Home > Solutions > Active Safety in Vehicles and Traffic > Comprehensive Verification of Active Safety Systems

Comprehensive Verification of Active Safety Systems

The likely failure of an active safety system is subject to the same probabilities as any other vehicle subsystem but the consequences of failure are very high in comparison with other control functions.

All active safety systems, with even limited autonomy, must be tested exhaustively in situations so extreme that it would result in the death of test drivers and other occupants in physical vehicles. Active safety systems must have predictable, verified behaviour and work according to specification in the complex, real-world environment in which collisions occur – mainly urban traffic  in which multiple vehicles are frequently involved. 

Physical vehicle testing has very limited scope. It cannot deliver comprehensive verification of a vehicle’s active safety subsystems, or functional safety devices that monitor critical real-time control systems. Clearly this is a task for high fidelity modelling and high performance simulation, not just of the control system, Safety Supervisory System and active safety systems of one vehicle, but of many interacting vehicles. The positive effect of this level of modelling and simulation is that it will dramatically reduce the number of mule vehicles required for the physical validation of new models of vehicles and model updates.

The statistical scientific approach to designing a verification suite is to make the null hypothesis that the unit, subsystem, system or system-of-systems is not faulty, then the tests must be chosen to demonstrate it fails (not to show it is correct – this is the alternative hypothesis that we actually want to show is correct). We want to find any test – one test is sufficient – that can demonstrate that the system fails. All of the tests that demonstrate lack of failure simply add to the weight of evidence that the system is not faulty – however, this is not a proof. In other words, not finding a test that demonstrates failure is stated statistically as a failure to reject the null hypothesis.

The full verification of a vehicle requires the full verification of all the function, timing and behaviour of each plant-ECU-software unit. In addition, the networked units that form a subsystem of the real-time control, such as, powertrain and braking, require their combined function, timing and behaviour to be fully verified. This is especially true for elecric and hybrid electric vehicles where regenerative braking is a feature of the control system that sits in the middle between the electric motors and the mechanical braking. At the next level of integration, all of the networked subsystems that constitute the real-time control system of a vehicle require their combined function, timing and behaviour to be fully verified.

Vehicle Validation

Validation testing is very similar to verification testing but the testing is against a physical system rather than a specification (or, ideally, an executable specification). The same statistical approach applies. The final validation step guarantees that the physical vehicle meets its Executable Specification, which has already been shown to be consistent with the vehicle’s original Requirements.

EST’s ESSE Systems Engineering Workbench

For automotive safety the necessary and sufficient conditions for meeting the requirements that a vehicle operates safely in traffic are satisfied through EST’s model-driven, cyber - physical, concurrent design and verification process. Sufficiency requires high fidelity, model-based design.  And high performance simulation is necessary to ensure that the process is a practical engineering tool.

Continue on Active Safety: