Systems-Theoretic Process Analysis: AUTOMOBILE FEATURES FOR LANE MANAGEMENT

Similar documents
ENGINEERING FOR HUMANS STPA ANALYSIS OF AN AUTOMATED PARKING SYSTEM

STPA based Method to Identify and Control Software Feature Interactions. John Thomas Dajiang Suo

2015 STPA Conference. A s t u d y o n t h e f u s i o n o f S T P A a n d N i s s a n ' s S y s t e m s E n g i n e e r i n g

A Presentation on. Human Computer Interaction (HMI) in autonomous vehicles for alerting driver during overtaking and lane changing

Can STPA contribute to identify hazards of different natures and improve safety of automated vehicles?

STPA in Automotive Domain Advanced Tutorial

Application of STPA to a Shift by Wire System (GM-MIT Research Project)

CASCAD. (Causal Analysis using STAMP for Connected and Automated Driving) Stephanie Alvarez, Yves Page & Franck Guarnieri

Analyzing Feature Interactions in Automobiles. John Thomas, Ph.D. Seth Placke

Intelligent Vehicle Systems

Deep Learning Will Make Truly Self-Driving Cars a Reality

Active Safety Systems in Cars -Many semi-automated safety features are available today in new cars. -Building blocks for automated cars in the future.

Expansion of Automobile Safety and Mobility Services at TRC Inc. Joshua L. Every Taylor Manahan

CT6 SUPER CRUISE Convenience & Personalization Guide. cadillac.com

Compatibility of STPA with GM System Safety Engineering Process. Padma Sundaram Dave Hartfelder

CT6 SUPER CRUISE Convenience & Personalization Guide. cadillac.com

The pathway to self-driving vehicles: Disconnects between human capabilities and advanced vehicle systems?

Safety Considerations of Autonomous Vehicles. Darren Divall Head of International Road Safety TRL

AUTONOMOUS VEHICLES & HD MAP CREATION TEACHING A MACHINE HOW TO DRIVE ITSELF

State of the art in autonomous driving. German Aerospace Center DLR Institute of transportation systems

Aria Etemad Volkswagen Group Research. Key Results. Aachen 28 June 2017

VEHICLE AUTOMATION. CHALLENGES AND POTENTIAL FOR FUTURE MOBILITY.

Our Approach to Automated Driving System Safety. February 2019

CSE 352: Self-Driving Cars. Team 14: Abderrahman Dandoune Billy Kiong Paul Chan Xiqian Chen Samuel Clark

Autonomous Vehicles in California. Brian G. Soublet Deputy Director Chief Counsel California Department of Motor Vehicles

Outline WHY ARE SELF DRIVING VEHICLES GETTING INVOLVED IN CRASHES?

Automated Driving Are we taking the Human Factors Researcher out of the Loop? Sanna Pampel

EPSRC-JLR Workshop 9th December 2014 TOWARDS AUTONOMY SMART AND CONNECTED CONTROL

WHITE PAPER Autonomous Driving A Bird s Eye View

Autonomous Vehicles in California. Brian G. Soublet Deputy Director Chief Counsel California Department of Motor Vehicles

Audi piloted driving. Audi piloted driving. Daniel Lipinski, Electronic Research Lab, Volkswagen Group of America

SAFE DRIVING USING MOBILE PHONES

THE FUTURE OF SAFETY IS HERE

Control Design of an Automated Highway System (Roberto Horowitz and Pravin Varaiya) Presentation: Erik Wernholt

A factsheet on the safety technology in Volvo s 90 Series cars

Automated Commercial Motor Vehicles: Potential Driver and Vehicle Safety Impacts

Course Code: Bendix Wingman Fusion System Overview Study Guide

AND CHANGES IN URBAN MOBILITY PATTERNS

An Introduction to Automated Vehicles

Development of California Regulations for Testing and Operation of Automated Driving Systems

China Intelligent Connected Vehicle Technology Roadmap 1

Autonomous Vehicles Meet Human Drivers: Traffic Safety Issues for States

SAFERIDER Project FP SAFERIDER Andrea Borin November 5th, 2010 Final Event & Demonstration Leicester, UK

