unexpected failures.
➔Safety availability t radeoff
24
Why cases at all? ➔ Many skewed discussions
➔ Expert ise and dif ferent considerat ions in play.
➔ Legacy is a moving target
➔ Prototype vs product SOTA: more or less prototypes; OEM IP
➔ Reluctance, cost to change legacy : needs mot ivat ion.
➔ All cases are capable of L5 automat ion
25
Scope and del imitat ions
➔ Issues common to al l cases e.g. col laborat ion w ith other ent it ies, legal issues, l iabil ity
➔ Focus is on how the ADI can integrate w ith the plat form
➔ Enabl ing reuse (where feasible, reasonable, pract ical) is a priority.
26
Main contribut ions
To the best of our knowledge, this paper is unique in
➔ integrat ing intel l igence to an automot ive plat form
➔ Discussion across such a broad spectrum of aspects w.r.t . autonomy
Autonomy mindmap
27
ADI definit ion
By Patrick Edwin Moran (Own work) [GFDL (http:/ /www.gnu.org/copyleft / fdl.html) or CC BY 3.0 (http:/ /creat ivecommons.org/ licenses/by/3.0)], via Wikimedia Commons
➔OODA loop; Observe, Orient , Decide and Act .
➔Orient and Decide direct ly mapped to the ADI
➔Observe and Act mapped to both the plat form and the ADI, sensors need to be reused
28
Condit ions for reuse
➔ Safety analysis depends on configurat ion, could change per case and context .
➔ It cannot be avoided, however the needed analysis could be minimized.
➔ Legacy components can be reused only if
Usage st ill meets design decisions both t iming, and data limitat ions.
29
Assumpt ions
➔ Components can be turned off if needed
➔ Fail Safe vs Fail Operat ional .
➔ Actuators l imited to the plat form
➔ New Sensors can be added to the ADI freely
➔ ADI can access al l informat ion available to the component it controls
30
Key Goals
➔Highly Safe, dependable plat form.
➔Ease of test ing
➔Low variability
➔Reuse of legacy is a priority
31
Case 1 Extreme;
Ridiculous; Necessary delimiter
Source: By Humanrobo (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons 32 No Reuse
Full Reuse
Case 1
Case 2
Case 3
Case 4
Case 5
Pres
erve
le
gacy
O
ptim
ize
func
tiona
lity
Case 2 Prototypes;
Easiest
33 No Reuse
Full Reuse
Case 1
Case 2
Case 3
Case 4
Case 5
Pres
erve
le
gacy
O
ptim
ize
func
tiona
lity
Case 3 Prototypes;
Refined cont rol
34 No Reuse
Full Reuse
Case 1
Case 2
Case 3
Case 4
Case 5
Pres
erve
le
gacy
O
ptim
ize
func
tiona
lity
Case 4 Tradit ional methods,
concrete solut ion
35 No Reuse
Full Reuse
Case 1
Case 2
Case 3
Case 4
Case 5
Pres
erve
le
gacy
O
ptim
ize
func
tiona
lity
Case 5 The other ext reme;
Delimiter
Intent ional ly left blank!
36 No Reuse
Full Reuse
Case 1
Case 2
Case 3
Case 4
Case 5
Pres
erve
le
gacy
O
ptim
ize
func
tiona
lity
Results: Preserve Legacy approaches
0
1
2
3
4
5
Higher PlatformReuse
Loweraccidental
Complexity(onreuse)
LowerVariability(acro
ss platform)
LowerDevelopmentCost Upfront
LowerDevelopment
Cost over timeHigher
Reliability/Availability
Reduced needfor Diagnostics
to ensuref t
Higher Security
Ease ofVerifcation ofModified Pf
functionality
Ease ofVerification of
ADIfunctionality
LowerInformationflow needed
and…
Case 1Case 2Case 3
Plat form Reuse Limited accidental Complexity on reuse Lower Variabil ity Lower Development Cost Upfront Lower Development Cost over t ime Higher Rel iabil ity/ Availabil ity Minimal Diagnost ics Higher Security Ease of Verifcat ion of Modif ied Pf funct ional ity Ease of Verif icat ion of ADI funct ional ity
lower Informat ion f low needed and infrastructure
37
Results: Opt imize for funct ional ity approaches
0
1
2
3
4
5
Higher PlatformReuse
Lower accidentalComplexity(on
reuse)
LowerVariability(across
platform)
LowerDevelopment Cost
Upfront
LowerDevelopment Cost
over timeHigher
Reliability/Availability
Reduced need forDiagnostics toensure safety
Higher Security
Ease ofVerifcation ofModified Pf…
Ease ofVerification of ADI
functionality
Lower Informationflow needed and
infrastructure
Case 4Case 5
Plat form Reuse Limited accidental Complexity on reuse Lower Variabil ity Lower Development Cost Upfront Lower Development Cost over t ime Higher Rel iabil ity/ Availabil ity Minimal Diagnost ics Higher Security Ease of Verifcat ion ofModif ied Pf funct ional ity Ease of Verif icat ion of ADI funct ional ity
Lower Informat ion f low needed and infrastructure
38
Results: Case 3 vs Case 4
0
1
2
3
4
5
Higher PlatformReuse
Lower accidentalComplexity(on
reuse)
LowerVariability(across
platform)
Lower DevelopmentCost Upfront
Lower DevelopmentCost over time
HigherReliability/Availabilit
y
Reduced need forDiagnostics toensure safety
Higher Security
Ease of Verifcationof Modified Pffunctionality
Ease of Verificationof ADI functionality
Lower Informationflow needed and
infrastructure
Case 3Case 4
39
Findings and Conclusions
➔ High variant plat forms & ISO 26262 = Challenge
➔ Component reuse is not t rivial when safety is considered
➔ ADI => more feature interact ion. Careful management required.
➔ ADI and plat form need to evolve together Or risk Fail safe behavior and low dependability
➔ Need for compartmentalizat ion and part it ion the ADI in all cases. For safety and verificat ion.
➔ Redundancy is key for higher dependability 40
Future work and projects started
Formalizat ion/ removing ambiguity • Ontology of terms in our specific
context • Use of an earlier architecture recovery
project to refine definit ions of the layers in the plat form, the cases, rules for reuse
Grand Cooperat ive Driving Challenge case study, STPA based approach; Case 2. Systems thinking ICES industrial network ASAP workgroup workshop is being planned.
41
Take aways
Other than READ THE PAPER FOR MORE
DETAILS!
o Autonomy is essent ial for HCVs.
o Prototype vs product
o Safe state t ransit ion has to be guaranteed, ideally with formal verificat ion
o Degraded modes are crit ical in the absence of the human.
o Deep integrat ion of ADI with plat form is needed.
o High variant plat forms & ISO 26262 = Challenge
Contact : [email protected] KTH- MECHATRONICS -ARCHER
42