Given that a single object can trigger multiple events leading to multiple possible responses by the driving automation function, defining the OEDR capabilities can become highly complex. A potential solution to manage this complexity is to establish logical rules for the combination of object-event-response, for example, Object A cannot trigger Event B, etc. Consequently, the theoretical number of combinations (#O x #E x #R) is reduced to the number of feasible combinations.
ODD and OEDR allow the derivation of logical scenarios. Logical scenarios, in combination with requirements, form the input for testing the architecture response. Thorn et al. (2018) suggest three testing techniques, i.e. modelling and simulation, closed-track testing and open-road testing, which constitute a three-pillar approach becoming a standard in validating complex ADF features. Test procedures can vary depending also on the selected tools, but should always aim at “achieving repeatability, reliability, and practicality” (Thorn et al., 2018). ODD limit here includes also the continued operation during a take-over request until the driver has taken over the control or a minimal risk manoeuvre starts. Operation during the minimal risk manoeuvre shall also be covered in an appropriated way.
Main Question
Is a verification / analysis completed to ensure that the selected architecture responds to any (relevant) object when the ADF is operating within the ODD limit?
Sub-Questions
- Does the analyis consider all of the logical rules for the combination of object-event-response?
References
- Thorn, E., Kimmel, S., Chaka, M. (2018) A Framework for Automated Driving System Testable Cases and Scenarios. Available at: https://rosap.ntl.bts.gov/view/dot/38824 (Accessed: 25 May 2024)