| VER-VERIFICATIONMETHODS-001 | The LiDAR processing rate and coverage SHALL be verified by injecting recorded point cloud datasets at rated frame rates and measuring processing latency and angular coverage completeness against SUB-SUBSYSTEMREQUIREMENTS-001. | — | verification, perception, test, session-161 |
| VER-VERIFICATIONMETHODS-002 | Sensor fusion latency SHALL be verified by timestamping raw sensor inputs and fusion output, measuring end-to-end delay across 10,000 cycles under peak load conditions against SUB-SUBSYSTEMREQUIREMENTS-003. | — | verification, perception, latency, session-161 |
| VER-VERIFICATIONMETHODS-003 | The Perception-to-Planning interface data rate SHALL be verified by monitoring the shared-memory IPC channel under simulated traffic scenarios with 200 tracked objects and confirming sustained 20 Hz delivery against IFC-INTERFACEDEFINITIONS-001. | — | verification, interface, test, session-161 |
| VER-VERIFICATIONMETHODS-004 | The Behavior Planner decision cycle time SHALL be verified by measuring wall-clock latency from prediction input timestamp to action output timestamp across 50,000 decision cycles under peak traffic scenarios with 200 tracked objects, against SUB-SUBSYSTEMREQUIREMENTS-007. | — | verification, planning, behavior-planner, session-162 |
| VER-VERIFICATIONMETHODS-005 | The Risk Assessor minimal risk condition handoff SHALL be verified by injecting failure scenarios where all candidate trajectories violate the 2-second time-to-collision threshold and measuring response latency and correct MRC request issuance, against SUB-SUBSYSTEMREQUIREMENTS-010. | — | verification, planning, risk-assessor, session-162 |
| VER-VERIFICATIONMETHODS-006 | The Prediction Module trajectory forecast accuracy SHALL be verified by replaying recorded urban driving datasets and computing position error at 3-second and 5-second horizons across vehicle, pedestrian, and cyclist categories, against SUB-SUBSYSTEMREQUIREMENTS-009. | — | verification, planning, prediction-module, session-162 |
| VER-VERIFICATIONMETHODS-007 | The Steering Controller steady-state error and settling time (SUB-VEHICLECONTROLSUBSYSTEM-014) SHALL be verified by hardware-in-the-loop test with a calibrated steering angle sensor, injecting step and ramp commands across the full operating range at ambient temperatures from -20°C to +60°C. | — | verification, vehicle-control, session-163 |
| VER-VERIFICATIONMETHODS-008 | The Drive-by-Wire Gateway watchdog mechanism (SUB-VEHICLECONTROLSUBSYSTEM-019) SHALL be verified by fault injection test that interrupts the control software heartbeat and measures time to actuator safe-state transition, confirming it occurs within the 50 ms watchdog period. | — | verification, vehicle-control, safety, session-163 |
| VER-VERIFICATIONMETHODS-009 | The dual-redundant CAN FD interface (IFC-INTERFACEDEFINITIONS-008) SHALL be verified by protocol conformance test including bus-off recovery, message authentication validation, and single-bus-failure failover test confirming no command dropout exceeds one cycle. | — | verification, vehicle-control, interface, session-163 |
| VER-VERIFICATIONMETHODS-010 | The Fault Detection and Isolation Module fault detection latency (SUB-028) SHALL be verified by hardware-in-the-loop testing with calibrated fault injection at each monitored subsystem interface, measuring detection time against the 50 ms threshold across 1000 fault injection cycles. | — | verification, safety-monitoring, fdi, session-165 |
| VER-VERIFICATIONMETHODS-011 | The Minimal Risk Condition Controller safe-stop execution (SUB-029) SHALL be verified by closed-course vehicle testing with simulated critical faults, confirming MRC initiation within 100 ms and vehicle reaching a safe state in all test scenarios including highway, urban, and intersection contexts. | — | verification, safety-monitoring, mrc, session-165 |
| VER-VERIFICATIONMETHODS-012 | The Safety Integrity Monitor watchdog cycle (SUB-030) SHALL be verified by analysis of execution traces and by injecting timing violations and control flow corruptions into ASIL D functions, confirming detection within one watchdog cycle. | — | verification, safety-monitoring, sim, session-165 |
| VER-VERIFICATIONMETHODS-013 | The Event Data Recorder continuous recording and crash survivability (SUB-031) SHALL be verified by recording at sustained 100 Mbps throughput for 8 hours followed by a physical crash simulation per UN R157 Annex 1, confirming data integrity and readback of pre-incident buffer. | — | verification, safety-monitoring, edr, session-165 |
| VER-VERIFICATIONMETHODS-014 | The Vehicle Cybersecurity Gateway intrusion detection (SUB-032) SHALL be verified by penetration testing with a standardised attack suite covering CAN bus injection, Ethernet MITM, and replay attacks, confirming detection and blocking within 10 ms for all attack vectors. | — | verification, safety-monitoring, csg, session-165 |
| VER-VERIFICATIONMETHODS-015 | SUB-041 (V2X latency): Verify by test — inject BSM messages on RF channel simulator and measure end-to-end latency across 10,000 message cycles under nominal and congested channel conditions. | — | verification, communication, session-167 |
| VER-VERIFICATIONMETHODS-016 | SUB-044 (OTA integrity): Verify by test — present update packages with valid signatures, corrupted signatures, and revoked certificates. Confirm acceptance of valid packages and rejection of all tampered or revoked packages. | — | verification, communication, session-167 |
| VER-VERIFICATIONMETHODS-017 | SUB-046 (TSN latency): Verify by test — measure frame delivery latency on all safety-critical VLAN paths using precision time protocol (PTP) synchronized traffic generators with 99.999th percentile analysis. | — | verification, communication, session-167 |
| VER-VERIFICATIONMETHODS-018 | SUB-050 (HSM key isolation): Verify by inspection — review HSM FIPS 140-2 Level 2 certification documentation and verify by test that no software API permits private key export or direct read access. | — | verification, communication, session-167 |
| VER-VERIFICATIONMETHODS-019 | The Pose Estimator fused position accuracy (SUB-SUBSYSTEMREQUIREMENTS-021) SHALL be verified by test using a reference-grade RTK-GNSS/INS system on a closed test track. The Pose Estimator output SHALL be compared against RTK ground truth over 100 km of driving across urban, suburban, and highway scenarios. Pass criteria: lateral error less than 10 cm RMS, heading error less than 0.1 degrees RMS. | — | verification, localization, pose-estimator, session-168 |
| VER-VERIFICATIONMETHODS-020 | The Pose Estimator GNSS spoofing detection (SUB-SUBSYSTEMREQUIREMENTS-026) SHALL be verified by test using a GNSS signal simulator injecting spoofed signals with position offsets of 1 m to 100 m. The system SHALL detect and reject spoofed signals within 2 seconds for offsets greater than 5 m. Test SHALL include both gradual drift and sudden jump spoofing attack profiles. | — | verification, localization, gnss-spoofing, session-168 |
| VER-VERIFICATIONMETHODS-021 | The Inertial Measurement Unit dead-reckoning capability during GNSS loss (SUB-SUBSYSTEMREQUIREMENTS-023) SHALL be verified by test in a controlled tunnel environment. GNSS signal SHALL be occluded for intervals of 30, 60, and 120 seconds at vehicle speeds of 30 and 60 km/h. Pass criteria: position drift less than 1 m after 30 s, less than 5 m after 60 s, and less than 15 m after 120 s of GNSS denial. | — | verification, localization, imu, dead-reckoning, session-168 |