Formal Methods and Safety for Automated Vehicles: Modeling, Abstractions, and Synthesis of Tactical Planners

One goal of developing automated road vehicles is to completely free people from driving tasks. Automated vehicles with no human driver must handle all traffic situations that human drivers are expected to handle, possibly more. Though human drivers cause a lot of traffic accidents, they still have a very low accident and failure rate that automated vehicles must match.Tactical planners are responsible for making discrete decisions for the coming seconds or minutes. As with all subsystems in an automated vehicle, these planners need to be supported with a credible and convincing argument of their correctness. The planners interact with other road users in a feedback loop, so their correctness depends on their behavior in relation to other drivers and road users over time. One way to ascertain their correctness is to test the vehicles in real traffic. But to be sufficiently certain that a tactical planner is safe, it has to be tested on 255 million miles with no accidents.Formal methods can, in contrast to testing, mathematically prove that given requirements are fulfilled. Hence, these methods are a promising alternative for making credible arguments for tactical planners’ correctness. The topic of this thesis is the use of formal methods in the automotive industry to design safe tactical planners. What is interesting is both how automotive systems can be modeled in formal frameworks, and how formal methods can be used practically within the automotive development process.The main findings of this thesis are that it is viable to formally express desired properties of tactical planners, and to use formal methods to prove their correctness. However, the difficulty to anticipate and inspect the interaction of several desired properties is found to be an obstacle. Model Checking, Reactive Synthesis, and Supervisory Control Theory have been used in the design and development process of tactical planners, and these methods have their benefits, depending on the application. To be feasible and useful, these methods need to operate on both a high and a low level of abstraction, and this thesis contributes an automatic abstraction method that bridges this divide.It is also found that artifacts from formal methods tools may be used to convincingly argue that a realization of a tactical planner is safe, and that such an argument puts formal requirements on the vehicle’s other subsystems and its surroundings

Correct-by-Construction Tactical Planners for Automated Cars

One goal of developing automated cars is to completely free people from driving tasks. Automated cars that require no human driver need to handle all traffic situations that a human driver is expected to handle, and possibly more. Although human drivers cause a lot of traffic accidents, they still have a very low accident and failure rate that automated systems must match.Tactical planners are responsible for making discrete decisions during the coming seconds or minute. As with all subsystems in an automated car, these planners need to be supported with a credible and convincing argument of their correctness. The planners\u27 decisions affect the environment and the planners need to interact with other road users in a feedback loop, so the correctness of the planners depend on their behavior in relation to other drivers and the environment over time. One possibility to ascertain their correctness is to deploy the planners in real traffic. To be sufficiently certain that a tactical planner is safe by that methods, it needs to be tested on 255 million miles without having an accident.Formal methods can, in contrast to testing, mathematically prove that the requirements are fulfilled. Hence, they are a promising alternative for making credible arguments of tactical planners\u27 correctness. The topic of this thesis is how formal methods can be used in the automotive industry to design safe tactical planners. What is interesting is both how automotive systems should be modeled in formal frameworks, and how formal methods can be used practically within the automotive development process.The main findings of this thesis are that it is natural to express desired properties of tactical planners in formal languages and use formal methods to prove their correctness. Model Checking, Reactive Synthesis, and Supervisory Control Theory have been used in the design and development process of tactical planners, and all three methods have their benefits, depending on the application.Formal synthesis is an especially interesting class of formal methods because they can automatically generate a planner based on requirements and models. Formal synthesis removes the need to manually develop and implement the planner, so the development efforts can be directed to formalizing good requirements on the planner and good assumptions on the environment. However, formal synthesis has two limitations: the resulting planner is a black box that is difficult to inspect, and it is difficult to find a level of abstraction that allows detailed requirements and generic planners

