Self-Driving Hits The Safety Reset Button

All of a sudden the autonomous future is looking a bit more uncertain, which is somewhat surprising given what tech and auto boosters have been saying for years now — namely, that self-driving cars are “just around the corner.” (Google that phrase to see just how often they’ve been saying it. Even the starchy Economist trumpets this very meme.)

The American Center for Mobility (ACM), as modeled in the PreScan simulation tool from Siemens PLM. In May, Siemens PLM announced a partnership with ACM for virtual and physical testing of automated and connected vehicles.​

The change in outlook likely comes from the recent spate of accidents, including several involving fatalities. And that is shifting the public conversation, perhaps for the foreseeable future, to a focus on safety and trust, whether the topic is the design of chips and sensors or the fates of nameplates and entire fleets. Innovating in this environment of public and press skepticism, and mounting attention from governments, may get harder. Certainly there will be a new premium on testing of all types. What should the Silicon Valley, the world’s auto capitals and the sprawling global auto supply chain do to respond?

Consider that even a few years ago, the self-driving storyline was nearly entirely positive. Autonomous vehicles were going to do everything from curbing noxious traffic and carbon emissions to helping the elderly and disabled to streamlining the cumbersome accident claims process. And of course self-driving cars would save vast numbers of lives. New developments and prototype vehicles with no steering wheels or pedals were covered with “gee whiz” earnestness even by the most jaundiced of news outlets and journalists. (Recall tech scold Kara Swisher declaring a 2014 ride in a Google clown car to be “delightful” and the car itself to be “adorable.”) And the technologists and execs pushing the vehicles were more often than not lauded as tech heroes.

What a difference a few years makes. Now the only white knights are the regulatory veterans hired to clean up safety programs among the newly chastened self-driving elite. And the overall tone is now one of skepticism or downright hostility. To be sure, at least some of this shift can be explained by the general tumult in tech, no longer seen as an unvarnished force for good but instead as an opened Pandora’s Box of powerful and entirely mixed blessings. (Example: autonomous delivery vehicles should dramatically cut costs and boost efficiency, though may also put millions of drivers out of work.) But part of the increasingly dark mood about self-driving tech is due to that still very small number of well-publicized fatal accidents, a phenomenon that all agree is sure to continue even if no one wants to talk about it.

Here it’s important to reiterate what the traffic safety engineers have told us all along. The toll taken by human drivers is unacceptably high and the main point of shepherding this new technology into existence is to reduce the carnage, which is getting worse. After years of decline, road deaths are now increasing, passing the 40,000 killed mark in the United States in 2017, up from 36,000 the year before. All the more reason, it would seem, to get humans out of the decision-making and driving loop as soon as possible. However, given the unique place of driving in culture and the vagaries of human psychology, self-driving technology will likely need to be dramatically safer than the alternative before it’s deployed en masse. Elon Musk famously said he won’t remove the beta label from Tesla’s Autopilot system until it’s 10 times safer than the U.S. vehicle average. Others have said demonstrated safety levels will need to be orders of magnitude higher still.

Data from 2016 Rand Corporation report showing the miles needed to demonstrate with 95% confidence that autonomous vehicle failure rate is lower than with human drivers.

For the automotive industry to make this a reality, it needs to develop smart and safe systems that, through simulation and testing, can convince the wary public, regulators, and governments. Any such development process will require not only physical testing, but also physics based-simulation. Physical testing is required to verify and demonstrate that physical products comply with specific requirements and quality standards related to functional safety, like ISO 26262. On the other hand, simulation is needed to make quick and cost-effective design iterations, and validate that the system can handle all possible real-life use cases in an environment that is reproducible and safe. A robust methodology that focuses on a complete validation and verification framework is key to help the industry move quicker towards complete solutions that lead to faster automated vehicle development. We propose a methodology with three related validation & verification (V&V) environments.

