Systematization and Identification of Triggering Conditions: A Preliminary Step for Efficient Testing of Autonomous Vehicles

Abstract

To achieve safety of high level automated driving, not only functional failures like E/E system malfunctions and software crashes should be excluded, but also functional insufficiencies and performance limitations such as sensor resolution should be thoroughly investigated and considered. The former problem is known as functional safety (FuSa), which is coped with by ISO 26262. The latter focuses on safe vehicle behavior and is summarized as safety of the intended functionality (SOTIF) within the under development standard ISO 21448. For realizing this safety level, it is crucial to understand the system and the triggering conditions that activate its existing functional insufficiencies. However, the concept of triggering condition is new and still lacks relevant research. In this paper, we interpret triggering condition and other SOTIF-relevant terms in the scope of ISO 21448. We summarize the formal formulations of triggering conditions based on several key principles and provide possible categories for facilitating the systematization. We contribute a novel method for the identification of triggering conditions and offer a comparison with two other proposed methods regarding diverse aspects. Furthermore, we show that our method requires less insight into the system and fewer brainstorm efforts and provides well-structured and distinctly formulated triggering conditions.