Automated Driving. Definition for Levels of Automation OICA,

Establishing a Standard List of Hazards for Automatic Driving

Citi's 2016 Car of the Future Symposium

Driver Assistance & Autonomous Driving

Tips & Technology For Bosch business partners

HOW REAL PEOPLE VIEW THE FUTURE OF MOBILITY

Assisted and Automated Driving DEFINITION AND ASSESSMENT: SUMMARY DOCUMENT

Model Legislation for Autonomous Vehicles (2018)

Heavy Truck Conflicts at Expressway On-Ramps Part 1

THE FAST LANE FROM SILICON VALLEY TO MUNICH. UWE HIGGEN, HEAD OF BMW GROUP TECHNOLOGY OFFICE USA.

A factsheet on Volvo Cars safety technology in the new Volvo S90

Florida Department of Education Curriculum Framework Grades 9 12, ADULT. Subject Area: Safety and Driver Education

Új technológiák a közlekedésbiztonság jövőjéért

Self Driving Vehicles: An Opportunity for Minnesota. Credit: digidreamgrafix] /FreeDigitalPhotos.Net

Autopilot. From an owner s perspective

Advanced Vehicle Control System Development Div.

The final test of a person's defensive driving ability is whether or not he or she can avoid hazardous situations and prevent accident..

Adaptive cruise control (ACC)

Functional Safety Analysis of Automated Vehicle Lane Centering Control Systems. Volpe The National Transportation Systems Center

FREQUENTLY ASKED QUESTIONS

Adaptive cruise control (ACC)

Automated Driving: The Technology and Implications for Insurance Brake Webinar 6 th December 2016

PSA Peugeot Citroën Driving Automation and Connectivity

I think the self-driving car can really dramatically improve the quality of life for everyone, Google co-founder Sergei Brin said.

Case 1:17-cv DLF Document 16 Filed 04/06/18 Page 1 of 2 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

Brain on Board: From safety features to driverless cars

ADVANCED DRIVER ASSISTANCE SYSTEMS, CONNECTED VEHICLE AND DRIVING AUTOMATION STANDARDS, CYBER SECURITY, SHARED MOBILITY

Adaptive cruise control (ACC)

ADVANCED DRIVER ASSISTANCE SYSTEMS, CONNECTED VEHICLE AND DRIVING AUTOMATION STANDARDS

AdaptIVe: Automated driving applications and technologies for intelligent vehicles

ROAD SAFETY RESEARCH, POLICING AND EDUCATION CONFERENCE, NOV 2001

Triple Fatal Motorcycle Crash On Wellington Road And Ferguson Line South of London, Ontario

Securing Self-Driving Cars. Charlie Chris

Dr. Charles Kim. EcoCar Team 2 (R.E.V)

BY BOB PATTENGALE. Photoillustration: Harold Perry; photos: Jupiter Images & Wieck Media

Support Material Agenda Item No. 3

NHTSA Role in The Future of Automated Vehicles

Economic and Social Council

Dr. Mohamed Abdel-Aty, P.E. Connected-Autonomous Vehicles (CAV): Background and Opportunities. Trustee Chair

The Highway Safety Manual: Will you use your new safety powers for good or evil? April 4, 2011

WHAT DOES OUR AUTONOMOUS FUTURE LOOK LIKE?

Devices to Assist Drivers to Comply with Speed Limits

Crash Cart Barrier Project Teacher Guide

NADY BOULES Director, Electrical & Controls Integration Lab

Formal Methods will not Prevent Self-Driving Cars from Having Accidents

AUTOMATED DRIVING IN EUROPE

EMERGING TECHNOLOGIES, EMERGING ISSUES

Status of the Informal Working Group on ACSF

Status of the Informal Working Group on ACSF

Special GRRF Session on

THE HIGHWAY-CHAUFFEUR

Siemens ADAS. Collision avoidance as the first step towards autonomous driving

Acustomer calls and says that an ADVANCED DRIVER ASSISTANCE SYSTEMS WHAT YOU SHOULD KNOW ABOUT

