OASIcs.ASD.2020.1.pdf
- Filesize: 0.7 MB
- 7 pages
Full vehicle autonomy excludes a takeover by passengers in case a safety-critical application fails. Therefore, the system responsible for operating the autonomous vehicle has to detect and handle failures autonomously. Moreover, this system has to ensure the safety of the passengers, as well as the safety of other road users at any given time. Especially in the initial phase of autonomous vehicles, building up consumer confidence is essential. Therefore, in this regard, handling all failures by simply performing an emergency stop is not desirable. In this paper, we introduce an approach enabling a dynamic and safe reconfiguration of the autonomous driving system to handle occurring hardware and software failures. Since the requirements concerning safe reconfiguration actions are significantly affected by the current context the car is experiencing, the developed reconfiguration approach is sensitive to context changes. Our approach defines three interconnected layers, which are distinguished by their level of awareness. The top layer, referred to as the context layer, is responsible for observing the context. These context observations, in turn, imply a set of requirements, which constitute the input for the reconfiguration layer. The latter layer is required to determine reconfiguration actions, which are then executed by the architecture layer.
Feedback for Dagstuhl Publishing