Safety First For Automated Driving

We were recently given a copy of “Safety First For Automated Driving 2019”. It is an attempt by a consortium of AV stakeholders to standardize and formalize the validation and verification of testing for AV systems. It was authored by representatives from Aptiv, Audi, Baidu, BMW, Continental, Fiat-Chrysler, HERE, Infineon, Intel, and Volkswagen, so a good cross-section of the different players in this industry. A copy can be found here.

 

 

 

 

There is a lot to this document. We won’t attempt to cover it in any detail. But there are three areas of particular interest to those of us in the work zone safety world:

  • The hand-off of vehicle control from the automated system to the operator.
  • Fail safe procedures when the system encounters something it does not expect or understand.
  • The importance of an accurate, real-time digital map.

VEHICLE-INTITATED HANDOVER

The moment the system recognizes that the conditions it “sees” are not the same as what were expected at that location, “the system shall react to compensate or shall issue a driver takeover request with a sufficient time frame for the takeover.” If the vehicle operator is unable to take control for any reason the system must initiate a fail-safe maneuver.

FAIL-SAFE PROCEDURES

“The automated driving system shall recognize system limits, especially those that do not allow the safe transition of control to the vehicle operator, and react to minimize the risk.” In the event something unexpected is encountered and when it is dangerous or impossible to hand control to the operator, the system has three options:

Comfort Stop:

This sounds similar to the vehicle pulling over when safe and parking out of the travelled way.

Safe Stop:

This would involve somewhat harder braking and the end of operation may be off the road or potentially could occur while still in a live lane.

Emergency Stop: Just like you locked up the brakes when traffic suddenly stops in front of you. There is no time to do anything else. This would leave the vehicle in the live lane. But we assume the condition causing it would be apparent to the other drivers, as well, so they would likely stop, too.

IMPORTANCE OF ACCURATE MAPS

The report states this clearly, “Failures relating to planned road changes can be avoided by incorporating road change plans from a road authority into the map updating process.” This, of course, requires real-time updates to the data. Like most people outside of our industry, they assume perfect knowledge by the DOT. But as you know, most “road change plans” are often wrong. Many contractors file provisional traffic control plans. Start and end dates change, weather delays the work, etc.

Now it was not within the scope of this document to address the how, just the why. It is up to us to find the most efficient ways to update maps in real-time. But they did recognize the need, and they also felt it was important that everyone have access to the same information. “as indispensable public information, road construction and maintenance plans should be fully transparent and easily accessible by all map providers.”

They also addressed the need to find out when the maps are wrong and to learn from those incidents.  “Errors as a result of real-world changes are difficult to monitor and control, thus they should be carefully analyzed.” Our industry will need access to the data so that we can optimize the ways in which our systems define and report road changes.

Finally, they reiterate the importance of accurate, real-time information, “an effective mechanism for map updating or maintenance is critically important” (emphasis added).  We are happy to see they recognize the need, but they don’t understand how to accomplish that: “A map updating or maintenance platform that comprises sensor data collected from multiple inputs, including but not limited to survey car fleets, massively deployed intelligent vehicles (e.g. vehicles with the ability to collect sensor data), high resolution satellite images and/or road infrastructures with surveillance sensors, can effectively detect the random road changes and lower the risk of random RMA failures.”

The good news is that they recognize the same AV safety issues we have. The bad news is that they do not understand work zone reporting. They believe agencies have perfect knowledge. Any gaps in that knowledge they still think can be filled by probe vehicles gathering and reporting changes as they are encountered. While that will help in some regards, work zones must be automatically reported by the people or equipment doing the work. No other method changes the maps accurately and the moment the lane is closed or reopened.