Integrating State Machine Analysis with STPA

EVOLUTION OF MOBILITY: AUTONOMOUS VEHICLES

WHITE PAPER. Preventing Collisions and Reducing Fleet Costs While Using the Zendrive Dashboard

erider vs. BRT in Priority Areas

Transcription:

Systems-Theoretic Process Analysis: AUTOMOBILE FEATURES FOR LANE MANAGEMENT Diogo Castilho, Megan France & Dajiang Suo Image source: 1 LADAR image of London streets (The New York Times, 11/11/15) 1

MOTIVATION AND BACKGROUND PURPOSE AND PROJECT STRUCTURE SYSTEM OVERVIEW TEST DRIVE STPA RESULTS DISCUSSION CONCLUSIONS 2

WHY STUDY AUTOMATED DRIVING? TODAY More features than ever on the market Predicted growth in the near future! Image source: 2 Safety, efficiency, and opportunity for mobility 3

AUTOMATION LEVELS 4 Image sources: 3. 4

AUTOMATION LEVELS 5 Image sources: 3. 4

AUTOMATION LEVELS 1. Driver Assistance 2. Partial Automation 3.Conditional Automation 5. Full Automation Image sources: 5-8 6

MOTIVATION AND BACKGROUND PURPOSE AND PROJECT STRUCTURE SYSTEM OVERVIEW TEST DRIVE STPA RESULTS DISCUSSION CONCLUSIONS 7

OUR PURPOSE MIT 16.453 - Human Systems Engineering Examine the impact of automated lane management on safety using STPA and human factors principles Use Tesla Model S Autopilot Version 7.0 as a case study for human factors STPA 8

TEST CASE SELECTION Why use Tesla system for our analysis? Media attention, information availability Automation increase via software update NOT sponsored by Tesla or any other manufacturer Generalizable method & results Neither criticism nor advertisement for Tesla ALL automated systems have some of these issues 9

PARTIAL AUTOMATION the driving mode-specific execution by one or more driver assistance systems of both steering and acceleration/deceleration with the expectation that the human driver perform all remaining aspects of the dynamic driving task 4 10

PROJECT STRUCTURE MODEL S DESIGN INFORMATION MODEL S TEST DRIVE HUMAN FACTORS PRINCIPLES SYSTEMS THEORETIC PROCESS ANALYSIS (STPA) HUMAN FACTORS FINDINGS 11

MOTIVATION AND BACKGROUND PURPOSE AND PROJECT STRUCTURE SYSTEM OVERVIEW TEST DRIVE STPA RESULTS DISCUSSION CONCLUSIONS 12

TESLA AUTOPILOT VERSION 7.0 Partial Automation Based on Driver Assistance Systems 9,10 Lane Assist Collision Avoidance Speed Assist Traffic-Aware Cruise Control Autosteer Auto Lane Change Autopilot Tech Package 13

BASIC AUTOPILOT FEATURES Lane Departure and Side Collision Warning Systems Alerts even when autopilot features are not active Forward Collision Warning Alerts the driver about vehicles close ahead Engage the Automatic Emergency Braking system to reduce the severity of an impact (Mental Model) Speed Assist Compares road signs and GPS data - speed limit 14

LANE MANAGEMENT FEATURES Auto Lane Change Relies on Traffic-Aware Cruise Control and Autosteer Driver uses the turn signal Vehicle checks for other vehicles in adjacent lane Overtake Acceleration: Activates when the driver triggers auto lane change Without driver pressing accelerator, the vehicle accelerates to match the speed of traffic 15

LANE MANAGEMENT FEATURES Traffic-Aware Cruise Control Selected time to impact Selected speed if no car ahead Autosteer Middle of the lane Follows the car ahead if lane markings are not detected 16

AUTOPILOT SENSOR LIMITATIONS 17 Image source: 10

MOTIVATION AND BACKGROUND PURPOSE AND PROJECT STRUCTURE SYSTEM OVERVIEW TEST DRIVE STPA RESULTS DISCUSSION CONCLUSIONS 18

