VERIFICATION AND VALIDATION OF SAFESPOT VEHICLE BASED APPLICATIONS M. C. De Gennaro1*, P. Mortara1, B. D. Netten2, A. C. Van Leijsen2, F. Diederichs3 1
Magneti Marelli Electronic Systems, Italy Viale Carlo Emanuele II 118, 10078 Venaria Reale, Torino Tel: +39 011 6879030, Email:
[email protected] 2 TNO Science and Industry, The Netherlands 3 Fraunhofer-Institut for Industrial Engineering IAO, Germany *
ABSTRACT The SAFESPOT integrated research project developed a Safety Margin Assistant (SMA) based on vehicle to vehicle and vehicle to infrastructure communication, which extends the driver’s awareness to prevent in advance road accidents. The development of the SMA done in parallel by many partners on different sites needs to be unified by the testing phase. This paper describes the SMA testing phase, which adopts standard procedures for testing together with an accurate choice of tests depending on critical safety aspects and high level objectives (HLO) of SAFESPOT.
KEYWORDS SAFESPOT, testing, verification, validation
ACKNOWLEDGMENTS SAFESPOT [1] is part of the 6th Framework Program, funded by the European Commission. The authors would like to thank the European Commission for supporting the work of this project. The authors would like to thank especially partners from SCOVA subproject for their contribution.
INTRODUCTION SAFESPOT developed a Safety Margin Assistant (SMA) based on vehicle to vehicle (V2V) and vehicle to infrastructure (V2I) communication and cooperation. The SMA has to extend drivers’ awareness of the surrounding environment in space and time, to detect potentially dangerous situations in advance and prevent road accidents. The SMA is composed of elementary safety applications developed in parallel by different partners, running on different vehicles with different hardware, while the 1
SMA concept with applications in vehicles and road-side units must be demonstrated at several test sites in Italy, Germany, the Netherlands, Sweden, France and Spain. Thus, it is essential for successful demonstrations to have a common approach and management of the testing activities. This paper presents how the Engineering V–model methodology is applied throughout the verification and validation (V&V) activities, with a focus on the choice of the tests which cover all the critical high level objectives (HLO), together with general user needs and requirements.
METHODOLOGY The methodology used for the SMA testing activities (planning, verification, validation and reporting) follows the ISO 9001 procedures [2], and the systems engineering V– model development process [3]. According to the ISO procedures for testing, the activities have been differentiated in verification and validation, which respectively ensure that the tested applications meet the specifications, and behave as expected according to pre-defined user needs and requirements. The V– model is used in the verification and validation activities, to ensure that the SMA testing is conducted at all layers of development, from the unit to integration and system testing.
COMMON TEST SCENARIOS A common approach to testing is adopted that comprises the definition of common test plans and scenarios, parts of the test environments, management and reporting of test results including a common test form to write all the tests in a unique format.
Choice of Test Scenarios It would be practically infeasible to execute a test plan including all interoperating cooperative applications composing the SMA, running on different vehicles and infrastructures, for all identified hazards, covering all SAFESPOT HLO and general user needs. To validate the SMA concept, a subset of common test scenarios has been identified as follows. Each single application is related to the HLO that it covers. The subset of applications chosen covers the most critical HLO and the largest number of remaining HLO and general user needs. So, for each test scenario there are two or more applications focused on some specific HLO. The test plan adopts these scenarios as common test scenarios throughout unit, integration and system testing. This ensures that the units have been tested by one partner for the same scenarios used on test sites by another partner. The common test approach thus supports the parallel verification and validation across partners and test environments.
2
An example of a common test scenario is the combination of two SMA applications: “Speed Limitation and Safety Distance” and “Frontal Collision Warning”. Vehicles A and B are on a test site and are both equipped with the SMA applications. Vehicle A exceeds the legal speed limit and has too little headway to vehicle B. Vehicle B brakes due to a pedestrian crossing the street. The expected results of the scenario are that vehicle A displays on the driver HMI the speed limit excess and the short headway, followed by a frontal collision warning when vehicle B brakes. The HLO covered in this case are “how cooperation improves road safety” and “support drivers preventively to the proper manoeuvres in different contexts”.
Test Environments Unit and integration tests will be run in laboratory test environments including the MARS simulator [4] and ESPOSYTOR [5]. MARS allows testing individual SMA units as well as integrated units, by feeding them with virtual data coming from units not tested. ESPOSYTOR provides the monitoring of the components of the SAFESPOT architecture, and the functionality and performance of single and multiple applications running simultaneously on the same vehicle. ESPOSYTOR works both in real time and in a replay mode, allowing the developers to monitor the behavior of single components per time, to watch for eventual errors. System tests will be run with real vehicles on SAFESPOT Test Sites as well as in traffic and driving simulators. Traffic simulators allow to analyze scenarios with a larger amount of test vehicles than we have available, and to validate the effects on road safety and traffic efficiency. Driving simulators are used for scenarios which are too dangerous to be performed on test sites, and allow to analyze the interaction between the SMA, HMI and the driver with more statistical relevance than the human factors experiments on the real test sites. Finally, experiments with normal and expert drives are conducted at the different test sites to validate the SMA concept in the real word.
REFERENCES [1] SAFESPOT – Co-operative Systems for Road Safety “Smart Vehicles on Smart Roads”, http://www.safespot-eu.org [2] ISO 9001- Section 7.3.1 Design and Development Planning, Section 7.3.5 Design and Development Verification, Section 7.3.6 Design and Development, Section 4.2.4 Control of Records. [3] Systems Engineering – System life cycle processes, ISO/IEC 15288. [4] Z. Papp, F. den Ouden, B. Netten, A. Zoutendijk, “Scalable HIL Simulator for MultiAgent Systems Interacting in Physical Environments.” in Proceedings of the 2006 IEEE Workshop on Distributed Intelligent Systems, Prague, Czech Republic, 15-16 June, 2006, pp. 177-182. [5] M. C. De Gennaro, “The SAFESPOT System Monitor”, Automotive Electronics & Electrical Systems Forum 2008.
3
