CN115384530A - Advanced driving assistance expected function safety analysis method, device, equipment and medium - Google Patents

Advanced driving assistance expected function safety analysis method, device, equipment and medium Download PDF

Info

Publication number
CN115384530A
CN115384530A CN202211216224.7A CN202211216224A CN115384530A CN 115384530 A CN115384530 A CN 115384530A CN 202211216224 A CN202211216224 A CN 202211216224A CN 115384530 A CN115384530 A CN 115384530A
Authority
CN
China
Prior art keywords
hazard
event
function
trigger
trigger event
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211216224.7A
Other languages
Chinese (zh)
Inventor
颜新华
何文
张鹏
周宏伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Changan Automobile Co Ltd
Original Assignee
Chongqing Changan Automobile Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Changan Automobile Co Ltd filed Critical Chongqing Changan Automobile Co Ltd
Priority to CN202211216224.7A priority Critical patent/CN115384530A/en
Publication of CN115384530A publication Critical patent/CN115384530A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W50/0097Predicting future conditions
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W30/00Purposes of road vehicle drive control systems not related to the control of a particular sub-unit, e.g. of systems using conjoint control of vehicle sub-units
    • B60W30/08Active safety systems predicting or avoiding probable or impending collision or attempting to minimise its consequences
    • B60W30/095Predicting travel path or likelihood of collision
    • B60W30/0956Predicting travel path or likelihood of collision the prediction being responsive to traffic or environmental parameters

Landscapes

  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Transportation (AREA)
  • Mechanical Engineering (AREA)
  • Human Computer Interaction (AREA)
  • Traffic Control Systems (AREA)

Abstract

The invention relates to the technical field of advanced assistant driving, and provides a safety analysis method, a device, equipment and a medium for an expected function of advanced assistant driving, wherein the method comprises the following steps: acquiring project content, hazard scene information and accident scene information of functions to be analyzed in the advanced driver assistance system; performing hazard analysis on the item content according to the functional safety standard to obtain a hazard event of the function to be analyzed; generating a hazard trigger scene according to the trigger condition of the hazard event, the hazard scene information and the accident scene information; combining the harm trigger scene with the insufficient function of the harm event to obtain a harm trigger event; if the hazard triggering event is an unacceptable hazard triggering event, determining a system improvement policy for the unacceptable hazard triggering event. The method combines the measured data, and improves the feasibility and the accuracy of the safety analysis of the expected functions by identifying the hazard events and confirming the trigger conditions.

Description

Advanced driving assistance expected function safety analysis method, device, equipment and medium
Technical Field
The application relates to the technical field of advanced assistant driving, in particular to a safety analysis method, device, equipment and medium for an expected function of advanced assistant driving.
Background
Currently in the field of automotive safety with intended functions, advanced assisted driving vehicles and advanced assisted driving systems have uncertainty and high complexity of interaction with dynamic network-physical environment, which adds to the unpredictable hazard of the advanced assisted driving systems operating in emergency situations. By analyzing the expected functional safety of advanced driver assistance, unpredictable hazards can be known in advance, and functional improvements can be made according to the unpredictable hazards.
After the electronic appliance is cleared of faults or failures, the expected functional insufficiency and performance limitation of potential overall vehicle hazards are mainly analyzed through the ISO PAS 21448 (expected functional safety standard) standard. The expected functional safety ISO PAS 21448 provides detailed analysis and improvement recommendations, from identifying hazards to determining scenarios and triggering events to functions. A total of 12 chapters detail the steps that each chapter performs specifically. These steps cover the system definition, design analysis, and test verification and validation phases, which are aligned with the Rapid Application Development model (Rapid Application Development model) in ISO PAS 21448. However, the existing prospective functional safety analysis lacks the combination of scene data and accident data, and does not determine the hazardous events and triggering conditions. Therefore, how to safely analyze the expected functions, identify the hazard events and search for the trigger conditions by combining the scene data and the accident data is a problem which needs to be solved at present.
Disclosure of Invention
In view of the above drawbacks of the prior art, the present invention provides a method, an apparatus, a device, and a medium for analyzing safety of an advanced driving assistance expected function, so as to solve the above technical problems of how to analyze safety of an expected function and identify a hazard event and find a trigger condition in combination with scene data and accident data.
In an embodiment of the present invention, a safety analysis method for advanced driving assistance expected function is provided, the method includes:
acquiring project content of a function to be analyzed in the advanced driver assistance system, and pre-collected hazard scene information and accident scene information;
performing hazard analysis on the project content according to a preset functional safety standard to obtain a hazard event of the function to be analyzed;
generating a hazard trigger scene according to the trigger condition of the hazard event, the pre-acquired hazard scene information and the accident scene information;
combining the harm trigger scene with the insufficient function of the harm event to obtain the harm trigger event of the advanced assistant driving system;
and judging whether the harm trigger event is an unacceptable harm trigger event or not according to a preset risk acceptable standard, and if the harm trigger event is the unacceptable harm trigger event, determining a system improvement strategy aiming at the unacceptable harm trigger event.
In an embodiment of the present invention, the item content includes a system architecture, a function specification, and a function operation design domain, and performing hazard analysis on the item content according to a preset function safety standard to obtain a hazard event of the function to be analyzed includes:
determining control commands received by each controller in the system architecture according to the system architecture, the function specifications and the function operation design domain, and determining whether the control commands are hazard event control commands according to the preset function safety standard;
if the control command is a hazard event control command, acquiring the severity and the controllability of a hazard event control behavior corresponding to the hazard event control command;
and if the severity and the controllability of the hazard event control behavior are both larger than a preset threshold, determining that the event caused by the hazard event control behavior is the hazard event of the function to be analyzed.
