12018, JUNE
B
RÉMI BASTIEN
Confidential C
SAFETY : the biggest challenge for autonomous vehicle
SIMULATION will complete actual data.
Rémi BASTIEN
VP prospective
22018, JUNE
B
RÉMI BASTIEN
Confidential C
The key is in affordable transport modes for users, and with high throughputs to stay economical
in m² of infrastructure
AUTONOMOUS VEHICLES , WHAT STAKES?
32018, JUNE
B
RÉMI BASTIEN
Confidential C
MORE AND MORE, INFRASTRUCTURE BECOMES A KEY ENABLER
Michigan initiative CAVnue
52018, JUNE
B
RÉMI BASTIEN
Confidential C
CLASSIFICATION BY LEVEL (SAE) IS UNCOMPLETE…
Driver
continuously
performs the
longitudinal and
lateral dynamic
driving task
Driver
continuously
performs the
longitudinal or
lateral dynamic
driving task
Driver must
monitor the
dynamic driving
task and the
driving
environment at
all times
No intervening
vehicle system
active
The other driving
task is
performed by
the system
System
performs
longitudinal and
lateral driving
task in a defined
use case
System performs
longitudinal and
lateral driving task in
a defined use case.
Recognizes its
performance limits
and requests driver
to resume the
dynamic driving task
with sufficient time
margin.
Auto
mation ➔
Driver
Level 0 Level 1 Level 2 Level 3 Level 4 Level 5Driver Only Assisted Partial
Automation
Conditional
Automation
High
Automation
Full
Automation
Driver is not
required during
defined use
case
System
performs the
lateral and
longitudinal
dynamic driving
task in all
situations in a
defined use
case.
System
performs the
lateral and
longitudinal
dynamic driving
task in all
situations
encountered
during the entire
journey. No
driver required.
Driver does not need to
monitor the dynamic
driving task nor the
driving environment at
all times; however he
must be attentive to and
follow system’s requests
/ warnings to resume the
dynamic driving task.
*terms acc. to SAE J3016
62018, JUNE
B
RÉMI BASTIEN
Confidential C
… AS ODD* STATUS ARE NECESSARY : EXAMPLE OF L4
visibility = 𝑓𝐹𝑂𝑉
𝑉
Arterial / sub-arterial
driveways
Dedicated bus
lanes
Non highway intercity
drivewaysIntercity highways
(A6, A13)
Chaotic traffic
(Mumbai, place de l’Etoile,
etc.)
Traffic
density= 𝑓 𝛻 Ԧ𝑞
Narrow FOV
Limited FOV
Open FOV
No life zone Low Average High
Mars surface
Warehouses
War zones
← City slow
← City fast
← Expressways
Dedicated highway
lanes
Residential pathways
Complex urban traffic (Paris
intramuros, Rome, Madrid,
etc.)
Dense intra-urban arteries
(Paris, Rome, Madrid, etc.)
*ODD : Operational design domain
72018, JUNE
B
RÉMI BASTIEN
Confidential C
TECHNOLOGY IS MANDATORY BUT … IS NOT ENOUGH
▪ Platform enhancement▪ Core technologies
82018, JUNE
B
RÉMI BASTIEN
Confidential C
KEY SUCCESS CONDITIONS : SOCIAL ACCEPTANCE
Social acceptance Experimentation
▪ Proof by FOT on certified roads ▪ Regulations
▪ Product Liability
▪ Infrastructure
▪ Insurance
▪ Consumer awareness
▪ Driver Education
➔ THE BIGGEST STAKE IS SAFETY
92018, JUNE
B
RÉMI BASTIEN
Confidential C
AD IS FAR BEYOND ADAS, WITH AN UNCERTAIN MARKET
Only active under
driver’s request
Active only in limited
conditions and
vehicle proposal
ABS
ESP
AEB
Continuously active
Without driver interventionEMERGENCY / SAFETY
ASSISTANCE
Park
assist
ACC
LKA
STRESS FREE
/ FREE TIME :
AUTONOMOUS
DRIVING
102018, JUNE
B
RÉMI BASTIEN
Confidential C
ADAS(L1, L2, L3)
AD(L3+(1), L4, L5)
Driver is the last resort System is the last resort
Driver reliability proof System reliability proof
Driver training + experienceMassive
mile accumulation + resimulation
AD IS A MAJOR DISRUPTION
(1) Emerging German
L3 standard (Audi,
BMW, Daimler)
(2) Emerging
consensus among
European OEM
SAFETY IS A MUST
132018, JUNE
B
RÉMI BASTIEN
Confidential C
ISO 26262 defines how to assess a risk and the necessary
activities to perform for each step:
❖ System
❖ Software
❖ Hardware
❖ Production...
Redundancy for Autonomous Driving:
❖ Redundant Sensors & Actuators
❖ Redundant Communication Networks
❖ Redundant Power supply Networks
SAFETY NEEDS STANDARDS FOR DEVELOPMENT AND VALIDATION
▪ Additional Safety Stakes:
❖ For Autonomous Driving, Automotive EE
Architecture has to switch from Fail Safe design
to Fail Operational.
❖ Safety has also to consider SOTIF (Safety of
the Intended Functionality)
A
142018, JUNE
B
RÉMI BASTIEN
Confidential C
ISO 26262 Standard is necessary but not sufficient !
Does an ultrasound
sensor can detect a
child with a wool
sweater?
Does a radar will
be accurate on a
metallic bridge ?
Does a camera can
identify a target in a
very large roundabout
without lane ?
E
SOTIF IS MANDATORY AND COMPLETE ISO 26262
152018, JUNE
B
RÉMI BASTIEN
Confidential C
evolu
tive
pro
ven
FIRST CONDITION : E/E ARCHITECTURE ABLE TO ENSURE ASILD
162018, JUNE
B
RÉMI BASTIEN
Confidential C
SECOND CONDITION : VALIDATION STRATEGY TO PROVE ASIL DI Statistical safety threshold II Reduction :
Experience plan + Simulation
III Road sections criticity inductors
IV Map of road sections with criticity V Clustered road tests VI Final proof of reliability
Reliable and efficient validation
<<< 20 Billions km
Order of magnitude for validation :
20 Billions of kms
Non affordable by physical test drive
Numerical simulation
Targetted, iterative physical
test drive
For each road section, calculate the « criticity cube »
: Nb incoming lanes x Nb exits x Strong Curvature …
Each road section is ranked by its criticity ratio =
criticity cube volume / average criticity
Distribution of clusters is proportional to the criticity
ratio of the road sections
172018, JUNE
B
RÉMI BASTIEN
Confidential C
EXAMPLE OF RISKY SITUATIONS ON HIGHWAY
1
32
4
182018, JUNE
B
RÉMI BASTIEN
Confidential C
COMBINATION OF THE 4 SITUATIONS : VERY UNLIKELY… BUT POSSIBLE
ONLY SIMULATION CAN COVER SUCH CASES
WHEN MILEAGE ACCUMULATION CANNOT
192018, JUNE
B
RÉMI BASTIEN
Confidential C
KEY TAKE AWAY
• Safety is a must and is extremely demanding. This will lead to first applications on limited Operational Design Domain.
• ADAS potential market will stay strong before AD applications
• Simulation is essential for the development and validation• Validation time and cost will be reduced by a factor > 1000 with
the support of advanced simulation
• To model precisely the performances of the sensors• To combine compatible scenarios to cover exhaustive risky situations• To allow safer&quicker time to market applications for ADAS and AD
Autonomous Driving
Autonomous Driving and Simulation
AD Next challenges for simulation