Safe-AV: A Fault Tolerant Safety Architecture for Autonomous Vehicles

Abstract

Autonomous Vehicles (AVs) should result in tremendous benefits to safe human transportation. Recent reports indicate a global average of 3,287 road crash related fatalities a day with the blame, in most cases, assigned to the human driver. By replacing the main cause, AVs are predicted to significantly reduce road accidents -- some claiming up to a 90% reduction on US roads. However, achieving these numbers is not simple. AVs are expected to assume tasks that human drivers perform both consciously and unconsciously -- in some instances, with Machine Learning. AVs incur new levels of complexity that, if handled incorrectly, can result in failures that cause loss of human life and damage to the environment. Accidents involving SAE Level 2 vehicles have highlighted such failures and demonstrated that AVs have a long way to go. The path towards safe AVs includes system architectures that provide effective failure monitoring, detection and mitigation. These architectures must produce AVs that degrade gracefully and remain sufficiently operational in the presence of failures. We introduce Safe-AV, a fault tolerant safety architecture for AVs that is based on the commonly adopted E-Gas 3 Level Monitoring Concept, the Simplex Architecture and guided by a thorough hazard analysis in the form of Systems-Theoretic Process Analysis (STPA). We commenced the architecture design with a review of some modern AV accidents which helped identify the types of failures AVs can present and acted as a first step to our STPA. The hazard analysis was applied to an initial AV architecture (without safety mechanisms) consisting of components that should be present in a typical AV (based on the literature and our ideas). Our STPA identified the system level accidents, hazards and corresponding loss scenarios that led to well-founded safety requirements which, in turn, evolved the initial architecture into Safe-AV.