In an embodiment of the present invention, the determining, according to the system architecture, the functional specification, and the functional operation design domain, a control command received by each controller in the system architecture, and determining, according to the preset functional safety standard, whether the control command is a hazard event control command includes:
drawing a system architecture diagram according to the system architecture, wherein the system architecture comprises a plurality of system elements and a control flow among the plurality of system elements, and the plurality of system elements comprise a controller, a control process and an operating instruction of a driver;
comparing the control flows between the plurality of system elements and the plurality of system elements with the function specification, and determining a control process corresponding to the controller and not conforming to the function specification;
determining control commands received by each controller in the system architecture according to the control process which does not meet the function specification, the operation instruction of the driver and the function operation design domain;
and classifying the control commands received by each controller according to the corresponding relation between the pre-constructed control commands and the command failure condition, and determining the control commands of the hazard events corresponding to the unexpected failure condition.
In an embodiment of the present invention, before the obtaining the item content of the function to be analyzed in the advanced driver assistance system, the method further includes:
acquiring dangers related to human body injuries in vehicle accidents, wherein the dangers related to the human body injuries comprise potential dangerous events;
determining functional safety related items and safety limits of the advanced assistant driving system according to the reverse description of the potential dangerous event;
and determining the preset functional safety standard according to the functional safety related item and the safety limit.
In an embodiment of the present invention, after performing hazard analysis on the item content according to a preset functional safety standard to obtain a hazard event of the function to be analyzed, the method further includes:
the hazard event control commands are combined with ISO21448 and ISO34503 to determine the triggering conditions and functional inadequacies of the hazard events.
In an embodiment of the present invention, determining whether the hazard triggering event is an unacceptable hazard triggering event according to a preset risk acceptability criterion, and if the hazard triggering event is an unacceptable hazard triggering event, determining a system improvement policy for the unacceptable hazard triggering event includes:
acquiring the severity and the controllability of the hazard triggering event;
if the severity of the hazard triggering event is not 0 or the controllability is 0, determining that the hazard triggering event is an unacceptable hazard triggering event;
and adjusting an algorithm of a controller, an algorithm of a sensor and an algorithm of an actuator in the advanced assistant driving system according to the triggering condition and the insufficient function of the unacceptable harm triggering event, and/or realizing safety guarantee by limiting a function operation design domain, and/or adjusting the interaction relation between a human-computer interaction interface and a driver.
In an embodiment of the present invention, the determining, according to a preset risk acceptability criterion, whether the hazard trigger event is an unacceptable hazard trigger event, and if the hazard trigger event is an unacceptable hazard trigger event, determining a system improvement policy for the unacceptable hazard trigger event further includes:
performing virtual environment simulation and real vehicle test on the system improvement strategy through the hazard trigger scene corresponding to the unacceptable hazard trigger event;
and according to the virtual environment simulation and real vehicle test results, performing residual risk assessment on the functions of the advanced assistant driving system, and if the residual risk is within a preset acceptable range, determining that the system improvement strategy is available.
In an embodiment of the present invention, there is further provided an advanced driving assistance expected function safety analysis device, including:
the information acquisition module is used for acquiring the project content of the function to be analyzed in the advanced assistant driving system, and the hazard scene information and accident scene information which are acquired in advance;
the hazard event analysis module is used for carrying out hazard analysis on the project content according to a preset functional safety standard to obtain a hazard event of the function to be analyzed;
the hazard trigger scene generation module is used for generating a hazard trigger scene according to the trigger condition of the hazard event, the pre-acquired hazard scene information and the accident scene information;
the hazard trigger event determining module is used for combining the hazard trigger scene with the insufficient function of the hazard event to obtain a hazard trigger event of the advanced assistant driving system;
and the system improvement module is used for judging whether the harm trigger event is an unacceptable harm trigger event according to a preset risk acceptable standard, and determining a system improvement strategy aiming at the unacceptable harm trigger event if the harm trigger event is the unacceptable harm trigger event.
In an embodiment of the present invention, an electronic device is further provided, including:
one or more processors;
a storage device to store one or more programs that, when executed by the one or more processors, cause the electronic device to implement the advanced assisted driving anticipation function safety analysis method as described above.
In an embodiment of the present invention, there is also provided a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor of a computer, causes the computer to execute the advanced driving assistance expected function safety analysis method as described above.
The invention has the beneficial effects that: firstly, acquiring project contents of functions to be analyzed in an advanced driver assistance system, and pre-acquired hazard scene information and accident scene information; then carrying out hazard analysis on the project content according to a preset functional safety standard to obtain a hazard event of the function to be analyzed; generating a hazard trigger scene according to the trigger condition of the hazard event, the pre-acquired hazard scene information and the accident scene information; combining the harm trigger scene with the insufficient function of the harm event to obtain the harm trigger event of the advanced assistant driving system; and finally, judging whether the harm trigger event is an unacceptable harm trigger event or not according to a preset risk acceptable standard, and if the harm trigger event is an unacceptable harm trigger event, determining a system improvement strategy aiming at the unacceptable harm trigger event. The hazard triggering scene is constructed by combining the pre-collected hazard scene information and accident scene information with the triggering conditions of the hazard event, the hazard scene data can enable the hazard triggering scene to be more real and reliable, and the accident scene data is beneficial to analyzing and positioning the reasons of the expected functional safety. The method combines the measured data, and improves the feasibility and the accuracy of the safety analysis of the advanced driving assistance expected function by identifying the harmful events and confirming the trigger conditions.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
FIG. 1 is a schematic diagram of an implementation environment of an advanced driver assistance expected function safety analysis method according to an exemplary embodiment of the present application;
FIG. 2 is a flow chart illustrating a method for advanced driver assistance anticipation function safety analysis in accordance with an exemplary embodiment of the present application;
FIG. 3 is a system architecture diagram illustrating an exemplary embodiment of the present application;
FIG. 4 is a schematic diagram illustrating control command details in an exemplary embodiment of the present application;
FIG. 5 is a diagram illustrating a correspondence between a control command and a command failure condition according to an exemplary embodiment of the present application;
FIG. 6 is a schematic diagram illustrating hazard event information in accordance with an exemplary embodiment of the present application;
FIG. 7 is a flow chart illustrating a method for advanced driver assistance anticipation function safety analysis in accordance with another exemplary embodiment of the present application;
fig. 8 is a block diagram showing an advanced driving assistance intended function safety analysis apparatus according to an exemplary embodiment of the present application;
fig. 9 shows a schematic structural diagram of a computer system used for implementing the electronic device according to the embodiment of the present application.
