Continuous Engineering for Safe and Secure Intelligent Automated Valet Parking
The goal of this work is to develop a use case on autonomous driving with restricted ODD (SAE level 4 autonomy). The demonstrated use case will be automated valet parking (AVP) with mixed traffic, i.e., with pedestrians as well as vehicles controlled by human. In the use case, one simply can hand-over / pick-up his/her car at a convenient spot e.g. in front of a shopping center. The AVP System parks in and out observing complete parking system.
In the use case, we plan to integrate partners’ technical contribution and demonstrate one round of continuous engineering utilizing FOCETA technologies, which starts from modelling, semantic reasoning, simulation, automatic test case generation, to abnormality detection, cyber-security robustness, automatic repair (including LEC incremental training) and redeployment.
Step 1 – Baseline model
A prototypical implementation of the autonomous driving function for AVP will mainly be implemented by DNDE. The baseline implementation is by definition imperfect, which creates space for continuous improvement based on the semantic modelling/reasoning techniques. Apart from standard perception components that are implemented using machine learning techniques, one of the components in the system will also be implemented using reinforcement-learning techniques. Data sets for scenarios, gathered by synthetic generation in the test platform or/and by real data collection, shall be used for training the ML-based prediction function. For predicting the traffic participant behaviour, the driving function incorporates mixed models of the intersection and the other traffic participants jointly modelled by data-based and model-based methods.
Step 2 – Execute the system and generate virtual test cases
Subsequently, we plan to execute the system, while based on the recorded traces, intelligent testing techniques will modify the trace to create additional test cases to challenge the “virtual representation” of the system in the simulated world. This is made possible by introducing techniques developed in FOCETA and the concrete digital twin of the system will be built by Mentor. We will apply open standards such as OpenScenario to ensure interoperability for the data exchange. The test platform is created and validated in the test platform/management developed based on the scenario definition and formal specification, respectively. Virtual testing will be executed to capture the potential unsafe scenario, and more specifically, Mentor will conduct a functional safety analysis for ECUs involved in the detection of objects.
Step 3 – Detect abnormal situations that are not considered previously
To ensure that the automated system’s behaviour works according to its specification that includes safety requirements, the automated system is complemented by runtime monitoring and runtime enforcement development. The vehicle as well as its virtual copy in the simulation environment are equipped with advanced runtime monitors to detect potential abnormal behaviours, where at least three types of monitors will be integrated: (1) monitors for CNN based perception system abnormity (2) monitors for planner decision abnormity (3) monitors for cyber-security abnormit and finally (4) platform-level SW and HW monitors.
Step 4 – Improve the unit by considering the abnormal situation
Once when the abnormal behaviour is detected, the automated vehicle should switch to degraded mode to allow updates in an online or offline fashion. For perception unit (image, point cloud): model repair techniques such as robust CNN training techniques should be used to improve the system based on that example where the desired property is preserved. Advanced testing & verification techniques will be triggered to examine if the decision is unbiased towards some pre-listed criterion. For planning unit and for security issues, perform incremental synthesis to create patches. The platform for connecting all tools will be implemented using evidential tool bus.
To properly monitor the progress, at the mid-term of the project, intermediate/conceptual use case demonstrators will be produced. A digital twin for the system will be built by Mentor. Virtual testing will be executed to capture the potential unsafe scenario. More specifically mentor will conduct a functional safety analysis for ECUs involved in the detection of objects. Based on the finding during this task Mentor will research and develop a new methods and tools for virtually assessing the safety of the system.