No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Towards Standardization of AV Safety: C++ Library for Responsibility Sensitive Safety
Abstract
The need for safety in Automated Driving (AD) is becoming increasingly critical with the accelerating deployment of this technology. Beyond functional safety, industry must guarantee the operational safety of automated vehicles. Towards that end, Mobileye introduced the Responsibility Sensitive Safety (RSS), a model-based approach to Safety [1]. In this paper we expand upon this work introducing the C ++ Library for Responsibility Sensitive Safety, an open source executable that implements a subset of RSS. We provide architectural details to integrate the C ++ Library for Responsibility Sensitive Safety with AD Software pipelines as safety module overseeing decision making of driving policies. We illustrate this application with an example integration with the Baidu Apollo AD stack and simulator, [2] and [3], that provides safety validation of the planning module. Furthermore, we show how the C ++ Library for Responsibility Sensitive Safety can be used to explore the usefulness of the RSS model through parameter exploration and analysis on minimum safe longitudinal distance, (dmin), considering different weather conditions. We also compare these results with half-of-speed rule followed in some parts of the world. We expect that the C ++ Library for Responsibility Sensitive Safety becomes a critical component of future tools for formal verification, testing and validation of AD safety and that it helps bootstrap the AD research efforts towards standardization of safety.
... We distinguish between outcomes that were random or present in an unattacked case to assign cause and effect to the attacker's actions. To measure condition (3), we incorporate for the first time in security analysis a measure of the safety of a scene with Responsibility Sensitive Safety (RSS) [14,42]. ...
... As our quantitative tool for safety analysis, we use the Responsibility-Sensity Safety metric [42]. Recently, a library of code for RSS was released [14], and as a part of this work, we integrated RSS into the modular AV development platform AVstack [20] to aid future researchers. At a high level, RSS performs a pairwise analysis of all objects in the scene. ...
Safety is paramount in autonomous vehicles (AVs). Auto manufacturers have spent millions of dollars and driven billions of miles to prove AVs are safe. However, this is ill-suited to answer: what happens to an AV if its data are adversarially compromised? We design a framework built on security-relevant metrics to benchmark AVs on longitudinal datasets. We establish the capabilities of a cyber-level attacker with only access to LiDAR datagrams and from them derive novel attacks on LiDAR. We demonstrate that even though the attacker has minimal knowledge and only access to raw datagrams, the attacks compromise perception and tracking in multi-sensor AVs and lead to objectively unsafe scenarios. To mitigate vulnerabilities and advance secure architectures in AVs, we present two improvements for security-aware fusion -- a data-asymmetry monitor and a scalable track-to-track fusion of 3D LiDAR and monocular detections (T2T-3DLM); we demonstrate that the approaches significantly reduce the attack effectiveness.
... Here, the right-of-way is defined as the right to occupy a particular temporal-spatial area. For example, Mobileye proposed their Responsibility Sensitive Safety (RSS) driving strategy, which can be roughly summarized with the following five rules: 1) Do not hit someone from behind; 2) Do not cut-in recklessly; 3) Right-of-way is given, not taken; 4) Be careful of areas with limited visibility; 5) If you can avoid an accident without causing another one, you must do it [40]- [42]. Such abstracted rules can also be used to validate the rules directly learned from driving data due to their explicitness and explainability. ...
... The second issue that is neglected here is how to determine the responsibility of collisions [39]- [42]. An AV needs to install highly reliable data recorders to store all the sensing, decision, and action data for self-diagnostics and legal investigation. ...
Autonomous vehicles (AVs) are widely believed to be good for improving transportation safety and efficiency. However, recent fatal accidents by some of their prototypes remind us that there are no operationalizable and quantitative safe driving strategies available for an AV in a wide range of situations to avoid collisions. In contrast with many recent studies that focused on ethical considerations when AVs are facing unavoidable harms, we study how to proactively prevent collisions by setting up a set of decision rules for AVs to determine the right-of-way efficiently. Notably, we summarize three essential principles for AVs designing to increase driving safety, and establish a rule-based nine-step communication-decision model to implement them. Our method is constructed by analyzing how human drivers solve potential conflicts. The decision rules are designed to be ambiguity-free and readily computable with the least communication so that human drivers and AVs could easily understand each other in terms of their behaviors and intentions of. We have demonstrated the effectiveness of our method by comparing it with some alternative approaches.
... These methods involve planning a path to avoid static obstacles and optimizing a speed profile to avoid dynamic obstacles [14]. For example, in [13], an optimal path is selected among multiple candidate polynomial paths obtained from state sampling methods, and an optimal acceleration profile is generated to obtain a velocity curve based on the responsibility sensitive safety model [15]. However, the path generated by the sampling module may not accurately reflect spatiotemporal information as it is not optimized for spatiotemporal safety constraints. ...
Multi-modal behaviors exhibited by surrounding vehicles (SVs) can typically lead to traffic congestion and reduce the travel efficiency of autonomous vehicles (AVs) in dense traffic. This paper proposes a real-time parallel trajectory optimization method for the AV to achieve high travel efficiency in dynamic and congested environments. A spatiotemporal safety module is developed to facilitate the safe interaction between the AV and SVs in the presence of trajectory prediction errors resulting from the multi-modal behaviors of the SVs. By leveraging multiple shooting and constraint transcription, we transform the trajectory optimization problem into a nonlinear programming problem, which allows for the use of optimization solvers and parallel computing techniques to generate multiple feasible trajectories in parallel. Subsequently, these spatiotemporal trajectories are fed into a multi-objective evaluation module considering both safety and efficiency objectives, such that the optimal feasible trajectory corresponding to the optimal target lane can be selected. The proposed framework is validated through simulations in a dense and congested driving scenario with multiple uncertain SVs. The results demonstrate that our method enables the AV to safely navigate through a dense and congested traffic scenario while achieving high travel efficiency and task accuracy in real time.
... Some RSS rules are implemented and offered as a library [7]. However, its coverage of various driving scenarios seems limited. ...