Detailed Description
Other advantages and effects of the present invention will become apparent to those skilled in the art from the disclosure of the present specification, wherein the following description is made for the embodiments of the present invention with reference to the accompanying drawings and the preferred embodiments. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It should be understood that the preferred embodiments are illustrative of the invention only and are not limiting upon the scope of the invention.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the drawings only show the components related to the present invention rather than being drawn according to the number, shape and size of the components in actual implementation, and the type, amount and proportion of each component in actual implementation can be changed freely, and the layout of the components can be more complicated.
In the following description, numerous details are set forth to provide a more thorough explanation of embodiments of the present invention, however, it will be apparent to one skilled in the art that embodiments of the present invention may be practiced without these specific details, and in other embodiments, well-known structures and devices are shown in block diagram form, rather than in detail, to avoid obscuring embodiments of the present invention.
Firstly, it should be noted that:
in the existing advanced driving assistance expected function safety analysis method, part of the technologies give analysis steps for misoperation of expected function safety from a test section, and the analysis steps can be as follows: constructing a virtual dangerous scene terrain of the misoperation of the advanced auxiliary driving vehicle in simulation test software; creating a high-grade driving-assistant vehicle misoperation test scene; carrying out a simulation test experiment on the misoperation scene of the simulated advanced assistant driving vehicle; exporting simulation test data; comparing and analyzing the simulation test data and the real vehicle safety test data; judging whether the simulation test data is abnormal or not: if the simulation test data is abnormal, analyzing the reason of misoperation, and debugging and correcting the parameters of the corresponding vehicle decision algorithm; and if the simulation test data is not abnormal, ending the virtual simulation test. The method lacks of a process of identifying the hazard event and triggering condition searching and lacks of explanation on upper layer analysis.
Part of the technology analyzes the error/omission recognition triggering event of the advanced driving assistance vehicle, and can be used for example as follows: analyzing the error/omission recognition trigger event of the advanced driving assistance vehicle to obtain the reason and the scene of the error/omission recognition trigger event; constructing a simulation test scene of error/missing recognition of the advanced driving-assisting vehicle in simulation software and testing, and improving the influence of error/missing recognition on the safety of an expected function; uploading the function performance limit of a system/component of the advanced assistant driving vehicle caused by error/missing identification to a cloud management system for storage; and (4) carrying out severity grading on the functions of the performance limitation, and analyzing the potential occurrence frequency and the detectable degree to take corresponding countermeasures. The method reduces the risk caused by insufficient system performance, but the analysis content lacks support of the data of the hazard event scene.
The main focus of the Safety of the integrated function of the road vehicle is to help find the expected functional design defects of the system, and the performance limitations of the sensors. The focus is on analyzing the system as specified, verifying whether any known dangerous scene conforms to the expected behavior, and performing test traversal on unknown dangerous scenes and reducing or limiting their design operation domain. Some possible system modifications include architecture changes, limitations on system control authority, changes in operation design domain and/or changes in vehicle user interface, etc., and the whole Process requires Hazard Analysis and Risk Assessment (HARA) using STPA (Systems-thermal Process Analysis) method, and functional improvement strategy is proposed for functional deficiency. The functional deficiency may be, for example: in urban roads or expressways, the shadow of the wayside electric wire is mistakenly identified as a lane line by a sensing system, so that the vehicle deviates from the actual lane line, the whole vehicle collides with the road edge or the nearby vehicle, and people are injured or die.
System-theoretical process analysis (STPA) is a hazard analysis technique for analyzing network-physical systems based on system and control theory. The analyzed system elements are a controller, an actuator, a sensor and a controlled process; the focus of the analysis is to determine which controller operations may be harmful to a particular environment. These potentially dangerous control actions may occur due to a lack of controller capability to handle the situation, an inability of the actuator to perform the control action, a lack of control process capability to follow the command, or insufficient sensor feedback. The element types around the controller block diagram comprise mechanical, electrical, software and human, and the complex advanced driving assistance system can be analyzed in detail. In addition to determining the effects of these undesirable control behaviors, STPA causal analysis also determines potential causal factors related to defects in the process and derives specific triggering scenarios. These process defects are functional defects and depend on whether their cause is related to SOTIF or ISO26262 (automatic Safety Integrity Level). Causal factors associated with non-fault limits or misuse will be related to SOTIF, where causal factors characterized by failures are related to ISO26262 and the overall expected functional safety analysis activity flow is shown in figure one.
Referring to fig. 1, fig. 1 is a schematic view of an implementation environment of a safety analysis method for advanced driver assistance anticipation function according to an exemplary embodiment of the present application. The implementation environment comprises a terminal 101, a cloud device 102 and a server 103. The terminal 101 is configured to execute the advanced assistant driving expected function safety analysis method in the embodiment of the application, and the cloud device 102 and the server 103 are configured to store hazard scene information and accident scene information collected in advance, and store item contents of functions to be analyzed in the advanced assistant driving system.
Illustratively, the terminal 101 may perform the following operations: acquiring project contents of functions to be analyzed in the advanced driver assistance system, and pre-collected hazard scene information and accident scene information from the cloud device 102 and the server 103; then carrying out hazard analysis on the project content according to a preset functional safety standard to obtain a hazard event of the function to be analyzed; generating a hazard trigger scene according to the trigger condition of the hazard event, the pre-acquired hazard scene information and the accident scene information; combining the harm trigger scene with the insufficient function of the harm event to obtain the harm trigger event of the advanced assistant driving system; and finally, judging whether the damage trigger event is an unacceptable damage trigger event or not according to a preset risk acceptance standard, if the damage trigger event is the unacceptable damage trigger event, determining a system improvement strategy aiming at the unacceptable damage trigger event, and checking and accepting the system improvement strategy according to a preset strategy checking and accepting standard. And subsequently, the hazard event, the hazard triggering scene and the improvement strategy obtained by the analysis can be transmitted to the cloud device 102 and the server 103 for storage, so as to facilitate the next analysis reference.