Comparative Case Studies of Reactive Synthesis and Supervisory Control

Reactive Synthesis and Supervisory Control Theory are both systematic approaches for the automatic construction of controllers from requirements. However, their underlying technicalities differ significantly. This paper provides an empirical comparison between these two approaches from the modelling perspective through case studies. Using the synthesis tools TuLiP and Supremica, two examples are modelled in the typical modelling formalism supported by each tool, and the algorithms are applied to synthesize controllers. Based on the obtained models and experiences, we compare how the models are derived, and how the characteristics of the examples and the underlying synthesis algorithms influence the modelling choices

Design and Formal Verification of a Safe Stop Supervisor for an Automated Vehicle

Autonomous vehicles apply pertinent planning and control algorithms under different driving conditions. The mode switch between these algorithms should also be autonomous. On top of the nominal planners, a safe fallback routine is needed to stop the vehicle at a safe position if nominal operational conditions are violated, such as for a system failure. This paper describes the design and formal verification of a supervisor to manage all requirements for mode switching between nominal planners, and additional requirements for switching to a safe stop trajectory planner that acts as the fallback routine. The supervisor is designed via a model-based approach and its abstraction is formally verified by model checking. The supervisor is implemented and integrated with the Research Concept Vehicle, an experimental research and demonstration vehicle developed at the KTH Royal Institute of Technology. Simulations and experiments show that the vehicle is able to autonomously drive in a safe manner between two parking lots and can successfully come to a safe stop upon GPS sensor failure

Modeling and Synthesis of the Lane Change Function of an Autonomous Vehicle

Unexpected incorrect behavior of autonomous vehicles can\ua0have catastrophic outcomes. But, as with any large-scale\ua0software development, correctness of the system is not\ua0easily guaranteed. As the system is made up of multiple\ua0sub-modules that interact with each other, unexpected\ua0behavior can arise from incorrect interactions between the\ua0modules. In a previous paper, formal verification was\ua0applied to the lane change module of the decision and\ua0control software (under development) for an autonomous\ua0vehicle. This revealed incorrectness in the model, which\ua0could also be shown to exist in the actual software. Manual\ua0changes to the model did not result in absence of the\ua0incorrectness, and so in this paper we aim to patch the\ua0error by applying synthesis. The synthesized result is\ua0correct by construction, but it is not obvious what part of\ua0the functionality is disabled by the synthesis. Though\ua0different synthesis techniques were able to generate\ua0supervisors for the model, only when the supervisor was\ua0expressed as guard conditions on the events was it possible\ua0to interpret the effect of the synthesis. However, the\ua0supervisors put constraints on how the input data to the\ua0lane change module might change, so in the end the\ua0supervisors put behavioral requirements on the modules that\ua0generate the input to the lane change module

Acute Exercise Remodels Promoter Methylation in Human Skeletal Muscle

SummaryDNA methylation is a covalent biochemical modification controlling chromatin structure and gene expression. Exercise elicits gene expression changes that trigger structural and metabolic adaptations in skeletal muscle. We determined whether DNA methylation plays a role in exercise-induced gene expression. Whole genome methylation was decreased in skeletal muscle biopsies obtained from healthy sedentary men and women after acute exercise. Exercise induced a dose-dependent expression of PGC-1α, PDK4, and PPAR-δ, together with a marked hypomethylation on each respective promoter. Similarly, promoter methylation of PGC-1α, PDK4, and PPAR-δ was markedly decreased in mouse soleus muscles 45 min after ex vivo contraction. In L6 myotubes, caffeine exposure induced gene hypomethylation in parallel with an increase in the respective mRNA content. Collectively, our results provide evidence that acute gene activation is associated with a dynamic change in DNA methylation in skeletal muscle and suggest that DNA hypomethylation is an early event in contraction-induced gene activation

Disrupted circadian oscillations in type 2 diabetes are linked to altered rhythmic mitochondrial metabolism in skeletal muscle

