Chal lenges in architect ing ful ly automated driving; w ith an emphasis on Heavy Commercial Vehicles

Naveen Mohan et al. ; WASA 2016 1

Main contribut ions

To the best of our knowledge, this paper is unique in

➔Ful l range of possibil it ies of integrat ing intel l igence to an automot ive plat form

➔ Discussion across a broad spectrum of aspects w.r.t . autonomy both funct ional and extra-funct ional

Autonomy mindmap

2

: Case study planned : KTH Research concept vehicle,

Scania t ruck

3

Results: Case 3 vs Case 4

0

1

2

3

4

5

Higher PlatformReuse

Lower accidentalComplexity(on

reuse)

LowerVariability(across

platform)

Lower DevelopmentCost Upfront

Lower DevelopmentCost over time

HigherReliability/Availabilit

y

Reduced need forDiagnostics toensure safety

Higher Security

Ease of Verifcationof Modified Pffunctionality

Ease of Verificationof ADI functionality

Lower Informationflow needed and

infrastructure

Case 3Case 4

4

www.kth.se/ itm/ autonomymindmap

Join and collaborate. KTH: Mechatronics ITRL IC

5

Bio: Naveen Mohan ➔ Bachelor’s in Computer Science and

Engineering (2009) ➔ 1 year; Defence Industry;

Communication, Networks ➔ Master’s in Networks and Distributed

Systems (2012) Chalmers, Gothenburg

➔ 3 years; Automot ive Industry; VCC; SW/ System responsible Hybrid, el drive

➔ PhD studies at Mechatronics KTH (Started end of 2015); The ARCHER project : Vinnova funded

6

By Veronica538 (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons

What we are trying to do?

7

ADI = Autonomous Driving Intelligence

No Reuse

Full Reuse

Case 1

Case 2

Case 3

Case 4

Case 5

Pres

erve

le

gacy

O

ptim

ize

for

func

tiona

lity

9

Key Messages

➔ The role of legacy ➔“ intel l igence(ADI)

integrat ion” ➔The driver has to go! ➔Safety needs to be

proven ➔Prototype vs

Product

10

Out l ine

➔ About the Author(s) and the project ➔ Background

➔ Complexity and Legacy ➔ Advantages of

autonomous HCVs vs passenger vehicles

➔ Cases: ADI integrat ion. ➔ Conclusions, future work and

quest ions

11

By Andy Dingley (Own work) [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons

The role of legacy in automot ive systems design

➔ Accidental vs essent ial complexity

➔ Legacy as a source of accidental complexity

➔ Modularity impl ies that no vehicle is opt imized in terms of funct ional ity.

➔ There are dif ferent ways to achieve the same funct ional ity

➔ The impact of legacy

12

?

(Exaggerated example) Design considerat ions

CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=342457 By Andy Dingley (Own work) [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)] via Wikimedia Commons 13

One Common Electrical Plat form

1.2 14

1500 logical nodes

A Scania production vehicle from 2013 15

14000 connect ions

A Scania production vehicle from 2013 16

Dealing w ith complexity

➔We compensate.. ➔Architectural

mechanisms. ➔Plat forms ➔Process measures ➔Standards ➔Standardizat ion

17

Heavy Commercial Vehicles vs Passenger Cars

➔ TOOL: part of broader ecosystem Transport solut ion – moving people and goods Generat ing business value and profit for owners - customizable

➔ Long l ife span; Second l ife; resale value

➔ High mileage

➔ High dependabil ity; emphasis on degraded modes.

➔ Highly modular:

➔ Low product ion volumes; high variabil ity / Emphasis on D&D costs

18

Advantages of autonomous HCVs ➔ Logist ics.

Trucks currently limited in speed.

➔ Environmental. Air resistance – convoying - Fuel savings

➔ Chauffer related. Shortage of qualified drivers Truck driver >33% in cost

➔ Simplif icat ion (eventual) Stressful job and environment regulations to help drivers Design to help the driver: ergonomics,

➔ New business models possible if “C” drivers license is not essential. Lower cost of entry for more people.