The terminal 101 shown in fig. 1 may be a desktop computer, for example. The server 103 shown in fig. 1 may be, for example, an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, a cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like, which is not limited herein. The terminal 101 may communicate with the server 103 through a wireless network such as 3G (third generation mobile information technology), 4G (fourth generation mobile information technology), 5G (fifth generation mobile information technology), and the like, which is not limited herein.
Fig. 2 is a flowchart illustrating an advanced driving assistance intended function safety analysis method according to an exemplary embodiment of the present application. The method provided in the embodiment of the present application may be executed by any electronic device with computing processing capability, for example, the method may be executed by the server 103 or the terminal 101 in the embodiment of fig. 1, or may be executed by the server 103, the cloud 102, and the terminal 101 together. In the following embodiments, the terminal 101 is taken as an example of an execution subject, but the present disclosure is not limited thereto.
Referring to fig. 2, the advanced driving assistance intended function safety analysis method provided by the embodiment of the present application includes at least the following steps S210 to S250.
In step S210, the item content of the function to be analyzed in the advanced driver assistance system, and the hazard scene information and accident scene information collected in advance are acquired.
It should be noted that the project content includes a system architecture, a function specification and function operation design domain, a sensor configuration scheme, domain controller introduction, perception fusion algorithm description, decision algorithm description, an automobile network, a path planning and positioning system description, and a manual operation takeover condition.
In step S220, performing hazard analysis on the item content according to a preset functional safety standard to obtain a hazard event of the function to be analyzed.
In an embodiment of the present application, using the STPA analysis method, analyzing sub-functions may generate full vehicle level hazard events, which may include, for example, unexpected deceleration, unexpected steering loss, etc. STPA analysis does not include risk assessment, and therefore in order to fully assess the damage caused by risk to the human body, it is necessary to use HARA analysis (hazard analysis and risk assessment) for secondary analysis, which is used in ISO26262 to classify primarily the potential risk classes, thereby identifying unacceptable hazards and corresponding control actions, and then to use these hazards in the STPA analysis when identifying undesirable control actions.
In this embodiment, it is determined whether a control command corresponding to the item content can cause a hazard event according to a preset functional safety standard, where the control command that can cause the hazard event is a hazard event control command, and the hazard event control command will cause an undesirable control operation of a controller in the system.
In step S230, a hazard trigger scenario is generated according to the trigger condition of the hazard event, the pre-collected hazard scenario information, and the accident scenario information.
Illustratively, for each expected functional safety full-vehicle level hazard event, the hazard event control commands are combined with ISO21448 and ISO34503 to determine the triggering conditions and functional insufficiency of the hazard event. And combining the triggering conditions of the hazard events with the scene acquisition data and the accident scene data to generate specific scenes, logic scenes and functional scenes triggered by the hazard events. In addition, in an alternative embodiment, the triggering condition of the hazard event may also be combined with ISO34502, the scene acquisition data, and the accident scene data to generate a specific scene, a logical scene, and a functional scene of the hazard event trigger. ISO21448 is an international standard for expected functional safety, ISO34503 is an automatic drive vehicle design operation range (ODD) classification method, and ISO34502 is a scene-based automatic drive safety evaluation engineering framework and process.
In step S240, the hazard triggering scenario is combined with the insufficient function of the hazard event to obtain the hazard triggering event of the advanced driver assistance system.
In step S250, it is determined whether the hazard trigger event is an unacceptable hazard trigger event according to a preset risk acceptance criterion, and if the hazard trigger event is an unacceptable hazard trigger event, a system improvement policy is determined for the unacceptable hazard trigger event.
For example, for functional insufficiency or performance limitation in unacceptable harm trigger events, the proposed improvement measures include but are not limited to adjusting algorithms of a controller end, a sensor end and an actuator end and guaranteeing functional safety of a driving domain by limiting ODD, and for personnel misuse, adjusting the interaction relationship between an HMI and a driver is adopted to reduce the personnel misuse.
Therefore, through the steps S210 to S250, the hazard scene information and the accident scene information which are collected in advance are combined with the trigger condition of the hazard event to construct the hazard trigger scene, the hazard scene data can enable the hazard trigger scene to be more real and reliable, and the accident scene data is beneficial to analyzing and positioning the reason of the expected functional safety. The method combines the measured data, and improves the feasibility and the accuracy of the safety analysis of the advanced driving assistance expected function by identifying the harmful events and confirming the trigger conditions.
In an embodiment of the present application, performing hazard analysis on the item content according to a preset functional safety standard in step S220 shown in fig. 2 to obtain a hazard event of the function to be analyzed, includes the following steps:
determining control commands received by each controller in the system architecture according to the system architecture, the function specifications and the function operation design domain, and determining whether the control commands are hazard event control commands according to the preset function safety standard;
if the control command is a hazard event control command, acquiring the severity and the controllability of a hazard event control behavior corresponding to the hazard event control command;
and if the severity and the controllability of the hazard event control behavior are both greater than preset threshold values, determining that the event caused by the hazard event control behavior is the hazard event of the function to be analyzed.
In one embodiment of the present application, the functional safety criteria include a command failure condition. The above determining the control command received by each controller in the system architecture according to the system architecture, the function specification and the function operation design domain, and determining whether the control command is a hazard event control command according to the preset function safety standard, includes the following steps:
drawing a system architecture diagram according to the system architecture, wherein the system architecture comprises a plurality of system elements and control flows among the plurality of system elements, and the plurality of system elements comprise a controller, a control process and an operating instruction of a driver;
comparing the control flows between the plurality of system elements and the plurality of system elements with the function specification, and determining a control process corresponding to the controller and not conforming to the function specification;
determining control commands received by each controller in the system architecture according to the control process which does not meet the function specification, the operation instruction of the driver and the function operation design domain;
and classifying the control commands received by each controller according to the corresponding relation between the pre-constructed control commands and the command failure condition, and determining the control commands of the hazard events corresponding to the unexpected failure condition.
