Scenario-based approaches have been receiving a huge amount of attention in research and engineering of automated driving systems. Due to the complexity and uncertainty of the driving environment, and the complexity of the driving task itself, the number of possible driving scenarios that an Automated Driving System or Advanced Driving-Assistance System may encounter is virtually infinite. Therefore it is essential to be able to reason about the identification of scenarios and in particular critical ones that may impose unacceptable risk if not considered. Critical scenarios are particularly important to support design, verification and validation efforts, and as a basis for a safety case. In this paper, we present the results of a systematic mapping study in the context of autonomous driving. The main contributions are: (i) introducing a comprehensive taxonomy for critical scenario identification methods; (ii) giving an overview of the state-of-the-art research based on the taxonomy encompassing 86 papers between 2017 and 2020; and (iii) identifying open issues and directions for further research. The provided taxonomy comprises three main perspectives encompassing the problem definition (the why), the solution (the methods to derive scenarios), and the assessment of the established scenarios. In addition, we discuss open research issues considering the perspectives of coverage, practicability, and scenario space explosion.

This is the data extraction form for the systematic literature review work for finding critical scenarios for automated driving systems. The extracted data from the primary studies is structured in the following tables. Primary studies in Tables 1 to 5 correspond to the five clusters defined in Section 6 of the main paper. Please note that some primary studies in these tables are classified as out of the scope of the literature study. These studies are marked in the Purpose column. Primary studies in Tables 6 and 7 are eventually considered as out of the scope. The tables are designed aligned with the taxonomy proposed in Section 4 of the main paper. 

The complexity of automated driving poses challenges for providing safety assurance. Focusing on the architecting of an Autonomous Driving Intelligence (ADI), i.e. the computational intelligence, sensors and communication needed for high levels of automated driving, we investigate so called safety supervisors that complement the nominal functionality. We present a problem formulation and a functional architecture of a fault-tolerant ADI that encompasses a nominal and a safety supervisor channel. We then discuss the sources of hazardous events, the division of responsibilities among the channels, and when the supervisor should take over. We conclude with identified directions for further work.

Cooperative automated driving is a promising development in reducing energy consumption and emissions, increasing road safety, and improving traffic flow. The Grand Cooperative Driving Challenge (GCDC) 2016 was an implementation oriented project with the aim to accelerate research and development in the field. This paper describes the development of the two vehicle systems with which KTH participated in GCDC 2016. It presents a reference system architecture for collaborative automated driving as well as its instantiation on two conceptually different vehicles: a Scania truck and the research concept vehicle, built at KTH. We describe the common system architecture, as well as the implementation of a selection of shared and individual system functionalities, such as V2X communication, localization, state estimation, and longitudinal and lateral control. We also present a novel approach to trajectory tracking control for a four-wheel steering vehicle using model predictive control and a novel method for achieving fair data age distribution in vehicular communications.

In vehicular communication protocol stacks, received messages may not always be decoded successfully due to the complexity of the decoding functions, the uncertainty of the communication load and the limited computation resources. Even worse, an improper implementation of the protocol stack may cause an unfair data age distribution among all the communicating vehicles (the receiving bias problem). In such cases, some vehicles are almost locked out of the vehicular communication, causing potential safety risk in scenarios such as intersection passing. To our knowledge, this problem has not been systematically studied in the fields of vehicular communication and intelligent transport systems (ITS). This paper analyzes the root of the receiving bias problem and proposes architectural solutions to balance data age distribution. Simulation studies based on commercial devices demonstrate the effectiveness of these solutions. In addition, our system has been successfully applied during the Grand Cooperative Driving Challenge, where complicated scenarios involving platooning maneuvering and intersection coordination were conducted.

A large body of work can be found in literature on Design Space Exploration (DSE) methods for distributed embedded system architecting (DESA). However, almost none of these methods is successfully adopted in automotive industry. To clarify the reasons, this paper 1) analyzes the current state of the art (SOTA) on DSE methods for DESA through a systematic literature study, focusing on the assumed architecting process and concerns; 2) investigates the state of practice (SOP) on DESA in the automotive industry through a literature study and interviews with experienced system architects from five different automotive manufacturers; and 3) analyzes the gap between SOTA and SOP, and thereby discusses potential improvements of DSE methods.

The architecture design complexity of modern embedded systems, such as in the automotive domain, is growing due to the rapidly evolved functionalities, the increasing amount of interactions between functions and computation nodes, and the stringent extra-functional requirements. Architecture design is crucial since it affects nontrivial system properties such as safety, cost, performance of functionalities and also the development time. An important enabler to deal with this complexity is to provide computer aided architecture design. This thesis focuses on such support for Design Space Exploration (DSE), relying on a model-based design (MBD) environment.

The goal of this thesis is to improve the industrial adoption of DSE methods to facilitate the architecture design of distributed embedded systems in the automotive industry. The main contributions of this thesis are as follows: (1) Applying architecture recovery in the automotive industry to extract architecture models from legacy ECU source code. The recovered architecture models can be used to facilitate system understanding, to verify the software implementation against its specification and also to enable DSE for architecture design. (2) A systematic gap analysis was conducted between the state-of-the-art DSE methods and the industrial needs, through literature studies and interviews with experienced system architects. Identified gaps are analyzed from the following perspectives: Architecting scenarios, architectural decisions, quality attributes, cost model, procurement strategy, system variability and functional safety. (3) A new problem formulation was proposed to reduce the design space by utilizing the features of evolutionary architecting and the AUTOSAR layered architecture. (4) In order to enhance the flexibility of the DSE methods by enabling the customizability of the architectural constraints, an automatic transformation method is proposed to translate formally described architectural constraints into the corresponding mixed integer linear programming(MILP) constraints, commonly used for DSE. (5) This thesis also investigates the potential impacts of vehicular communication on the future architecture of automotive embedded systems from the timing perspective through a case study to enable a commercial truck with cooperative driving functionalities. The receiving bias problem was identified during the case study and effective architectural solutions were proposed. The case study also showed that the adoption of vehicular communication would not have significant architectural impacts in terms of timing.