Funding: The authors are supported by grants from the AstraZeneca SciLifeLab Research Programme, Novo Nordisk Foundation (NNF14OC0011493, and NNF17OC0030088), Swedish Diabetes Foundation (DIA2018-357), Swedish Research Council (2015-00165 and 2018-02389), the Knut and Alice Wallenberg Foundation (2018-0094), the Strategic Research Programme in Diabetes at Karolinska Institutet (2009-1068), the Stockholm County Council (SLL20170159), and the Swedish Research Council for Sport Science (P2019-0140). B.M.G. was supported by fellowships from the Novo Nordisk Foundation (NNF19OC0055072), the Wenner-Gren Foundation, an Albert Renold Travel Fellowship from the European Foundation for the Study of Diabetes, and an Eric Reid Fund for Methodology from the Biochemical Society. N.J.P. and L.S.-P. were supported by an Individual Fellowship from the Marie Skłodowska-Curie Actions (European Commission: 704978 and 675610). X.Z. and K.A.E. were supported by NIH R01AR066082. N.J.P. was supported by grants from the Sigurd och Elsa Goljes Minne and Lars Hierta Memorial Foundations (Sweden). We acknowledge the Beta Cell in-vivo Imaging/Extracellular Flux Analysis core facility supported by the Strategic Research Program in Diabetes for the usage of the Seahorse flux analyzer. Additional support was received from the Novo Nordisk Foundation Center for Basic Metabolic Research at the University of Copenhagen (NNF18CC0034900). The Novo Nordisk Foundation Center for Basic Metabolic Research is an independent research center at the University of Copenhagen, partially funded by an unrestricted donation from the Novo Nordisk Foundation. We acknowledge the Single-Cell Omics platform at the Novo Nordisk Foundation Center for Basic Metabolic Research for technical and computational expertise and support. Schematics are created with BioRender.com.Peer reviewedPublisher PD

Läkemedelsadministration inom hemvården

Som examensarbete valde jag att skriva om läkemedelsmisstagen som sker i hemvårds miljö, då som mest om att patienten inte tar sina läkemedel så som ordinerats. Syftet med den här undersökningen är att få reda på vad som forskats tidigare i området, och på basen av dessa undersökningar kunna definiera dessa problemområden. Med detta kan man sedan svara på vad som är orsaken till att patienten inte tar sina läkemedel, hur man kan förhindra detta, och senare hur man kan bokföra de misstag som sker. Jag använde mig av en induktiv kvalitativ innehållsanalys, och gick systematiskt igenom 15 forskningar eller artiklar som tangerar området. För misstag beroende på vårdare kom jag fram till att problemet oftast ligger i ordination av fel sorts läkemedel, att patienten har för många läkemedel, och att det finns bristfällig kommunikation som leder till att patienten inte tar sina läkemedel. När det gällde orsaker med patienten så kom jag fram till att det kan bero på sjukdomar, oavsiktliga orsaker, eller avsiktliga orsaker. För att förhindra att misstagen sker från vårdarens sida så borde vårdaren fördjupa sig i patientjournalen, gå igenom läkemedelslistan vid varje patientmöte, kommunicera väl och ge tillräcklig information till patienten angående nya läkemedel. När det gäller patienten så gäller det att skapa förtroende, märka ifall det är något som inte stämmer med läkemedlen och åtgärda detta. Det finns även olika hjälpmedel ifall patienten har någon sjukdom som inte tillåter patienten att ta läkemedlen som planerat. Dessa kan t.ex vara dospåsar eller dosetter. När man bokför så handlar det oftast om en blankett som man fyller i när det sker ett misstag, som skickas vidare till hemvårds ledaren.For my thesis I chose to write about errors regarding drugs in a home care setting, and the reasons that the patients don’t take their medication as prescribed. The purpose is to find out what has been researched before, and on the basis of these studies, defining the problem areas. In doing this I am able to answer the questions: what are the reasons for these mistakes, how do we prevent this from happening and later how to post the error that occurs. I used an inductive qualitive content analysis, and went systematically through 15 research articles. I concluded that problems caused by carers usually had to do with prescribing the wrong medication for the patient, too many drugs prescribed, and poor communication between carer and patient. Problems caused by patients were due to disease, unintentional reasons and intentional reasons. To prevent these mistakes made by carers, they should immerse themeselves in the patient record, go through the medication list at every encounter, communicate well and provide adequate information to the patient regarding new drugs. It is important to establish trust, and look out for signs of any disease that would cause problems with the medication regime. There are also different aids if the patient has a disease or other issues that hinders the intake of medications as planned. These can be dosage bags or containers. When you account the mistakes that occur, you usually fill out a form, which states how the mistake happened, and forward it to the home care leader.Lopputyön aiheeksi valitsin lääkepoikkeamat joka tapahtuu kotihoidossa, ja enimmäkseen niitä jossa potilas ei syystä tai toisesta saa otettua lääkkeet joka on määrätty. Tutkimuksen tavoite oli saada tietää mitä on tutkittu ennen aiheesta, ja näiden perusteella määritellä ongelmakohdat. Näillä voisi sitten vastata kysymyksiin: minkä takia näitä sattuu, miten voidan näitä estää ja miten kirjataan. Käytin induktiivinen laadullinen sisällysanalyysi, jossa systemaattisesti kävin läpi 15 tutkimusta tai artikkelia. Hoitajan tai lääkärin johtuvasta virheistä yleisimpiin kuuluivat lääkkeitä väärän diagnoosin perusteella, liian monta lääkkeitä tai huonoa kommunikaatiota hoitajan ja potilaan välillä joka johtaa lääkepoikkeamaan. Potilaasta johtuviin virheisiin yleisimmät olivat muistisairaudet, epätietoiset syyt ja tietoiset syyt. Jotta saisi vähennet näitä poikkemia hoitajan toimeesta pitäisi aina lukea kunnolla potilastietoja ja historiaa, joka potilatapaamisessa tutkia lääkelistaa, ja aina kun määrää uusi lääke niin informoisi hyvin siitä lääkkeestä. Potilaan puolesta pitää luoda luottamusta, ja tarkasti valvoa jos jotain ei täsmää lääkityksessä, ja hoitaa tämä. Löytyy myös useita apuvälineitä lääkehuollon avuksi. Näistä yleisin on lääkedosetit ja lääkepussit. Jos lääkepoikkeama tapahtuu, kirjataan aina lääkepoikkeamailmoitus joka viedään eteenpäin kotihoidon ohjaajalle