Three-part methodology
The first V&V environment is performed via simulation tools that are applied in model-in-the-loop (MIL), software-in-the-loop (SIL) and cluster applications. In this environment, the idea is to cover as many scenarios as possible (millions of scenarios), in a controlled environment that offers a quick turnaround and allows variation to be applied with relative ease. The Siemens autonomous driving solution announced in March 2018 and covered enthusiastically by various trade publications, including EE Times, is one example of this approach.

The second V&V environment combines software and hardware to do hardware-in-the-loop (HIL), vehicle-in-the loop (VIL), and driver-in-the-loop (DIL) testing. In this environment, the amount of scenarios needed is lower (from thousands to hundreds of thousands), concentrating on a subset of the most critical scenarios that need to be validated.

The third and final V&V environment is done in emulated environments that represent a subset of real-life use cases. In this environment only a few dozens or hundreds of scenarios are tested, typically based on requirements set by regulatory bodies. When this final environment provides desired results, then vehicles should be ready to go on the road.

During each of the V&V environments, iterations will be done to gather results that are then used to apply design adaptations in software and hardware until requirements can be met. This covers the complete life-cycle development needed to have a streamlined, robust and fast automated vehicle development process.

Testing
Despite the growing importance of simulation in the development life-cycle of automated vehicles, it will never be complete until a vehicle can prove its worth in real-life conditions in a real-world environment. We believe that this last step is highly complementary of simulation as is demonstrated by our various UNECE/EuroNCAP accreditations for verification and certification of ADAS and occupant safety systems. We use simulation before going to a test track, but at the same time, we use the results of our test track testing to improve the way that our simulation tools work. Virtual certification may well be integrated into this process in the near future and become an integral part of testing for automated vehicles.

We believe that this testing philosophy will optimize the amount of time that vehicles need to be tested on the road while increasing overall test coverage. Among the examples of Siemens’ commitment to road testing is a new partnership with the American Center for Mobility, a federally designated proving ground for developing and testing self-driving vehicles.

The lesson of history
A robust V&V methodology is key to the creation of L4/L5 automated vehicles, which are still inevitable, despite the uncertainty of the current moment. Auto history buffs like to note that, despite dire warnings about government crackdowns and public revolt, when the first automobile fatalities started happening in the 1890s, nothing much happened. Speed limits were raised and for a time abolished, and even though the death toll climbed, innovation and sales accelerated faster still, transforming cities, economies and our way of life.

There are any number of ways to interpret this basic reality, but one is that the utility and benefit of personal transportation is so great that society at large continues to make the calculation that trading away small bits of safety is worth it for the extraordinary advantages that horseless carriages or Teslas confer. (And it bears noting, too, that though the traffic fatality statistics today are sobering and unreasonably high, contemporary vehicles are also extraordinarily safe. In the United States, there are just over one death per 100 million vehicle miles, dozens of lifetimes of driving for most people.)

The Guardian’s Martin Robbins speculated in 2016 on what the effects of the first autonomous fatalities might be given that regulators are still trying to catch up with the industry. “By the time they do, it’s likely that the technology will already be an accepted fact of life, its safety taken for granted by consumers, its failures written off as the fault of its error-prone human masters.”

Robbins may be right in the long run but for now autonomy seems to be in retreat, at least on certain fronts. After its fatal accident, Uber has end its self-driving testing program in Arizona and Toyota, too, has temporarily stopped testing its Chauffeur autonomous driving program in the U.S.

We believe that a V&V and test methodology needs to take into account requirements from various stakeholders, including regulators, and it needs to use a framework that allows the creation of a digital twin of the vehicle and the real world in advanced physics based simulated environments. Our goal is to make real the creation and adoption of L4/L5 automated vehicles by using this methodology and framework.

Through our existing validation and certification services and software tools, we believe that we can achieve this goal and accomplish our mission “to make real what matters,” which in this case is a dramatic reduction of traffic accidents along with many new opportunities that this automation will bring to society across the globe.

For more, check out this webinar by my colleague Dave Lauzun, “Designing Autonomous Vehicles for Series Production”: https://www.youtube.com/watch?v=fdifp6G38ak.