{"title":"A systematic approach to develop an autopilot sensor monitoring system for autonomous delivery vehicles based on the STPA method","authors":"Guangshuang Ge, Liangliang Sun, Yanfu Li","doi":"10.1109/ISSREW55968.2022.00087","DOIUrl":null,"url":null,"abstract":"Autonomous delivery vehicles (ADVs) are derivatives of autonomous driving technology. With the rapid development of autonomous driving technology and the rapid rise in demand for terminal logistics and distribution, ADVs have gradually entered commercial operation in many cities, thus it brings higher requirements to the reliability of ADVs. Because of bill of material (BOM) cost pressure, most autopilot sensors and domain controllers of ADVs are not strictly follow passenger vehicle standards and regulations, the ADVs' reliability is very critical. The traditional methods of process hazard analysis (PHA) e.g. HAZOPs, FMEAs, FT A, etc., use a system divide approach. The to be analyzed system is breaking down into component level, and the risks or hazard of each component are analyzed separately. The two important assumptions of the traditional methods are: 1. the system's properties are not changed when it is broken down into component level; 2. the accidents are caused by component failures. However, in an ADV, the system becomes complex since the system effects may be missed, and this assumption is questionable; further, an ADV accidents can happen even there is no component failure. The system level hazard analysis cannot be fully determined only at the component level, but out of interactions of systems. Systems Theoretic Process Analysis (STP A) is a structured system level approach to analyze hazard. Based on the premise that accidents happen when the control is inadequate or lost, STPA approach decodes hazards related not only to component failures, but also to design errors, flawed controller requirements, interaction failures, human errors, and other errors. In this paper, the STPA method is used to analyze various risks and hazards of ADVs, and finally construct an abnormality monitoring system for autonomous driving sensors. Engineering practice shows that this method can effectively monitor the abnormality of sensor data links.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"123 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSREW55968.2022.00087","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Autonomous delivery vehicles (ADVs) are derivatives of autonomous driving technology. With the rapid development of autonomous driving technology and the rapid rise in demand for terminal logistics and distribution, ADVs have gradually entered commercial operation in many cities, thus it brings higher requirements to the reliability of ADVs. Because of bill of material (BOM) cost pressure, most autopilot sensors and domain controllers of ADVs are not strictly follow passenger vehicle standards and regulations, the ADVs' reliability is very critical. The traditional methods of process hazard analysis (PHA) e.g. HAZOPs, FMEAs, FT A, etc., use a system divide approach. The to be analyzed system is breaking down into component level, and the risks or hazard of each component are analyzed separately. The two important assumptions of the traditional methods are: 1. the system's properties are not changed when it is broken down into component level; 2. the accidents are caused by component failures. However, in an ADV, the system becomes complex since the system effects may be missed, and this assumption is questionable; further, an ADV accidents can happen even there is no component failure. The system level hazard analysis cannot be fully determined only at the component level, but out of interactions of systems. Systems Theoretic Process Analysis (STP A) is a structured system level approach to analyze hazard. Based on the premise that accidents happen when the control is inadequate or lost, STPA approach decodes hazards related not only to component failures, but also to design errors, flawed controller requirements, interaction failures, human errors, and other errors. In this paper, the STPA method is used to analyze various risks and hazards of ADVs, and finally construct an abnormality monitoring system for autonomous driving sensors. Engineering practice shows that this method can effectively monitor the abnormality of sensor data links.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
