Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Simulation-based Testing of Foreseeable Misuse by the Driver applicable for Highly Automated Driving

Milin Patel, Rolf Jung, Yasin Cakir

TL;DR

This work addresses Foreseeable Misuse (FM) in Highly Automated Driving (HAD) by linking ISO 21448 SOTIF guidance to driver–system interactions. It proposes a simulation-based testing workflow for FM, focusing on Driver-Vehicle Interface design and Driver-System Interactions within a highway lane-change scenario where lane-marking cues are degraded. The methodology uses a driving simulator and IPG CarMaker to model a TGAS-enabled Ego-Vehicle, a Take-Over Request (TOR), and potential driver mis-takeover leading to a lane departure, with Minimal Risk Maneuver (MRM) as a safety fallback. The study demonstrates end-to-end implementation of FM testing with an emphasis on DVI design, while acknowledging limitations of a static simulator and outlining future directions such as STPA-based analysis of DSI and more rigorous FM mitigation assessment. The work contributes to safer HAD transitions by integrating DVI/DSI considerations into FM-focused simulation strategies.

Abstract

With Highly Automated Driving (HAD), the driver can engage in non-driving-related tasks. In the event of a system failure, the driver is expected to reasonably regain control of the Automated Vehicle (AV). Incorrect system understanding may provoke misuse by the driver and can lead to vehicle-level hazards. ISO 21448, referred to as the standard for Safety of the Intended Functionality (SOTIF), defines misuse as usage of the system by the driver in a way not intended by the system manufacturer. Foreseeable Misuse (FM) implies anticipated system misuse based on the best knowledge about the system design and the driver behaviour. This is the underlying motivation to propose simulation-based testing of FM. The vital challenge is to perform a simulation-based testing for a SOTIF-related misuse scenario. Transverse Guidance Assist System (TGAS) is modelled for HAD. In the context of this publication, TGAS is referred to as the "system," and the driver is the human operator of the system. This publication focuses on implementing the Driver-Vehicle Interface (DVI) that permits the interactions between the driver and the system. The implementation and testing of a derived misuse scenario using the driving simulator ensure reasonable usage of the system by supporting the driver with unambiguous information on system functions and states so that the driver can conveniently perceive, comprehend, and act upon the information.

Simulation-based Testing of Foreseeable Misuse by the Driver applicable for Highly Automated Driving

TL;DR

This work addresses Foreseeable Misuse (FM) in Highly Automated Driving (HAD) by linking ISO 21448 SOTIF guidance to driver–system interactions. It proposes a simulation-based testing workflow for FM, focusing on Driver-Vehicle Interface design and Driver-System Interactions within a highway lane-change scenario where lane-marking cues are degraded. The methodology uses a driving simulator and IPG CarMaker to model a TGAS-enabled Ego-Vehicle, a Take-Over Request (TOR), and potential driver mis-takeover leading to a lane departure, with Minimal Risk Maneuver (MRM) as a safety fallback. The study demonstrates end-to-end implementation of FM testing with an emphasis on DVI design, while acknowledging limitations of a static simulator and outlining future directions such as STPA-based analysis of DSI and more rigorous FM mitigation assessment. The work contributes to safer HAD transitions by integrating DVI/DSI considerations into FM-focused simulation strategies.

Abstract

With Highly Automated Driving (HAD), the driver can engage in non-driving-related tasks. In the event of a system failure, the driver is expected to reasonably regain control of the Automated Vehicle (AV). Incorrect system understanding may provoke misuse by the driver and can lead to vehicle-level hazards. ISO 21448, referred to as the standard for Safety of the Intended Functionality (SOTIF), defines misuse as usage of the system by the driver in a way not intended by the system manufacturer. Foreseeable Misuse (FM) implies anticipated system misuse based on the best knowledge about the system design and the driver behaviour. This is the underlying motivation to propose simulation-based testing of FM. The vital challenge is to perform a simulation-based testing for a SOTIF-related misuse scenario. Transverse Guidance Assist System (TGAS) is modelled for HAD. In the context of this publication, TGAS is referred to as the "system," and the driver is the human operator of the system. This publication focuses on implementing the Driver-Vehicle Interface (DVI) that permits the interactions between the driver and the system. The implementation and testing of a derived misuse scenario using the driving simulator ensure reasonable usage of the system by supporting the driver with unambiguous information on system functions and states so that the driver can conveniently perceive, comprehend, and act upon the information.

Paper Structure

This paper contains 5 sections, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. SOTIF-related misuse scenario
  3. Simulation-based Testing
  4. Implementation and Results
  5. Conclusion and Future Work

Figures (5)

  • Figure 1: Incorporation of the driver with the system and AV: interactions and the interface
  • Figure 2: Highway Lane Change Scenario
  • Figure 3: Simulation-based testing
  • Figure 4: Driving Simulator
  • Figure 5: Implementation of Driver Vehicle Interface (DVI)