Systematic False Positive Mitigation in Safe Automated Driving Systems
Manufacturers of self-driving cars need to significantly improve the safety of their products before the series of such cars are deployed in everyday use. A large number of architecture proposals for Automated Driving Systems (ADS) are aiming at addressing the challenge of safety. These solutions typically define redundancy schemes and quite commonly include self-checking pair structures, e.g., commander/monitor approaches. In such structures, the problem of false positive failure detections arises, i.e., the monitor may falsely classify the output of the commander as being faulty. In this paper, we review an ADS architecture for fully automated driving and propose a concept to remove false positives in a systematic way. We formalize our proposal in an abstract model and prove the absence of false positives by-means of k-induction. A reference to a technical report is given that contains a detailed discussion of the proof procedure.