Moderna inbyggda system blir alltmer intelligenta och uppkopplade, och därmed alltmer komplexa med ökade krav på funktionella och icke-funktionella egenskaper. Arkitekturdesign behöver alltså spela en ännu viktigare roll i att bedöma systemegenskaper såsom säkerhet, kostnad, funktionalitet och utvecklingstid. En viktig förutsättning för att hantera denna komplexitet är att tillhandahålla modeller samt en modellbaserad systemutvecklingsmiljö (MBD). Denna avhandling fokuserar på sådant stöd med betoning på utforskningen av designrymden, ”Design Space Exploration” (DSE).

Målet med denna avhandling är att underlätta den industriella tillämpningen av DSE-metoder för arkitekturdesign av distribuerade inbyggda system inom bilindustrin. Huvudbidragen är följande: (1) en metod för automatisk extrahering av systemarkitekturmodeller från befintlig ECU-källkod för en ökad design-återanvändning inom bilindustrin. De återskapade arkitekturmodellerna kan användas för att stödja systemförståelse, för att verifiera programmets implementering mot dess specifikation och även för att möjliggöra DSE för arkitekturdesign. (2) En systematisk analys av tillgängliga DSE-metoder och industriella behov baserad på litteraturstudier och intervjuer av erfarna systemarkitekter. Identifierade brister analyserades ur följandeper spektiv: Arkitektur-scenarier, designbeslut, kvalitetsattributer, kostnadsmodell, optimeringsstrategi, systemvariation och funktionell säkerhet. (3) En metod för en förfinad problemformulering för effektiv utforskningen av designrymden genom att analysera arkitekturens evolution och tillämpa AUTOSAR referensarkitektur. (4) en metod för automatisk översättning av relevanta designparameter och preferens till motsvarande matematiska formulering i MILP (Mixed Integer Linear Programing) för DSE, vilken medför ökad flexibilitet i praktisk användning av DSE-metoderna. (5) Denna avhandling undersöker också den potentiella inverkan av kommunikationslösningar på systems funktionella och icke-funktionella egenskaper genom en fallstudie för att möjliggöra kooperativa körfunktioner hos en kommersiell lastbil. Avvikelserna identifierades och effektiva arkitektoniska lösningar föreslogs. Fallstudien visade att fordonskommunikation inte skulle ha betydande arkitektoniska effekter på tidtagning.

Heavy commercial vehicles constitute the dominant form of inland freight transport. There is a strong interest in making such vehicles autonomous (self-driving), in order to improve safety and the economics of fleet operation. Autonomy concerns affect a number of key systems within the vehicle. One such key system is brakes, which need to remain continuously available throughout vehicle operation. This paper presents a fail-operational functional brake architecture for autonomous heavy commercial vehicles. The architecture is based on a reconfiguration of the existing brake systems in a typical vehicle, in order to attain dynamic, diversified redundancy along with desired brake performance. Specifically, the parking brake is modified to act as a secondary brake with capabilities for monitoring and intervention of the primary brake system. A basic fault tree analysis of the architecture indicates absence of single points of failure, and a reliability analysis shows that it is reasonable to expect about an order of magnitude improvement in overall system reliability.

There are plentiful attempts for increasing the efficiency, generality and optimality of the Design Space Exploration (DSE) algorithms for resource allocation problems of distributed embedded systems. Most contemporary approaches formulate DSE as an optimization or SAT problem, based on a set of predefined constraints. In this way, the end users lose the flexibility to guide and customize the exploration based on specifics of their actual problem. Besides, during the design of the DSE algorithms, manual formulation is time consuming and error-prone. To solve these problems, 1) a formal representation is defined for capturing customized architectural constraints based on a combination of propositional logic and Pseudo-Boolean (PB) formulas; 2) A process is designed to automatically translate these architectural constrains into corresponding Integer Linear Programming (ILP) constraints, commonly used for DSE. The translation process is also optimized to create ILP formulation with less introduced variables so as to reduce computation time. The results show that the generated constraints correctly reflect the corresponding specification with decent efficiency.

Modern machineries are often cyber-physical system-of-systems controlled by intelligent controllersfor collaborative operations on the productions of complex products. To assure theefficiency and effectiveness, a consolidation of concerns across managerial levels, product lifecyclestages, and product lines or families becomes necessary. This calls for a common informationinfrastructure in terms of ontology, models, methods and tools. For industrial manufacturerssubjected to increased cost pressure and market volatility, the availability of such an informationinfrastructure would promote their abilities of making optimized and proactive decisions andthereby their competitiveness and survivability. This paper presents a virtual environment thatconstitutes an information infrastructure for the management and development of evolvableproduction systems (EPS) in manufacturing. It adopts mature modeling frameworks throughEAST-ADL for an effective model-based approach. The contribution is centered on a meta-modelthat offers a common data specification and semantic basis for information management acrossproduct lifecycle, models and tools, both for resource planning and for anomaly treatment. Aprototype tool implementation of this virtual environment for validation is also presented.