One Stack, Diverse Vehicles: Checking Safe Portability of Automated Driving Software

TL;DR

This paper presents a formal method for automatically verifying the safe portability of automated driving software across diverse vehicle configurations, ensuring safety and dependability during updates and hardware variations.

Contribution

It introduces a formal portability checking approach that models different vehicle configurations and verifies safe behavior, enabling rapid and reliable software integration.

Findings

Portability checks completed within minutes for each configuration.

The method provides actionable feedback for controller adaptations.

Applicable to both traditional and neural network controllers.

Abstract

Integrating an automated driving software stack into vehicles with variable configuration is challenging, especially due to different hardware characteristics. Further, to provide software updates to a vehicle fleet in the field, the functional safety of every affected configuration has to be ensured. These additional demands for dependability and the increasing hardware diversity in automated driving make rigorous automatic analysis essential. This paper addresses this challenge by using formal portability checking of adaptive cruise controller code for different vehicle configurations. Given a formal specification of the safe behavior, models of target configurations are derived, which capture relevant effects of sensors, actuators and computing platforms. A corresponding safe set is obtained and used to check if the desired behavior is achievable on all targets. In a case study, portability checking of a traditional and a neural network controller are performed automatically within minutes for each vehicle hardware configuration. The check provides feedback for necessary adaptations of the controllers, thus, allowing rapid integration and testing of software or parameter changes.