It should be noted that the specific information of the control command includes a command sender, a command receiver, a command type, a command number, and command details; failure conditions include failure to provide cause of an incident, failure to provide time/sequence error, failure to provide too short/too long of an incident, failure to provide too strong/too weak of an incident.
Exemplarily, referring to fig. 3, fig. 3 is a schematic diagram of a system architecture shown in an exemplary embodiment of the present application. The interaction process between the controller component of the system and the controller and the interaction control command transmission direction between the controller and the driving operator can be known from the figure 3.
Exemplarily, referring to fig. 4, fig. 4 is a detailed schematic diagram of a control command shown in an exemplary embodiment of the present application. The system architecture, function specification and function operation design domain contains interactive control commands between a driver and a controller, and partial control commands can cause hazardous events.
Exemplarily, referring to fig. 5, fig. 5 is a schematic diagram illustrating a correspondence relationship between a control command and a command failure condition according to an exemplary embodiment of the present application. Through the correspondence between the control command and the command failure condition shown in fig. 5, the control command can be classified, and the hazard event control command corresponding to the unexpected failure condition can be determined.
In an embodiment of the present application, through the above steps, a hazard event control command corresponding to an unexpected failure condition may be determined, the severity and the controllability of a hazard event control behavior corresponding to the hazard event control command are obtained, when both the severity and the controllability are greater than zero, it is determined that an event caused by the hazard event control behavior is a hazard event of the function to be analyzed, and the description of the hazard event and the control command and the hazard event corresponding to the hazard event may refer to fig. 6, where fig. 6 is a hazard event information schematic diagram shown in an exemplary embodiment of the present application.
In an embodiment of the present application, before acquiring the item content of the function to be analyzed in the advanced driver assistance system in step S210 shown in fig. 1, the following steps are further included:
acquiring dangers related to human body injuries in vehicle accidents, wherein the dangers related to the human body injuries comprise potential dangerous events;
determining functional safety related items and safety limits of the advanced assistant driving system according to the reverse description of the potential dangerous event;
and determining the preset functional safety standard according to the functional safety related item and the safety limit.
Illustratively, hazards associated with physical injury from human loss are identified, including potential full car-level hazard events, adding personnel to participate in the intended functional safety activities. And (4) rewriting the danger into a safety target of the system, namely defining the safety target of the whole vehicle on the reverse side of the dangerous event, and then confirming the functional safety related items and safety limits of the system. And adding documents such as the function specification, the auxiliary driving function definition, the function operation design domain and the like into the function safety related items and the safety limit to obtain the function safety standard.
In an embodiment of the present application, the determining, in step S250 shown in fig. 1, whether the hazard trigger event is an unacceptable hazard trigger event according to a preset risk acceptability criterion, and if the hazard trigger event is an unacceptable hazard trigger event, determining a system improvement policy for the unacceptable hazard trigger event includes:
acquiring the severity and the controllability of the hazard triggering event;
if the severity of the hazard trigger event is not 0 or the controllability is 0, determining that the hazard trigger event is an unacceptable hazard trigger event;
and adjusting a controller algorithm, a sensor algorithm and an actuator algorithm in the advanced assistant driving system according to the triggering condition and insufficient function of the unacceptable harm triggering event, and/or realizing safety guarantee by limiting a function operation design domain, and/or adjusting an interaction relation between a human-computer interaction interface and a driver.
In an embodiment of the present application, the determining, in step S250 shown in fig. 1, whether the hazard trigger event is an unacceptable hazard trigger event according to a preset risk acceptability criterion, and if the hazard trigger event is an unacceptable hazard trigger event, determining a system improvement policy for the unacceptable hazard trigger event further includes:
performing virtual environment simulation and real vehicle test on the system improvement strategy through a hazard trigger scene corresponding to the unacceptable hazard trigger event;
and performing residual risk assessment on the functions of the advanced assistant driving system according to the virtual environment simulation and the real vehicle test result, and determining that the system improvement strategy is available if the residual risk is within a preset acceptable range.
In an embodiment of the present application, a safety analysis method of an advanced driving assistance expected function in the embodiment of the present application is described in detail with reference to fig. 7. Referring to fig. 7, fig. 7 is a flowchart illustrating an advanced driving assistance intended function safety analysis method according to another exemplary embodiment of the present application, the advanced driving assistance intended function safety analysis method including the steps of:
and acquiring a system architecture, a function specification and a function ODD (Operational Design Domain) corresponding to the function to be analyzed.
And reviewing the system architecture, the functional specification and the functional ODD, and revising system regulations and design, namely drawing a system architecture diagram according to the system architecture.
And performing hazard analysis and risk assessment on the item content corresponding to the function through the preset definition of the related items of the safety of the expected function to obtain the whole vehicle-level hazard event of the safety of the expected function. In this embodiment, the hazard analysis and risk assessment of the item content can be realized through HAZOP analysis, STPA analysis, FTA analysis, and FMEA analysis.
The control commands corresponding to the hazard event are combined with ISO21448 and ISO34503 to determine the expected functional safety triggering conditions and functional insufficiency of the hazard event.
The expected functional safety scenario may be generated by combining the pre-collected scene collection data, accident scenario data, ISO34502, and expected functional safety trigger conditions, for example, specific scenarios, logical scenarios, and functional scenarios including hazard event triggers may be generated. And combining the harm trigger scene with the insufficient functions of the harm events to obtain the harm trigger events of the advanced assistant driving system.
Analyzing the system deficiency according to predefined risk acceptability criteria, namely, judging whether the harm trigger event is an unacceptable harm trigger event, if the harm trigger event is an unacceptable harm trigger event, determining a system improvement strategy aiming at the unacceptable harm trigger event, wherein the system improvement strategy can realize optimized improvement on perception, decision and execution of the system by adjusting algorithms of a controller end, a sensor end and an actuator end and limiting ODD (optical distribution device).
