ADF must fundamentally ensure safety, even when the real-life driving context changes. Simultaneously, it’s crucial to consider its operation under specific conditions and states. It’s assumed that the system has redundancy, allowing the ADF to perform a fallback at all times. However, system redundancy isn’t inherently designed but needs to be defined through a safety analysis. Consequently, any supplementary information pertinent to the vehicle’s safe operation must be effectively relayed to the driver. A testing methodology based on simulation offers a structured way to assess the system’s operational state under a broad range of conditions.The following generally accepted operational scenarios may be considered:
– Not operational – ADF not available
– Operational without notifications – ADF available but unobservable state
– Operational with some notifications – ADF available with limitations on the state
– Operational with all notifications available – ADF available
Main Question
Are the ADF states defined (e.g. non-operational, operational without notifications, operational with some notifications, operational with all notifications available)?
Sub-Questions
- Are the criteria or conditions surrounding the states of ADF identified?
- Have the triggers for state transition identified?
- Do the defined states cover the overall design and operation of the ADF?
- Are the mechanisms for transitions between these operational states clearly described?
- Are any conditions or scenarios where the ADF might transition between states unexpectedly?
- Is there a defined mechanism for the how and what the notificaitions would be in each of the state (if applicable) ?