Automated Driving Safety Assurance in Japan
Satoshi Taniguchi
Toyota Motor CorporationJAMA/SIP AD Safety Assurance Lead
2020.07.28 AVS symposium. Safety Assurance Session.
Key safety elements
Industry challenge: To develop state-of-the-art engineering products that are fully compatible with these safety requirements and elements.
AD safety requirements
2
Safety vision: AV shall not cause any non-tolerable risk, meaning that, under their operational domain, shall not cause any traffic accidents resulting in injury or death that are reasonably foreseeable and preventable
Safety requirements: When in the AD mode, the vehicle shall not cause any traffic accidents that are rationally foreseeable and preventable
Guidelines on the exemption procedure for the EU approval of
Automated Vehicles
WP29: Framework document on automated vehicles
Safety requirements
3
Standardization and Regulatory context
OpenDRIVE, OpenSCENARIO, …
Technical StandardSpecification of driving maneuvers and test scenarios.
Technical Standard
ISO34502 Engineering framework and scenario based approach
Regulations for level 3 systems on highways
RegulationSafety criteria & Test requirements
StandardTest Scenario Derivation Process
StandardRegulation
Japan White Paper on AD safety assurance
Perception limitation Traffic Disturbance Vehicle Disturbance
Control
Scenario Structure
Perception Judgment
STRATEGY
STANDARDIZATIONRESEARCH
4
� Open Standard Interface
� Reference platform with reasonable verification level
� Environment & Sensor paired models based approach
DIVP™ Objectives
� Standardized engineering process
� Scenario based safety assurance methodology
� Scenario database
SAKURA Objectives
Supporting government research projects
Trajectory data
StatisticatDistribution
Extract
Process
Setection
Parameterrange
Parameter Range
B
Scenario Structure
ForeseeabteScenario
PreventabteScenario
Testing Environment
Safety Criteria
Competent and carefut human driver
Reat wortd data
(sensing data)
Blue : needs harmonizationGreen : share to clarify region/country differencesRed : potentially share (needs clarification of benefit)
Hotistic and finite coverage of safety retated test scenario
Japan Proposal to ISO and VMAD
3rd VMAD IWG(July/2019)
2nd VMAD IWG(Jan/2019)
4th VMAD IWG(Sep/2019)
5th VMAD IWG(Jan/2020)
Road geometry Ego-vehicle behaviorSurrounding
vehicles locationSurrounding
vehicles motion
Traffic Disturbance Scenario(Judgment)
Body input Tire input Vehicle-sensor Environment
Vehicle Stability Scenario(Control)
Perception Disturbance Scenario(Perception)
Target
EnvironmentVehicle-sensorTargetBodyTire
(longitude))
Center of gravity
Tire(longitude)
Tire(lat/SAT)
Tire(longitude)
Japan ISO proposal: Scenario Strucutre
Foreseeable and Preventableboundary
Japan VMAD proposal: ALKS criteria
Competent & careful human
driver reference model for ALKS
emergency situations
8
SAKURA Engineering framework research
9
SAKURA scenario database
Functional Scenarios
Highway scenarios
Logical Scenarios
Concrete Scenarios
Scenario DB Platform
Scenario Format(OpenScenario, etc.)
ex) Cut-in
Parameter range of Scenario
Ve0 [km/h] Ve0-Vo0 [km/h] dx0 [m] Vy [m/s]
dx0 [m]
Vy [m/s]
Ve0 [km/h]
Ve0-Vo0 [km/h]
-20
0
20
40
60
0 100 200
Ve
0-V
o0
[k
m/
h]
Ve0 [km/h]
-100
0
100
200
300
0 100 200
dx0
[m
]
Ve0 [km/h]
0
1
2
3
4
0 100 200
Vy
[m/s
]
Ve0 [km/h]
0
50
100
150
200
0 50
Ve
0 [
km
/h]
Ve0-Vo0 [km/h]
-100
0
100
200
300
0 50
dx0
[m
]
Ve0-Vo0 [km/h]
0
1
2
3
4
0 50
Vy
[m/
s]
Ve0-Vo0 [km/h]
0
50
100
150
200
0 200 400
Ve
0 [
km
/h]
dx0 [m]
-20
0
20
40
60
0 200 400
Ve
0-V
o0
[k
m/
h]
dx0 [m]
-1
0
1
2
3
4
0 200 400
Vy
[m
/s]
dx0 [m]
0
50
100
150
200
0 2 4
Ve
0 [
km
/h
]
Vy [m/s]
-20
0
20
40
60
0 2 4
Ve
0-V
o0
[k
m/
h]
Vy [m/s]
-100
0
100
200
300
0 2 4
dx
0 [
m]
Vy [m/s]
Platform
Camera modeling
Radar modeling
Risk prediction
VehicleMotion control
Test data generating tool
Environment modelPerception
Automated driving model
Real
envi
ronm
ent
Virtu
al e
nviro
nmen
tEnvironment
Environment Test data Generator
Sensor modelSpace design Recognition
Sensor Automated control
Vehicle
Visible lightRay tracing
Millimeter-wave
Ray tracing
Infrared lightRay tracing
Fusion
Vehicle maneuver
Vehicle maneuver
DrivingPath planning
Performance Validation� Intended
performance� Performance limits� Sensor
malfunctions� Traffic disturbance� Human errors
Camera modeling
Perception Recognition
LiDAR modeling
Perception Recognition
Radar modeling
Perception Recognition
Measurement & verificationMeasurement & Verification
Nihon Unisys, Ltd
Nihon Unisys, LtdSony Semiconductor Solutions Corporation
Real PhysicsbasedVirtualization
DIVPTM project design
10
5
4
3
2
1
Environmentalconditions
Moving object
Temporal modifications
Road furniture and rules
Road shape
11
DIVPTM physical model framework
SystemIdentification
Verification testCorrelation
SimulationModeling
Gap Analysis
Laboratory Proving Ground Proving Community
Sta
tic
Dyn
amic
TestTarget
RealTarget
Real Target(Static)
Real Target(Dynamic)
HarshEnvironment
Real Environment& Traffic
Real physics based approach Enhancement roadmap
12
Difficult for Sensor detection Affects for light / millimeter wave propagation
Black jacket
Rain Sun light, Backlit
Millimeter wave Multi-pathNightGroup moving objects
Wet surfaceCard board
DIVPTM focus on perception challenges
13
• 3-sensor output
Sensor integration and output precision verification
• LiDAR output
Summary
Safety Principte
Testing Pittar
Safety by Design
Documentation structure in
accordance with-ISO21447 SOTIF
-ISO26262 Functionat Safety, etc
Audit Pittar
Scenario base approach
- ISO TC22/SC33/WG9
Safety by V&V
Testing EnvironmentProving ground tests Virtuat testsReat-traffic tests
Willing to collaborate with research, industry, standardization and regulatory institutions, towards joint efforts to ensure a safe automated
driving global society
15
Thank [email protected]