Participating in public traffic always involves a trade-off between mobility and safety. This applies to both, human-driven and automated vehicles. Thus, there is an inherent risk when operating SAE level 3+ [3] automated vehicles in public traffic.
Different types of uncertainty can be distinguished to describe the root causes of this risk. Machine perception is the enabling technology for the automation of road vehicles. However, different sensor principles are always subject to physical limitations. Fusing data from different sensor types can overcome some of these deficiencies, but not all. Moreover, the interpretation of the environment data is still an active field of research. Even assuming perfect environment perception, occluded areas introduce uncertainty to the task of situation assessment.
The prediction of other traffic participants’ behavior is thus based on inherently limited information about their states and - in general - unknown intentions. This even applies to human drivers, who often assume that other traffic participants will mostly comply with traffic rules. Still, it is an open question whether this assumption should be adopted to automated vehicles. Even more challenging, potential reckless behavior, e.g., of children, must be considered.
The definition and generation of appropriate vehicle behavior and its execution are another source of uncertainty. On the one hand, it must be assured that automated vehicles are able to make safe driving decisions for any perceived situation. On the other hand, the execution of these decisions in terms of trajectory planing and tracking relies on vehicle dynamics models that are always an abstraction of the reality. Hence, the effects of unmodeled vehicle dynamics and external disturbances must also be considered.
The execution of perception and decision making software requires data, software and hardware of unprecedented complexity -- requiring new approaches to functional safety [4] and safety of the intended functionality [5] (cf.~[6]). This already starts with the specification of an automated driving functionality as foundation for the development. Basically, the specification is required to define the vehicle behavior for each possible scenario encountered during the automated operation. However, it appears impossible to consider all relevant scenarios during system design since automated vehicles operate in an open environment. Consequently, the vehicle's correct behavior is not guaranteed in scenarios which go beyond the specification. In contrast, human drivers are able to adapt to unforeseen scenarios. Hence, approaches are needed to explicitly address this definitional gap. Industry has put forward some of these approaches [7,8].
Last but not least, conventional validation approaches do not suffice for validating SAE level 3+ automation systems [9]. Safety-by-design approaches that build on scenario-based development and scenario-based simulative verification and validation are still subject to intense research and development. Validated sensor models have to be established and rare corner cases must be incorporated in test suites. The impact of discretization of a continuous environment and its implications for the completeness of validation have to be understood. Besides the need for novel safety-by-design approaches, surrogate safety metrics for the operational assessment of the technology are neither well defined nor harmonized across the industry and the regulatory frameworks being discussed to date. The required safety level for automated vehicles accepted by society and valid (risk) acceptance criteria are still not established, as well.
Approaches to reduce all aforementioned uncertainties to an acceptable level (which is yet to be defined) and methods to argue why the remaining risks are reasonable are key for deploying automated vehicles into public traffic. To achieve a conclusive argumentation of reasonable residual risk, a variety of stakeholder values need to be considered in a systematic and traceable manner [10]. To further acceptance, open communication about open safety issues may be advised.
In summary, the many unresolved challenges in ensuring safety of automated vehicles necessitate a holistic consideration of safety and its validation throughout the development of automated vehicles. Thus, we still see high interest in the workshop topics derived from the urgent need of solutions from industry and regulators.
The proposed workshop aims at encouraging contributions and promoting scientific exchange among researchers and practitioners from academia, industry, and regulatory bodies. Although safety and its validation are more and more focused in the ITS community, the numerous participants of the successful workshops on "Ensuring and Validating Safety for Automated Vehicles" (ITSC 2018, IV 2019-2023, average participation 40 pax.) as well as on ``Automated Vehicle Safety: Verification, Validation, and Transparency'' (ITSC 2019-2021) commonly agreed that research with respect to ensuring and validating safety is still underrepresented in the ITS community. Recently, the Workshop on Safety Testing and Validation of Connected and Automated Vehicles (ITSC 2022-2023, IV 2023) has been complimenting safety-related topics at ITSC and IV and has enabled a fruitful exchange between both workshop formats. This joint workshop will continue discussions of the previous workshops while continuing to increase the cadence of the dialogue to accelerate consensus among practitioners.
