Welcome to IEEE P2846!
Title: A Formal Model for Safety Considerations in Automated Vehicle Decision Making
Purpose: The purpose of this standard is to define a parameterized formal model for automated vehicle decision making that enables industry and government alike to align on a common definition of what it means for an automated vehicle to drive safely balancing safety and practicability.
Scope: This standard defines a formal rules-based mathematical model for automated vehicle decision making using discrete mathematics and logic. The model applies to the planning and decision-making functions of an SAE Level 3-5 automated vehicle. The model is formally verifiable, technology neutral, and parameterized to allow for regional customization by governments as desired. The standard applies to specified driving scenarios and cases, which do not eliminate all hazards but balance safety with practicability. For example, some scenarios include highway driving and potentially full urban driving. The standard also describes a test methodology and tools necessary to perform verification of an automated vehicle to assess conformance with the standard. The proposed standard does not address the host vehicle navigation system implementing the logic or anything relating to perception, object detection, recognition, verification and/or classification, free space detection, etc.
Need: Government and Industry alike are in need of an open, transparent and technology neutral standard that formalizes a machine interpretable definition of automated driving safety. Industry implementers creating “Safe By Design” automated vehicles as well as government and independent assessors need a metric to assess whether an automated vehicle is driving safely according to the agreed upon balance between safety and practicability that is at the heart of driving in the real world. Without a formal model for automated vehicle decision making, industry will not know how safe is safe enough, and government will not have a tool to define what safe driving means. Absolute safety in all scenarios at all times is not possible, and so just like with human drivers, there is a balance between safety and utility in the decision-making capabilities of automated vehicles. This standard defines a technology neutral formal model, parameterized so that the balance between safety and utility of automated vehicle decision making may be adjusted to reflect different cultural and other differences in what it means to “drive safely”. The value of a technology neutral model is that it is compatible with not only any kind of planning function (rules based, or Machine Learning), but is flexible enough to be integrated into any Automated Driving System (ADS) architecture.