If people can no longer intervene in good time when a malfunction strikes, the technology needs to be especially safe. Special electronics and new testing methods are necessary to ensure the functional safety of an autonomous vehicle.
Confidence in the technology of autonomous vehicles is key to their success. The systems used need not only to be highly reliable, but must also be designed to prevent any failure endangering people or systems in case of a technical defect. “Functional safety” is an umbrella term for the relevant requirements and methods needed to accomplish this. “The automotive industry’s transformation is essentially asking the public to trust their lives to a computer and a machine,” says Zach McClellan, the former baseball star who currently runs the training division at US engineering firm LHP. “Functional safety in practical terms is defined as the steps engineers and organisations take to avoid failures that harm the public,” he adds.
No More Simple Switch-Offs
Achieving safety in autonomous vehicles requires more than simply switching off a system; drones would fall from the sky, while cars would lurch to an emergency stop. Consequently, critical systems are kept on temporarily, even after a fault has occurred. An emergency plan is needed; this must be defined as soon as an autonomous vehicle is in development. There are already standards today to define the required development and production methods for this. For instance, ISO 26262 applies to road vehicles, ISO 25119 to agricultural vehicles and ISO 15998 to construction machinery.
Safety Starts with the Electronic Components
Developing a functionally safe vehicle starts with the individual components, especially the semiconductors. These are built into the systems for environment recognition, and they contain the accumulated information from the various sensors, calculate the necessary control commands and determine how a vehicle is to operate. A malfunction could have disastrous consequences for the autonomous vehicle, for any occupants and for the environment. The semiconductor industry has therefore now created special semiconductors for use in automated driving with their architecture already developed based on an audited, ISO 26262-compliant process. The processors must provide a high degree of reliability and must continue to perform their tasks safely in the event of vibration, radiation (such as sun rays) or heavy temperature fluctuations, all of which are typical ambient conditions for their use in vehicles. Functionally safe processors self-monitor while executing processes. In these multithreading systems, each instruction is processed in parallel in two or more cores or processes. The results are then compared in real time by hardware logic. A discrepancy in the results means that a fault has occurred within one of the lines of calculation. If this is the case, the system issues a fault message or triggers a pre-set emergency action for this circumstance.
New Test Methods Needed
Safe electronics is one thing, but testing is also needed to demonstrate the functional safety of a vehicle. However, there are not yet any methods or test certificates to this effect. Testing agencies such as the TÜV are engaged in various projects to define new standards and testing criteria for autonomous driving, seeking to establish a basic safety level for the new technology’s practical application. In the course of this, it is impossible to reproduce on a test route all the potential situations encountered while operating an autonomous vehicle. As a result, additional, new methods are needed to test the effectiveness of the safety systems. Simulations play an important role in this and will be crucial as an accompaniment to real tests.
In addition, networked autonomous vehicles have to contain new technologies from different suppliers and industry sectors, which must be integrated into end-to-end systems and validated within the networked vehicle ecosystem. To this end, vehicle engineering service provider FEV has specially established a global Center of Excellence for the development of smart vehicles. Stephan Tarnutzer, Vice President of Electronics at FEV North America and Head of the Center, emphasises: “To keep control of the wide variety of interactions inside, outside and around the vehicle that occur as a result, it is essential to take the whole system into account at every stage of development.”