“We need to have redundancy” – AV experts discussed safe Level 4 systems

On a dedicated panel, participants from Audi, Infineon, TTTech Auto, AEye and Carnegie Mellon University discussed how to make SAE Level 4 systems safe, what is holding the industry back and how to advance safe autonomous vehicles (AVs).

Under the overall maxim “It’s Time To ACT”, Ricky Hudi, Chairman of The Autonomous emphasised in his opening speech: “Especially the safety of autonomous mobility is not an area to compete or compromise on. Safety is about getting it right!” And the automotive ecosystem should not “wait until harmful accidents force us to collaborate."

How to make L4 systems safe

“Level 4 is the most challenging question the auto industry has ever faced,” stated Jens Kötz, Connected Architecture, Energy, and Security Lead at Audi. “Because it’s the first time, that everything [including the infrastructure] is interconnected with the overall car and the system. The whole system – in-car and off-car – has to be evaluated in terms of safety requirements.” 

“Automated driving systems need to work in open world scenarios without finite and complete requirements sets. Image understanding, image recognition, object recognition – these are all huge complexities,” said Stefan Poledna, CTO at TTTech Auto. “But it’s very clear that we need to have redundancy; no single chip, sensor or software component can do this alone. You have to make sure that every single failure can be mitigated.” 

On the question 'How safe is safe enough?' Phil Koopman, Associate Professor at Carnegie Mellon College, replied: “It's important to cover the rare cases. If your car works most of the time and drives well, safety is going to be dominated by the rare events to be at least as safe as a human. You also have to consider the distribution of fatalities: It's not okay if fatalities are cut in half, but every single one is a pedestrian.”

Indu Vijayan, Director of Product Management at AEye, agreed, adding: "Another point to consider is, 'What are the metrics to validate this?' Is there a standard metric? Those are the missing things we need to work toward to make sure L4 systems are safe." She emphasised that "the more different modalities are used to work in complementary fashion – the higher the probability of a valid detection will be."

“The other underlying topic to solve is to make the systems safe, secure and highly available,” said Peter Schäfer, Executive Vice President and CMO of Automotive at Infineon, identifying another issue to consider. “We have to include features that allow the overall software architecture to find safe modes. If we have a wonderful Level 4 system and it's not available, consumers will be disappointed and frustrated, ultimately losing trust in new systems.”

A safety architecture approach

Stefan Poledna proposed the so-called 'doer/checker' approach to achieve a diverse and highly safe architecture. In such a system, the 'doer' is the one who takes over the driving of an automated driving system. A checker would mean a separate channel that checks if the driving trajectory is safe in terms of not causing accidents or violating regulations. “If you are considering such a checker component, it can be built in other ways. It doesn't generate your trajectory; it just checks if your trajectory is safe. These could be redundant software components as one would be on the driver side and the other represents the verification side of things. This adds a level of diversity to the system, so you don’t have the same root cause.”

Phil Koopman added: "I am a fan of the doer/checker approach. The reason this approach is so important is that I think architectural choices cause problems when designed as a two-channel architecture to do the comparison twice and compare. This doesn't work for many functions because there isn't a single right answer. The doer/checker solves that by saying here is the plan and we going to have acceptance criteria to decide if this plan makes sense."

The Autonomous is working on concrete reference solutions

What started as an event in 2019 became a global initiative ready to scale further with help from several international companies and pave the way toward safe autonomous driving while developing a common understanding of safety. 

The Autonomous initiative supports the future deployment of safe autonomous mobility by facilitating various events, including its annual flagship event in Vienna, and Working Groups that support industry-wide cooperation on safe reference solutions and recommended best practices.  

The first Working Group on Safety and Architecture, established in June 2021, is now delivering initial results: “We worked together with industry participants on a conceptual architecture, in this case, a Level 4 highway pilot,” said Christoph Schulze, Technology Manager at The Autonomous.  

The next phase is the evaluation; Mr. Schulze encourages full ecosystem participation, “especially car manufacturers to bring in their requirements and thoughts concerning safe system architecture and design.”  

The Autonomous welcomes everyone from the industry, government and public who share the same collaborative vision to join the growing ecosystem and answer the industry’s biggest questions.

Learn how The Autonomous Working Group Safety & Architecture is paving the way to the expected reference solution of a safe system architecture for self-driving vehicles:  https://www.the-autonomous.com/innovation/#working-group-safety-architecture.  

Learn how about the design of a safe SAE Level 4 architecture here: https://www.tttech-auto.com/expert_insight/ee-architectures-sae-level-4-autonomous-driving