REFERENCES
[1] T. Woopen, B. Lampe, T. Böddeker, L. Eckstein, A. Kampmann, B. Alrifaee, S. Kowalewski, D. Moormann, T. Stolte, I. Jatzkowski, M. Maurer, M. Möstl, R. Ernst, S. Ackermann, C. Amersbach, S. Leinen, H. Winner, D. Püllen, S. Katzenbeisser, M. Becker, C. Stiller, K. Furmans, K. Bengler, F. Diermeyer, M. Lienkamp, D. Keilhoff, H.-C. Reuss, M. Buchholz, K. Dietmayer, H. Lategahn, N. Siepenkötter, M. Elbs, E. von Hinüber, M. Dupuis, and C. Hecker, “UNICARagil - Disruptive Modular Architectures for Agile, Automated Vehicle Concepts,” in Aachener Kolloquium, Aachen, Germany, 2018.
[2] T. Stolte, A. Reschka, G. Bagschik, and M. Maurer, “Towards Automated Driving: Unmanned Protective Vehicle for Highway Hard Shoulder Road Works,” in 2015 IEEE 18th International Conference on Intelligent Transportation Systems, Las Palmas, Spain, 2015, pp. 672–677.
[3] SAE, “Taxonomy and Definitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles,” Society of Automotive Engineers, Standard J3016, 2016.
[4] ISO, “ISO 26262: Road vehicles - Functional Safety,” International Organization for Standardization, Geneva, Switzerland, International Standard ISO 26262:2018, 2018.
[5] ——, “ISO/PAS 21448: Road vehicles – Safety of the intended functionality,” International Organization for Standardization, International Standard ISO/PAS 21448, 2019.
[6] M. Törngren, X. Zhang, N. Mohan, M. Becker, L. Svensson, X. Tao, D.-J. Chen, and J. Westman, “Architecting Safety Supervisors for High Levels of Automated Driving,” in 21st IEEE Intelligent Transportation Systems Conference, Maui, HI, USA, 2018.
[7] S. Shalev-Shwartz, S. Shammah, and A. Shashua, “On a Formal Model of Safe and Scalable Self-driving Cars,” arXiv preprint arXiv:1708.06374, 2017.
[8] M. Wood, P. Robbel, M. Maass, R. Duintjer Tebbens, M. Meijs, M. Harb, J. Reach, K. Robinson, D. Wittmann, T. Srivastava, M. E. Bouzouraa, S. Liu, Y. Wang, C. Knobel, D. Boymanns, M. Löhning, B. Dehlink, D. Kaule, R. Krüger, J. Frtunikj, F. Raisch, M. Gruber, J. Steck, J. Mejia-Hernandez, S. Syguda, P. Blüher, K. Klonecki, P. Schnarz, T. Wiltschko, S. Pukallus, K. Sedlaczek, N. Garbacik, D. Smerza, D. Li, A. Timmons, M. Bellotti, M. O‘Brien, M. Schöllhorn, U. Dannebaum, J. Weast, A. Tatourian, B. Dornieden, P. Schnetter, P. Themann, T. Weidner, and P. Schlicht, “Safety First for Automated Driving,” Aptiv, Audi, Baidu, BMW, Continental, Daimler, Fiat Chrysler Automobiles, Here, Infineon, Intel, Volkswagen, White Paper, 2019.
[9] W. Wachenfeld and H. Winner, “The Release of Autonomous Vehicles,” in Autonomous Driving: Technical, Legal and Social Aspects, M. Maurer, J. C. Gerdes, B. Lenz, and H. Winner, Eds., Berlin, Heidelberg, Germany: Springer Berlin Heidelberg, 2016, pp. 425–449.
[10] “IEEE 7000 – IEEE Standard Model Process for Addressing
Ethical Concerns during System Design,” Standard IEEE 7000:2021.