We build on our recent work on formalization of responsibility-sensitive safety (RSS) and present the first formal framework that enables mathematical proofs of the safety of control strategies in intersection scenarios. Intersection scenarios are challenging due to the complex interaction between vehicles; to cope with it, we extend the program logic dFHL in the previous work and introduce a novel formalism of hybrid control flow graphs on which our algorithm can automatically discover an RSS condition that ensures safety. An RSS condition thus discovered is experimentally evaluated; we observe that it is safe (as our safety proof says) and is not overly conservative.
... They further calculated and assessed whether the associated collision risk value was sufficiently low to evaluate vehicular safety. Several researchers [18][19][20][21] have sought to refine RSS parameter ranges based on physical constraints, legal requirements, and human driving behavior, to enhance the practicality of RSS models. Pasch et al. [22] conducted an extensive parameter assessment of vulnerable road users within the RSS scope, illustrating how RSS parameter values significantly influence the model's usability. ...
Addressing decision safety in the unpredictable arena of complex traffic scenarios represents a significant hurdle for autonomous driving systems. Considering the inherent spatial-temporal uncertainties associated with the future actions of surrounding traffic participants, real-time safety verification of autonomous driving decisions is crucial to maintaining vehicular safety. Existing online verification methodologies, such as Responsibility Sensitive Safety (RSS) and Safety Force Field (SFF), ensure driving safety by formalizing human safe-driving rules and constraining the vehicle to maintain safe lateral and longitudinal distances in real-time. While these methods effectively prevent collisions instigated by the autonomous vehicle itself, they lack sufficient foresight and often result in less smooth driving trajectories. To address these limitations, we propose an innovative, interpretable, formal safety verification framework. This approach integrates both explicit and implicit traffic rules to anticipate all legally acceptable transitions of traffic scenarios. It builds the lawful, short-term reachable region for each vehicle, and verifies the safety of autonomous vehicle decisions by assessing whether the regions these vehicles inhabit, in accordance with the expected trajectory, overlap with the accessible zones of other vehicles. Furthermore, in scenarios presenting potential danger, a backup smooth safety trajectory is derived from the autonomous vehicle’s legal reachability domain as a preventive measure to degrade safety threats. As a cornerstone of safety for autonomous vehicles, our proposed method ensures a continual safe trajectory in all traffic scenarios, provided that other participants adhere to traffic rules. Experimental outcomes, grounded in the ISO 34502 standard and real-world critical safety scenarios, demonstrate the method’s efficacy in identifying potentially dangerous decisions and mitigating autonomous vehicle-induced traffic accidents.
... Hereby, risks are often sorted into discrete time or acceleration indicators, probabilistic risks as well as learned risks. Methods based on time metrics (see [11] for Time-To-Brake) convince due to their intuitiveness. However, neglecting uncertainty does not reproduce realistic driving situations. ...
The survival analysis of driving trajectories allows for holistic evaluations of car-related risks caused by collisions or curvy roads. This analysis has advantages over common Time-To-X indicators, such as its predictive and probabilistic nature. However, so far, the theoretical risks have not been demonstrated in real-world environments. In this paper, we therefore present Risk Maps (RM) for online warning support in situations with forced lane changes, due to the end of roads. For this purpose, we first unify sensor data in a Relational Local Dynamic Map (R-LDM). RM is afterwards able to be run in real-time and efficiently probes a range of situations in order to determine risk-minimizing behaviors. Hereby, we focus on the improvement of uncertainty-awareness and transparency of the system. Risk, utility and comfort costs are included in a single formula and are intuitively visualized to the driver. In the conducted experiments, a low-cost sensor setup with a GNSS receiver for localization and multiple cameras for object detection are leveraged. The final system is successfully applied on two-lane roads and recommends lane change advices, which are separated in gap and no-gap indications. These results are promising and present an important step towards interpretable safety.
... To guarantee that there is no collision on the nominal scenario, the Responsibility-Sensitive Safety (RSS) [25] model was implemented as the minimum distance before the emergency brake is activated, which formula was adapted for our use case. RSS model was chosen since it provides a proven [26] safe distance according to our robot parameters. Ego vehicle is dened as the main actor of interest in the scenario, sometimes is also refereed as Vehicle Under Test (VUT). ...
Safety in the automotive domain is a well-known topic, which has been in constant development in the past years. The complexity of new systems that add more advanced components in each function has opened new trends that have to be covered from the safety perspective. In this case, not only specifications and requirements have to be covered but also scenarios, which cover all relevant information of the vehicle environment. Many of them are not yet still sufficient defined or considered. In this context, Safety of the Intended Functionality (SOTIF) appears to ensure the system when it might fail because of technological shortcomings or misuses by users. An identification of the plausibly insufficiencies of ADAS/ADS functions has to be done to discover the potential triggering conditions that can lead to these unknown scenarios, which might effect a hazardous behaviour. The main goal of this publication is the definition of an use case to identify these triggering conditions that have been applied to the collision avoidance function implemented in our self-developed mobile Hardware-in-Loop (HiL) platform.
... Intel released an open-source library called ad-rss-lib [25] that implements the RSS partially. Also, NVIDIA provides a software development kit called DriveWorks SDK that includes the SFF implementation [11] for approved users. ...
Despite the rapid improvement of autonomous driving technology in recent years, automotive manufacturers must resolve liability issues to commercialize autonomous passenger car of SAE J3016 Level 3 or higher. To cope with the product liability law, manufacturers develop autonomous driving systems in compliance with international standards for safety such as ISO 26262 and ISO 21448. Concerning the safety of the intended functionality (SOTIF) requirement in ISO 26262, the driving policy recommends providing an explicit rational basis for maneuver decisions. In this case, mathematical models such as Safety Force Field (SFF) and Responsibility-Sensitive Safety (RSS) which have interpretability on decision, may be suitable. In this work, we implement SFF from scratch to substitute the undisclosed NVIDIA's source code and integrate it with CARLA open-source simulator. Using SFF and CARLA, we present a predictor for claimed sets of vehicles, and based on the predictor, propose an integrated driving policy that consistently operates regardless of safety conditions it encounters while passing through dynamic traffic. The policy does not have a separate plan for each condition, but using safety potential, it aims human-like driving blended in with traffic flow.
