On a Formal Model of Safe and Scalable Self-driving Cars (1708.06374v6)

Abstract: In recent years, car makers and tech companies have been racing towards self driving cars. It seems that the main parameter in this race is who will have the first car on the road. The goal of this paper is to add to the equation two additional crucial parameters. The first is standardization of safety assurance --- what are the minimal requirements that every self-driving car must satisfy, and how can we verify these requirements. The second parameter is scalability --- engineering solutions that lead to unleashed costs will not scale to millions of cars, which will push interest in this field into a niche academic corner, and drive the entire field into a "winter of autonomous driving". In the first part of the paper we propose a white-box, interpretable, mathematical model for safety assurance, which we call Responsibility-Sensitive Safety (RSS). In the second part we describe a design of a system that adheres to our safety assurance requirements and is scalable to millions of cars.

• The paper introduces the Responsibility-Sensitive Safety (RSS) model, a rigorously defined framework based on driving norms and tort law to mitigate collisions.
• It details multi-agent strategies that theoretically guarantee near-zero accidents under ideal compliance while acknowledging real-world unpredictability.
• The work employs semantic-based driving policies and redundant sensor systems, offering a scalable blueprint for safe autonomous vehicle deployment.

A Formal Model of Safe and Scalable Self-Driving Cars

The paper authored by Shai Shalev-Shwartz, Shaked Shammah, and Amnon Shashua, titled "On a Formal Model of Safe and Scalable Self-driving Cars", presents a structured approach to addressing fundamental challenges in the deployment of autonomous vehicles (AVs). The two primary focus areas are ensuring safety and scalability, which the authors argue are essential to avoid setbacks similar to past failures in AI's history.

Key Contributions

1. Responsibility-Sensitive Safety (RSS) Model: The authors introduce RSS as a rigorous, interpretable, and mathematically grounded approach to ensuring AV safety. The RSS model formalizes a set of principles derived from common driving norms and tort law's "Duty of Care". The main principles include:
   • Avoiding rear-end collisions.
   • Avoiding reckless lane changes.
   • Respecting the right of way.
   • Exercising caution in low-visibility areas.
   • Executing evasive maneuvers when possible without causing additional accidents.
2. Multi-Agent Safety and Scalability: SST delineates how RSS can be used to handle safety in multi-agent environments. The authors demonstrate that adherence to RSS principles theoretically guarantees zero accidents assuming all agents comply. However, they acknowledge the impossibility of absolute safety in real-world scenarios due to the unpredictable nature of human drivers and unforeseen events.
3. Practical Application and Scalability: The paper describes engineering strategies to implement RSS in AV systems at scale. This includes defining semantic languages for AVs which allow abstract and human-like reasoning about driving policies and actions. This section also outlines how reinforcement learning and AI can be applied to model AV behaviors efficiently within the constraints of RSS.

Technical Insights and Results

Semantic-Based Driving Policies

A significant insight from the paper is the shift from geometric to semantic action spaces, which aids in simplifying the problem of planning and decision-making in AVs. The authors argue that human driving instructions are inherently semantic (e.g., "follow the car ahead" or "prepare to turn left") rather than geometric, and propose similar semantic frameworks for AVs. This semantic approach significantly reduces computational complexity and is more aligned with natural human reasoning about driving.

Safety through Redundant Systems

To ensure an extremely low probability of safety-critical errors (aiming for < 10^-9 per hour), the paper proposes the use of multiple redundant systems that should ideally operate independently. This redundancy can mitigate common dependencies and reduce the likelihood of simultaneous system failures. By leveraging different sensor technologies, such as radar, camera, and lidar, each suffering from different limitations and failure modes, the system robustness and safety metrics are enhanced.

Data-Driven Validation

The authors rigorously argue against the practical feasibility of validating AV safety purely through statistical data-driven approaches due to the enormous amount of data required. By introducing the RSS model, they provide an alternative framework for safety validation that combines data-driven and model-based approaches. This hybrid approach theoretically allows certification of AV behaviors with significantly reduced data requirements.

Implications and Future Directions

The implications of adopting the RSS model are profound both practically and theoretically:

• Standardization and Regulatory Impact: RSS provides a clear, interpretable framework that can guide regulatory policies and standardization efforts in the AV domain, potentially accelerating the safe deployment of autonomous vehicles.
• Scalability of Autonomous Driving: By emphasizing scalable solutions in sensor fusion, data handling, and AI integration, the paper sets the foundation for AV systems that can be produced and deployed at a massive scale, thereby ensuring economic viability.

Future Research Directions

• Non-Deterministic Environment Handling: Future work could focus on extending the RSS framework to better handle non-deterministic and highly dynamic environments by integrating more sophisticated predictive models.
• Evolving Safety Standards: As autonomous driving technology advances, evolving the RSS model to incorporate new findings from real-world deployments will be vital.
• Impact of Human-AI Interaction: Understanding the nuances of human-AI interaction on roads, particularly in mixed traffic conditions, will be necessary to refine AV policies and improve overall traffic safety.

In conclusion, the paper by Shalev-Shwartz, Shammah, and Shashua offers a formalized pathway to achieving both safe and scalable autonomous driving. The Responsibility-Sensitive Safety model represents a crucial step towards robust AV systems capable of gaining public trust and regulatory approval. By addressing both theoretical and practical challenges, this work paves the way for future advancements in the autonomous vehicle industry.