[SystemSafety] Uber Advanced Technologies Group publishes its "Safety Case Framework"

M A Jackson maj at jacksonma.myzen.co.uk
Tue Jul 23 15:01:04 CEST 2019


Control over the fixed infrastructure for AVs is a stronger constraint than is necessary in principle. 

Design of any cyber-physical system and its proposed functions and behaviours must rely on assumptions about its operating environment in space and time. In principle, these assumptions must be explicitly articulated and analysed, and assessed for the risk that they may not hold. To give a topical illustration: the Apollo 11 designers had no control over the relevant environment; but they had sufficiently reliable knowledge of the relevant environmental properties and behaviours that could be assumed in the small region of the solar system in which the moonshot would take place. 

Cars driven by people can cope with successfully with a wide environmental range—let’s call it E1. For a proposed AV design an explicit statement of the assumed environment E2 (presumably a subset of E1) is a sine qua non. Without this explicit statement announcements like Uber’s ATG Framework have little meaning. Control over the fixed infrastructure certainly makes this explicit statement very much easier. Another approach is strict geofencing in a specialised area. For example, a  low-speed AV taxi service has been provided for a retirement community occupying a gated space of a few square miles, where the only road users are pedestrians, golf buggies, and the AV taxis. 

— Michael Jackson    



> On 23 Jul 2019, at 12:32, Olwen Morgan <olwen at phaedsys.com> wrote:
> 
> 
> On 23/07/2019 03:31, Bruce Hunter wrote: 
> 
> <snip>
> 
> Although it misses the supporting strategy or context, it is good that they have gone public with this but it needs wider scrutiny and judgement against accepted standards.
> 
> <snip>
> 
> Uber's strategy will, IMO, be largely irrelevant because they do not control the fixed infrastructure in which their AVs will run. Railways have a dedicated infrastructure for trains and aviation has dedicated infrastructures for both civil and military flight. AV's will not be using a dedicated infrastructure and they will be trying to shoe-horn safety into environmental constraints that their designers had no part in setting.
> 
> I'm expecting AVs to work safely only where a such infrastructure can be provided, e.g. inter-terminal shuttles at airports or physically separate dedicated lanes on public roads. IMO no amount of in-vehicle technology is going to compensate for hazards arising from the existing design of non-dedicated infrastructure. The likely result, I suspect, will be a series of accidents before people realise that the lack of dedicated infrastructure is the critical problem.
> 
> 
> Olwen
> 
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety



More information about the systemsafety mailing list