摘要
针对自动驾驶系统危害与场景不可分割的特点,提出了一种基于有限状态机模型(FSM)的整车级预期功能安全危害识别方法。首先,明确危害事件组成要素;其次,将自动驾驶系统抽象为有限状态机模型以明确车辆状态和运行环境;最后,通过识别车辆状态与运行环境的冲突情况,系统性识别自动驾驶系统预期功能安全危害事件,减少对专家知识的依赖。为验证所提出方法的有效性,在某SAE L3级自动驾驶汽车上应用了该方法进行危害识别。结果表明,相较于系统理论过程分析(STPA)方法,有限状态机模型包含更加详细且系统化的环境信息,且由有限状态机模型直接输出危害事件要素,提高了危害识别的系统性。
Aimed at the dependence of hazards of the autonomous driving system(ADS)and scenarios,a method for identifying hazards of the safety of the intended functionality(SOTIF)at the vehicle level is proposed based on the finite state machine(FSM).First,the elements constituting hazardous events are specified.Then the FSM is adopted to abstract the ADS in combination with vehicle states and the operational environment.Finally,by identifying the conflicts between vehicle states and the operational environment,hazardous events of the ADS related to the SOTIF are systematically identified,which overcomes the overdependence on expert knowledge.The proposed method is applied to identify hazardous events on an SAE L3 autonomous vehicle to verify its effectiveness.The results show that compared with the system theoretic process analysis(STPA)method,the FSM model contains more detailed and systematic environmental information and the elements constituting the hazardous events are directly provided by the FSM model,which supports systematic identification of hazardous events.
作者
熊璐
贾通
陈君毅
邢星宇
李博
XIONG Lu;JIA Tong;CHEN Junyi;XING Xingyu;Li Bo(School of Automotive Studies,Tongji University,Shanghai 201804,China;Wuhan Lotus Technology Co.,Ltd.,Wuhan 430090,China)
出处
《同济大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2023年第4期616-622,共7页
Journal of Tongji University:Natural Science
基金
国家重点研发计划(2021YFB2501205)。
关键词
自动驾驶
预期功能安全
功能安全
有限状态机
危害事件
autonomous driving
safety of the intended functionality(SOTIF)
functional safety
finite state machine
hazardous events
