Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Safety-Relevant Guidance for On-Road Testing of Prototype Automated Driving Systems (SAE J3018)
The SAE J3018 standard provides essential safety-relevant guidance for on-road testing of prototype Automated Driving System (ADS)-operated vehicles. It focuses on the training of In-Vehicle Fallback Test Drivers (IFTDs) and the safe operation of test vehicles in mixed traffic environments. This recommended practice applies to Levels 3–5 driving automation as defined by SAE J3016, emphasizing a systems engineering approach, hazard mitigation, and rigorous testing procedures.
Key Safety Principles for On-Road Testing
Prototype ADS-operated vehicles must be developed using validated methods to ensure safety. The standard mandates adherence to a systems engineering approach, such as the V-model, and recognized system safety processes for identifying and mitigating hazards. Critical considerations include:
- Analysis and testing of all hardware/software interfaces between production and developmental components.
- Implementation of monitoring and self-diagnostics for safety-critical functions of developmental software.
- Use of shadow mode testing as an alternative method to verify software safety without full on-road deployment.
In-Vehicle Fallback Test Driver (IFTD) Training and Oversight
The fallback test driver plays a crucial role in ensuring safety during testing. The standard provides recommendations for their selection, training, and oversight. Key aspects include:
- Pairing novice testers with experienced ones to learn appropriate reactions to various situations.
- Real-time calibration or tuning of ADS software should only be allowed after evaluation by qualified personnel to ensure no unacceptable risk is introduced.
- Accurate and consistent reporting of unexpected behaviors and incidents is essential for effective root cause analysis.
- Management must clearly communicate testing rules, documentation, and any updates that impact vehicle performance.
Engineering Design Insights and Best Practices
🔍 A central theme of SAE J3018 is the importance of a systems engineering lifecycle approach. Using the V-model ensures that safety requirements are defined early and verified at each stage. The standard emphasizes analyzing failure modes and effects for all interfaces, and verifying efficacy of self-diagnostics before on-road testing.
🛠️ Design Insight: Shadow mode testing offers an effective system-level approach for verifying developmental software safety without the risks of full on-road activation. This method can complement or replace component-level self-diagnostics.
| Aspect | Requirement | Guidance |
|---|---|---|
| Interface Integrity | Analyze and test all hardware/software interfaces | Use failure mode and effects analysis (FMEA) for operational integrity |
| Safety-Critical Monitoring | Implement self-diagnostics or equivalent system-level approach | Verify efficacy before on-road testing; shadow mode accepted alternative |
| IFTD Training | Pair novice with experienced testers; evaluate real-time calibration changes | Ensure qualified personnel assess changes for acceptable risk |
| Incident Reporting | Accurate and consistent reporting of all unexpected behaviors | Support root cause analysis and continual improvement |
| Data Integrity | Maintain auditable procedures and comply with privacy laws | Ensure data integrity for forensic analysis post-incident |
🔍 Critical Warning: Neglecting interface analysis and verification can lead to unforeseen hazards. Always adhere to the V-model and perform thorough failure mode analysis before on-road testing.
Frequently Asked Questions
Q: What training is required for In-Vehicle Fallback Test Drivers (IFTDs)?
A: The standard recommends comprehensive training that includes pairing novice testers with experienced ones, specific instruction on the behavior of the prototype ADS, and clear understanding of reporting and intervention procedures. Managers must communicate all relevant rules and updates.
Q: How should interface integrity between production and development hardware be verified?
A: All interfaces must be analyzed and tested for operational integrity, including failure modes and effects analysis. This applies to both hardware and software interfaces added to the vehicle. Any added modules must be checked for interference with base vehicle systems.
Q: What is acceptable risk for on-road testing, and how is it managed?
A: Acceptable risk is determined through a system safety process that identifies and mitigates hazards. Real-time calibration changes are only allowed after evaluation by qualified personnel to confirm no unacceptable risk. The standard emphasizes a rigorous safety culture and management oversight.
