1 / 15

Adaptive Cruise Control

Adaptive Cruise Control Ilana Davidi Margaret Stringfellow Herring Paul Wheeler Agenda Hazard Analysis Safety Constraints Partial STPA Completeness Criteria Requirements Changes High-Level Design Intent Specifications Design Limitations Hazard Analysis

MikeCarlo
Download Presentation

Adaptive Cruise Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Adaptive Cruise Control Ilana Davidi Margaret Stringfellow Herring Paul Wheeler

  2. Agenda • Hazard Analysis • Safety Constraints • Partial STPA • Completeness Criteria • Requirements Changes • High-Level Design • Intent Specifications • Design Limitations

  3. Hazard Analysis • Constructive way to learn ACC system • Tens of hazards stemmed from three • Rear end car in front • Hit by car in back • Lose vehicle control

  4. Safety Constraints • Matched hazards with safety constraints • Natural outfalling of hazards to safety • Constraints kept simple but precise • Leads to high-level design requirements

  5. Completeness Criteria Example • The system and software must start in a safe state. • Software initial state is “ACC off.” • No direct transitions to hazardous states from “ACC off” • Cannot transition out of “ACC off” state unless • The ignition is turned to the “on” position. • The driver has subsequently pushed the “ACC on” button. • The ACC system passes a self-diagnostic test for system faults • Brakes are not engaged • Speed is greater than 45 mph • ACC then transitions to “ACC standby” state. • There are further conditions to transition from “ACC standby” to “ACC Active”

  6. Requirement Changes Examples • Minimum speed will be 45 mph instead of 25 mph • Alarm will sound during shutdown • Not only in response to driver disengagement from the steering wheel • Set speed is not retained in memory after coast button is pushed • Current speed is used as set speed

  7. Partial STPA • Used control loops to discover states

  8. High-Level Design Distance SP Speed SP Mode Brake SW 1 Actuate Acceleration Actuate Brakes Brake Control Module Engine Power Driver Accelerator Brake Pedal Acceleration Actuate Increasing Speed Of Car Closing Speed Distance Decreasing Speed Of Car Acceleration Distance to Car In Back Brake Lights Warning Decreasing Speed Of Car Distance to Car In Front Radar ACC State Target Speed Brake switch 1&2 Cruise switch Req Target Speed Engine Control Module CAN ACC Break Switch 2 ACC State Brake Request Target Speed Input to Display ACC Input to Display Instrument Cluster Vehicle Speed Brake Actuator Command ACC State

  9. Intent Specification: Level 1

  10. Intent Specification 1: Assumptions • A licensed driver is operating a car with no malfunctions or problems. • The road is smooth and unobstructed. • The road is continuous and does not suddenly terminate. • The ACC system will interface and communicate with five parts of the car • Braking system • Engine • Accelerator • Ignition • Steering Wheel

  11. Intent Specification: Level 2

  12. Intent Specification: Level 3 AND

  13. Design Limitations • Human behavior • Sudden lane changes • Human as cruise control monitor • Auto-off on steering wheel • Clamp • No system redundancy for radar

  14. Lessons Learned • Documenting assumptions & decision reasoning • Generates single mental model across different people • Prevents loss of information over time • Safe systems can be achieved. • Rigorous approach to requirements generation • SpecTRM links hazards, constraints, and assumptions in one document • Provides visibility and traceability • Paul can consult on SpecTRM software • For a price.

  15. Questions?

More Related