And determining whether the expected function safety verification strategy conforms to a plan according to a preset acceptance standard, if so, verifying the perception, decision and execution optimization improvement of the system in a known hazard scene, evaluating the residual risk of the function of the advanced auxiliary driving system, and if the residual risk is within a preset acceptable range, determining that the system improvement strategy is available. For example, simulation and real-vehicle test verification are performed on the trigger scenario corresponding to the identified hazard event, so that measures for improving functions are applied to iterative design. In addition, large-scale drive tests can be adopted for unknown unsafe scenes to obtain dangers related to physical injuries caused by human body loss, and then the steps are repeated to complete SOTIF analysis.
And finally, judging whether the expected function safety release condition is met, if so, issuing the SOTIF, and completing all SOTIF activity processes.
It should be noted that although the various steps of the methods in this application are depicted in the drawings in a particular order, this does not require or imply that these steps must be performed in this particular order, or that all of the shown steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Embodiments of the apparatus of the present application are described below, which may be used to perform the advanced driving assistance anticipatory function safety analysis method in the above-described embodiments of the present application. Referring to fig. 8, fig. 8 is a block diagram of an advanced driving assistance intended function safety analysis apparatus according to an exemplary embodiment of the present application. The advanced driving assistance expected function safety analysis device comprises an information acquisition module 801, a hazard event analysis module 802, a hazard trigger scene generation module 803, a hazard trigger event determination module 804 and a system improvement module 805.
The information acquisition module 801 is used for acquiring project contents of functions to be analyzed in the advanced driver assistance system, and pre-collected hazard scene information and accident scene information;
a hazard event analysis module 802, configured to perform hazard analysis on the item content according to a preset functional safety standard to obtain a hazard event of the function to be analyzed;
a hazard trigger scene generation module 803, configured to generate a hazard trigger scene according to the trigger condition of the hazard event, the pre-collected hazard scene information, and the accident scene information;
a hazard trigger event determining module 804, configured to combine the hazard trigger scenario with a functional deficiency of the hazard event to obtain a hazard trigger event of the advanced driver assistance system;
a system improvement module 805, configured to determine whether the hazard trigger event is an unacceptable hazard trigger event according to a pre-established risk acceptability criterion, and determine a system improvement policy for the unacceptable hazard trigger event if the hazard trigger event is an unacceptable hazard trigger event.
In an embodiment of the present application, based on the foregoing solution, the hazard event analysis module 802 is configured to:
determining control commands received by each controller in the system architecture according to the system architecture, the function specifications and the function operation design domain, and determining whether the control commands are hazard event control commands according to the preset function safety standard;
if the control command is a hazard event control command, acquiring the severity and the controllability of a hazard event control behavior corresponding to the hazard event control command;
and if the severity and the controllability of the hazard event control behavior are both greater than preset threshold values, determining that the event caused by the hazard event control behavior is the hazard event of the function to be analyzed.
In an embodiment of the present application, based on the foregoing solution, the hazard event analysis module 802 is further configured to:
drawing a system architecture diagram according to the system architecture, wherein the system architecture comprises a plurality of system elements and a control flow among the plurality of system elements, and the plurality of system elements comprise a controller, a control process and an operating instruction of a driver;
comparing the control flows between the plurality of system elements and the plurality of system elements with the function specification, and determining a control process corresponding to the controller and not conforming to the function specification;
determining control commands received by each controller in the system architecture according to the control process which does not meet the function specification, the operation instruction of the driver and the function operation design domain;
and classifying the control commands received by each controller according to the corresponding relation between the pre-constructed control commands and the command failure condition, and determining the control commands of the hazard events corresponding to the unexpected failure condition.
In an embodiment of the present application, based on the foregoing solution, the apparatus further includes a functional safety standard presetting module, where the functional safety standard presetting module is configured to:
acquiring dangers related to human body injuries in vehicle accidents, wherein the dangers related to the human body injuries comprise potential dangerous events;
determining functional safety related items and safety limits of the advanced assistant driving system according to the reverse description of the potential dangerous event;
and determining the preset functional safety standard according to the functional safety related item and the safety limit.
In one embodiment of the present application, based on the foregoing, the system improvement module 805 is configured to:
acquiring the severity and the controllability of the hazard triggering event;
if the severity of the hazard triggering event is not 0 or the controllability is 0, determining that the hazard triggering event is an unacceptable hazard triggering event;
and adjusting an algorithm of a controller, an algorithm of a sensor and an algorithm of an actuator in the advanced assistant driving system according to the triggering condition and the insufficient function of the unacceptable harm triggering event, and/or realizing safety guarantee by limiting a function operation design domain, and/or adjusting the interaction relation between a human-computer interaction interface and a driver.
In one embodiment of the present application, based on the foregoing solution, the advanced driving assistance expected function safety analysis device further includes a policy verification module configured to:
performing virtual environment simulation and real vehicle test on the system improvement strategy through the hazard trigger scene corresponding to the unacceptable hazard trigger event;
and according to the virtual environment simulation and real vehicle test results, performing residual risk assessment on the functions of the advanced assistant driving system, and if the residual risk is within a preset acceptable range, determining that the system improvement strategy is available.
The advanced safety analysis device for the driver assistance expected function combines pre-collected hazard scene information, accident scene information and trigger conditions of hazard events to construct a hazard trigger scene, hazard scene data can enable the hazard trigger scene to be more real and reliable, the accident scene data is beneficial to analyzing and positioning reasons of the expected function safety, and feasibility and accuracy of advanced safety analysis for the driver assistance expected function are improved by recognizing the hazard events and confirming the trigger conditions.
It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which each module and unit execute operations has been described in detail in the method embodiment, and is not described again here.
An embodiment of the present application further provides an electronic device, including: one or more processors; a storage device for storing one or more programs that, when executed by the one or more processors, cause the electronic equipment to implement the advanced driver assistance intended function safety analysis method as described above.
