by Javier Ibanez-Guzman and Christian Laugier
Motor vehicles are becoming complex-networked mobile computers. Modern vehicles include numerous networked microprocessor-based Electronic Control Units (ECUs) ensuring multiple vehicle functionalities that include safety critical functions. As a comparison, a Boeing 787 Dreamliner requires about 6.5 million lines of software code to operate its avionics and on board support systems. By 2009, it was estimated that a luxury vehicle should run on close to 100 million lines of software code on 70 to 100 networked ECUs . Currently, the rapid introduction of sensor-based driving assistance systems, digital maps for navigation plus vehicle connectivity means a rapid increase in the use of software for safety related functions leading to platforms under full computer control and hence autonomous driving .
The degree of motor vehicles’ dependence on software is currently increasing exponentially. Components are sourced from 1st and 2nd tier suppliers, and are assembled by vehicle open end manufacturers (OEMs). Further, there are growing interdependencies between components. For example, an autonomous emergency braking system (AEB) is connected to a perception component, which operates using vehicle embedded data. The detected object is sent to a controller and the brake actuator is activated as well as the vehicle’s longitudinal control. Different software dependent components interact and must operate concurrently; most of them originate from different suppliers, operate at different frequencies and handle different types of data. Consequently it can be difficult to integrate such functions. A vehicle OEM needs to ensure safe operation, which imposes important design constraints and a complex validation process. For safety related systems, performing full tests remains a challenge given the degree of risk involved in certain situations, for example, AEB applied to pedestrian safety.
Advances in intelligent vehicle technology should lead to vehicles under full computer control within the next few years. Most major vehicle OEMs have research programmes in this area. This potential was demonstrated by the technological push made by Google Inc. with their ‘Google Cars’ . They have converted existing passenger vehicles into fully autonomous vehicles, demonstrating that commercial hardware for such a capability is available with autonomous capabilities attained through the implementation of advanced software . Autonomous vehicles are ‘systems of systems’ where different sensor, actuation and decision making functions operate concurrently and react as a function of the environment the vehicle traverses. Figure 1 shows a typical architecture for the software-based components of an Intelligent Vehicle. It does not include all the mechanisms for controlling vehicle accessories or engine control, etc. Each of the systems shown is software dependent, most have to deal with different levels of uncertainty due to sensor limitations, vehicle response and incomplete information, as well as the actions of other entities sharing the vehicle work space. Intelligent Vehicles are only one component of much larger systems, namely Intelligent Systems where connectivity facilitates the interaction between these platforms and their ecosystem, eg road infrastructure sensors, traffic information, other transportation systems, etc. That is, there will be a continuum interaction with these elements through the ‘Internet of Things’ paradigm.
As software becomes more complex, there is the need for systematic development and validation methods, and these need to be beyond the classical sensor-based and model-based approaches. There is the need to guarantee high integrity levels in a theoretical manner, that is to use analytical and formal methods that ensure that computer controlled vehicles are inherently safe.
Vehicles operate in uncertain environments: despite purpose-designed road infrastructure and traffic laws, unexpected situations occur resulting in accidents which are mainly caused by human driver error. Sensor-based algorithms are used to reduce driver error and algoithms for autonomous driving handle unexpected events when driving in standard traffic conditions. To enhance safety, the risk of an accident occurring has to be evaluated by the on board decision-making mechanisms. This can be estimated by identifying the difference between the driver’s intention and expectation of the driver’s reaction with respect to the spatio-temporal relationship between the subject vehicle and other entities sharing the same road segment.
For example, when addressing risk assessment at road intersections to command driving assistance systems, a software-based solution would use data available in current standard vehicles and navigation systems as well as the sharing of information between vehicles using V2V wireless communications links . The problem is formulated as a Bayesian inference problem, the solution demonstrated experimentally and through simulation means . However, it remains difficult to demonstrate that the proposed solution is inherently safe. That is, unlike other domains, it is difficult to make any theoretical demonstration regarding the attainable level of safety.
If Intelligent Vehicles are to become computer controlled, guaranteeing their reliability and robustness is a major challenge. To lessen the effects of software complexity the automotive industry has formed the “Automotive Open System Architecture” (AUTOSAR), a consortium whose purpose is to standardize basic software functionality, leverage scalability to multiple platforms, ensure software transferability, etc. There are also associated norms that address partially different issues. However, there is a very strong need for software oriented validation methods and underlying theories. If vehicles are to run autonomously, their validation on punctual use cases and extensive testing might not suffice.
Vehicle connectivity enables the sharing of information between vehicles and with the infrastructure. It allows interaction through various communication channels with other services and with the Internet. However, it makes vehicles vulnerable to hacking, spoofing, etc. Thus, the development of encryption methods under the constraint of preserving user privacy is currently underway.
 R.N. Charette: “This Car Runs on Code”, in IEEE Spectrum, February 2009, http://spectrum.ieee.org/green-tech/advanced-cars/this-car-runs-on-code, accessed May 2013
 J. Ibanez-Guzman, C. Laugier, J-D Yoder, S. Thrun: “Autonomous Driving: Context and State-of-the-Art, in Handbook of Intelligent Vehicles”, Ed. A. Eskandarian, pp 1271-1310, Springer, New York 2011
 S. Lefevre, J. Ibanez Guzman, C. Laugier: “Risk Assessment at Road Intersections: Comparing Intention and Expectation”, in proc. IEEE Intelligent Vehicles Symposium IV2012, Alcalá de Henares, June 2012.
Tel: +33 1 768 57576