Defining autonomous functions using iterative hazard analysis and requirements refinement

Abstract

Autonomous vehicles are predicted to have a large impact on the field of transportation and bring substantial benefits, but they present new challenges when it comes to ensuring safety. Today the standard ISO 26262:2011 treats each defined function, or item, as a complete scope for functional safety; the driver is responsible for anything that falls outside the items. With autonomous driving, it becomes necessary to ensure safety at all times when the vehicle is operating by itself. Therefore, we argue that the hazard analysis should have the wider scope of making sure the vehicle’s functions together fulfill its specifications for autonomous operation. The paper proposes a new iterative work process where the item definition is a product of hazard analysis and risk assessment rather than an input. Generic operational situation and hazard trees are used as a tool to widen the scope of the hazard analysis, and a method to classify hazardous events is used to find dimensioning cases among a potentially long list of candidates. The goal is to avoid dangerous failures for autonomous driving due to the specification of the nominal function being too narrow.