Date of Original Version
Abstract or Description
Safety critical systems often have shutdown mechanisms to bring the system to a safe state in the event of a malfunction. We examine the use of ride-through, a technique to reduce the frequency of safety shutdowns by allowing small transient violations of safety rules. An illustrative example of enforcing a speed limit for an autonomous vehicle shows that using a rate-limited ride-through bound permits a tighter safety limit on speed than a fixed threshold without creating false alarm shutdowns. Adding state machines to select specific safety bounds based on vehicle state accommodates expected control system transients. Testing these principles on an autonomous utility vehicle resulted in improved detection of speed limit violations and shorter shutdown stopping distances without needing to increase the false alarm shutdown rate.
Proceedings of CARS Workshop at SAFECOMP.