A Method for ODD Specification and Verification with Application for Industrial Automated Driving Systems

Various legislative initiatives see the operational design domain (ODD) as the starting point of a development of automated driving systems (ADSs). An ODD describes a set of operating conditions under which a given ADS or feature thereof is specifically designed to function. Therefore, it is important to develop a self-consistent ODD, i.e., there are no contradictions between the ODD constraints, which can be used to check which situations are safe for the operation of the ADS. Standard verification tools, e.g., solvers for satisfiability modulo theories (SMT), could be used to verify the consistency of an ODD specification as well as to check which driving situations fulfill the ODD constraints. However, the usage of a given verification tool requires extensive knowledge of the formal specification language used by the respective tool. Current standardization efforts recommend the specification of an ODD through semi-formal languages (based, e.g., on YAML) in order to address also stakeholders that do not necessarily have a background in formal methods. Thus, we propose a concept for the specification of ODDs, which bridges the gap between the semi-formal languages proposed through current standardization efforts and the standard formal language needed for the interpretation and verification of the ODD. We demonstrate our concept on an example provided by an automotive OEM and report on our results and lessons learned.