... ρ is the agent vehicle response time. We use default values for these constants from the c++ library for the RSS [19]. ...
... To guarantee that there is no collision on the nominal scenario, the Responsibility-Sensitive Safety (RSS) [25] model was implemented as the minimum distance before the emergency brake is activated, which formula was adapted for our use case. RSS model was chosen since it provides a proven [26] safe distance according to our robot parameters. Ego vehicle is dened as the main actor of interest in the scenario, sometimes is also refereed as Vehicle Under Test (VUT). ...
Safety in the automotive domain is a well-known topic, which has been in constant development in the past years. The complexity of new systems that add more advanced components in each function has opened new trends that have to be covered from the safety perspective. In this case, not only specifications and requirements have to be covered but also scenarios, which cover all relevant information of the vehicle environment. Many of them are not yet still sufficient defined or considered. In this context, Safety of the Intended Functionality (SOTIF) appears to ensure the system when it might fail because of technological shortcomings or misuses by users.An identification of the plausibly insufficiencies of ADAS/ADS functions has to be done to discover the potential triggering conditions that can lead to these unknown scenarios, which might effect a hazardous behaviour. The main goal of this publication is the definition of an use case to identify these triggering conditions that have been applied to the collision avoidance function implemented in our self-developed mobile Hardware-in-Loop (HiL) platform.KeywordsTriggering conditionsSOTIFADASAutomated Driving Systems
... However, these bounds might even be reduced considering the faster reaction time of unmanned vehicles with respect to human-driven ones. Even if there are other rules to compute the optimal inter-vehicle distance, such as the one stated by the Responsibility Sensitive Safety (RSS) widely used in literature (e.g. in (Shalev-Shwartz et al., 2017) and (Gassmann et al., 2019)), it is useful to start with the recommended distances stated by the traffic regulations which represent the minimum constraints to satisfy within the road nowadays. Of course, assuming only unmanned vehicles it can emerge the possibility of taking into account shorter inter-vehicle distances. ...
This paper introduces a comparison between a decentralized Proportional Integral Derivative (PID) controller and a centralized Linear Quadratic Tracking (LQT) controller to automatise the exchange of two inner vehicles inside a platoon moving on a straight path. Lomonossoff’s model is used to represent vehicle’s longitudinal dynamics. A case study is presented to demonstrate the effectiveness of both controllers respectively on nonlinear and linearized model.
... This project consists in developing and improving an operational safety verification model, called Responsibility Sensitive Safety (RSS). It provides an safety-oriented open source executable algorithms in order to implement provable and verifiable navigation behaviors [117]. RSS should be considered as a design guidance for navigation strategies to evoke a completely safe decision making for critical situations. ...
Huge advancements have been witnessed recently in the field of Intelligent Transportation Systems (ITSs). In particular, a special focus has been dedicated to ensure the safe and reliable operation of Intelligent Vehicles (IVs). This issue is very challenging due to the considerable environmental uncertainties impacting IVs. Besides, the sophisticated architectures of modern IVs have brought new complications and uncertainty sources, such as failures, communication latencies, etc. This Ph.D thesis aims to provide guaranteed navigation strategies i.e., approaches that consider all potential uncertainty states. To meet this goal, the interval analysis is employed. The principle part of this Ph.D contribution concerns the IV architectures and control aspects. First, a reliable reachability scheme is proposed to present strong safety guarantees for a flexible Navigation Strategy based on Sequential Waypoint Reaching (NSbSWR). The risk management proposed for the NSbSWR reveals the vehicle reachable space, while explicitly considering different uncertainties in modelling and/or perception, etc. The reachability analysis is proceeded via an interval Taylor series expansion method. It uses also the system historical features to improve accuracy of the navigation system reachable space. Once a collision risk is detected, the risk management acts on the control parameters to master the critical situation. Then, this thesis tackles the establishment of risk management solutions for a car-following scenario, which is performed by an Adaptive Cruise Control (ACC) system. Instead of an uncertain probabilistic prediction of threats, the suggested solution has resorted to an interval-based conjoint modeling/data-driven characterization of uncertainties. Hence, a novel extension of the Time-To-Collision (TTC) indicator is introduced to carry out the inroad risk assessment with a comprehensive consideration of uncertainties and material constraints. This extension of TTC is improved later by combining the interval-based computation with a stochastic approach for optimality purposes. The second part of this thesis contributions addresses the tight link between the high-level control aspect and hardware one of IVs. To enhance the risk management robustness to the IV material constraints, relevant techniques to quantify intervals of the inter/intra-vehicular communication latencies are presented. These techniques may avoid any inappropriate and slow reactions of the IV risk management to the in-road threats. Even more, an interval-based extension is proposed for the Principle Component Analysis (PCA) diagnosis method to overcome impacts of failures on IVs. The interval-based PCA is integrated into an ACC architecture to provide a fault-aware risk management level. The sensitivity to faults is increased and the system is monitored in respect to the uncertainty worst cases. The mutuality between the interval-based diagnosis and uncertainty handling approaches enabled to simultaneously detect failures and master all uncertainties. Finally, all the interval-based solutions suggested in this thesis have been validated through extensive simulation work and experiments.
... Some RSS rules have been implemented and are offered as a library [22]. Integration of the goal-aware RSS rules we derive in this paper, in the library, is future work. ...
We introduce a goal-aware extension of responsibility-sensitive safety (RSS), a recent methodology for rule-based safety guarantee for automated driving systems (ADS). Making RSS rules guarantee goal achievement—in addition to collision avoidance as in the original RSS—requires complex planning over long sequences of manoeuvres.To deal with the complexity, we introduce a compositional reasoning framework based on program logic, in which one can systematically develop RSS rules for smaller subscenarios and combine them to obtain RSS rules for bigger scenarios. As the basis of the framework, we introduce a program logic $\text{dFHL}$ that accommodates continuous dynamics and safety conditions. Our framework presents a $\text{dFHL}$ -based workflow for deriving goal-aware RSS rules; we discuss its software support, too. We conducted experimental evaluation using RSS rules in a safety architecture. Its results show that goal-aware RSS is indeed effective in realising both collision avoidance and goal achievement.