Fig. 9 is a schematic structural diagram of a computer system used for implementing an electronic device according to an embodiment of the present application.
It should be noted that the computer system of the electronic device shown in fig. 9 is only an example, and should not bring any limitation to the functions and the application scope of the embodiments of the present application.
As shown in fig. 9, the computer system 900 includes a Central Processing Unit (CPU) 901, which can perform various appropriate actions and processes, such as executing the method in the above-described embodiment, according to a program stored in a Read-Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. In the RAM 903, various programs and data necessary for system operation are also stored. The CPU 901, ROM 902, and RAM 903 are connected to each other via a bus 904. An Input/Output (I/O) interface 905 is also connected to bus 904.
The following components are connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 909 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage portion 908 including a hard disk and the like; and a communication section 909 including a Network interface card such as a LAN (Local Area Network) card, a modem, and the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 909 and/or installed from the removable medium 911. The computer program executes various functions defined in the system of the present application when executed by a Central Processing Unit (CPU) 901.
It should be noted that the computer readable media shown in the embodiments of the present application may be computer readable signal media or computer readable storage media or any combination of the two. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access Memory (R AM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer-readable signal medium may include a propagated data signal with a computer program embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. The computer program embodied on the computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software or hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
Another aspect of the present application also provides a computer-readable storage medium having stored thereon a computer program, which, when executed by a processor of a computer, causes the computer to execute the advanced assisted driving anticipation function safety analysis method as described above.
Another aspect of the application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the advanced driving assistance expected function safety analysis method provided in the above-described embodiments.
According to an aspect of an embodiment of the present application, there is also provided a computer system including a Central Processing Unit (CPU) that can perform various appropriate actions and processes, such as performing the method in the above-described embodiment, according to a program stored in a Read-Only Memory (ROM) or a program loaded from a storage portion into a Random Access Memory (RAM). In the RAM, various programs and data necessary for system operation are also stored. The CPU, ROM, and RAM are connected to each other via a bus. An Input/Output (I/O) interface is also connected to the bus.
The following components are connected to the I/O interface: an input section including a keyboard, a mouse, and the like; an output section including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section including a hard disk and the like; and a communication section including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section performs communication processing via a network such as the internet. The drive is also connected to the I/O interface as needed. A removable medium such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive as necessary, so that a computer program read out therefrom is mounted into the storage section as necessary.
The above description is only a preferred exemplary embodiment of the present application, and is not intended to limit the embodiments of the present application, and those skilled in the art can easily make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. An advanced driving assistance expected function safety analysis method, characterized by comprising:
acquiring project content of a function to be analyzed in the advanced driver assistance system, and pre-collected hazard scene information and accident scene information;
performing hazard analysis on the project content according to a preset functional safety standard to obtain a hazard event of the function to be analyzed;
generating a hazard trigger scene according to the trigger condition of the hazard event, the pre-acquired hazard scene information and the accident scene information;
combining the harm trigger scene with the function insufficiency of the harm event to obtain the harm trigger event of the advanced assistant driving system;
and judging whether the harm trigger event is an unacceptable harm trigger event or not according to a preset risk acceptable standard, and if the harm trigger event is an unacceptable harm trigger event, determining a system improvement strategy aiming at the unacceptable harm trigger event.
2. The advanced driving assistance expected function safety analysis method according to claim 1, wherein the project content comprises a system architecture, a function specification and a function operation design domain, and performing hazard analysis on the project content according to a preset function safety standard to obtain a hazard event of the function to be analyzed comprises:
determining control commands received by each controller in the system architecture according to the system architecture, the function specifications and the function operation design domain, and determining whether the control commands are hazard event control commands according to the preset function safety standard;
if the control command is a hazard event control command, acquiring the severity and the controllability of a hazard event control behavior corresponding to the hazard event control command;
and if the severity and the controllability of the hazard event control behavior are both larger than a preset threshold, determining that the event caused by the hazard event control behavior is the hazard event of the function to be analyzed.
3. The advanced assistant driving expectation function safety analysis method according to claim 2, wherein the functional safety standard comprises a command failure condition, and the determining, according to the system architecture, the functional specification and the functional operation design domain, the control command received by each controller in the system architecture and the preset functional safety standard whether the control command is a hazard event control command comprises:
drawing a system architecture diagram according to the system architecture, wherein the system architecture comprises a plurality of system elements and control flows among the plurality of system elements, and the plurality of system elements comprise a controller, a control process and an operating instruction of a driver;
comparing the control flows between the plurality of system elements and the plurality of system elements with the function specification, and determining a control process corresponding to the controller and not conforming to the function specification;
determining control commands received by each controller in the system architecture according to the control process which does not meet the function specification, the operation instruction of the driver and the function operation design domain;
and classifying the control commands received by each controller according to the corresponding relation between the pre-constructed control commands and the command failure condition, and determining the control commands of the hazard events corresponding to the unexpected failure condition.
4. The advanced driver assistance expected function safety analysis method according to claim 1, wherein before acquiring item contents of functions to be analyzed in the advanced driver assistance system, the method further comprises:
acquiring dangers related to human body injuries in vehicle accidents, wherein the dangers related to the human body injuries comprise potential dangerous events;
determining functional safety related items and safety limits of the advanced assistant driving system according to the reverse description of the potential dangerous event;
and determining the preset functional safety standard according to the functional safety related item and the safety limit.
5. The advanced assistant driving expectation function safety analysis method according to claim 1 or 2, wherein after performing hazard analysis on the item content according to a preset function safety standard and obtaining a hazard event of the function to be analyzed, the method further comprises:
the hazard event control commands are combined with ISO21448 and ISO34503 to determine the triggering conditions and functional inadequacies of the hazard events.
