Partenaires

Ampère

Supervisory authorities

CNRS Ecole Centrale de Lyon Université de Lyon Université Lyon 1 INSA de Lyon

Our partners

Ingénierie@Lyon



Search


Home > Thèses et HDR > Thèses en 2018

23/11/2018 - Romain CUER

by Laurent Krähenbühl - published on , updated on

Agenda

Ajouter un événement iCal

M. Romain Cuer soutient sa thèse le 23/11/2018 à 09h30.
Lieu : amphithéâtre Est, au premier étage du bâtiment des Humanités de l’INSA de Lyon, Villeurbanne.

Titre :
Safe design of Supervision of Autonomous Driving function

Jury :
Rapporteurs :
- Frédéric Kratz, Professeur des Universités à l’INSA CVL Bourges/Blois ;
- Éric Levrat, Professeur des Universités à l’Université de Lorraine.
Examinateurs :
- Agnès Lanusse, Docteure au CEA-List Saclay ;
- Mohamed Ghazel, Directeur de Recherche à l’IFSTTAR de Lille.
Encadrants :
- Éric Niel, Professeur des Universités à l’INSA de Lyon, Directeur de thèse ;
- Laurent Piétrac, Maître de Conférences HDR à l’INSA de Lyon, Co-directeur de thèse.

Abstract :
The Autonomous Vehicle is meant to drive itself, without any driver intervention, whatever the driving situation. This vehicle includes a new function, called AD, for Autonomous Driving, function. This function can be in different states (Available, Active for example) according to environmental conditions evolution. This states change is managed by a supervision function, named AD Supervision. The main goal of my works consists in guaranteeing that AD function remains always in a safe state. In other words, the AD Supervision must always respect all the functional and safety requirements that specify its behavior. These two requirements types are produced by two different professions: the System Architect (SA) and the Safety Engineer (SE). These two fields contribute to the design of the same function but distinguish at several aspects: objectives, constraints, planning, tools… In our case study, these differences are illustrated by considered requirements: the functional requirements are allocated to global AD function, while the safety requirements specify the behavior of local redundant sub-functions ensuring a continuous service in case of failure. The consistency of the two perspectives as early as possible in the design phase and in an industrial context, is the central problematic addressed. The safety issues due to Autonomous Vehicle make this topic essential for the automotive manufacturers.
To meet these concerns, we proposed a tooled and collaborative approach for safe design of AD Supervision. This approach is integrated in the normative processes (standards ISO 26262 and ISO 15288) as well as in the internal design processes at Renault. It is based on formal verification by model checking, parallel composition of finite sate automata and technical expertise. This approach advocates the utilization of a same formalism (state automata) by the two professions to perform activities sharing a common goal: behavior requirements verification in preliminary design phase. A method to translate requirements into formal properties and to build state models has been deployed. The result is a progressive consolidation of treated requirements, initially expressed in free natural language. The potential ambiguities, inconsistencies and incompleteness are exhibited and treated. Two main contributions are in this way illustrated: highlighting of several formal credible (i.e. validated by expertise) specifications from informal requirements; and precise definition of technical expertise role (milestones, planning). However, this reinforcement – in silos – of the two profession viewpoints does not guarantee that they are mutually consistent. Thus, we proposed a convergence method, relying on expertise and on parallel composition of state automata, for the comparison of local and global views.



View online : Texte complet