The UnCoVerCPS Verification Approach to Automated Driving

There are several benefits for bringing automated vehicles to the road: Possible reduction of traffic accidents, improvement of work life balance and social inclusion of aged or disabled persons, to name just a few. A significant challenge is the validation and verification of automated driving. Classical offline verification approaches require enumeration and discretization of all relevant state variables in all possible driving situations, which results in a state space explosion. A promising approach is the use of online verification techniques pursued in UnCoVerCPS . The methods developed in UnCoVerCPS are generally applicable to many safety critical, cyber physical systems. As a specific use case, we investigate a system which facilitates safe interactions of automated vehicles, leveraging a formal proof on a validated model. By exchanging and negotiating verified maneuver plans, the freedom of collisions and safe operation in general can be guaranteed for the situation at hand. The system design is tailored to make the complete system amenable to verification. An overview is given in fig. 1: The system is decomposed into three layers (green boxes), where each is fulfilling a contract, which guarantees correct operation under specific types of uncertainties. The combination of the three layers enables safe operation under disturbances, input- and parameter uncertainties, non-determinisms of the communication channel as well as nondeterminism of the decisions of cooperation partners. On the lowest layer is the physical vehicle, modeled as a set of nonlinear differential equations with bounded uncertain parameters and disturbances. The second layer is realized by a classical discrete time trajectory tracking controller “TTC”, which stabilizes the vehicle around a given set trajectory, while operating on noisy measurement data. Vehicle model and trajectory tracking controller are considered as a closed loop system by an offline analysis shown at the bottom of fig. 1 (steps 1.Modeling – 6.Verification), which computes bounds on state evolution of the physical system (rather than the model), for a finite set of atomic actions (maneuver database – “MDB”). During online execution, several maneuver planners “MP” assemble the guarantees of the pre-verified atomic actions and use conservative bounds on the environment perception to generate provably safe maneuvers. A timed-automaton (cooperative driving controller – “CDC”) controls negotiation of safe, cooperative maneuvers with other vehicles. It guarantees safe operation even under the assumption of message loss and delays, as well as non-deterministic planning times. This is achieved by prudent switching between cooperative, individual and failsafe maneuvers. In this paper we give an overview of the offline design process, which, besides classical development steps, involves (fig.1, step 4.) sampling possible vehicle actions, (5.) generating a reliable model by testing conformance between the actual physical system and a model with bounded uncertainties and (6.) verifying time in-variant constraints and admissible execution orders of the vehicle actions. Furthermore we focus on the online execution, where maneuver planners and the cooperative driving controller guarantee compliance to time varying constraints. Where “monolithic” verification schemes are hampered by the curse of dimensionality, our modular and layered approach of verifying lower-level, closed-loop subsystems offline and higher-level decision modules online provides formal safety guarantees for the overall system in a feasible manner

A Double-Level Model Checking Approach for an Agent-Based Autonomous Vehicle and Road Junction Regulations

From MDPI via Jisc Publications RouterHistory: accepted 2021-06-21, pub-electronic 2021-06-25Publication status: PublishedFunder: Engineering and Physical Sciences Research Council; Grant(s): EP/V026801Usually, the design of an Autonomous Vehicle (AV) does not take into account traffic rules and so the adoption of these rules can bring some challenges, e.g., how to come up with a Digital Highway Code which captures the proper behaviour of an AV against the traffic rules and at the same time minimises changes to the existing Highway Code? Here, we formally model and implement three Road Junction rules (from the UK Highway Code). We use timed automata to model the system and the MCAPL (Model Checking Agent Programming Language) framework to implement an agent and its environment. We also assess the behaviour of our agent according to the Road Junction rules using a double-level Model Checking technique, i.e., UPPAAL at the design level and AJPF (Agent Java PathFinder) at the development level. We have formally verified 30 properties (18 with UPPAAL and 12 with AJPF), where these properties describe the agent’s behaviour against the three Road Junction rules using a simulated traffic scenario, including artefacts like traffic signs and road users. In addition, our approach aims to extract the best from the double-level verification, i.e., using time constraints in UPPAAL timed automata to determine thresholds for the AVs actions and tracing the agent’s behaviour by using MCAPL, in a way that one can tell when and how a given Road Junction rule was selected by the agent. This work provides a proof-of-concept for the formal verification of AV behaviour with respect to traffic rules

Nachweislich sichere Bewegungsplanung für autonome Fahrzeuge durch Echtzeitverifikation

This thesis introduces fail-safe motion planning as the first approach to guarantee legal safety of autonomous vehicles in arbitrary traffic situations. The proposed safety layer verifies whether intended trajectories comply with legal safety and provides fail-safe trajectories when intended trajectories result in safety-critical situations. The presented results indicate that the use of fail-safe motion planning can drastically reduce the number of traffic accidents.Die vorliegende Arbeit führt ein neuartiges Verifikationsverfahren ein, mit dessen Hilfe zum ersten Mal die verkehrsregelkonforme Sicherheit von autonomen Fahrzeugen gewährleistet werden kann. Das Verifikationsverfahren überprüft, ob geplante Trajektorien sicher sind und generiert Rückfalltrajektorien falls diese zu einer unsicheren Situation führen. Die Ergebnisse zeigen, dass die Verwendung des Verfahrens zu einer deutlichen Reduktion von Verkehrsunfällen führt

Agents and Robots for Reliable Engineered Autonomy

This book contains the contributions of the Special Issue entitled "Agents and Robots for Reliable Engineered Autonomy". The Special Issue was based on the successful first edition of the "Workshop on Agents and Robots for reliable Engineered Autonomy" (AREA 2020), co-located with the 24th European Conference on Artificial Intelligence (ECAI 2020). The aim was to bring together researchers from autonomous agents, as well as software engineering and robotics communities, as combining knowledge from these three research areas may lead to innovative approaches that solve complex problems related to the verification and validation of autonomous robotic systems