Source: Sveriges Åkeriföretag

33 %

19

Safety considerat ions specif ic to HCVs

ALARP; ISO26262

• Are current ly driven by professional drivers.

• Could carry HazMat

• The size of HCV, number of people t ransported increases the possibility and scale of damage.

20

Out l ine

➔ About the Author(s) and the project ➔ Background

➔ Complexity and Legacy impact ➔ Advantages of autonomous HCVs vs

passenger vehicles

➔ Cases: ADI integrat ion. ➔ Conclusions, future work

and quest ions

21

Focus on perspect ives of ➔ Business Aspects

➔ Safety

➔ Dependabil ity

➔ Verif icat ion

➔ Real izat ion

23

Sources of our chal lenges

➔Drast ic increase in essent ial complexity

➔Socio technical implicat ions that arise due to the potent ially disrupt ive nature of autonomy

➔The absence of a driver to deal with unexpected failures.

➔Safety availability t radeoff

24

Why cases at all? ➔ Many skewed discussions

➔ Expert ise and dif ferent considerat ions in play.

➔ Legacy is a moving target

➔ Prototype vs product SOTA: more or less prototypes; OEM IP

➔ Reluctance, cost to change legacy : needs mot ivat ion.

➔ All cases are capable of L5 automat ion

25

Scope and del imitat ions

➔ Issues common to al l cases e.g. col laborat ion w ith other ent it ies, legal issues, l iabil ity

➔ Focus is on how the ADI can integrate w ith the plat form

➔ Enabl ing reuse (where feasible, reasonable, pract ical) is a priority.

26

Main contribut ions

To the best of our knowledge, this paper is unique in

➔ integrat ing intel l igence to an automot ive plat form

➔ Discussion across such a broad spectrum of aspects w.r.t . autonomy

Autonomy mindmap

27

ADI definit ion

By Patrick Edwin Moran (Own work) [GFDL (http:/ /www.gnu.org/copyleft / fdl.html) or CC BY 3.0 (http:/ /creat ivecommons.org/ licenses/by/3.0)], via Wikimedia Commons

➔OODA loop; Observe, Orient , Decide and Act .

➔Orient and Decide direct ly mapped to the ADI

➔Observe and Act mapped to both the plat form and the ADI, sensors need to be reused

28

Condit ions for reuse

➔ Safety analysis depends on configurat ion, could change per case and context .

➔ It cannot be avoided, however the needed analysis could be minimized.

➔ Legacy components can be reused only if

Usage st ill meets design decisions both t iming, and data limitat ions.

29

Assumpt ions

➔ Components can be turned off if needed

➔ Fail Safe vs Fail Operat ional .

➔ Actuators l imited to the plat form

➔ New Sensors can be added to the ADI freely

➔ ADI can access al l informat ion available to the component it controls

30

Key Goals

➔Highly Safe, dependable plat form.

➔Ease of test ing

➔Low variability

➔Reuse of legacy is a priority

31

Case 1 Extreme;

Ridiculous; Necessary delimiter

Source: By Humanrobo (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons 32 No Reuse

Full Reuse

Case 1

Case 2

Case 3

Case 4

Case 5

Pres

erve

le

gacy

O

ptim

ize

func

tiona

lity

Case 2 Prototypes;

Easiest

33 No Reuse

Full Reuse

Case 1

Case 2

Case 3

Case 4

Case 5

Pres

erve

le

gacy

O

ptim

ize

func

tiona

lity

Case 3 Prototypes;

Refined cont rol

34 No Reuse

Full Reuse

Case 1

Case 2

Case 3

Case 4

Case 5

Pres

erve

le

gacy

O

ptim

ize

func

tiona

lity

Case 4 Tradit ional methods,

concrete solut ion

35 No Reuse

Full Reuse

Case 1

Case 2

Case 3

Case 4

Case 5

Pres

erve

le

gacy

O

ptim

ize

func

tiona

lity

Case 5 The other ext reme;

Delimiter

Intent ional ly left blank!

