Adaptive Cruise Control (ACC) is an Advanced Driver Assistance System (ADAS) feature offered by a wide variety of automakers. This feature can be engaged by the driver to automatically control the longitudinal motion of a vehicle, using a sensor such as a radar to maintain a safe distance from a forward vehicle. In addition to being assured that the development of this feature complies with applicable safety standards such as ISO 26262 (Functional Safety) and ISO 21448 (Safety of the Intended Functional – SOTIF), a safety case should directly address overarching properties for this feature such as:
1. When engaged, the risk of collision with a forward vehicle is acceptably small, subject to built-in limitations on the authority of the ACC to control longitudinal motion.
2. The driver is always able to override the ACC, taking control of longitudinal motion without interference from the ACC.
This public demonstration argument illustrates how Eliminative Argumentation (EA) can be applied to a software function in a cyber-physical system such as a modern automobile. In addition to software behaviour, the argument takes account of the Operational Design Domain (ODD) and other factors that have a bearing on overarching properties.
Several features of this public demonstration are particularly interesting. Many assurance arguments in the automotive industry are focus on showing that the development process complies with a standard such as ISO 26262 or UL 4600. However, this ACC argument also examines technical details that implement safety requirements. This includes, for example, incorporating technical details about safety mitigations that aim to prevent interference with an attempt by the driver to take control of the vehicle’s longitudinal motion.