... Some RSS rules have been implemented and are offered as a library [22]. Integration of the goal-aware RSS rules we derive in this paper, in the library, is future work. ...
We introduce a goal-aware extension of responsibility-sensitive safety (RSS), a recent methodology for rule-based safety guarantee for automated driving systems (ADS). Making RSS rules guarantee goal achievement -- in addition to collision avoidance as in the original RSS -- requires complex planning over long sequences of manoeuvres. To deal with the complexity, we introduce a compositional reasoning framework based on program logic, in which one can systematically develop RSS rules for smaller subscenarios and combine them to obtain RSS rules for bigger scenarios. As the basis of the framework, we introduce a program logic dFHL that accommodates continuous dynamics and safety conditions. Our framework presents a dFHL-based workflow for deriving goal-aware RSS rules; we discuss its software support, too. We conducted experimental evaluation using RSS rules in a safety architecture. Its results show that goal-aware RSS is indeed effective in realising both collision avoidance and goal achievement.
... Responsibility-Sensitive Safety (RSS) is a model proposed by Intel and Mobileye to ensure the safety of autonomous vehicles (Gassmann, et. al., 2019). It was presented to use the autonomous vehicle as a basis for determining who is responsible in the event of a traffic accident. NVIDIA also has a calculated defensive driving policy, Safety Force Field (SFF), to prevent collisions with autonomous vehicles. They have similarities in focusing on the protection of the autonomous vehicle ...
... ρ is the agent vehicle response time. We use default values for these constants from the c++ library for the RSS [19]. ...
Recent Autonomous Vehicles (AV) technology includes machine learning and probabilistic techniques that add significant complexity to the traditional verification and validation methods. The research community and industry have widely accepted scenario-based testing in the last few years. As it is focused directly on the relevant crucial road situations, it can reduce the effort required in testing. Encoding real-world traffic participants' behaviour is essential to efficiently assess the System Under Test (SUT) in scenario-based testing. So, it is necessary to capture the scenario parameters from the real-world data that can model scenarios realistically in simulation. The primary emphasis of the paper is to identify the list of meaningful parameters that adequately model real-world lane-change scenarios. With these parameters, it is possible to build a parameter space capable of generating a range of challenging scenarios for AV testing efficiently. We validate our approach using Root Mean Square Error(RMSE) to compare the scenarios generated using the proposed parameters against the real-world trajectory data. In addition to that, we demonstrate that adding a slight disturbance to a few scenario parameters can generate different scenarios and utilise Responsibility-Sensitive Safety (RSS) metric to measure the scenarios' risk.
... . . , M denotes the index of each obstacle and d min is the minimum safe distance from the responsibility-sensitive safety (RSS) model [26], [27]. σ i x and σ i y determine the shape of the obstacle's PF based on the relative speed and distance between the ego-vehicle and the obstacle. ...
Existing potential functions (PFs) utilized in autonomous vehicles mainly focus on solving the path-planning problems in some conventional driving scenarios; thus, their performance may not be satisfactory in the context of emergency obstacle avoidance. Therefore, we propose a novel model predictive path-planning controller (MPPC) combined with PFs to handle complex traffic scenarios (e.g., emergency avoidance when a sudden accident occurs). Specifically, to enhance the safety of the PFs, we developed an MPPC to handle an emergency case with a sigmoid-based safe passage embedded in the MPC constraints (SPMPC) with a specific triggering analysis algorithm on monitoring traffic emergencies. The presented PF-SPMPC algorithm was compiled in a comparative simulation study using MATLAB/Simulink and CarSim. The algorithm outperformed the latest PF-MPC approach to eliminate the severe tire oscillations and guarantee autonomous driving safety when handling the traffic emergency avoidance scenario.
... We start by considering how variations in kinematic measurements affect the longitudinal MSE metric for vehicles traveling in the same direction. The parameters shown in Table 2 are used as an example starting point for ADS-operated vehicles, and are based on estimates from naturalistic driving and intuition reflecting established driving practices [10,12,13], though further research is needed to help better understand and refine these values. Figure 3 presents a contour plot showing the minimum threshold distance for safe longitudinal following distance according to the MSE metric as the two kinematic quantities vary. ...
As the deployment of automated vehicles (AVs) on public roadways expands, there is growing interest in establishing metrics that can be used to evaluate vehicle operational safety. The set of Operational Safety Assessment (OSA) metrics, that include several safety envelope type metrics, previously proposed by the Institute of Automated Mobility (IAM) are a step towards this goal. The safety envelope OSA metrics can be computed using kinematics derived from video data captured by infrastructure-based cameras and thus do not require on-board sensor data or vehicle-to-infrastructure (V2I) connectivity, though either of the latter data sources could enhance kinematic data accuracy. However, the calculation of some metrics includes certain vehicle-specific parameters that must be assumed or estimated if they are not known a priori or communicated directly by the vehicle. Uncertainty and errors in kinematic measurements and assumed parameters can influence the accuracy and ultimately the utility of the safety envelope metrics. This paper investigates how sensitive the OSA safety envelope metrics are to errors and variations in measured and assumed variables, respectively. The metrics are introduced in the context of a car-following scenario, and data sources are discussed, though the sensitivity analyses are ultimately agnostic to the specific sensor modality employed. Results reveal that measurement and parameter uncertainty are especially important when vehicles are close to safety envelope thresholds or in congested driving conditions. The outcomes of this research can help to understand the effects of measurement uncertainty on OSA metrics calculations and inform the selection of suitable sensors and hardware for the accurate and reliable assessment of vehicle operational safety.
... The maximum acceleration and minimum deceleration values are assumed to be the same because they are determined by the following vehicle with autonomous driving function. Moreover, the maximum deceleration of the leading vehicle and the response time of the autonomous vehicle were cited [39]. Equations (3)-(5) represent the derived RSS safety distance calculation formulas of the 2.5 T gasoline, 3.5 T gasoline, and 3.0 diesel models, respectively. ...