TEST DRIVE WITH TESLA MODEL S Video source: Diogo Castilho 19

TEST DRIVE WITH TESLA MODEL S Interface evaluation Sources of Mode Confusion Handling qualities (Gain and Time Delay) Image source: Diogo Castilho Feature Speed Assist Traffic-Aware Cruise Control Autosteer Auto Lane Change Test Drive Task Maintain selected speed Maintain distance to a car ahead Lane Keeping Lane Changing 20

MOTIVATION AND BACKGROUND PURPOSE AND PROJECT STRUCTURE SYSTEM OVERVIEW TEST DRIVE STPA RESULTS DISCUSSION CONCLUSIONS 21

SYSTEM ACCIDENTS AND HAZARDS System Level Accidents A-1 Loss of life and injury A-2 Economic loss System Level Hazards H-1 Vehicle does not maintain safe distance from nearby vehicles H-2 Vehicle does not maintain safe distance from terrain and other obstacles H-3 Vehicle occupants exposed to harmful effects and/or health hazards 22

SAFETY CONTROL STRUCTURE Driver Steering Gas Pedal Brake Enable autopilot Disable autopilot Change lane Warning signals Lane Management System Dashboard indicators Audio chime Display Visual Clues Physical feedback Disengage Change lane Keep lane Accelerate Reduce Speed Physical Vehicle 23

Controller UNSAFE CONTROL ACTIONS Control Action Not providing causes hazards Driver Steering - Driver Auto- Pilot Auto- Pilot Steering Lane changing Reduce Speed UCA-8: Driver does not provide steering to avoid obstacles when autopilot does not react UCA-13: Auto-pilot Not providing lane changing automatically causes hazards UCA-17: Auto-pilot does not provide reducing speed can cause hazards if range and range rate of current vehicle is above the limit Providing causes hazards UCA-7: Driver provides steering can cause hazards if autopilot is changing the lane to the opposite direction Incorrect Timing / Order Stopped too soon / Applied too long - - - - - - - - - - - 24

SCENARIO A UCA: Driver provides steering commands when autopilot is keeping the lane. Scenario: Driver provides steering commands when autopilot is keeping the lane because the driver realizes that the autopilot has followed the right lane marking onto an exit ramp. This causes a hazard because autopilot speed assist has reduced the speed to match exit ramp speed limit, and is now travelling too slowly for highway travel, and a vehicle is approaching from the rear. 25

SCENARIO A 26

SCENARIO B UCA: Driver does not steer around debris when autopilot is not programmed to handle such situations. Scenario: Driver does not brake when the autopilot doesn t react to a collision risk ahead. The driver incorrectly believed that autopilot would break or swerve around the debris. Autosteer had been keeping the lane when the car in front swerved, leaving inadequate time for collision avoidance to take effect. 27

SCENARIO B 28

MOTIVATION AND BACKGROUND PURPOSE AND PROJECT STRUCTURE SYSTEM OVERVIEW TEST DRIVE STPA RESULTS DISCUSSION CONCLUSIONS 29

CHANGES IN AUTOPILOT 7.1 Reality House connection Summon Private Uber Restriction in residential roads Why stepping back? Are we afraid? 30

They are coming! 31

WHEN DO WE HAVE ENOUGH SCENARIOS? 32

DISCUSSION: HUMAN FACTORS Physical Interface Level Multi-function lever ambiguity 10 Can enable autosteer with double pull on lever Single pull on lever engages speed assist Push lever to pause and resume speed assist, keeping target speed Difficult to differentiate levers Autopilot, Turn signal, and wheel position are all controlled by adjacent levers 10 Need to color, shape, size, or location code 33

DISCUSSION: HUMAN FACTORS System design / architecture level Partial automation limitations 12, 13 Inability to steer around obstacles and navigate Conditional limitations Overtrust issues Driver may misunderstand the automation purpose or process Image source: 3 34

DISCUSSION: HUMAN FACTORS Workload, Yerkes-Dodson Law 12,16 Poor performance in low workload conditions Partial automation still requires driver action Changing Level of Automation Triggered by event/ task complexity 35

