The verification and validation of automated driving systems at SAE levels 4 and 5 is a multi-faceted challenge for which classical statistical considerations become infeasible. For this, contemporary approaches suggest a decomposition into scenario classes combined with statistical analysis thereof regarding the emergence of criticality. Unfortunately, these associational approaches may yield spurious inferences, or worse, fail to recognize the causalities leading to critical scenarios, which are, in turn, prerequisite for the development and safeguarding of automated driving systems. As to incorporate causal knowledge within these processes, this work introduces a formalization of causal queries whose answers facilitate a causal understanding of safety-relevant influencing factors for automated driving. This formalized causal knowledge can be used to specify and implement abstract safety principles that provably reduce the criticality associated with these influencing factors. Based on Judea Pearl's causal theory, we define a causal relation as a causal structure together with a context, both related to a domain ontology, where the focus lies on modeling the effect of such influencing factors on criticality as measured by a suitable metric. As to assess modeling quality, we suggest various quantities and evaluate them on a small example. As availability and quality of data are imperative for validly estimating answers to the causal queries, we also discuss requirements on real-world and synthetic data acquisition. We thereby contribute to establishing causal considerations at the heart of the safety processes that are urgently needed as to ensure the safe operation of automated driving systems.
翻译:SAE 4级和5级自动驾驶系统的核查和验证是一个多方面的挑战,因此,传统的统计考虑是行不通的。为此,现代方法表明,将分解成假设情况类别,同时对关键因素的出现进行统计分析。不幸的是,这些联合方法可能会产生虚假的推论,或更糟的是,我们没有认识到导致关键假设情况的因果关系,而这反过来又是一个开发和保障自动驾驶系统的领域的先决条件。关于将因果关系知识纳入这些进程,这项工作引入了因果查询的正式化,其答案有助于对自动驾驶的安全相关影响因素产生因果理解。这种正式的因果知识可用于具体确定和执行抽象的安全原则,从而明显减少与这些影响因素相关的关键程度。根据Judea Pearl的因果理论,我们把因果关系界定为因果关系结构以及一个背景,两者都与一个领域有关,其重点是模拟这些影响因素对临界因素的影响,通过适当的度度度衡量。 关于模型质量,我们建议各种数量,并在一个小的驱动因素上评价它们。我们用这些正式的因果性知识来说明和执行抽象的安全性原则原则,因此,我们还要对获得和因果关系性数据的质量要求加以评估。