With the increasing complexity of software permeating critical domains such as autonomous driving, new challenges are emerging in the ways the engineering of these systems needs to be rethought. Autonomous driving is expected to continue gradually overtaking all critical driving functions, which is adding to the complexity of the certification of autonomous driving systems. As a response, certification authorities have already started introducing strategies for the certification of autonomous vehicles and their software. But even with these new approaches, the certification procedures are not fully catching up with the dynamism and unpredictability of future autonomous systems, and thus may not necessarily guarantee compliance with all requirements imposed on these systems. In this paper, we identified a number of issues with the proposed certification strategies, which may impact the systems substantially. For instance, we emphasize the lack of adequate reflection on software changes occurring in constantly changing systems, or low support for systems' cooperation needed for the management of coordinated moves. Other shortcomings concern the narrow focus of the awarded certification by neglecting aspects such as the ethical behavior of autonomous software systems. The contribution of this paper is threefold. First, we discuss the motivation for the need to modify the current certification processes for autonomous driving systems. Second, we analyze current international standards used in the certification processes towards requirements derived from the requirements laid on dynamic software ecosystems and autonomous systems themselves. Third, we outline a concept for incorporating the missing parts into the certification procedure.
翻译:随着自动驾驶等关键领域的软件日益复杂,这些系统的工程工程需要重新思考,新的挑战正在出现;预期自动驾驶将继续逐步超越所有关键驾驶功能,这增加了自动驾驶系统认证的复杂性;作为回应,验证当局已开始采用自动驾驶器及其软件认证战略;但即使采用这些新方法,验证程序也没有完全赶上未来自动驾驶系统的活力和不可预测性,因此不一定保证遵守对这些系统的所有要求。在本文件中,我们查明了拟议的认证战略中的一些问题,这些问题可能会对系统产生重大影响。例如,我们强调对不断变化的系统中出现的软件变化缺乏充分的反思,或者对管理协调移动所需的系统合作支持不足。其他缺点涉及授予认证的狭隘重点,忽视了自主软件系统的道德行为等方面。本文的贡献是三重。首先,我们讨论了需要修改当前自主驾驶系统认证程序的动机。我们分析了当前在不断变化的系统中采用的国际标准,从动态验证程序中得出了我们所缺的软件要求。我们分析了当前在动态验证程序中所使用的一个动态软件要求。</s>