Today, a lot of research on autonomous driving technology is being conducted, and various vehicles with autonomous driving functions, such as ACC (adaptive cruise control) are being released. The autonomous vehicle recognizes obstacles ahead by the fusion of data from various sensors, such as lidar and radar sensors, including camera sensors. As the number of vehicles equipped with such autonomous driving functions increases, securing safety and reliability is a big issue. Recently, Mobileye proposed the RSS (responsibility-sensitive safety) model, which is a white box mathematical model, to secure the safety of autonomous vehicles and clarify responsibility in the case of an accident. In this paper, a method of applying the RSS model to a variable focus function camera that can cover the recognition range of a lidar sensor and a radar sensor with a single camera sensor is considered. The variables of the RSS model suitable for the variable focus function camera were defined, the variable values were determined, and the safe distances for each velocity were derived by applying the determined variable values. In addition, as a result of considering the time required to obtain the data, and the time required to change the focal length of the camera, it was confirmed that the response time obtained using the derived safe distance was a valid result.
... Hereby, risks are often sorted into discrete time or acceleration indicators, probabilistic risks as well as learned risks. Methods based on time metrics (see [11] for Time-To-Brake) convince due to their intuitiveness. However, neglecting uncertainty does not reproduce realistic driving situations. ...
The survival analysis of driving trajectories allows for holistic evaluations of car-related risks caused by collisions or curvy roads. This analysis has advantages over common Time-To-X indicators, such as its predictive and probabilistic nature. However, so far, the theoretical risks have not been demonstrated in real-world environments. In this paper, we therefore present Risk Maps (RM) for online warning support in situations with forced lane changes, due to the end of roads. For this purpose, we rst unify sensor data in a Relational Local Dynamic Map (R-LDM). RM is afterwards able to be run in real-time and efciently probes a range of situations in order to determine risk-minimizing behaviors. Hereby, we focus on the improvement of uncertainty-awareness and transparency of the system. Risk, utility and comfort costs are included in a single formula and are intuitively visualized to the driver. In the conducted experiments, a low-cost sensor setup with a GNSS receiver for localization and multiple cameras for object detection are leveraged. The nal system is successfully applied on two-lane roads and recommends lane change advices, which are separated in gap and no-gap indications. These results are promising and present an important step towards interpretable safety.
... I. The parameters are similar to the ones that have been validated in other studies considering RSS [53]- [55]. However, we adjust the reaction time to 0.5s as a compromise between reasonable reaction times for humans and AVs [56], [57]. ...
Ensuring the safety of autonomous vehicles (AVs) in uncertain traffic scenarios is a major challenge. In this paper, we address the problem of computing the risk that AVs violate a given safety specification in uncertain traffic scenarios, where state estimates are not perfect. We propose a risk measure that captures the probability of violating the specification and determines the average expected severity of violation. Using highway scenarios of the US101 dataset and Responsible Sensitive Safety (RSS) as an example specification, we demonstrate the effectiveness and benefits of our proposed risk measure. By incorporating the risk measure into a trajectory planner, we enable AVs to plan minimal-risk trajectories and to quantify trade-offs between risk and progress in traffic scenarios.
... In order to calculate the Minimum Safe Distance-Related metrics from [3], the subject vehicle used the open source implementation of the RSS model from [8] and [17] that is integrated within CARLA [18]. An "RSS Sensor" was attached to the subject vehicle which analyzed the situation at each time step in order to calculate the longitudinal and lateral minimum safe distances with respect to the other road users during the simulation. ...
The operational safety of automated driving system (ADS)-equipped vehicles (AVs) must be quantified using well-defined metrics in order to gain an unambiguous understanding of the level of risk associated with AV deployment on public roads. In this research, efforts to
evaluate the operational safety assessment (OSA) metrics introduced in prior work by the Institute of Automated Mobility (IAM) are described. An initial validation of the proposed set of OSA metrics involved using the open-source simulation software Car Learning to Act (CARLA) and Scenario Runner, which are used to place a subject vehicle in selected scenarios and obtain measurements for the various relevant OSA metrics. Car following scenarios were selected
from the list of 37 pre-crash scenarios identified by the National Highway Traffic Safety Administration (NHTSA) as the most common driving situations that lead to crash events involving two light-duty vehicles. The resulting data were used to evaluate different parameters and thresholds of the metrics developed in the prior IAM work. The simulation and analysis results were used to evaluate the relevant metrics in the context of a proposed criteria as measurable and applicable to the operational safety of AVs and human-driven vehicles alike in a data-driven approach.
... In order to calculate the Minimum Safe Distance-Related metrics from [3], the subject vehicle used the open source implementation of the RSS model from [8] and [17] that is integrated within CARLA [18]. An "RSS Sensor" was attached to the subject vehicle which analyzed the situation at each time step in order to calculate the longitudinal and lateral minimum safe distances with respect to the other road users during the simulation. ...
... In this paper, Responsibility Sensitive Safety (RSS) [19], [20], [21] rules are utilized for classifying and qualifying driving test data to determine ego-centric and meaningful driving scenarios. In order to achieve that, RSS specifications are formalized into STL to enable formal, algorithmic reasoning over them. ...
Velocity planning is an important module of autonomous driving, which aims to generate the velocity profile given a reference path. However, most existing algorithms fail to adequately address the uncertainty inherent in driving contexts, leading to potentially risky situations. To this end, we propose an efficient safety-enhanced velocity planning algorithm (ESEVP), which uses chance constraints to take uncertainties from trajectory prediction and velocity tracking into account, arising great improvement in driving safety. In addition, ESEVP formulates velocity planning as quadratic programming and explores candidate solutions through a fast planning space construction method, which ensures efficiency and covers all the interaction possibilities. Experimental results obtained from various scenarios demonstrate that ESEVP outperforms recent state-of-the-art methods in terms of safety, comfort, and driving efficiency. Besides, we successfully deploy ESEVP in real traffic, showcasing its competitive capabilities in practice.