6. The advanced assistant driving expectation function safety analysis method according to claim 5, wherein whether the hazard trigger event is an unacceptable hazard trigger event is judged according to a preset risk acceptance criterion, and if the hazard trigger event is an unacceptable hazard trigger event, a system improvement strategy is determined for the unacceptable hazard trigger event, and the method comprises the following steps:
acquiring the severity and the controllability of the hazard triggering event;
if the severity of the hazard trigger event is not 0 or the controllability is 0, determining that the hazard trigger event is an unacceptable hazard trigger event;
and adjusting an algorithm of a controller, an algorithm of a sensor and an algorithm of an actuator in the advanced assistant driving system according to the triggering condition and the insufficient function of the unacceptable harm triggering event, and/or realizing safety guarantee by limiting a function operation design domain, and/or adjusting the interaction relation between a human-computer interaction interface and a driver.
7. The advanced assistant driving anticipation function safety analysis method of claim 1, wherein the determining whether the hazard trigger event is an unacceptable hazard trigger event according to a preset risk acceptance criterion, and if the hazard trigger event is an unacceptable hazard trigger event, after determining a system improvement strategy for the unacceptable hazard trigger event, further comprises:
performing virtual environment simulation and real vehicle test on the system improvement strategy through a hazard trigger scene corresponding to the unacceptable hazard trigger event;
and performing residual risk assessment on the functions of the advanced assistant driving system according to the virtual environment simulation and the real vehicle test result, and determining that the system improvement strategy is available if the residual risk is within a preset acceptable range.
8. An advanced driving assistance expected function safety analysis apparatus, characterized in that the apparatus comprises:
the information acquisition module is used for acquiring the project content of the function to be analyzed in the advanced assistant driving system, and the hazard scene information and accident scene information which are acquired in advance;
the hazard event analysis module is used for carrying out hazard analysis on the project content according to a preset functional safety standard to obtain a hazard event of the function to be analyzed;
the hazard trigger scene generation module is used for generating a hazard trigger scene according to the trigger condition of the hazard event, the pre-acquired hazard scene information and the accident scene information;
the hazard trigger event determining module is used for combining the hazard trigger scene with the insufficient function of the hazard event to obtain the hazard trigger event of the advanced assistant driving system;
and the system improvement module is used for judging whether the harm trigger event is an unacceptable harm trigger event according to a preset risk acceptable standard, and determining a system improvement strategy aiming at the unacceptable harm trigger event if the harm trigger event is the unacceptable harm trigger event.
9. An electronic device, characterized in that the electronic device comprises:
one or more processors;
storage means for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement the advanced driver assistance expected functionality safety analysis method of any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which, when being executed by a processor of a computer, causes the computer to carry out the advanced driver assistance expected functionality safety analysis method according to any one of claims 1 to 7.
CN202211216224.7A 2022-09-30 2022-09-30 Advanced driving assistance expected function safety analysis method, device, equipment and medium Pending CN115384530A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211216224.7A CN115384530A (en) 2022-09-30 2022-09-30 Advanced driving assistance expected function safety analysis method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211216224.7A CN115384530A (en) 2022-09-30 2022-09-30 Advanced driving assistance expected function safety analysis method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN115384530A true CN115384530A (en) 2022-11-25

Family

ID=84127701

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211216224.7A Pending CN115384530A (en) 2022-09-30 2022-09-30 Advanced driving assistance expected function safety analysis method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN115384530A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115601856A (en) * 2022-12-15 2023-01-13 中国汽车技术研究中心有限公司(Cn) Method and equipment for determining safety test scene of expected function of automatic driving system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115601856A (en) * 2022-12-15 2023-01-13 中国汽车技术研究中心有限公司(Cn) Method and equipment for determining safety test scene of expected function of automatic driving system
CN115601856B (en) * 2022-12-15 2023-04-18 中国汽车技术研究中心有限公司 Method and equipment for determining safety test scene of expected function of automatic driving system

Similar Documents

Publication Publication Date Title
Abdulkhaleq et al. A comprehensive safety engineering approach for software-intensive systems based on STPA
US20170236234A1 (en) Risk management method and system for a land transporation system
Picard et al. Ensuring dataset quality for machine learning certification
EP3059676B1 (en) A method and apparatus for analyzing the availability of a system, in particular of a safety critical system
CN115384530A (en) Advanced driving assistance expected function safety analysis method, device, equipment and medium
Mader et al. Automatic and optimal allocation of safety integrity levels
Kläs et al. Using Complementary Risk Acceptance Criteria to Structure Assurance Cases for Safety-Critical AI Components.
CN112598223A (en) Nuclear power state oriented law accident rule completeness inspection method and system, electronic equipment and storage medium
Paglioni et al. Unified definitions for dependency in quantitative human reliability analysis
Klück et al. An empirical comparison of combinatorial testing and search-based testing in the context of automated and autonomous driving systems
Chen et al. Identifying accident causes of driver-vehicle interactions using system theoretic process analysis (stpa)
Duracz et al. Using rigorous simulation to support ISO 26262 hazard analysis and risk assessment
Rangra et al. On the study of human reliability in transportation systems of systems
Osman et al. Run-time safety monitoring framework for AI-based systems: Automated driving cases
Wotawa On the Use of Available Testing Methods for Verification & Validation of AI-based Software and Systems.
Saeed et al. Cost and effectiveness of search-based techniques for model-based testing: an empirical analysis
CN115220430A (en) Fusion target verification method and device with redundancy function, electronic equipment and computer-readable storage medium
Chen et al. Taming functional deficiencies of automated driving systems: A methodology framework toward safety validation
Chow et al. Certified control: A new safety architecture for autonomous vehicles
Zhen-Hua et al. Application of PREEvision Software to Realize Vehicle Functional Safety Development
Hou et al. Attributes based bayesian unknown hazards assessment for digital twin empowered autonomous driving
Shadrin et al. Autonomous Vehicles Safety Provision Before and During Operation on Public Roads
Chen et al. A System-Based Safety Assurance Framework for Human-Vehicle Interactions
Hadj-Mabrouk Case-based reasoning for safety assessment of critical software
Moraru et al. Prerequisites for Safety Diagnostic and Risk Analysis Integration in Complex Industrial Facilities.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination