Runtime Restriction of the Operational Design Domain: A Safety Concept for Automated Vehicles

Automated vehicles need to operate safely in a wide range of environments and hazards. The complex systems that make up an automated vehicle must also ensure safety in the event of system failures. This thesis proposes an approach and architectural design for achieving maximum functionality in the case of system failures. The Operational Design Domain (ODD) defines the domain over which the automated vehicle can operate safely. We propose modifying a runtime representation of the ODD based on current system capabilities. This enables the system to react with context-appropriate responses depending on the remaining degraded functionality. In addition to proposing an architectural design, we have implemented the approach to prove its viability. An analysis of the approach also highlights the strengths and weaknesses of the approach and how best to apply it. The proof of concept has shown promising directions for future work and moved our automated vehicle research platform closer to achieving level 4 automation. A ROS-based architecture extraction tool is also presented. This tool helped guide the architectural development and integration of the automated vehicle research platform in use at the University of Waterloo, and improve the visibility of safety and testing procedures for the team.