Skip to Main content Skip to Navigation
Theses

Démarche de conception sûre de la Supervision de la fonction de Conduite Autonome

Abstract : The Autonomous Vehicle is meant to drive itself, without any driver intervention, whatever the driving situation. This vehicle includes a new function, called AD, for Autonomous Driving, function. This function can be in different states (Available, Active for example) according to environmental conditions evolution. This states change is managed by a supervision function, named AD Supervision. The main goal of my works consists in guaranteeing that AD function remains always in a safe state. In other words, the AD Supervision must always respect all the functional and safety requirements that specify its behavior. These two requirements types are produced by two different professions: the System Architect (SA) and the Safety Engineer (SE). These two fields contribute to the design of the same function but distinguish at several aspects: objectives, constraints, planning, tools… In our case study, these differences are illustrated by considered requirements: the functional requirements are allocated to global AD function, while the safety requirements specify the behavior of local redundant sub-functions ensuring a continuous service in case of failure. The consistency of the two perspectives as early as possible in the design phase and in an industrial context, is the central problematic addressed. The safety issues due to Autonomous Vehicle make this topic essential for the automotive manufacturers. To meet these concerns, we proposed a tooled and collaborative approach for safe design of AD Supervision. This approach is integrated in the normative processes (standards ISO 26262 and ISO 15288) as well as in the internal design processes at Renault. It is based on formal verification by model checking, parallel composition of finite sate automata and technical expertise. This approach advocates the utilization of a same formalism (state automata) by the two professions to perform activities sharing a common goal: behavior requirements verification in preliminary design phase. A method to translate requirements into formal properties and to build state models has been deployed. The result is a progressive consolidation of treated requirements, initially expressed in free natural language. The potential ambiguities, inconsistencies and incompleteness are exhibited and treated. Two main contributions are in this way illustrated: highlighting of several formal credible (i.e. validated by expertise) specifications from informal requirements; and precise definition of technical expertise role (milestones, planning). However, this reinforcement – in silos – of the two profession viewpoints does not guarantee that they are mutually consistent. Thus, we proposed a convergence method, relying on expertise and on parallel composition of state automata, for the comparison of local and global views.
Document type :
Theses
Complete list of metadata

Cited literature [224 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-02067125
Contributor : Abes Star :  Contact
Submitted on : Thursday, March 14, 2019 - 9:26:07 AM
Last modification on : Monday, September 13, 2021 - 2:44:03 PM
Long-term archiving on: : Saturday, June 15, 2019 - 12:50:24 PM

File

these.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-02067125, version 1

Citation

Romain Cuer. Démarche de conception sûre de la Supervision de la fonction de Conduite Autonome. Automatique / Robotique. Université de Lyon, 2018. Français. ⟨NNT : 2018LYSEI091⟩. ⟨tel-02067125⟩

Share

Metrics

Record views

230

Files downloads

687