36 No Reuse

Full Reuse

Case 1

Case 2

Case 3

Case 4

Case 5

Pres

erve

le

gacy

O

ptim

ize

func

tiona

lity

Results: Preserve Legacy approaches

0

1

2

3

4

5

Higher PlatformReuse

Loweraccidental

Complexity(onreuse)

LowerVariability(acro

ss platform)

LowerDevelopmentCost Upfront

LowerDevelopment

Cost over timeHigher

Reliability/Availability

Reduced needfor Diagnostics

to ensuref t

Higher Security

Ease ofVerifcation ofModified Pf

functionality

Ease ofVerification of

ADIfunctionality

LowerInformationflow needed

and…

Case 1Case 2Case 3

Plat form Reuse Limited accidental Complexity on reuse Lower Variabil ity Lower Development Cost Upfront Lower Development Cost over t ime Higher Rel iabil ity/ Availabil ity Minimal Diagnost ics Higher Security Ease of Verifcat ion of Modif ied Pf funct ional ity Ease of Verif icat ion of ADI funct ional ity

lower Informat ion f low needed and infrastructure

37

Results: Opt imize for funct ional ity approaches

0

1

2

3

4

5

Higher PlatformReuse

Lower accidentalComplexity(on

reuse)

LowerVariability(across

platform)

LowerDevelopment Cost

Upfront

LowerDevelopment Cost

over timeHigher

Reliability/Availability

Reduced need forDiagnostics toensure safety

Higher Security

Ease ofVerifcation ofModified Pf…

Ease ofVerification of ADI

functionality

Lower Informationflow needed and

infrastructure

Case 4Case 5

Plat form Reuse Limited accidental Complexity on reuse Lower Variabil ity Lower Development Cost Upfront Lower Development Cost over t ime Higher Rel iabil ity/ Availabil ity Minimal Diagnost ics Higher Security Ease of Verifcat ion ofModif ied Pf funct ional ity Ease of Verif icat ion of ADI funct ional ity

Lower Informat ion f low needed and infrastructure

38

Results: Case 3 vs Case 4

0

1

2

3

4

5

Higher PlatformReuse

Lower accidentalComplexity(on

reuse)

LowerVariability(across

platform)

Lower DevelopmentCost Upfront

Lower DevelopmentCost over time

HigherReliability/Availabilit

y

Reduced need forDiagnostics toensure safety

Higher Security

Ease of Verifcationof Modified Pffunctionality

Ease of Verificationof ADI functionality

Lower Informationflow needed and

infrastructure

Case 3Case 4

39

Findings and Conclusions

➔ High variant plat forms & ISO 26262 = Challenge

➔ Component reuse is not t rivial when safety is considered

➔ ADI => more feature interact ion. Careful management required.

➔ ADI and plat form need to evolve together Or risk Fail safe behavior and low dependability

➔ Need for compartmentalizat ion and part it ion the ADI in all cases. For safety and verificat ion.

➔ Redundancy is key for higher dependability 40

Future work and projects started

Formalizat ion/ removing ambiguity • Ontology of terms in our specific

context • Use of an earlier architecture recovery

project to refine definit ions of the layers in the plat form, the cases, rules for reuse

Grand Cooperat ive Driving Challenge case study, STPA based approach; Case 2. Systems thinking ICES industrial network ASAP workgroup workshop is being planned.

41

Take aways

Other than READ THE PAPER FOR MORE

DETAILS!

o Autonomy is essent ial for HCVs.

o Prototype vs product

o Safe state t ransit ion has to be guaranteed, ideally with formal verificat ion

o Degraded modes are crit ical in the absence of the human.

o Deep integrat ion of ADI with plat form is needed.

o High variant plat forms & ISO 26262 = Challenge

Contact : Naveenm@kth.se KTH- MECHATRONICS -ARCHER

42