For the introduction of driver assistance systems and autonomous vehicles, the SOTIF (Safety Of The Intended Functionality) standard has brought a shift in the safety case. SOTIF attempts to mitigate the risks of an automated vehicle system by ensuring that as many scenarios and edge cases have been uncovered during the development process, and that the system has been tested against these cases in order to establish confidence in the handling of the situation. In the SOTIF definition these are known as unknown-unsafe scenarios. The SOTIF standard essentially tries to make sure that suppliers have put in place methods in order to reduce the number of unknown-unsafe scenarios by applying sufficient exploration and testing.
The main challenge is to have an objective, robust and scalable process in place to generate as much of the scenarios as possible, taking into account the variability of both static and dynamic components. The database of known and (previously) unknown scenarios grows over time and drives the engineering process. Simply put: the more scenarios that can be evaluated, the safer the system becomes.
To help OEMs and AV-suppliers adhere to the new standard, Siemens has developed a proprietary methodology called Critical Scenario Creation. It systematically and automatically generates a pool of scenarios for a specific operational domain based on a map of the scene and recorded data. Critical Scenario Creation gives an objective indication of the severity of the risk with a severity indicator, which combines a KPI for criticality with a proprietary KPI for novelty. This normalized severity value essentially provides an objective indication of exactly how unsafe and unknown a scenario is.
The tool can also be used by cities and traffic planners to identify problem areas and design and implement infrastructure that minimizes risk and maximizes safe operations.
By adopting and implementing the Critical Scenario Creation process, OEMs and AV suppliers can have a methodology to automatically generate unknow-unsafe scenarios derived from the SOTIF standards. When proceeding with discovering unknown-unsafe scenarios, the robustness and accuracy of the digital twin for the vehicle and the environment are important. Understanding the operational domain and the variability of all the static and dynamic actors in the scenario to capture their effects is essential as well. The ultimate challenge, being able to quantify what constitutes criticality in the scenario, has been addressed through Siemens’ patent on the novelty factor.
Critical Scenario Creation is offered as a service in the Simcenter portfolio. The output can be delivered as simulation scenarios in Simcenter Prescan, which provides the robust and accurate digital twin required for such analysis, or as an OpenScenario standard file. Simcenter Prescan is a simulation platform accelerating development and validation of ADAS and automated vehicle functionality. It provides a toolchain that enables engineers to create a digital twin of a vehicle under development including sensors and the world, and to conduct large scale V&V for ADAS/AV development, leveraging a comprehensive digital twin.
To sum up, Critical Scenario Creation enables discovering the scenarios which are deemed unsafe according to SOTIF. This will reduce the risk of autonomous vehicles toward other road users and speed up their deployment in the public realm.