The introduction of the SOTIF (Safety Of The Intended Functionality) standard has brought along a fundamental shift in the safety case for higher automation vehicles.
A vehicle manufacturer will need to ensure safety in case of failures of L3+ systems, through ISO26262 Functional Safety standard. It is necessary to carry a larger portion of the liability check to provide enough confidence in the system safety through SOTIF standard.
The importance of SOTIF
SOTIF attempts to mitigate the risks of an automated vehicle system by ensuring that as many scenarios and edge cases have been uncovered during the development process, and that the system has been tested against these cases in order to establish confidence in the handling of the situation. In the SOTIF definition these are known as unknown-unsafe scenarios. The SOTIF standard essentially tries to make sure that suppliers have put in place methods in order to reduce the amount of unknown-unsafe scenarios by applying sufficient exploration and testing.
Siemens has developed a proprietary (and now patented) methodology to systematically, and automatically, generate unsafe-unknown scenarios for a specific operational design domain based on a map of that scene, and (optionally) recorded data. To measure criticality, Siemens has developed a severity indicator, which combines a KPI for criticality with a proprietary KPI for novelty. The combination of these two generates a normalized severity value which provides an indication of how unsafe and unknown a scenario is for the vehicle under test.
This methodology, Critical Scenario Creation, is offered as a service, based on the Simcenter Prescan360 toolchain. The output can be delivered as simulation scenarios (in Simcenter Prescan or as an OpenScenario standard file).
Why adopting Siemens Critical Scenario Creation framework?
By adopting and implementing the Critical Scenario Creation process, OEM’s and AV suppliers can have a methodology to automatically generate unknow-unsafe scenarios derived from the SOTIF standards. Simcenter Prescan is a simulation platform accelerating development and validation of ADAS and automated vehicle functionality. Simcenter Prescan provides a toolchain that allows engineers to create a digital twin of a vehicle under development including sensors and the world. It allows engineers to conduct large scale V&V for ADAS/AV development leveraging a comprehensive digital twin.
What are the main challenges faced during product or project development?
The main challenge for AV development to meet the SOTIF standard is to have a robust and scalable way to automatically generate unknown/unsafe scenarios and evaluate the system under test in such scenarios. The more scenarios that can be evaluated, the lesser is the impact of the unknown/unsafe scenarios on system safety.
Robustness and accuracy of the digital twin for the vehicle and the environment are important. Additionally, understanding the operational domain and the variability of all the static and dynamic actors in the scenario to capture their effects was important as well. Quantifying what constitutes criticality in the scenario is another key challenge.
To learn more, watch this webinar.
Identifying SOTIF unknown-unsafe scenarios for AV development webinar.
You will learn about our Critical Scenario Creation methodology for AV development, a service based on the Simcenter Prescan360 toolchain that automatically generates unknown unsafe scenarios from the SOTIF standards.
- Systematic approach to identify high probable critical scenarios and reduce the unknown space
- Reduce effort to find relevant, critical/nominal scenarios for specific ODD
- Generating realistic scenarios based on realistic actor behavior in the scene
- Increase system confidence by testing against previously unknown scenarios