Resilient Autonomous Systems
Summer 2024 to Winter 2024/2025
In cooperation with GET racing Dortmund e.V.
Motivation
In recent years, the vision of autonomous driving has increasingly become reality thanks to advances in reasearch and technology. At the same time, it has become obvious that autonomous systems are not yet capable of handling every unknown or unexpected situation. We have to conclude that software architectures for such systems, more so than other applications, have to be resilient. Hardware and software faults and malfunctions have to be predicted, recognized and adressen. While the failure of a core sensor (e.g., a lidar) can be recognized by the absence of data and is addressed via an emergency stop, a neural network may exhibit difficult-to-recognize errors that could, however, be addressed by falling back to an alternative component.
Testings such mechanisms is challenging, however, since on real hardware a failure (even if successfully addressed) can result in damage to the vehicle. Simulations with integrated metrics can be a solution, since they allow large test campaigns to be conducted frequently without and risk. Ideally, such simulations are integrated into the development process as quality gates.
Vision
To develop resilient autonomous driving systems, it is necessary to first identify possible failures using, e.g., fault tree analysis. In the next step, the circumstances in which the failure occurs, i.e., its triggering conditions must be identified. Only then, for each failure mode, suitable handling techniques can be designed and implemented. Possible approaches may include modifications to the autonomous system's itself (e.g., to interpolate missing data), addition of new components (e.g., emergency braking), or architectural changes (e.g., by introducing safety envelopes).
Validating resilience, however, requires a way to reproducibly trigger failures and check the system's behavior for correctness. This requires the system's instumentation to inject errors. Then, validation can be performed in a simulation by analyzing a recording. On real hardware, e.g., model vehicles, hardware-in-the-loop and vehicle-in-the-loop tests may yield more results at the price of a more complex evaluation.
Goal
The project group's task is to introduce resilience into an autonomous system and to validate the result using a structured approache. To this end, the group should identify failures and introduce suitable measures to handle them. Simultaneously, a simulation-based validation architecture should be build, using which the mersures' succress can be validated and quantified.
The autonomous driving software Jarvic will serve as a case study. It is developed by GET racing Dortmund e.V. for use in Formula Student race cars and is based on the ROS middleware. Jarvic already provides a sulution for coninuous validation using simulations (e.g., via FSSim) and can also be deployed to 1:8 scale model cars.