DISCUSSION: HUMAN FACTORS Workload, Yerkes-Dodson Law 12,16 Poor performance in low workload conditions Partial automation still requires driver action Changing Level of Automation Triggered by event/ task complexity 36

DISCUSSION: HUMAN FACTORS What do we do? Some considerations Examine appropriateness of the design Consider reducing the need for human response, OR Consider increasing human responsibility to maintain awareness Improve driver mental models How is the feature marketed? Is there brief, clear documentation available? Or is the design intuitive in the first place? Image source: 14 37

MOTIVATION AND BACKGROUND PURPOSE AND PROJECT STRUCTURE SYSTEM OVERVIEW TEST DRIVE STPA RESULTS DISCUSSION CONCLUSIONS 38

CONCLUSIONS Using STPA helped us identify hazards, unsafe actions, and possible causal scenarios STPA scenarios clearly reveal human factors issues with automated lane management features with broad applicability We recommend using STPA with a focus on human factors for similar systems 39

ACKNOWLEDGEMENTS Dr. Nancy Leveson & Dr. John Thomas Dr. Leia Stirling Scholarship from CNPQ And Dajiang Suo! 40

REFERENCES 1. Manaugh, G. (2015, November 11). The Dream Life of Driverless Cars. Retrieved December 7, 2015. 2. Fully self-driving cars expected by 2030, says forecast - UPDATE. (2014, January 3). Retrieved December 7, 2015. 3. Stirling, L. (2015, November 3). Automation [PowerPoint slides]. Retrieved from https://learningmodules.mit.edu 4. SAE J 3016: Taxonomy and definitions for terms related to on-road motor vehicle automated driving systems. (2014). SAE International. 5. Audi adaptive cruise control. (2015). Retrieved December 8, 2015, from http://www.audi.com.pk/sea/brand/pk/models/a6/a6_saloon/equipment/safety/audi_adaptive_cruise.html 6. De Looper, C. (2015, October 15). Tesla Pushes 'Autopilot' Update: Model S Can Now Drive Itself. Retrieved December 7, 2015, from http://www.techtimes.com/articles/95502/20151015/tesla-pushesautopilot-update-model-s-now-drive-itself.htm 7. Enhanced Active Park Assist. (2014, August 26). Retrieved December 7, 2015, from http://www.grandledgeford.com/blog/enhanced-active-park-assist/ 8. Kelly, S. (2014, May 28). 8 Big Questions About Google's Self-Driving Car. Retrieved December 7, 2015, from http://mashable.com/2014/05/28/google-self-driving-car-prototype/#n08bvn2h75qb 9. Model S. (n.d.). Retrieved December 7, 2015, from https://www.teslamotors.com/models 10. Model S Owner's Manual. (2015). Tesla Motors. 11. Leveson, N. (2012). Engineering a safer world systems thinking applied to safety. Cambridge, Mass.: The MIT Press. 41

REFERENCES 12. Proctor, R., & Van Zandt, T. (2008). Human factors in simple and complex systems (Second ed.). Boca Raton, Florida: CRC Press, Taylor & Francis Group. 13. Sheridan, T. (2012). Chapter 38: Supervisory Control. In G. Salvendy (Ed.), Handbook of human factors and ergonomics (4th ed.). Hoboken: John Wiley & Sons. 14. PLC Automation. (n.d.). Retrieved December 7, 2015, from http://www.plcedge.com/plc-automation.html 15. Yerkes Dodson Law. (n.d.). Retrieved December 7, 2015, from https://www.adelaide.edu.au/unithrive/revive/stress/ 16. Yerkes, R. M. & Dodson, J. D. (1908). The relation of strength of stimulus to rapidity of habit formation Journal of Comparative Neurology and Psychology, 18, 459-482. 17. Endsley, M. R. (1995). Toward a theory of situation awareness in dynamic systems. Human Factors 37(1), 32-64. 42

2024 © autodocbox.com Privacy Policy | Terms of Service | Feedback