Formal Synthesis of Safe Stop Tactical Planners for an Automated Vehicle

Automated vehicles need a safe back-up solution in the presence of system degradations since a driver cannot be expected to take control on short notice. In the event of a degradation, the vehicle is required to reach a minimal risk condition via a minimal risk maneuver. The activation of such maneuvers is safety critical, and a correct implementation of the tactical planner that takes the activation decision is paramount. One way to ensure correctness is to employ formal methods since they can provide proofs thereof. Earlier, a tactical planner was formally verified to activate a minimal risk maneuver if and only if a failure occurs. Formal verification has some drawbacks, so this paper investigates the applicability of using the tools Supremica and TuLiP to synthesize correct-by-construction tactical planners. These two tools amend some of the verification’s drawbacks, but also introduce their own

Kund och leverantörsrelationers påverkan på outsourcing vid produktutveckling : En kvalitativ studie inom läkemedelsindustrin

Titel: Kund och leverantörsrelationers påverkan på outsourcing vid produktutveckling Författare: Jonas Krook och Björn Ratjen Handledare: Akmal Hyder och Zahra Ahmadi Datum: 2020 – januari   Syfte: Syftet med studien är att få en ökad förståelse för hur relationen mellan kund och leverantör påverkar outsourcing av produktutveckling inom läkemedelsindustrin.   Metod: Eftersom vi valt ett syfte där vi vill få en ökad förståelse för relationen mellan kund och leverantör inom outsourcing av produktutveckling, har vi valt en kvalitativ forskningsansats för att på ett bättre vis tolka relationernas påverkan. Vi har genomfört 10 semistrukturerade intervjuer med respondenter som jobbar med outsourcing av produktutveckling i läkemedelsindustrin. Det empiriska materialet har sedan ställts mot den teoretiska referensramen för att se likheter och skillnader mellan vad våra respondenter och tidigare litteratur förmedlat, för att sedan kunna diskutera och skapa en slutsats inom ämnet.   Slutsats: Studiens fokus på läkemedelsindustrin bidrar till ett nytt synsätt, genom att även uppmärksamma hur relationerna mellan kund och leverantör kan ge en påverkan på långvariga relationer, tillit och förtroende. Huvudsakligen klargör vi den stora beroendesituation som existerar mellan kund och leverantör som ingår i outsourcing av produktutveckling. Denna beroendesituation grundas sig i att de stora läkemedelsföretagen söker efter specialkompetens hos de mindre leverantörerna, vilket påverkar av relationerna inom industrin.   Uppsatsens bidrag: Uppsatsens teoretiska bidrag bekräftar tidigare forskning, vad gäller outsourcing av produktutveckling inom läkemedelsindustrin. Detta forskningsområde har ökat i relevans, då outsourcing av produktutveckling blivit allt mer förekommande för företag inom läkemedelsindustrin. Få tidigare studier har dock omfattat relationernas påverkan inom detta forskningsområde. Detta är vad som är unikt med vår studie. De praktiska bidragen är att ge en ytterligare förståelse av relationernas påverkan inom industrin och bidra med lärdom av vad som är mest gynnsamt för dem.   Förslag till vidare forskning: Utifrån studien har vi fått en förståelse kring att det finns ett flertal faktorer inom industrin, som ger en påverkan på relationer och produktutveckling. Respondenterna besvarade våra frågor om relationer och produktutveckling genom att belysa de myndighetskrav från Food And Drug Administration (FDA) och Europeiska läkemedelsmyndigheten (EMA) men även kliniska tester och andra saker som vår förförståelse, korta tidsram, samt komplexitet valde att inte ta med i arbetet. Vidare forskning anser vi därför borde vidareutveckla kring FDA och EMAs krav samt kliniska tester inverkan på relationerna mellan kund och leverantör i läkemedelsindustrin, då det skulle ge en ytterligare bredd till forskningsområdet.Title: The effects of customer and supplier relationships on outsourcing in product development Authors: Jonas Krook and Björn Ratjen Supervisors: Akmal Hyder and Zahra Ahmadi Date: 2020 - January   Thesis: The aim of the study is to gain an increased understanding of how the relationship between customer and supplier affects outsourcing of product development in the pharmaceutical industry.   Method: Since we have chosen a thesis where we want to gain a greater understanding of relationships in outsourcing of product development, we have chosen a qualitative research approach in order to better interpret the impact of the relationships. We have conducted 10 semi-structured interviews with respondents, active in companies that make use of outsourcing of product development in the pharmaceutical industry. The empirical material has then been analyzed to reach a conclusion.   Conclusion: With the study's focus on the pharmaceutical industry, our work takes a new approach, by also paying attention to how the relationships between customer and supplier can have an impact on long-term relationships and trust. Our study mainly clarifies the major interdependence that exists between a customer and supplier that take place in outsourcing of product development. This dependency situation is based on the fact that the large pharmaceutical companies seek specialized competencies from the smaller suppliers, which affects the appearance of the relationships within the industry.   Contribution: This thesis makes a theoretical contribution by confirming previous research regarding outsourcing of product development in the pharmaceutical industry. This area of ​​research is on the upsurge of relevance, as outsourcing of product development has become increasingly common for companies in the pharmaceutical industry. However, few previous studies have covered the influence of relationships in this research area. This is somewhat unique about our study. The practical contributions are to give a further understanding of the relationships within the industry.   Suggestions for further research: After conducting this study we understood that there are a number of factors in the industry that have impact on relationships and product development. Respondents answered our questions on relationships and product development by highlighting the regulatory requirements of the US Food And Drug Administration (FDA) and the European Medicines Agency (EMA). The respondents also answered the questions with answers about clinical trials and other things that are important in the business but our lack of understanding, short time frame, and the complexity made us unable to make these important factors a part of our study. Further research, we therefor believe should be develop around the FDA and EMA requirements and clinical tests impact on the relationship between customer and supplier, as it would provide further breadth to the research area