This paper studies the evaluation of learning-based object detection models in conjunction with model-checking of formal specifications defined on an abstract model of an autonomous system and its environment. In particular, we define two metrics -- \emph{proposition-labeled} and \emph{class-labeled} confusion matrices -- for evaluating object detection, and we incorporate these metrics to compute the satisfaction probability of system-level safety requirements. While confusion matrices have been effective for comparative evaluation of classification and object detection models, our framework fills two key gaps. First, we relate the performance of object detection to formal requirements defined over downstream high-level planning tasks. In particular, we provide empirical results that show that the choice of a good object detection algorithm, with respect to formal requirements on the overall system, significantly depends on the downstream planning and control design. Secondly, unlike the traditional confusion matrix, our metrics account for variations in performance with respect to the distance between the ego and the object being detected. We demonstrate this framework on a car-pedestrian example by computing the satisfaction probabilities for safety requirements formalized in Linear Temporal Logic (LTL).
With further advancements of autonomous driving, also larger application scenarios will be addressed, so-called Operational Design Domains (ODDs). Autonomous vehicles will likely experience varying operating conditions in such broader ODDs. The implications of changing operating conditions on safety and required adaptation is, however, an open challenge. In our work, we exemplary investigate a vehicle following scenario passing through altering operating conditions and Responsibility Sensitive Safety (RSS) as formal model to define appropriate longitudinal following distances. We provide a deeper analysis of the influence of switching the safety model parameter values to adapt to new operating conditions. As our findings show that hard switches of operating conditions can lead to critical situations, we propose an approach for continuously adapting safety model parameters allowing for a safe and more comfortable transition. In our evaluation, we utilize driving simulations to compare the hard switching of parameters with our proposal of gradual adaptation. Our results highlight the implications of changing operating conditions on the driving safety. Moreover, we provide a solution to adapt the safety model parameters of an autonomous vehicle in such a way that safety model violations during transition can be avoided.
This paper studies the evaluation of learning-based object detection models in conjunction with model-checking of formal specifications defined on an abstract model of an autonomous system and its environment. In particular, we define two metrics -- \emph{proposition-labeled} and \emph{class-labeled} confusion matrices -- for evaluating object detection, and we incorporate these metrics to compute the satisfaction probability of system-level safety requirements. While confusion matrices have been effective for comparative evaluation of classification and object detection models, our framework fills two key gaps. First, we relate the performance of object detection to formal requirements defined over downstream high-level planning tasks. In particular, we provide empirical results that show that the choice of a good object detection algorithm, with respect to formal requirements on the overall system, significantly depends on the downstream planning and control design. Secondly, unlike the traditional confusion matrix, our metrics account for variations in performance with respect to the distance between the ego and the object being detected. We demonstrate this framework on a car-pedestrian example by computing the satisfaction probabilities for safety requirements formalized in Linear Temporal Logic (LTL).
In public road tests of autonomous vehicles in California, rear-end crashes have been the most common type of crash. Collision avoidance systems, such as autonomous emergency braking (AEB), have provided an effective way for autonomous vehicles to avoid collisions with the lead vehicle, but to avert false alarms, AEB tends to apply late and hard brake only if a collision becomes unavoidable. Automatic preventive braking (APB) is a new collision avoidance method used in Mobileye’s Responsibility-Sensitive Safety (RSS) model that aims to reduce crashes with a milder brake and decreased impact on traffic flow, but APB’s safety performance is inferior to that of AEB. This study therefore proposes three safety improvement strategies for APB, the addition of response time, safety buffer, and minimum following distance; and combines them in different ways into four improved APB systems, IP1-IP4. Simulating car-following safety–critical events (SCEs) extracted from the Shanghai Naturalistic Driving Study in MATLAB’s Simulink, the safety performance, conservativeness, and driving comfort of the four systems were evaluated and compared with the original APB system, two AEB systems, and human drivers. The results show that 1) IP4, the system that integrated all three strategies, outperformed the baseline APB and IP1-IP3 and prevented all SCEs from becoming crashes; 2) IP4 was slightly more conservative than AEB, but less conservative than RSS; 3) APB’s jerk-bounded braking profile improved driving comfort; and 4) higher deceleration was found in the two AEB systems (both 8.1 m/s²) than in IP4 (6.7 m/s²), but they failed to prevent all crashes. Our proposed APB system, IP4, can provide safe, efficient, and comfortable braking for AVs in car-following SCEs, and has the potential to be practically applied in vehicle collision avoidance systems.
Driving safely requires multiple capabilities from human and intelligent agents, such as the generalizability to unseen environments, the safety awareness of the surrounding traffic, and the decision-making in complex multi-agent settings. Despite the great success of Reinforcement Learning (RL), most of the RL research works investigate each capability separately due to the lack of integrated environments. In this work, we develop a new driving simulation platform called MetaDrive to support the research of generalizable reinforcement learning algorithms for machine autonomy. MetaDrive is highly compositional, which can generate an infinite number of diverse driving scenarios from both the procedural generation and the real data importing. Based on MetaDrive, we construct a variety of RL tasks and baselines in both single-agent and multi-agent settings, including benchmarking generalizability across unseen scenes, safe exploration, and learning multi-agent traffic. The generalization experiments conducted on both procedurally generated scenarios and real-world scenarios show that increasing the diversity and the size of the training set leads to the improvement of the RL agent's generalizability. We further evaluate various safe reinforcement learning and multi-agent reinforcement learning algorithms in MetaDrive environments and provide the benchmarks. Source code, documentation, and demo video are available at
https://metadriverse.github.io/metadrive
.
