A Changing Landscape: On Safety & Open Source in Automated and Connected Driving

Automobiles are the backbone of modern civilization. We depend on automobiles directly for daily transport and indirectly for everything we use, including goods and services. Any progress in the automotive industry can potentially improve the lives of almost all humans.

The twenty-first century automotive industry has become a software-intensive industry. The industry landscape is changing with the paradigm shift to automated and connected driving, predominantly enabled by software. This shift to automated driving, where a vehicle drives itself, and connected driving, where a set of vehicles exchange information and adapt their driving strategy for collective traffic optimizations, releases humans partially or entirely from the driving task. The dependence on software for the driving task makes the software that enables these technologies safety-critical. This thesis focuses on the changes in the safety landscape due to automated and connected driving and the landscape shift to open-source automotive software development.

Safety in automotive starts from safety requirements. Over the years, many processes and techniques to elicit safety requirements have been proposed. Any systematic and informed safety requirement elicitation, especially in the automated and connected driving context, requires consolidation and synthesis of the knowledge of these processes and techniques. The thesis presents a review of the state-of-the-art process and techniques for eliciting safety requirements in the automotive domain, compares the processes, and presents taxonomies of the techniques. The systematic literature review of 102 primary studies found that despite the vast literature, there is a need for real-world case studies for automated driving and safety requirement elicitation processes considering emergent behaviors in connected driving.

The thesis introduces a new process to address the lack of a safety requirement elicitation process for connected driving systems. The new process views the connected driving system as a system of systems to identify the emergent behaviors (and hence the additional safety requirements) visible only in the system of a systems view. Our case study on a connected driving prototype developed at Eindhoven University of Technology (TU/e) demonstrates the feasibility and ability of the new process to capture safety requirements on collective behaviors that are invisible at an individual system level.

Safety requirements are as good as their usage in the various product life cycle stages from design to deployment. This thesis presents how to use safety requirements in the design stage (of software and system) in connected driving systems. While design analysis methods have matured and evolved over the years, their applicability for quality attribute safety in the automotive context was not studied in the literature. We extend the most mature software design assessment method, the architecture trade-off analysis method (ATAM), for system and software safety assessment in the automotive context. The proposed method describes how to use different abstractions of the software and its architecture effectively to analyze and assess the design against the safety requirements. A proof of concept implementation of the proposed method is presented on the connected driving prototype from TU/e. The designers of the prototype validated the results and usability of the method.

Safety considerations in the design of the perception system are crucial in bringing automated driving to actual roads. The perception system software, comprising traditional and machine learning components, is the part of automated driving software that is responsible for understanding a vehicle’s environment and the relative position of surrounding objects. The safety aspects of perception systems within the context of completely automated driving are underexplored. The thesis presents the first study on the safety assessment of the design of the perception system of a mature automated driving software from the industry, Apollo, for its use on Dutch highways. The study showed that while all requirements relating to traditional software are fulfilled, most requirements specific to machine learning-based components are not.

The half-a-century-old landscape of automotive software and its development is shifting from proprietary to open source. We offer a first glimpse into the automotive software landscape in open source via an exploratory study through mining automotive software repositories in GitHub. The study shows high participation from organizations and software companies like Baidu, Microsoft, and start-ups leading the open-sourcing path for automotive software development. The thesis characterizes open-source automotive software and its development style and potential implications across different dimensions, including educators, new entrants, and stakeholders like car makers, safety certification bodies, and vehicle users.

This research emphasizes the need for safety in automated and connected driving. The processes, techniques, and methods discussed in this thesis are steps toward better and safer automotive software, while the observations on the open source landscape may contribute to better development of such software.