Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safety and Automated Driving Systems Kyle Vogt, Cruise, October 28, 2015.

Published byLetitia Richards Modified over 9 years ago

Similar presentations

Presentation on theme: "Safety and Automated Driving Systems Kyle Vogt, Cruise, October 28, 2015."— Presentation transcript:

1 Safety and Automated Driving Systems Kyle Vogt, Cruise, October 28, 2015

2 The issue at hand: How do you know a vehicle is safe enough? 2

3 What exists? The Law FMVSS 3 NHTSA / DMV Turns out, it doesn’t tell us

4 What exists? Standards 4 Industry Standards Best Practices

5 Digging deeper… Combine everything that exists  Meet it or Beat it 5 AVs Problem is you could follow what exists, and still end up with an unsafe product because ADS’s add complexity that the existing base does not address. We have to do more.

6 c Where are some of the holes? 6 c Hazard Analysis Methods Lack of specificity Behavioral Requirements

7 Why are traditional hazard analysis techniques not enough? Bottom up approach misses system-level problems – component interactions Rely on chain of event causation model Not good for software 1 2 3

8 8 How to address those problems Hazards Design and implementation Safety STPA

9 Testing and Validation 9 What’s challenging about ADSs? Complexity How do you build safe complex systems? Solid process and simulation

10 The path to driverless 10 Naturalistic testing is extremely useful, and key for validation, but cannot accomplish necessary coverage To get on the road, the only legitimate way to know a system is safe will be through extensive simulation

11 Thank you. 11

12 Appendix A: Example of weakness of traditional hazard analysis Bhopal accident December 1984, pesticide plant gas leak in Bhopal, India, exposing over 500,000 people to toxic gas None of the safety devices worked Seems incredibly unlikely that all safety systems would fail at once, but in reality, they were not independent failures Traditional methods only consider limited set of causes and miss the more systemic causes (e.g. financial pressure, poor hiring, failure to heed prior warnings) 12

13 Appendix B: Reactor example Chemical reactor: Computer controls (1) flow of catalyst into reactor and (2) flow of water into reflux condenser to cool off reaction Sensors warn of problems If fault detected, computer programmed to leave variables as is, and simply sound alarm 13

14 Extra - actions taken from STPA results Comprehensive analysis of specific social human driving behaviors Crucial point is requirements, have to have top notch requirements that are derived from safety constraints Create behavioral situations that you can test against, and Test them, extensive simulation Real world experience 14

Download ppt "Safety and Automated Driving Systems Kyle Vogt, Cruise, October 28, 2015."

Similar presentations

Preventing the Rear-end Accident

Preventing the Rear-end Accident
Mr.B.L.Prabhu, Safety Officer Boiler Safety Measures.

Mr.B.L.Prabhu, Safety Officer Boiler Safety Measures.
Hazard and Operability Study

Hazard and Operability Study
1 2.3a The BHOPAL Incident India, 2 Dec 84 Presented to ES-317y at UWO in 1999. Dick Hawrelak.

1 2.3a The BHOPAL Incident India, 2 Dec 84 Presented to ES-317y at UWO in Dick Hawrelak.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
International Dimensions of Ethics Adopted from The Bhopal Plant Disaster, IDEESE Case Study Series, © 2008 IDEESE Case Study: The Bhopal Plant Disaster.

International Dimensions of Ethics Adopted from The Bhopal Plant Disaster, IDEESE Case Study Series, © 2008 IDEESE Case Study: The Bhopal Plant Disaster.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
Introduction To Some of the Worst Engineering Failures EML3004C – Fall 2002.

Introduction To Some of the Worst Engineering Failures EML3004C – Fall 2002.
Smartbrake Reducing Accidents smartbrake.com.au Smartbrake Presentation.

Smartbrake Reducing Accidents smartbrake.com.au Smartbrake Presentation.
University of Southern California Center for Systems and Software Engineering ©USC-CSSE1 3/18/08 (Systems and) Software Process Dynamics Ray Madachy USC.

University of Southern California Center for Systems and Software Engineering ©USC-CSSE1 3/18/08 (Systems and) Software Process Dynamics Ray Madachy USC.
1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.

1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
CSE 466 – Fall 2000 - Introduction - 1 Safety  Examples  Terms and Concepts  Safety Architectures  Safe Design Process  Software Specific Stuff 

CSE 466 – Fall Introduction - 1 Safety  Examples  Terms and Concepts  Safety Architectures  Safe Design Process  Software Specific Stuff 
Safety of Nuclear Power Reactors Final Presentation ESL 598.04 Fall 2006 Anatoliy Borodin.

Safety of Nuclear Power Reactors Final Presentation ESL Fall 2006 Anatoliy Borodin.
1 Joe Meehean. 2 Testing is the process of executing a program with the intent of finding errors. -Glenford Myers.

1 Joe Meehean. 2 Testing is the process of executing a program with the intent of finding errors. -Glenford Myers.
SAFE 605: Principles of Safety Engineering Overview of Safety Engineering Safety Engineering Concepts.

SAFE 605: Principles of Safety Engineering Overview of Safety Engineering Safety Engineering Concepts.
Unit 3a Industrial Control Systems

Unit 3a Industrial Control Systems
STAMP A new accident causation model using Systems Theory (vs

STAMP A new accident causation model using Systems Theory (vs
A System Theory Approach to Hazard Analysis Mirna Daouk

A System Theory Approach to Hazard Analysis Mirna Daouk

Similar presentations

Ads by Google