Autonomous Vehicles (AV) are inevitable entities in future mobility systems that
demand safety and adaptability as two critical factors in replacing/assisting human
drivers. Safety arises in defining, standardizing, quantifying, and monitoring requirements
for all autonomous components. Adaptability, on the other hand, involves
efficient handling of uncertainty and inconsistencies in models and data. First, I address
safety by presenting a search-based test-case generation framework that can be
used in training and testing deep-learning components of AV. Next, to address adaptability,
I propose a framework based on multi-valued linear temporal logic syntax and
semantics that allows autonomous agents to perform model-checking on systems with
uncertainties. The search-based test-case generation framework provides safety assurance
guarantees through formalizing and monitoring Responsibility Sensitive Safety
(RSS) rules. I use the RSS rules in signal temporal logic as qualification specifications
for monitoring and screening the quality of generated test-drive scenarios. Furthermore,
to extend the existing temporal-based formal languages’ expressivity, I propose
a new spatio-temporal perception logic that enables formalizing qualification specifications
for perception systems. All-in-one, my test-generation framework can be
used for reasoning about the quality of perception, prediction, and decision-making
components in AV. Finally, my efforts resulted in publicly available software. One
is an offline monitoring algorithm based on the proposed logic to reason about the
quality of perception systems. The other is an optimal planner (model checker) that
accepts mission specifications and model descriptions in the form of multi-valued logic
and multi-valued sets, respectively. My monitoring framework is distributed with the
publicly available S-TaLiRo and Sim-ATAV tools.
Automated vehicles (AV) heavily depend on robust perception systems. Current methods for evaluating vision systems focus mainly on frame-by-frame performance. Such evaluation methods appear to be inadequate in assessing the performance of a perception subsystem when used within an AV. In this paper, we present a logic -- referred to as Spatio-Temporal Perception Logic (STPL) -- which utilizes both spatial and temporal modalities. STPL enables reasoning over perception data using spatial and temporal relations. One major advantage of STPL is that it facilitates basic sanity checks on the real-time performance of the perception system, even without ground-truth data in some cases. We identify a fragment of STPL which is efficiently monitorable offline in polynomial time. Finally, we present a range of specifications for AV perception systems to highlight the types of requirements that can be expressed and analyzed through offline monitoring with STPL.
Specifying the perceptual accuracy autonomous vehicles require when interacting with surrounding traffic participants is not a trivial task. While computer vision capabilities have drastically improved over the last years (mainly driven by the success of machine learning techniques), specification of corresponding validation goals is lagging behind. A particular challenge is to take criticality of errors into consideration when evaluating perception components. In the context of autonomous vehicles in urban areas, criticality is linked to the varying relevance of environmental elements. Non-detection of leading vehicles or close lane markings is more critical than missing a parked vehicle which has already been passed. In this paper, we propose an approach for the systematic definition of relevant areas in urban traffic situations. Corresponding objects inside these relevant areas can be considered relevant to enable a more precise perception evaluation. To that end, we introduce a set of basic areas and explain when these become relevant and how these are constructed. Moreover, we show a first implementation of our proposed basic areas and evaluate them based on traffic situations. Additionally, we demonstrate applicability of our method by incorporating it into an exemplary perception evaluation. We hope that our approach can serve as a stepping stone to more precise specifications of perception requirements and task-oriented perception evaluation.
Assuring the safety of all road users, including non-motorized vehicles, is important in the autonomous driving environment. Autonomous emergency braking (AEB) systems have provided an effective way for automated vehicles to avoid collisions with the less easily detectable non-motorized vehicles. Automatic preventive braking (APB) is a new method proposed by Mobileye that promises to reduce crashes without reducing traffic throughput, but APB’s effectiveness has not yet been evaluated. This study therefore calibrates and compares the performance of APB with that of one-stage and three-stage AEB braking systems in safety-critical events (SCEs) between motorized and non-motorized vehicles, using SCEs extracted from the Shanghai Naturalistic Driving Study and simulated in MATLAB’s Simulink. The evaluation results, which consider both safety and conservativeness, show that 1) one-stage AEB with a deceleration of
$5.5\,\text {m/s}^{2}$
and a time-to-collision threshold of 1.6 seconds can prevent all SCEs from becoming crashes; 2) APB has the best driving stability but its safety performance is inferior to that of the two AEB systems; 3) APB’s deceleration process is easily affected by its pre-defined parameters and changing kinetic parameters, which may be one cause of its crashes; 4) AEB’s time-triggered braking process is more consistent and reliable than APB’s distance-triggered process.
Autonomous driving systems (ADSs) need to be able to respond quickly to changes in the dynamic traffic scenario. However, regardless of the changes occurring in traffic scenes, the current local path planning frameworks of ADSs are based on the fixed frequency re-planning path (i.e., running their planning algorithms repeatedly). This planning method makes it difficult to provide a reasonable traveling path, agility, and comfort for driverless vehicles in changing traffic scenarios. Therefore, this article performs an in-depth analysis of the problems of traditional planning frameworks which use a fixed frequency to replan the path and proposes a novel path planning framework that is universal based on multiple-models. The proposed framework divides the planning process into several layers, each of which has different functions. With this framework, the ADS can adaptively adjust the planning process according to the changes in traffic scenes and then provide different path planning algorithms to ensure its safety and flexibility in the process of driving. Moreover, the problems caused by the traditional planning framework can be solved. This framework has been applied to the autonomous vehicle "Pioneer", which won first place in the 2019 China Intelligent Vehicle Future Challenge (IVFC). The effectiveness and rationality of the integrated framework of local path planning proposed in this article were verified by a large number of tests in real-world traffic scenarios.
The paper presents benefits of application of Advanced Emergency Braking Systems (AEBS) from the pedestrian's safety point of view. The main parameters were the number of undesirable events (running over a pedestrian) and accidents as well as the probability of the pedestrian death or serious injury. The relationship between probability of injury (fatal or serious) and parameters: impact velocity and pedestrian's age was based on statistical data from the literature. Then, using the Monte Carlo method, analysis of the accident-prone situations (1,000 cases for each of the 10 different distances between pedestrian and car) was carried out. Variability of the parameters such as: car's initial velocity, driver's reaction time, braking deceleration, delay in brake activation, time of braking deceleration increase was described with the use of normal or log-normal distributions. Pedestrian's age was presented as a special distribution approximating the population pyramid in Poland. The analysis conducted showed a significant increase of pedestrian safety (decrease in the following parameters: number of undesirable events and accidents, probability of death or serious injury by 40-50%). This paper presents the benefits from the introduction of advanced driver assistance systems on the example of ABES, which are not yet widely used and will be implemented in the future.
