On April 12, 2018, kVA hosted a free forum in San Jose, California on autonomy and safety.
The idea of the forum was to bring together leading experts working on autonomy, so as to have an open discussion on developing safer autonomous vehicles. It is difficult to separate the word safety from the word autonomous, as the two have become nearly synonymous, but within the month leading up to the forum, the world unfortunately was presented with two fatalities, within a five-day period, due to autonomous technologies. As engineers and developers, we have not done enough and we must push beyond the ordinary borders, prompting kVA to host a free, open forum on these points.
If we are all truly here to push forward a technology that saves lives, then we should also be open to sitting at the same table and discussing safety.
The forum started out with a presentation from kVA’s Managing Partner, Bill Taylor, on Level 4/5 autonomous driving, addressing the difficult question of, “What will it take to assure safety for widespread adoption?” Several unsolved problems were listed, including the need for methods to determine validation mileage, and a demand for common language to describe functional behaviors. But the #1 need in the industry cited was the need for improved Safety Culture.
Next, Dr. Mark Costin, Distinguished Functional Safety Engineer at NVIDIA, spoke on the upcoming ISO 21448 standard, better known as Safety of the Intended Functionality, or SOTIF. He discussed the difference between the SOTIF standard and the standard on Functional Safety, ISO 26262. The main difference is that the ISO 26262 standard focuses on the malfunctioning behavior of electronics and software, such as a sensor being stuck high or low, whereas the ISO 21448 standard focuses on the limitations of the normal operation of electronics and software, such as a camera in dense fog. Fog is not a malfunction of electronics; it is a possible environment for any vehicle. However, fog causes issues for some sensor technologies, and addressing these issues is the intent of a standard like the ISO 21448 standard.
ISO 21448 breaks all of our real-life scenarios into 4 areas, with the “Unknown, Unsafe” area being of the greatest concern as we can only test, simulate and use statistical analysis to reduce this area to an acceptable risk amount. One question from the crowd asked why only a draft of the ISO 21448 standard is available in 2018, which is only intended to be applied to functions up to Level 2, when we have Level 3, 4 vehicles on the road? Mark responded that it can be considered for higher levels, however, additional measures will be necessary.
The last speaker was Nathan Äschbacher, Chief Technology Officer at PolySync Technologies, Inc., who addressed the complexities of software development for autonomous vehicles. He challenged the audience to think about whether or not current approaches for software development are sufficient for safety assurance in autonomous vehicles. He discussed how the industry needs to really evaluate the software infrastructure and tooling for us to be able to realize true production platforms. He stated that we must go way beyond just developing automotive software in C and using MISRA-C as a sense of protection. His belief is that we need to dig deeper into the computer science fundamentals and not assume that Software Engineers have done enough to assure safety assured software.
kVA would like to thank all contributors and attendees for coming to the Autonomy Safety Forum.