The automotive industry is on the verge of a revolutionary transformation with the appearance of autonomous vehicles (AVs) and the integration of artificial intelligence (AI) technologies.
As we take a further step into the complexities of this evolving landscape, by the words of our instructor in NIT academy - Bogdan Pavković, it's important to mention that there are two critical safety standards, ISO 26262 and SOTIF, that take important roles in this field.
Bogdan also gave us a comprehensive explanation of the challenges, implications, and future prospects of these standards, how they apply in software design, and the promises of AI in automotive engineering.
Considering Bogdan is an expert in the field of autonomous vehicles, we asked him about his estimation of when we can expect the first fully autonomous car and what are the biggest obstacles for this to happen.
He was pretty realistic and said, “In order to enable autonomous vehicles, we have to keep what has been the core discipline for regular vehicles, and that is functional safety. We cannot go beyond if we are not respecting the basis and core values, which is functional safety that could propel us to the next stage. Meaning - providing autonomous vehicles with a new set of features to help people commute more satisfactorily in a safer way. But I would say that it’s always better to give predictions of what will remain in the field instead of what will be the innovations.”
One of the biggest challenges in this industry is functional safety. Providing these features, especially from the artificial intelligence, machine learning domains, and computer vision domains, is equally challenging as providing functional safety and safety of the intended functionality as two of the biggest driving forces. One goes hand in hand with the other, and we cannot forget one without the other.
“Providing functionality is appealing because this gives you a competitive edge over your peers, but without safety as safety first principle, we cannot provide value to society because these cars, after all, have to provide a safe experience for all of us involved, whether drivers, passengers or participants in the traffic.”
Application of ISO 26262 and SOTIF
It’s important to state that these two standards are complementary in nature. ISO 26262 precedes SOTIF in the sense that it comes from classic cars.
Whereas, SOTIF provides a further step which is necessary, especially for higher levels of autonomy. This means that even though we provide a completely functionally safe car, corresponding to the ISO 26262 standard, there is still space for some fatalities, which should be covered by SOTIF.
ISO standard is designed to look at the whole process of developing a car and try to figure out what would happen if one portion of the car, or the functionality of the car would fail - due to the software issue or hardware issue.
“We want to design safety measures that would estimate it, observe it, react to it, and lead the vehicle to a safe state. It means that we’re looking at the problem of functional safety, with new functionality that we want to provide, and then ways how software and hardware, and the system overall, could fail and endanger people. We’re seeking proactive ways to implement it.” said Bogdan.
SOTIF is going beyond. Even if we do everything in our power to cover functional safety, there might be other fatalities, and SOTIF is covering that by observing functional insufficiencies, and environmental factors that are impacting safety.
There are also some issues, like users abusing the functionalities of this system. To address these three, SOTIF provides a complementary additional set of analyses and measures to reduce risk, even though everything is functionally safe.
“We’ve seen many videos of level 3 autonomous cars where people are taking a nap or playing games during the ride. This could be seen as a misuse because the original intent of this model was to have a driver as a backup solution for the machine, meaning that you still have to be available and present. By reaching the highest level of autonomy, level 5, we can imagine scenarios where we are sleeping or where you just enter the vehicle like you entered the rail or train, and you just enjoy it.” - explained our instructor.
The second thing as an example of environmental negative or adverse impacts is that even though you build your system with all the protocols and standards, there might be some new scenarios that we have not observed while we were testing or test driving the car, and it still can negatively impact the car.
The prototypical example is you have a camera in front of your car, and if you are not careful enough, it can be blinded by the oncoming sun. Or we can imagine a scenario where there is an unreasonably higher volume of snow, which is creating some reflections that the camera cannot observe. And the third one, and I would say this is the least evident one, are these functional insufficiencies - the gaps in how we design our functionalities that could potentially lead to hazards.
NIT Courses as useful training for a better understanding of autonomous vehicles
We are proposing several courses that could be beneficial for all engineering disciplines. But our main focus is on Automotive Functional Safety Standards, and Functional Safety Software, including the SOTIF discipline.
“I would say we would start broad, introduce the processes and development models, but also we will provide skill sets that are not learned at Universities and which are needed for participation in this kind of real-world project. That would be understanding how the processes are organized and executed, who are the stakeholders, and then understanding what documents we need to provide as proof that our actions were according to the layout from the standard. In a more practical sense, participants will learn all the skill sets needed to collect requirements, formulate them, and manage them in order to have a proper description of what they are supposed to build.
Then we will learn practical ways to actually design software so that it takes care of all the safety-relevant features, especially the safety measures.”
After that on a more hands-on level, instructors are teaching participants over the course of several topics, ways they can code and program their software by taking care of all the guidelines from the standard, but also how to imply coding subsets like MISRA.
Bogdan pointed out that providing some holistic experience is very important, focusing on the actual coding skill set, having a broader mindset and stepping out of the engineering world into a more realistic domain.
Here at NIT Academy, we have different courses regarding automotive engineering, system safety and functional safety, and they are dedicated to
system engineers, system architects and, equivalently hardware, software architects and engineers as well. Depending on their role and expected contributions to real-world projects, participants can decide between different programs but there are also tailored courses which address each of these groups.
Take your knowledge of autonomous vehicles to the next level with NIT Academy courses. Visit the link and learn more.