Tematem niniejszej publikacji jest przedstawienie korzyści z zastosowania systemów automatycz-nego hamowania awaryjnego (AEBS) z punktu widzenia bezpieczeństwa pieszego. Za główne para-metry uznano liczbę zdarzeń niepożądanych (najechanie na przechodnia) i wypadków oraz praw-dopodobieństwo poniesienia śmierci lub poważnych obrażeń przez pieszego. Na podstawie danych statystycznych dostępnych w literaturze prawdopodobieństwo obrażeń (poważnych i śmiertel-nych) uzależniono od prędkości zderzenia oraz wieku pieszego. Następnie przeprowadzono analizę metodą Monte Carlo dla sytuacji prowadzących do wypadku (uwzględniono 1000 przypadków dla każdej z 10 założonych odległości pomiędzy pieszym a samochodem). Zmienność parametrów wej-ściowych takich jak prędkość początkowa samochodu, czas reakcji kierowcy, opóźnienie hamowa-nia, czas zwłoki zadziałania hamulców, czas narastania opóźnienia hamowania została przybliżona za pomocą rozkładów normalnych lub logarytmiczno-normalnych. Wiek pieszego przedstawiono jako rozkład przybliżający piramidę wieku społeczeństwa polskiego. Przeprowadzone analizy wy-kazały znaczący wzrost bezpieczeństwa pieszego (spadek następujących parametrów: liczby zda-rzeń niepożądanych, prawdopodobieństwa śmierci lub poważnych obrażeń o 40-50%). Niniejsza publikacja przedstawia na przykładzie AEBS korzyści z wprowadzenia zaawansowanych systemów wsparcia kierowcy, które nie są jeszcze powszechnie stosowane i będą dopiero wdrażane. Słowa kluczowe: bezpieczeństwo drogowe, bezpieczeństwo pieszych, zaawansowane systemy au-tomatycznego hamowania, metoda Monte Carlo, aDrive
Braking systems have been continuously developed and improved throughout the last years. Major milestones were the introduction of antilock braking system (ABS) and electronic stability program. This reference book provides a detailed description of braking components and how they interact in electronic braking systems.
Contents
Motor vehicle safety.- Basic principles of vehicle dynamics.- Car braking systems.- Car braking-system components.- Wheel brakes.- Antilock breaking systems.- Traction control system.- Electronic stability program.- Automatic brake functions.- Hydraulic modulator.- Sensors for brake control.- Sensotronic brake control.- Active steering.- Occupant protection systems.- Driver assistance systems.- Adaptive cruise control.- Parking systems.- Instrumentation.- Orientation methods.- Navigation systems.- Workshop technology.
The target groups
Motor-vehicle technicians in education and vocational training
Master-mechanics and technicians in garage-workshops
Teachers and lecturers in vocational schools
Students at universities and technical colleges
And all those interested in automotive engineering
About the Bosch Group
Bosch is the world´s largest independent supplier of parts and equipment for motor vehicles. Innovations by Bosch have shaped the development of the automobile. Bosch´s dominant technological role in many fields is demonstrated by the fact that it has the most patent applications in automotive engineering in Germany, to the European Patent Office and in the USA.
We introduce CARLA, an open-source simulator for autonomous driving research. CARLA has been developed from the ground up to support development, training, and validation of autonomous urban driving systems. In addition to open-source code and protocols, CARLA provides open digital assets (urban layouts, buildings, vehicles) that were created for this purpose and can be used freely. The simulation platform supports flexible specification of sensor suites and environmental conditions. We use CARLA to study the performance of three approaches to autonomous driving: a classic modular pipeline, an end-to-end model trained via imitation learning, and an end-to-end model trained via reinforcement learning. The approaches are evaluated in controlled scenarios of increasing difficulty, and their performance is examined via metrics provided by CARLA, illustrating the platform's utility for autonomous driving research. The supplementary video can be viewed at https://youtu.be/Hp8Dz-Zek2E
In recent years, car makers and tech companies are racing toward self driving cars. It seems that the main parameter in this race is who will have the first car on the road. The goal of this paper is to add to the equation two additional crucial parameters. The first is standardization of safety assurance --- what are the minimal requirements that every self-driving car must satisfy, and how can we verify these requirements. The second parameter is scalability --- engineering solutions that lead to unleashed costs will not scale to millions of cars, which will push interest in this field into a niche academic corner, which might drive the entire field into a "winter of autonomous driving". In the first part of the paper we propose a white-box, interpretable, mathematical model for safety assurance. In the second part we describe a design of a system that adheres to our safety assurance requirements and is scalable to millions of cars.
Why uber self-driving car killed a pedestrian
- T Economist
T.
Economist,
"Why
uber
self-driving
car
killed
a
pedestrian,"
2017.
[Online].
Selfdriving vehicle verification towards a benchmark
- N Roohi
- R Kaur
- J Weimer
- O Sokolsky
- I Lee
N. Roohi, R. Kaur, J. Weimer, O. Sokolsky, and I. Lee, "Selfdriving vehicle verification towards a benchmark," arXiv preprint
arXiv:1806.08810, 2018.
Braking distance, friction and behaviour
- greibe
P. Greibe, "Braking distance, friction and behaviour," Trafitec, Scion-DTU, 2007.
A method for developing aeb systems based on integration of virtual and experimental tools
- R Bours
- K Rauf
- K Kietlinski
R. Bours, K. Rauf, and K. Kietlinski, "A method for developing aeb
systems based on integration of virtual and experimental tools," in
23rd International Technical Conference on the Enhanced Safety of
Vehicles (ESV) National Highway Traffic Safety Administration, no.
13-0347, 2013.
Brakes, brake control and driver assistance systems
- K Reif
K. Reif, "Brakes, brake control and driver assistance systems," Weisbaden, Germany, Springer Vieweg, 2014.
Vision zero: on a provable method for eliminating roadway accidents without compromising traffic throughput
- S Shalev-Shwartz
- S Shammah
- A Shashua
S. Shalev-Shwartz, S. Shammah, and A. Shashua, "Vision zero:
on a provable method for eliminating roadway accidents without
compromising traffic throughput," arXiv preprint arXiv:1901.05022v2,
2018.
A method for developing aeb systems based on integration of virtual and experimental tools
- bours