Unlike traditional vehicles, which are mainly at risk of system failure, autonomous vehicles are more likely to be subject to limitations in the design of their system functions, which could cause them to behave differently than originally intended in certain situations. This is why the testing of autonomous vehicles requires an approach different from those used for traditional vehicles. This subsequently led to the development of the SOTIF test standard (also known as ISO PAS 21448). SOTIF is a supplement of the ISO 26262 standard and is specially designed for autonomous vehicles. SOTIF defines appropriate methods that must be applied whenever tests of autonomous functions are conducted. This approach includes real road tests as well as tests performed with simulators.

dSPACE Magazin online

This is an article from dSPACE Magazine 01/2020. You can read the complete edition online here.

Classification of Risks

Classification of various scenarios for autonomous vehicles: The focus of testing is on the scenarios shown in the left half of the diagram, namely the known and unknown risks.

When defining effective tests, gaining insights about possible scenarios in advance is quite helpful. Generally speaking, there are four types of scenarios (figure 1): Known safe states, known risks, unknown safe states, and unknown risks. The known and unknown risks are the main focus of the function tests. Evaluating the known risks is the easier of the two tasks because requirements-based testing can be used. This involves designing customized test cases and then processing them step by step – much like an assembly line process. 

“The dSPACE development environment supports very efficient automated testing of autonomous vehicles in accordance with SOTIF.”

Shang Shiliang, PATAC

Testing Unknown Risks

Examining the unknown risks is the real challenge. How can you evaluate a risk situation that is unknown to you, and for which no test case can be clearly defined? The solution to this problem involves using driving scenarios applying as many driving variants as possible. This is done in a simulated and reproducible test environment supported by automatic tests. This approach requires creating precise virtualization models of the vehicle, sensors (such as radar, lidar, GPS, HD maps), environment factors such as rain, road conditions, signs, traffic, and various road users, pedestrians, cyclists and their respective behavior. The modeling of such a test scenario is advantageous because it supports the variation of model parameter values in countless test cases – including the unknown risks – all within a reasonable amount of time. This would not be possible when using traditional manual tests.

Real test drives are used to define the amount of steering torque that the LKA generates in the EPS. (© releon8211/Shutterstock)

Example: Testing the Line Keeping Assistant

PATAC has conducted specific tests of the line keeping assistant (LKA) in accordance with SOTIF guidelines. The LKA relies on a camera which monitors lane markings and automa-tically intervenes to correct the trajectory if a vehicle tends to veer from its path. The steering torque that the LKA creates via the electric power steering (EPS) must be efficient enough to have the desired effect, but at the same time must be smooth enough to not negatively affect the driver. A real test drive was conducted for this scenario.

As the driver follows a typical curve, the LKA initiates the corrective steering torque in the EPS via the CAN bus. The corrective steering torque is incrementally increased during a series of test runs so that the driver is required to exert more steering torque each time. The process continues until the driver can no longer keep the vehicle in the lane. The maximum limit for the steering torque generated by the LKA is then set just below the parameter value at this moment.

dSPACE Tools Minimize Testing Effort

Several dSPACE hardware and software tools are used in the development environment (figure 3). The first task in a typical work process (steps 1 and 2) is focused on creating the test scripts for the subsequent automatic tests. In classic work processes, these test scripts would be manually created and would have to be rewritten for every test case. This requires quite a lot of time and effort. In the shown work environment, the process is considerably more efficient: Thanks to dSPACE SYNECT and AutomationDesk, new test scripts can be automatically created from existing scripts used for similar test cases.

The parameterization of the test cases can be supported by Excel® macro files to additionally simplify the work process. By taking this approach, the variation of test parameters allows for the automatic simulation of countless test cases within a very short time (step 3). This is absolutely necessary for tests that comply with SOTIF to achieve, with the highest levels of probability, a coverage of even the unknown risks. The actual tests of the functions in the autonomous vehicle are then performed using a HIL test platform and/or performing a real test drive (steps 4 and 5) in which the dSPACE MicroAutoBox serves as the controller. Test protocols are automatically created for the HIL tests as well as the real test drive (Step 6).

“The SOTIF approach requires comprehensive test variants. These can be automatically generated with tools from dSPACE.”

Cui Haifeng, PATAC


SOTIF is the first standard specially designed for the development of auto-nomous vehicles. Tests based on the SOTIF standard can even detect errors which occurred during the design phase of functions for autonomous vehicles. The test environment at PATAC is equipped with the dSPACE tool chain and supports automated testing in accordance with SOTIF. The ability to perform HIL tests as well as real test drives is a key advantage of this test environment. Another im- portant benefit is the fast, automated creation of multifaceted test cases.

Shang Shiliang, PATAC (Shanghai, China)
Cui Haifeng, PATAC (Shanghai, China)
Yang Chunwei, PATAC (Shanghai, China)
Guo Mengge, PATAC (Shanghai, China)


PATAC (Pan Asia Technical Automotive Center), founded in 1997, is a joint venture of General Motors China LLC and Shanghai Automotive Industry (Group) Corporation (SAIC Motor). It includes a design and development center in Pudong (Shanghai, China) focused on the development of Shanghai GM products while also serving as the second largest technical development and design center maintained by General Motors worldwide. With the goal of establishing itself as a groundbreaking enterprise of worldwide stature in the automotive development sector, PATAC offers all kinds of automotive development services of relevance to design, technological development, testing, and validation.

Published: January 31, 2020
Related Topics

Subscribe newsletter

Subscribe to our newsletters, or manage or delete your subscriptions